X-Cart: shopping cart software

X-Cart forums (https://forum.x-cart.com/index.php)
-   News and Announcements (https://forum.x-cart.com/forumdisplay.php?f=28)
-   -   security-patch-2007-10-29.tgz (https://forum.x-cart.com/showthread.php?t=35093)

balinor 11-01-2007 03:30 AM

Most of you should have received an e-mail from Qualiteam this morning about a security patch for ALL versions of X-Cart other than 4.1.9. If you didn't, you can find the patch in the 'files' area of your help desk. If you download the patch (which you absolutely should), you will notice it does not include any .diff files, just the patched files themselves. This is not good, as replacing the files will overwrite any changes to them that you made. Be sure to make a backup of all these files before you upload the new versions, and if there are any issues with your store (particularly ones with third party mods), you can easily restore the old versions. Why they didn't issue this patch with .diff files is beyond me, as this creates a major headache for those of us who maintain multiple stores.

gabriela 11-01-2007 11:11 AM

Re: Security Patch - 11-1-07
Are the old 3.4.x versions affected as well or x-cart team doesn't check those version any more?

balinor 11-01-2007 11:23 AM

Re: Security Patch - 11-1-07
The patch seems to only cover 3.5 on

exsecror 11-01-2007 11:24 AM

Re: Security Patch - 11-1-07
I received no such e-mail today nor do I see any file with the timestamp to correlate with it in the the files section. You have an exact file name balinor?

balinor 11-01-2007 11:26 AM

Re: Security Patch - 11-1-07
Sure, it's in the file area/updates:


Edited the thread title to reflect this as well.

exsecror 11-01-2007 11:28 AM

Re: security-patch-2007-10-29.tgz
haha oops I looked right past it, thanks balinor I'll review it and backport the fixes.

Looks like I only have to backport one fix, I already took care of the other ones they fixed several weeks ago o.O

carpeperdiem 11-01-2007 11:47 AM

Re: security-patch-2007-10-29.tgz
I didn't get any emails from xcart about this.

exsecror 11-02-2007 03:58 AM

Re: security-patch-2007-10-29.tgz
There's something wrong with that security update at least for 4.1.8, after applying the func.db.php and func.order.php fixes it totally destroys the cart's ability to store any data (in terms of the shopping cart mechanism itself, not the cart as a whole)

carpeperdiem 11-02-2007 04:14 AM

Re: security-patch-2007-10-29.tgz
I gave up as well. I had a zillion issues. I reverted.

I will be opening a new thread later re: how to upgrade from 4.1.8 to 4.1.9 -- I have some ideas....

sunny 11-05-2007 03:32 PM

Re: security-patch-2007-10-29.tgz
Hello all,

In updating for this security patch, is there any easy way to find what the actual changes are? Our include/func.php file is rather heavily modified (by x-cart, myself and one other mod) and I'm having a difficult time differentiated between the update code and that added for modifications by others. I compared the files and this doesn't do me any good. Is there any way to figure out just the lines changed for this update?

thanks for any assistance,

Carol Davenport

All times are GMT -8. The time now is 12:41 PM.

Powered by vBulletin Version 3.5.4
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.