| ||||||||||
Shopping cart software Solutions for online shops and malls | ||||||||||
|
#1
|
|||||||
|
|||||||
security-patch-2007-06-20
Thee is a new security patch, identified as "SEVERITY: Critical" for users of 4.1.7
It should be in your file area. security-patch-2007-06-20 One comment: In the install instructions, it states: Quote:
CDSEO, "Remember Me" and other mods/hacks (including a redirect to a static page after logout) all have modified login.php, so don't forget to backup, and be careful out there. Thank you to x-cart for the patch -- (for those of us using 4.1.7 that are not prepared to upgrade to 4.1.8 just yet)
__________________
xcart 4.5.4 gold+ w/x-payments 1.0.6; xcart gold 4.4.4 |
|||||||
#2
|
|||||||||
|
|||||||||
Re: security-patch-2007-06-20
Note that CDSEO by default does not modify login.php, only a custom hack in carpeperdium's site does
|
|||||||||
#3
|
|||||||
|
|||||||
Re: security-patch-2007-06-20
Jon,
What custom hack is that? Should I open a ticket? Did the "old" cdseo not get removed when you made this version 2? Thanks Jeremy
__________________
xcart 4.5.4 gold+ w/x-payments 1.0.6; xcart gold 4.4.4 |
|||||||
#4
|
|||||||||
|
|||||||||
Re: security-patch-2007-06-20
It was an issue with your site only. I'll PM you so as not to take this thread off topic.
|
|||||||||
#5
|
|||||||
|
|||||||
Re: security-patch-2007-06-20
so just to be sure, it is only 4.1.7 affected, not previous 4.1's.
thanks
__________________
X-CART 4.5.0 MySQL - 5.1.63 PHP 5.3.9 Apache/2.2.21 (Unix) mod_ssl/2.2.21 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 Dedicated Cloud Server |
|||||||
#6
|
|||||||
|
|||||||
Re: security-patch-2007-06-20
Quote:
Thank you, Jon, for your help here... turns out we were able to remove all cdseo code from my login.php file For anyone keeping score, it looks like there were changes to login.php since February 2007 (not documented in the changelog), and this negated the cdseo code required to do the "confirmation page at logout hack". I installed this new security-patch-2007-06-20, added the "remember me" code, added a minor "logout redirect" hack, and all's fine. Anyone who's hacked their login.php may want to revisit this file, since it appears x-cart made some undocumented improvements that allowed me to remove a bunch of unnecessary code. Thank you, I guess.
__________________
xcart 4.5.4 gold+ w/x-payments 1.0.6; xcart gold 4.4.4 |
|||||||
#7
|
|||||||||
|
|||||||||
Re: security-patch-2007-06-20
Just bringing up the previous posting:
QUOTE: so just to be sure, it is only 4.1.7 affected, not previous 4.1's. END QUOTE So, was this ONLY for 4.1.7 or all 4.1.x versions?
__________________
Conor Treacy - Big Red SEO - @bigredseo Search Engine Optimization & Internet Marketing - We Bring Your Website Out Of Hiding! If you can't be found on Google, Bing or Yahoo, you pretty much don't exist on the Internet. Omaha SEO Office with National & Local SEO Services Hourly Consulting - great for SEO Disaster Recovery, Audits and DIY Guidance |
|||||||||
#8
|
|||||||
|
|||||||
Re: security-patch-2007-06-20
The way I read it, yes, for 4.1.7 only. Maybe x-cart can clarify?
__________________
xcart 4.5.4 gold+ w/x-payments 1.0.6; xcart gold 4.4.4 |
|||||||
#9
|
|||||||||
|
|||||||||
Re: security-patch-2007-06-20
Quote:
You're right. This security patch is for 4.1.7 only.
__________________
Eugene Kaznacheev, Evangelist/Product Manager at Ecwid: http://www.ecwid.com/ (since Sept 2009) ex-Head of X-Cart Tech Support Department ex- X-Cart Hosting Manager - X-Cart hosting ex-X-Cart Technical Support Engineer Note: For the official guaranteed tech support services please turn to the Customers HelpDesk. |
|||||||||
|
|||
X-Cart forums © 2001-2020
|