Follow us on Twitter X-Cart on Facebook Wiki
Shopping cart software Solutions for online shops and malls

Attention users of X-Cart vv.4.0.x - 4.7.1

 
Reply
   X-Cart forums > News and Announcements
 
Thread Tools
  #11  
Old 04-28-2015, 01:11 PM
 
jazzmang jazzmang is offline
 

Member
  
Join Date: Mar 2012
Posts: 12
 

Default Re: Attention users of X-Cart vv.4.0.x - 4.7.1

For what it is worth, this is what I've found so far with testing with applying the 4.5.5 patches to 4.5.0.

I get a white blank screen of death in their related functions if I upload any of these files:

func/func.backoffice.php
func/func.cart.php
func/func.core.php
func/func.user.php
include/register.php

Also this files doesn't exist in 4.5.0:

include/func.perms.php
provider/register.php

The Smarty update is pretty straight forward and I don't see that causing an issue. Same pretty much goes with the skin .tpl files.

The real question comes down to those 4 above and the 2 that don't exist in 4.5.0.

My next move will be to try applying the diffs with patch but I won't get around until that tomorrow.

One thing I'm not sure about is pconf.diff - do I need that?

My understanding from one of the previous posts here is that I don't need to do anything with patch.sql as it just marks that it was updated.

FYI earlier this week the x-cart site was being hammered by various probes from Isreal. They were probing the review portions in the catalog. Could be they were already looking for active explores or not. Mainly just a small load factor on the server. Far as I can tell, nothing was done and WAF OWSAP rules blocked anything bad.
__________________
Version 4.5.0 with Ability Template v1.052 (modified)
LAWP - PHP 5.3.29 (patched) - MySQL - 5.0.96 Community - suPHP
Reply With Quote
  #12  
Old 04-28-2015, 02:07 PM
  RichieRich's Avatar 
RichieRich RichieRich is offline
 

X-Adept
  
Join Date: Sep 2004
Location: London, England
Posts: 750
 

Default Re: Attention users of X-Cart vv.4.0.x - 4.7.1

I can't see the 4.5.4 patch either
__________________
Richard


Ultimate 5.4 testing
Reply With Quote
  #13  
Old 04-28-2015, 03:37 PM
  peggyr's Avatar 
peggyr peggyr is offline
 

X-Adept
  
Join Date: Dec 2005
Posts: 631
 

Default Re: Attention users of X-Cart vv.4.0.x - 4.7.1

I just applied the security update to my 4.6.6 test server after making backups of DB, and files, as well as the 3 individual files and the 2 SQL DBs that were affected in my case.

I applied the Patch.sql - and the 3 diff files and all applied successfully.

I tested an order from start to finish, and had no problems.

Then I repeated on my production server, and again all applied fine for me.

Thanks for the quick patch for the problem.
__________________
X-Cart GP 4.7.12 | XCARTMODS.CO.UK reBOOT (reDUX)4.7.12.8 | Live
IONOS Hosting | Linux | PHP 7.4.33 | MySQL 5.7
Reply With Quote
  #14  
Old 04-28-2015, 04:08 PM
  Jon's Avatar 
Jon Jon is offline
 

X-Guru
  
Join Date: Oct 2002
Location: Vancouver, Canada
Posts: 4,200
 

Default Re: Attention users of X-Cart vv.4.0.x - 4.7.1

The patches for 4.5.5 won't work for previous 4.5.x versions as there are major differences. There will need to be separate patches for those branches.
Reply With Quote

The following user thanks Jon for this useful post:
aim (04-29-2015)
  #15  
Old 04-28-2015, 05:31 PM
  cherie's Avatar 
cherie cherie is offline
 

X-Wizard
  
Join Date: May 2003
Location: USA
Posts: 1,534
 

Default Re: Attention users of X-Cart vv.4.0.x - 4.7.1

Quote:
Originally Posted by Jon
The patches for 4.5.5 won't work for previous 4.5.x versions as there are major differences. There will need to be separate patches for those branches.
Hopefully at least for 4.5.4 which might be applicable to older versions. Or maybe a separate one for 4.5.2. 4.5.3 and 4.5.5 had some pretty significant changes in them.
__________________
redlimeweb.com
custom mods and design integration
4.7 linux
Reply With Quote

The following user thanks cherie for this useful post:
aim (04-29-2015)
  #16  
Old 04-28-2015, 06:04 PM
 
BBM_ BBM_ is online now
 

X-Adept
  
Join Date: May 2010
Location: Australia
Posts: 595
 

Default Re: Attention users of X-Cart vv.4.0.x - 4.7.1

Patch (4.4.5) applied to a 4.4.4 store successfully.

However there is no provider/register.php in 4.4.4 (both my version and the version in the file area)

Is this a 4.4.5 file only?
__________________
Multiple instances of X-cart
Reply With Quote
  #17  
Old 04-28-2015, 06:21 PM
 
bjt bjt is offline
 

Advanced Member
  
Join Date: Jul 2008
Location: Vietnam
Posts: 32
 

Default Re: Attention users of X-Cart vv.4.0.x - 4.7.1

After applying the patch for 4.3.2 all of the user information disappears in the backend. The data is still in the database but just not displaying.
I restored the original func.user.php and the functionality returns.

Here are the new lines of code (starting at line 201):

$need_password = (bool)$need_password;
$need_cc = (bool)$need_cc;
$user = abs(intval($user));
$usertype = addslashes($usertype);

Does anyone have a suggestion as to how to get the new file to work without disrupting the store?

Thanks very much.
__________________
X-Cart Gold 4.3.2 (Windows)
X-Cart Gold Plus 4.6.1 (Linux)
Magic Toolbox slider and zoom
Reply With Quote
  #18  
Old 04-28-2015, 09:02 PM
 
BBM_ BBM_ is online now
 

X-Adept
  
Join Date: May 2010
Location: Australia
Posts: 595
 

Default Re: Attention users of X-Cart vv.4.0.x - 4.7.1

Quote:
Originally Posted by BBM_
Patch (4.4.5) applied to a 4.4.4 store successfully.

There appears to be a small bug where the default payment method on the checkout now defaults to the last method, not the first?
__________________
Multiple instances of X-cart
Reply With Quote
  #19  
Old 04-28-2015, 09:06 PM
 
aim aim is offline
Advanced Staff Users
 

X-Cart team
  
Join Date: Dec 2008
Posts: 928
 

Default Re: Attention users of X-Cart vv.4.0.x - 4.7.1

Quote:
Originally Posted by bjt
After applying the patch for 4.3.2 all of the user information disappears in the backend. The data is still in the database but just not displaying.
I restored the original func.user.php and the functionality returns.

Here are the new lines of code (starting at line 201):

$need_password = (bool)$need_password;
$need_cc = (bool)$need_cc;
$user = abs(intval($user));
$usertype = addslashes($usertype);

Does anyone have a suggestion as to how to get the new file to work without disrupting the store?

Thanks very much.

I have reuploaded the
security-patch-2015-04-28_4.0.19.tgz
security-patch-2015-04-28_4.1.12.tgz
security-patch-2015-04-28_4.2.3.tgz
security-patch-2015-04-28_4.3.2.tgz

security patches.

I have removed the line
$user = abs(intval($user));
from these patches.

Sorry for that.
__________________
Sincerely yours,
Ildar Amankulov
Head of Maintenance group
Reply With Quote

The following user thanks aim for this useful post:
bjt (04-28-2015)
  #20  
Old 04-28-2015, 10:01 PM
 
cap cap is offline
    
Join Date: Jun 2007
Posts: 2
 

Default Re: Attention users of X-Cart vv.4.0.x - 4.7.1

Hello,

I have X-Cart 4.1.10 and would like to apply the most recent security patches. However I am not seeing the archive in the "Updates and patches". Will this be added soon?

Thank you,
Greg
__________________
4.0
Reply With Quote
Reply
   X-Cart forums > News and Announcements


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -8. The time now is 02:43 AM.

   

 
X-Cart forums © 2001-2020