Attention users of X-Cart vv.4.0.x - 4.7.1

cap · #21 04-28-2015, 10:22 PM

Hello,

I have X-Cart 4.1.10 and would like to apply the most recent security patches. However I am not seeing the archive in the "Updates and patches". Will this be added soon?

Thank you,
Greg

DanUK · #22 04-29-2015, 02:12 AM

I have a 4.4.2 branch but there are no relevant files in my File Area..what should I use to patch?

Thanks

Dan

herber@wirehub.nl · #23 04-29-2015, 03:13 AM

Quote:

Originally Posted by aim

I have reuploaded the
security-patch-2015-04-28_4.0.19.tgz
security-patch-2015-04-28_4.1.12.tgz
security-patch-2015-04-28_4.2.3.tgz
security-patch-2015-04-28_4.3.2.tgz

security patches.

I have removed the line
$user = abs(intval($user));
from these patches.

Sorry for that.

Hi Aim,

- Why is in the 4.6.6 > 4.7.2 upgrade, the addons.lst ignored when upgrading? All the files listed in there, are not being patched
- If I add all lines from addons.lst to file.lst, the files are patched, but it seems the modules are not upgraded very good, see my screenshot from my previous post.

Please do help since I want to upgrade our stores, these are very serious XSS bugs.

moonslice · #24 04-29-2015, 05:11 AM

Quote:

Originally Posted by pogodog

I tried the patch for version 4.4.5. The first failure was that I have no provider/register.php file. I removed that diff section. The 2nd failure was that the include/lib/smarty/Smarty_Compiler.class.php patch failed. The 3rd failure was that the include/lib/smarty/Smarty.class.php patch failed. Still looking into it.

I'm having this exact same problem applying 4.4.5 patch to my 4.4.5 site when I try to do it in admin using the diff file.

I'm afraid to just upload the actual files through ftp that overwrite completely, as the diff method seems to think there are problems, and won't let me continue.

jazzmang · #25 04-29-2015, 05:23 AM

I've manged to successfully manually apply the DIFF changes for the 4.5.5 to 4.5.0 now.

There are a couple of DIFFS that don't exist and don't need to be done (mentioned in my previous post in this thread.)

You do have to apply these changes by hand as the DIFF files line references are all off. Simple search will get you where you need to be however.

The only one that is a bit tricky is "include_register.php.diff".
You have to add additional "(" on a new line before:

$config['Security']['use_complex_pwd'] == 'Y'

And then add an additional ")" on an new line after the new line is added:

|| in_array($usertype, array('A', 'P'))

Beyond that, my testing shows things are still working.

pauldodman · #26 04-29-2015, 05:26 AM

Quote:

Originally Posted by DanUK

I have a 4.4.2 branch but there are no relevant files in my File Area..what should I use to patch?

Thanks

Dan

It's usually the case that they only provide patches for the last version only in the older branches.
I've been using 4.4.5 patches on 4.4.2 sites - but patching the files manually.

pauldodman · #27 04-29-2015, 05:26 AM

Quote:

Originally Posted by moonslice

I'm having this exact same problem applying 4.4.5 patch to my 4.4.5 site when I try to do it in admin using the diff file.

I'm afraid to just upload the actual files through ftp that overwrite completely, as the diff method seems to think there are problems, and won't let me continue.

Best thing is to just patch each file manually.

moonslice · #28 04-29-2015, 05:35 AM

Thanks for your help.

1) What does that mean to patch each file manually? If the diff doesn't work (the safe way if there are customization) do you mean to upload through ftp? But that doesn't seem safe as I could be overwriting custom files.

2) It seems like it's not working the way it should. Is there a way to notify x-cart this needs to be fixed?

Thanks!

pauldodman · #29 04-29-2015, 05:41 AM

Quote:

Originally Posted by moonslice

Thanks for your help.

1) What does that mean to patch each file manually? If the diff doesn't work (the safe way if there are customization) do you mean to upload through ftp? But that doesn't seem safe as I could be overwriting custom files.

2) It seems like it's not working the way it should. Is there a way to notify x-cart this needs to be fixed?

Thanks!

1) Download the files locally - then use a text editor or html editor to edit each file and make the changes in the diff file where it tells you to.

It's quite normal to have to patch files by hand, especially if you have a customised shop.
For example, if you have Altered Cart's One Page checkout installed, most of the files that need patching in the /func directory will have been altered, so will need patching manually.

2) If you are sure there's a problem - use your helpdesk to talk to them.

cflsystems · #30 04-29-2015, 05:44 AM

Do not copy files. Manual patch means making the changes to files yourself not using the script - http://help.x-cart.com/index.php?title=X-Cart:To_apply_a_patch_manually