View Single Post
  #6  
Old 06-21-2007, 03:35 PM
 
carpeperdiem carpeperdiem is offline
 

X-Guru
  
Join Date: Jul 2006
Location: New York City, USA
Posts: 5,399
 

Default Re: security-patch-2007-06-20

Quote:
Originally Posted by Jon
It was an issue with your site only. I'll PM you so as not to take this thread off topic.

Thank you, Jon, for your help here... turns out we were able to remove all cdseo code from my login.php file

For anyone keeping score, it looks like there were changes to login.php since February 2007 (not documented in the changelog), and this negated the cdseo code required to do the "confirmation page at logout hack".

I installed this new security-patch-2007-06-20, added the "remember me" code, added a minor "logout redirect" hack, and all's fine.

Anyone who's hacked their login.php may want to revisit this file, since it appears x-cart made some undocumented improvements that allowed me to remove a bunch of unnecessary code. Thank you, I guess.
__________________
xcart 4.5.4 gold+ w/x-payments 1.0.6; xcart gold 4.4.4
Reply With Quote