security-patch-2007-10-29.tgz

starwest · #41 11-07-2007, 02:02 PM

To clarify, if applied manually, do the changes listed in the .diff files work correctly or not? Are the issues people are seeing patching/installation issues, or are they issues with the code changes themselves?

balinor · #42 11-07-2007, 02:03 PM

If you want to patch it manually pulling the changes out of the diff file or the new versions of the files they issued first it will work. Not sure what affect the changes have on the cart....

zebu · #43 11-07-2007, 02:04 PM

I recieved advise from the Qualiteam advising to apply the above patch to overcome a sql threat.

I am running 4.1.8 and downloaed the 4.1.8 upgrade patch. I seem to only have a few of teh files on my system compared to what is in the patch.

Can some one assist?

Below are the files in the patch - and the files I have or are missing

HTML Code:

4.1.8
 - magnifier_xml.php (cant find this one)
 - Include
    - banner_stata.php (cant find this one)
    - referre_sales.php (cant find this one)
    -Func
         - func.db.php (got this one)
        - func.order.php (got this one)
- Modules
    - Gift_Registry (cant find this folder)
    - Google_Checkout (Found)
    - Product Options (Found)
    - RMA (cant find this folder)
    -Survey (cant find this folder)

Am I missing something really obvious here? I have done a file serach of the whole website?

carpeperdiem · #44 11-07-2007, 02:14 PM

Quote:

Originally Posted by zebu

I recieved advise from the Qualiteam advising to apply the above patch to overcome a sql threat.
Am I missing something really obvious here? I have done a file serach of the whole website?

zebu,

no need to start a new thread.

yes, it's obvious.

the other files that you don't have are related to x-rma (RMA), or x-affiliate (banner_stats.php and referrer_sales.php), or x-something or another... no worries... just patch what you have.

Light Speed · #45 11-07-2007, 02:38 PM

IMHO The patch should look to see if those addons are installed.
If they are not ........... it should not attempt to patch files that are not there!!

Basic programming.

jmccunep · #46 11-08-2007, 11:14 AM

Does this security patch, which I've already applied to my 4.0.17 shop, need to be re-applied after upgrading to 4.0.19 or do the upgrade kits already incorporate this patch?

I'm planning to move my shop to the 4.1 branch so the same question will apply when the upgrades are complete through 4.1.8.

4.0.17 X-Cart Gold, running on Linux.

carpeperdiem · #47 11-08-2007, 11:17 AM

Considering this patch did not exist when the 4.0.19 upgrade was created, you can assume that 4.0.19 needs the patch again.

And if you read the docs, if your store is not 4.1.9 or later, you need the patch.

If you're going to upgrade to 4.1.x, may as well go all the way to 4.1.9 -- no reason to stop at a lower rev.

ironmansp · #48 11-08-2007, 10:54 PM

This is the main thing because I suggest a mod MOD manager...

gravel · #49 11-09-2007, 09:01 AM

Quote:

Originally Posted by balinor

All we are asking for is a set of .diff files for each version that actually WORK on a fresh install of X-Cart.

Did X-Cart ever issue useable .diff files?

If the answer is "No", can somebody from X-Cart give us an ETA?

carpeperdiem · #50 11-09-2007, 09:25 AM

It's easy to edit the diff to your store... if you don't have x-affil, look for:

diff -ru ../xcart_orig/include/referred_sales.php ./include/referred_sales.php

and cut this line and everything after, through

Only in ./include/func: func.db.php.rej

etc...

HOWEVER -- I MUST WARN THE FORUM PARTICIPANTS:

Your 4.1.8 store may not need any changes!

I did a compare on the files in the patch, and my 4.1.8 files were identical to the patch...

How can that be?