X-Cart forums

[ETInteractive.com]

Just surfing around and notices Smarty 2.6.9 came out March 31, 2005. and it says.

[31-March-2005] This is a patch release for those using the security features of Smarty. Variable function calls such as $foo() in {if} statements and {math} equations allowed PHP function execution from within a template, even with security enabled. Variable function calls have been disabled completely. If you are using security features, this upgrade is highly recommended.

Then i realized xcart 4.0.13 is using 2.6.3 from June 16, 2004.
xcart 3.5.14 is using 2.5.0 from April 11, 2003.

obviously there are some security issues and bugs that made smarty release new versions.

But why hasn't xcart upgraded to them??

discuss

[kangus]

You can upgrade; download the latest version of Smarty and unpack it, create a new directory under your store as in store/Smarty-2.6.9 then copy everything in the unpacked /libs directory to store/Smarty-2.6.9, rename the store/Smarty-2.6.9/internals directory to store/Smarty-2.6.9/core, edit store/Smarty-2.6.9/Smarty.class.php and change define('SMARTY_CORE_DIR', SMARTY_DIR . 'internals' . DIRECTORY_SEPARATOR); to define('SMARTY_CORE_DIR', SMARTY_DIR . 'core' . DIRECTORY_SEPARATOR);
Then edit store/smarty.php and change define('SMARTY_DIR', $xcart_dir.DIRECTORY_SEPARATOR."Smarty-2.6.3".DIRECTORY_SEPARATOR); to define('SMARTY_DIR', $xcart_dir.DIRECTORY_SEPARATOR."Smarty-2.6.9".DIRECTORY_SEPARATOR);

Then copy any plugin in the Smarty-2.6.3/plugins directory that is NOT in the new plugins directory to the new plugins directory.
File list:
function.count.php
function.assign_ext.php
modifier.abs_value.php
modifier.formatprice.php
modifier.substitute.php
modifier.trademark.php
modifier.value_sign.php

Seems to work.

[ETInteractive.com]

Great, thanks for the info.

Xcart should do this for us...on each new release.