X-Cart forums - 4.1.9 changelog

X-Cart forums (https://forum.x-cart.com/index.php)

- News and Announcements (https://forum.x-cart.com/forumdisplay.php?f=28)

- - 4.1.9 changelog (https://forum.x-cart.com/showthread.php?t=34477)

Re: 4.1.9 changelog

I am now a MCRYPT server enabled user! Speed diff? Hmm well perhaps a wee bit better.

Re: 4.1.9 changelog

Quote:

Originally Posted by photo

I am now a MCRYPT server enabled user! Speed diff? Hmm well perhaps a wee bit better.

As far as the speed difference, are you referring to the store front or back-end admin area? Maybe both?

I am curious though, why would there be any speed difference for the store front, between with MCRYPT and without it? It shouldn't be encrypting anything on the store front, correct? It thought it would only impact the back-end because of the encryption on customer data and order details....Hmmmmm...

Hopefully the X-cart team will jump in and clear up this entire issue.

Thanks
-Tuan

Re: 4.1.9 changelog

Quote:

Originally Posted by TL408

Its a secret, only divulged to ancient Xcart users who have been able to grab the pebble from the carts hand! :-$

Re: 4.1.9 changelog

Quote:

Originally Posted by TL408

Thanks Shan!

For people running their own box, check the "php.ini" configuration file. It is loaded as an extension "extension=php_mcrypt.dll". (As of PHP version 5.2.3)

X-cart Team: Can you please verifiy why some people are getting the "MCRYPT" prompt, while others do not? On my box, I do not have "MCRYPT" enabled and were not prompted.

Thanks
-Tuan

Certain PHP versions have known defects in processing of bitwise operations that are used during generation of encrypted data using Blowfish encryption method.
X-Cart utilizes bitwise operators emulation on these PHP versions, but this leads to slow generation of encrypted data and can have negative impact on X-Cart performance.

The message is shown only if x-cart installation procedure detected that PHP version installed on a client's hosting server has such bugs with bitwise operations processing. In order to overcome the issue the customer needs to install the latest stable PHP version or install the mcrypt php extension.

Re: 4.1.9 changelog

my install horror story! I ran the upgrade script after manually modding about 10 files.. Script processed then I hit continue.. The server kept trying to redirect somewhere.. I blew the .htaccess file out and got SQL errors about the session table not being there and access denied..

went to my backup, and am back on 4.1.8

Re: 4.1.9 changelog

you have to run the patch.sql file though phpmyadmin or command line and then there will not be any problems.

Re: 4.1.9 changelog

Quote:

Originally Posted by Duramax 6.6L

you have to run the patch.sql file though phpmyadmin or command line and then there will not be any problems.

damn.. ok I will try that later..

Re: 4.1.9 changelog

Hi everyone,

We conducted research on "why upgrade to 4.1.9 is so hard".

First of all upgrade to 4.1.9 is *not defective* and it is applied properly if it is applied on standard X-Cart and if it is applied according to upgrade instructions.
I advise you to read discussion on this at http://forum.x-cart.com/showthread.php?t=35125).

Also, X-Cart v4.1.9 is a working version which we recommend to use especially if you are concerned about social engineering hacking methods. At the same time you do not have to upgrade to 4.1.9 at all, especially if you feel confident that you will not be swindled and if you are satisfied by how your current X-Cart version works. In this case we recommend you to apply security patch #2007-10-29 (I advise you to monitor discussion at http://forum.x-cart.com/showthread.php?p=192813#post192813 as we are going to release improved version of the patch soon).

:arrow: why upgrade to 4.1.9 is so hard?

In July 2007 we sent a newsletter about potential security issue in X-Cart which contained the following information:

Quote:

Recently we have found a moderate security issue that renders X-Cart-based stores and other similar Web applications requiring user authorization (shopping carts, CMS solutions, etc) potentially vulnerable to attackers wishing to gain access to the application back-end and sensitive information stored in the user profiles. The issue is not limited to X-Cart, but is typical for the majority of Web applications. The issue is based on the assumption that an attacker might use a "phishing" technique to lure the store administrator into opening a specially crafted Web link and performing a sequence of steps that might allow him to gain full access to the store back end.

In connection with this issue, we would like to remind you of the necessity to exercise extreme caution in opening Web links from unknown or unverified sources. We strongly advise that you do not follow any links from people you do not know. Even if someone asks you to open a link leading to your own store, open this link using a separate browser session (not the session you are using to work on your store - the session where you log in to the store back-end and enter sensitive data). If you have accidentally opened such a link in the same session and are now viewing what seems to be a page of your own store, do not do anything on this page (most important - do not log in or provide any sensitive information!) Close the browser window, then open the browser again and type in a trusted web address for you store website into the address bar of your browser to bypass the link provided in the suspected phishing message. Following these recommendations will fully protect you from attacks of this type.

We have already devised a solution to minimize the risk imposed by this issue and will implement it in one of the future releases of X-Cart software.

The difference in this upgrade is that 4.1.9 contains that solution, i.e. besides usual number of various bug-fixes and minor changes in "every-day" features core of X-Cart v4.1.9 contains a good deal of completely new code which implements multiple protection schemes against the aforementioned and some other phishing ways to hack your online shop using social engineering methods.

The new code in X-Cart v4.1.9 core affected significant number of X-Cart PHP files in different places thus made upgrade to 4.1.9 harder than usual upgrade between minor versions. E.g. upgrade 4.1.8->4.1.9 affects 708 files and 50757 lines of code while upgrade 4.1.7->4.1.8 affects 391 files and 21313 lines of code and those changes between 4.1.8 and 4.1.9 are not just bug-fixes but portions of new code.

If you want to upgrade your store to v4.1.9 I recommend you to read http://forum.x-cart.com/showthread.php?t=35125 before you start.

Re: 4.1.9 changelog

Alexander,

Can you please comment on the new sql serialized array and how we should convert a 4.1.8 database to 4.1.9 (as this is hanging many people up and cauding upgrade errors). ?

Can we expect a pacth to toe sql update to correct this at some point?

Can we get an engineer to discuss why the change, and how we can modify our old code to become comptible.

Since there appears to be a data structure change, do you feel this upgrade would qualify for more than a single increment? Shouldnd't 4.1.9 have become 4.2?

I agree that for the most part, a 4.1.9 upgrade can be applied effortlessly in less than a few minutes -- IF the 4.1.8 store doesn't have many changes -- but if the changes are data fleds, there will be issues. Forget template edits -- let's talk real-world... 4.1.9 is great, agreed - but we need to get our 4.1.8 and earlier stores to 4.1.9 --- the database needs to be patched too. How can we do this?

Thanks,

Jeremy

Re: 4.1.9 changelog

I got mine to work.. what I did was apply the patch.sql to the database before updating the rest of the files.. cleared out the template cache and bam! everything worked great..

I only had to manually modify 10-12 files.. nothing too bad.. the only one that took more than a couple minutes was the meta.tpl.. just had to figure out the right spot to put the javascript below my custom code in there.. I use some of the cdseo mods..