| ||||||||||
Shopping cart software Solutions for online shops and malls | ||||||||||
|
#81
|
|||||||||
|
|||||||||
Re: security-patch-2007-10-29.tgz
Quote:
First of all both versions of the patch (i.e. the 1st one and revised) fix the security issue. But we recommend everyone who applied the 1st version already to restore their original X-Cart files from backup and apply the revised version as it contains additional improvement.
__________________
Sincerely yours, Alex Mulin VP of Business Development for X-Cart X-Payments product manager |
|||||||||
#82
|
|||||||
|
|||||||
Re: security-patch-2007-10-29.tgz
Thank you Qualiteam for taking the time to do this patch correctly (the second time). I have now patched over 100 carts on multiple versions without issue. Let's just hope the next patch gets done the right way first so we can avoid this mess
__________________
Padraic Ryan Ryan Design Studio Professional E-Commerce Development |
|||||||
#83
|
|||||||
|
|||||||
Re: security-patch-2007-10-29.tgz
Quote:
|
|||||||
#84
|
|||||||
|
|||||||
Re: security-patch-2007-10-29.tgz
Well, I mustn't be holding my mouth the right way.
I restored my cart back to the before Rev_1 patches, and started off with trying the func.php.diff patch, from Rev_2 and ended up with the errors below: I then figured I must need to set the write ability of the file, so I set it from a chrmod 644 to 666, but still get the same errors. Does this mean I have to go back to doing it manually, or get x-cart to do it? Or am I just doing something very silly? Thanks in advance, Cheers Don... ============================== Step 2 of 2: Applying the patch Files excluded from patch procedure: File Status include/func.php already patched Status legend: OK - file ready to patch, checksum error - patch contents is corrupted, non-writable - please give those files a write permissions, not a file - the target is not a file, not exists - file is missing, could not patch - patch cannot be applied to this file automatically because it was significantly modified, the patch for this file should be applied manually, already patched - file was already patched. PATCH RESULTS PATCH LOG Warning! The following files could not be patched with automated upgrade system. This may be because these files were changed from their original state. Those files needs to be patched manually or restored from backup. File Status Status legend: OK - file ready to patch, checksum error - patch contents is corrupted, non-writable - please give those files a write permissions, not a file - the target is not a file, not exists - file is missing, could not patch - patch cannot be applied to this file automatically because it was significantly modified, the patch for this file should be applied manually, already patched - file was already patched.
__________________
Don McKenzie http://www.dontronics-shop.com/ X-Cart 4.0.17 [Unix] █ Hosting by www.totalserversolutions.com The very best home for your X-Cart. (was ewdhosting.com) |
|||||||
#85
|
|||||||
|
|||||||
Re: security-patch-2007-10-29.tgz
Adding to my last message.
I again did a file compare, and found that the only file of any significant difference to my existing ones, was func.php. So I copied over all files with the new ones, except func.php, but again I ran the DiffMerge program I mentioned before, and created the new func.php file in a few minutes. No errors, all looks good. So I couldn't get the diff patch system to work, but at least I now know how to work around it. Thanks for everyone that added to this thread. Your guidance was very much appreciated. Cheers Don...
__________________
Don McKenzie http://www.dontronics-shop.com/ X-Cart 4.0.17 [Unix] █ Hosting by www.totalserversolutions.com The very best home for your X-Cart. (was ewdhosting.com) |
|||||||
#86
|
|||||||
|
|||||||
Re: security-patch-2007-10-29.tgz
is anyone running 4.1.8 and the old version of magnifier?
i notice the security fix includes changes to magnifier, but they are referencing a file i don't seem to have: magnifier_xml.php. I assume it is for the latest release of magnifier, which came in after 4.1.8 but before we went live. does anyone know if we can upgrade to the new version of magnifier, without going the whole way to 4.1.9? We have so many add-ons and mods we'd prefer not to go to 4.1.9 - most of the diff files no longer match up. Edited: D'Oh. I assumed it was in the module folder, not the root.
__________________
Linux. Apache. PHP 5.2 Site 1 - now xcart 4.4.1 DSEFU, AOM, RMA, Magnifier, Upsells. Heavy mods for Australian postcode validation and extra Aussie payment method. Site 2 - xcart 4.1.11, DSEFU Site 3 - xcart 4.2 Site 4 - xcart 4.3 |
|||||||
#87
|
|||||||
|
|||||||
Re: security-patch-2007-10-29.tgz
I applied this patch and 3 files were not able to be patched...however, I failed to write down the files. Can someone tell me if there is a way to determine which files were not patched?
Also, I followed the instructions in UPGRADE.NOTES_4.1.8-4.1.9 for changing permissions to 666...do I need to change any of the permissions back? Thanks in advance
__________________
Version 4.1.9 |
|||||||
#88
|
|||||||
|
|||||||
Re: security-patch-2007-10-29.tgz
Quote:
I would be comparing the files on your web site with the files in the tgz. I'll bet one of them will be func.php, as this seems to be the main stumbling block. Certainly my diff patch didn't work for 4.0.17, so I did it all manually with a free program called diffmerge, which was actually very easy to use, but not if you have 100 sites to patch like balinor In fact, If I was in your position, I would be checking your old files (which you backed up), with the new files from x-cart, and your current files on your site, Diffmerge will do this for you. Better to be safe than sorry. If you got errors, then go through it the hard way, or get x-cart to check it for you if you are unsure. Bottom line, I am not a programmer, but I found when I got into trouble, Diifmerge made it very easy to patch the files. Three navigation arrow choices: Next down, move changes right, or next up. That's all the commands you get, and will need. Cheers Don...
__________________
Don McKenzie http://www.dontronics-shop.com/ X-Cart 4.0.17 [Unix] █ Hosting by www.totalserversolutions.com The very best home for your X-Cart. (was ewdhosting.com) |
|||||||
#89
|
|||||||
|
|||||||
Re: security-patch-2007-10-29.tgz
Thanks Alex Mulin and Igor Lebedew for getting this Security Patch updated and providing the DIFF files. Our include/func.php file is heavily modified, so the DIFF files are a huge time-saver in finding the code changes.
We implemented the latest version of the security patch (Version 2) - dated early January 2008 in our X-cart files area, and it's working great! I also appreciate that you supplied the code for the 4.0.x stable branch, and not just the 4.1.x branch, as there are still a lot of us running older versions of the cart. Robert
__________________
X-cart 4.1.10 |
|||||||
#90
|
|||||||
|
|||||||
Re: security-patch-2007-10-29.tgz
I have looked in the file area and i do not see the security-patch-2007-10-29.tgz. All I see is the upgrade to 4.19 which i do not want to mess with because my site has a few mods and a few files could not be patched. Where can I find just the security patch for my version 4.16? Thanks
__________________
Shareen sparker2@cox.net http://www.stitches4u.com X-Cart Version 4.5.0 with Smart Template vs 4.4.x |
|||||||
|
|||
X-Cart forums © 2001-2020
|