security-patch-2007-10-29.tgz

ambal · #81 11-14-2007, 11:39 PM

Quote:

Originally Posted by starwest

To clarify:

If we've previously installed the patch manually from the first set of DIFF files (version 1) released do we need to reinstall the patch manually with this new set of DIFF files (version 2)?

First of all both versions of the patch (i.e. the 1st one and revised) fix the security issue.
But we recommend everyone who applied the 1st version already to restore their original X-Cart files from backup and apply the revised version as it contains additional improvement.

balinor · #82 11-15-2007, 04:23 AM

Thank you Qualiteam for taking the time to do this patch correctly (the second time). I have now patched over 100 carts on multiple versions without issue. Let's just hope the next patch gets done the right way first so we can avoid this mess

Light Speed · #83 11-15-2007, 12:39 PM

Quote:

Originally Posted by balinor

I have now patched over 100 carts

donmck · #84 11-15-2007, 11:36 PM

Well, I mustn't be holding my mouth the right way.

I restored my cart back to the before Rev_1 patches, and started off with trying the func.php.diff patch, from Rev_2 and ended up with the errors below:

I then figured I must need to set the write ability of the file, so I set it from a chrmod 644 to 666, but still get the same errors.

Does this mean I have to go back to doing it manually, or get x-cart to do it?
Or am I just doing something very silly?
Thanks in advance,

Cheers Don...
==============================
Step 2 of 2: Applying the patch

Files excluded from patch procedure:
File Status
include/func.php already patched

Status legend:
OK - file ready to patch,
checksum error - patch contents is corrupted,
non-writable - please give those files a write permissions,
not a file - the target is not a file,
not exists - file is missing,
could not patch - patch cannot be applied to this file automatically because it was significantly modified, the patch for this file should be applied manually,
already patched - file was already patched.

PATCH RESULTS

PATCH LOG

Warning!
The following files could not be patched with automated upgrade system. This may be because these files were changed from their original state. Those files needs to be patched manually or restored from backup.
File Status

Status legend:
OK - file ready to patch,
checksum error - patch contents is corrupted,
non-writable - please give those files a write permissions,
not a file - the target is not a file,
not exists - file is missing,
could not patch - patch cannot be applied to this file automatically because it was significantly modified, the patch for this file should be applied manually,
already patched - file was already patched.

donmck · #85 11-16-2007, 06:28 PM

Adding to my last message.

I again did a file compare, and found that the only file of any significant difference to my existing ones, was func.php. So I copied over all files with the new ones, except func.php, but again I ran the DiffMerge program I mentioned before, and created the new func.php file in a few minutes.

No errors, all looks good. So I couldn't get the diff patch system to work, but at least I now know how to work around it.

Thanks for everyone that added to this thread. Your guidance was very much appreciated.
Cheers Don...

ozchris · #86 11-21-2007, 03:17 PM

is anyone running 4.1.8 and the old version of magnifier?

i notice the security fix includes changes to magnifier, but they are referencing a file i don't seem to have: magnifier_xml.php. I assume it is for the latest release of magnifier, which came in after 4.1.8 but before we went live.

does anyone know if we can upgrade to the new version of magnifier, without going the whole way to 4.1.9? We have so many add-ons and mods we'd prefer not to go to 4.1.9 - most of the diff files no longer match up.

Edited: D'Oh. I assumed it was in the module folder, not the root.

yurster · #87 11-22-2007, 07:09 PM

I applied this patch and 3 files were not able to be patched...however, I failed to write down the files. Can someone tell me if there is a way to determine which files were not patched?

Also, I followed the instructions in UPGRADE.NOTES_4.1.8-4.1.9 for changing permissions to 666...do I need to change any of the permissions back?

Thanks in advance

donmck · #88 11-22-2007, 07:53 PM

Quote:

Originally Posted by yurster

I applied this patch and 3 files were not able to be patched...however, I failed to write down the files. Can someone tell me if there is a way to determine which files were not patched?

Also, I followed the instructions in UPGRADE.NOTES_4.1.8-4.1.9 for changing permissions to 666...do I need to change any of the permissions back?

Thanks in advance

I would be comparing the files on your web site with the files in the tgz.

I'll bet one of them will be func.php, as this seems to be the main stumbling block. Certainly my diff patch didn't work for 4.0.17, so I did it all manually with a free program called diffmerge, which was actually very easy to use, but not if you have 100 sites to patch like balinor

In fact, If I was in your position, I would be checking your old files (which you backed up), with the new files from x-cart, and your current files on your site, Diffmerge will do this for you. Better to be safe than sorry. If you got errors, then go through it the hard way, or get x-cart to check it for you if you are unsure.

Bottom line, I am not a programmer, but I found when I got into trouble, Diifmerge made it very easy to patch the files. Three navigation arrow choices: Next down, move changes right, or next up. That's all the commands you get, and will need.

Cheers Don...

robertswww · #89 01-19-2008, 10:19 AM

Thanks Alex Mulin and Igor Lebedew for getting this Security Patch updated and providing the DIFF files. Our include/func.php file is heavily modified, so the DIFF files are a huge time-saver in finding the code changes.

We implemented the latest version of the security patch (Version 2) - dated early January 2008 in our X-cart files area, and it's working great!

I also appreciate that you supplied the code for the 4.0.x stable branch, and not just the 4.1.x branch, as there are still a lot of us running older versions of the cart.

Robert

sparker2 · #90 04-18-2008, 09:41 AM

I have looked in the file area and i do not see the security-patch-2007-10-29.tgz. All I see is the upgrade to 4.19 which i do not want to mess with because my site has a few mods and a few files could not be patched. Where can I find just the security patch for my version 4.16? Thanks