Quote:
|
Originally Posted by jmccunep
For the latest x-cart XSS vulnerability patch issued in early OCtober, can the patch files and SQL be applied as is? Or with the Ability template were some of the files that have to be patched modified so one must therefore use the (tedious!) manual DIFF file patch process?
The patch in question (for xcart 4.4.5 version):
security-patch-2013-10-08_4.4.5.tgz
There are MANY PHP and TPL files in this patch.
THANKS!
|
I'm just about to start looking and I'll report back what I find. I briefly glanced at the files a couple of days ago and saw that it involved template files. If Ability has it's own version then the changes would have to be made in the Ability version. I'll be testing on a dev copy of my live site. The update was involved enough that I wanted to have plenty of time and not be rushed while doing it.