Follow us on Twitter X-Cart on Facebook Wiki
Shopping cart software Solutions for online shops and malls
 

security-patch-2007-10-29.tgz

 
Reply
   X-Cart forums > News and Announcements
 
Thread Tools
  #1  
Old 11-01-2007, 03:30 AM
 
balinor balinor is offline
 

Veteran
  
Join Date: Oct 2003
Location: Connecticut, USA
Posts: 30,253
 

Default security-patch-2007-10-29.tgz

Most of you should have received an e-mail from Qualiteam this morning about a security patch for ALL versions of X-Cart other than 4.1.9. If you didn't, you can find the patch in the 'files' area of your help desk. If you download the patch (which you absolutely should), you will notice it does not include any .diff files, just the patched files themselves. This is not good, as replacing the files will overwrite any changes to them that you made. Be sure to make a backup of all these files before you upload the new versions, and if there are any issues with your store (particularly ones with third party mods), you can easily restore the old versions. Why they didn't issue this patch with .diff files is beyond me, as this creates a major headache for those of us who maintain multiple stores.
__________________
Padraic Ryan
Ryan Design Studio
Professional E-Commerce Development
Reply With Quote
  #2  
Old 11-01-2007, 11:11 AM
 
gabriela gabriela is offline
 

Member
  
Join Date: Sep 2003
Posts: 22
 

Default Re: Security Patch - 11-1-07

Are the old 3.4.x versions affected as well or x-cart team doesn't check those version any more?
__________________
x-cart gold 3.4.14/3.5.14/4.018
Reply With Quote
  #3  
Old 11-01-2007, 11:23 AM
 
balinor balinor is offline
 

Veteran
  
Join Date: Oct 2003
Location: Connecticut, USA
Posts: 30,253
 

Default Re: Security Patch - 11-1-07

The patch seems to only cover 3.5 on
__________________
Padraic Ryan
Ryan Design Studio
Professional E-Commerce Development
Reply With Quote
  #4  
Old 11-01-2007, 11:24 AM
 
exsecror exsecror is offline
 

X-Wizard
  
Join Date: Apr 2007
Posts: 1,284
 

Default Re: Security Patch - 11-1-07

I received no such e-mail today nor do I see any file with the timestamp to correlate with it in the the files section. You have an exact file name balinor?
Reply With Quote
  #5  
Old 11-01-2007, 11:26 AM
 
balinor balinor is offline
 

Veteran
  
Join Date: Oct 2003
Location: Connecticut, USA
Posts: 30,253
 

Default Re: Security Patch - 11-1-07

Sure, it's in the file area/updates:

security-patch-2007-10-29.tgz

Edited the thread title to reflect this as well.
__________________
Padraic Ryan
Ryan Design Studio
Professional E-Commerce Development
Reply With Quote
  #6  
Old 11-01-2007, 11:28 AM
 
exsecror exsecror is offline
 

X-Wizard
  
Join Date: Apr 2007
Posts: 1,284
 

Default Re: security-patch-2007-10-29.tgz

haha oops I looked right past it, thanks balinor I'll review it and backport the fixes.

Edit:
Looks like I only have to backport one fix, I already took care of the other ones they fixed several weeks ago o.O
Reply With Quote
  #7  
Old 11-01-2007, 11:47 AM
 
carpeperdiem carpeperdiem is offline
 

X-Guru
  
Join Date: Jul 2006
Location: New York City, USA
Posts: 5,399
 

Default Re: security-patch-2007-10-29.tgz

I didn't get any emails from xcart about this.
__________________
xcart 4.5.4 gold+ w/x-payments 1.0.6; xcart gold 4.4.4
Reply With Quote
  #8  
Old 11-02-2007, 03:58 AM
 
exsecror exsecror is offline
 

X-Wizard
  
Join Date: Apr 2007
Posts: 1,284
 

Default Re: security-patch-2007-10-29.tgz

There's something wrong with that security update at least for 4.1.8, after applying the func.db.php and func.order.php fixes it totally destroys the cart's ability to store any data (in terms of the shopping cart mechanism itself, not the cart as a whole)
Reply With Quote
  #9  
Old 11-02-2007, 04:14 AM
 
carpeperdiem carpeperdiem is offline
 

X-Guru
  
Join Date: Jul 2006
Location: New York City, USA
Posts: 5,399
 

Default Re: security-patch-2007-10-29.tgz

I gave up as well. I had a zillion issues. I reverted.

I will be opening a new thread later re: how to upgrade from 4.1.8 to 4.1.9 -- I have some ideas....
__________________
xcart 4.5.4 gold+ w/x-payments 1.0.6; xcart gold 4.4.4
Reply With Quote
  #10  
Old 11-05-2007, 03:32 PM
 
sunny sunny is offline
 

Advanced Member
  
Join Date: Mar 2005
Location: Lakewood, Colorado
Posts: 38
 

Default Re: security-patch-2007-10-29.tgz

Hello all,

In updating for this security patch, is there any easy way to find what the actual changes are? Our include/func.php file is rather heavily modified (by x-cart, myself and one other mod) and I'm having a difficult time differentiated between the update code and that added for modifications by others. I compared the files and this doesn't do me any good. Is there any way to figure out just the lines changed for this update?

thanks for any assistance,

Carol Davenport
__________________
4.1.9
Reply With Quote
Reply
   X-Cart forums > News and Announcements



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -8. The time now is 03:11 PM.

   

 
X-Cart forums © 2001-2020