Follow us on Twitter X-Cart on Facebook Wiki
Shopping cart software Solutions for online shops and malls

4.1.9 changelog

 
Reply
   X-Cart forums > News and Announcements
 
Thread Tools
  #51  
Old 11-05-2007, 11:56 AM
  photo's Avatar 
photo photo is offline
 

X-Wizard
  
Join Date: Feb 2006
Location: UK
Posts: 1,146
 

Default Re: 4.1.9 changelog

I am now a MCRYPT server enabled user! Speed diff? Hmm well perhaps a wee bit better.
__________________
v4.1.10
In Dev v4.5.x


"If you don't keep an eye on your business, someone else will."
Reply With Quote
  #52  
Old 11-05-2007, 12:03 PM
 
TL408 TL408 is offline
 

X-Adept
  
Join Date: Jan 2005
Posts: 549
 

Default Re: 4.1.9 changelog

Quote:
Originally Posted by photo
I am now a MCRYPT server enabled user! Speed diff? Hmm well perhaps a wee bit better.
As far as the speed difference, are you referring to the store front or back-end admin area? Maybe both?

I am curious though, why would there be any speed difference for the store front, between with MCRYPT and without it? It shouldn't be encrypting anything on the store front, correct? It thought it would only impact the back-end because of the encryption on customer data and order details....Hmmmmm...

Hopefully the X-cart team will jump in and clear up this entire issue.

Thanks
-Tuan
__________________
Win2003 IIS6, PHP 5.2.3, MySQL 5.0.45 and X-Cart 4.1.9
Reply With Quote
  #53  
Old 11-05-2007, 12:10 PM
  photo's Avatar 
photo photo is offline
 

X-Wizard
  
Join Date: Feb 2006
Location: UK
Posts: 1,146
 

Default Re: 4.1.9 changelog

Quote:
Originally Posted by TL408
As far as the speed difference, are you referring to the store front or back-end admin area? Maybe both?

I am curious though, why would there be any speed difference for the store front, between with MCRYPT and without it? It shouldn't be encrypting anything on the store front, correct? It thought it would only impact the back-end because of the encryption on customer data and order details....Hmmmmm...

Hopefully the X-cart team will jump in and clear up this entire issue.

Thanks
-Tuan

Its a secret, only divulged to ancient Xcart users who have been able to grab the pebble from the carts hand!
__________________
v4.1.10
In Dev v4.5.x


"If you don't keep an eye on your business, someone else will."
Reply With Quote
  #54  
Old 11-05-2007, 09:20 PM
 
zaa zaa is offline
 

X-Cart team
  
Join Date: Apr 2004
Location: Ulyanovsk, Russia
Posts: 125
 

Default Re: 4.1.9 changelog

Quote:
Originally Posted by TL408
Thanks Shan!

For people running their own box, check the "php.ini" configuration file. It is loaded as an extension "extension=php_mcrypt.dll". (As of PHP version 5.2.3)

X-cart Team: Can you please verifiy why some people are getting the "MCRYPT" prompt, while others do not? On my box, I do not have "MCRYPT" enabled and were not prompted.

Thanks
-Tuan

Certain PHP versions have known defects in processing of bitwise operations that are used during generation of encrypted data using Blowfish encryption method.
X-Cart utilizes bitwise operators emulation on these PHP versions, but this leads to slow generation of encrypted data and can have negative impact on X-Cart performance.

The message is shown only if x-cart installation procedure detected that PHP version installed on a client's hosting server has such bugs with bitwise operations processing. In order to overcome the issue the customer needs to install the latest stable PHP version or install the mcrypt php extension.
Reply With Quote
  #55  
Old 11-09-2007, 04:21 PM
 
matt2005 matt2005 is offline
 

Advanced Member
  
Join Date: Dec 2004
Location: Michigan
Posts: 58
 

Default Re: 4.1.9 changelog

my install horror story! I ran the upgrade script after manually modding about 10 files.. Script processed then I hit continue.. The server kept trying to redirect somewhere.. I blew the .htaccess file out and got SQL errors about the session table not being there and access denied..

went to my backup, and am back on 4.1.8
__________________
XC4.1.12
Reply With Quote
  #56  
Old 11-09-2007, 04:27 PM
 
Duramax 6.6L Duramax 6.6L is offline
 

X-Adept
  
Join Date: Dec 2006
Posts: 865
 

Default Re: 4.1.9 changelog

you have to run the patch.sql file though phpmyadmin or command line and then there will not be any problems.
__________________
Xcart 5.1.6 Building New Store
Xcart4.6.4 Gold Plus
Xcart 4.6.4 Platinum
Smart Template,
Mail Chimp Upgrade
Checkout One (One Page Checkout)
Checkout One X-Payments Connector
Checkout One Deluxe Tools
Call For Price
On Sale Module
Buy Together Module
MAP Price MOD
Reply With Quote
  #57  
Old 11-09-2007, 04:31 PM
 
matt2005 matt2005 is offline
 

Advanced Member
  
Join Date: Dec 2004
Location: Michigan
Posts: 58
 

Default Re: 4.1.9 changelog

Quote:
Originally Posted by Duramax 6.6L
you have to run the patch.sql file though phpmyadmin or command line and then there will not be any problems.


damn.. ok I will try that later..
__________________
XC4.1.12
Reply With Quote
  #58  
Old 11-12-2007, 03:24 AM
  ambal's Avatar 
ambal ambal is offline
 

X-Cart team
  
Join Date: Sep 2002
Posts: 4,119
 

Exclamation Re: 4.1.9 changelog

Hi everyone,

We conducted research on "why upgrade to 4.1.9 is so hard".

First of all upgrade to 4.1.9 is *not defective* and it is applied properly if it is applied on standard X-Cart and if it is applied according to upgrade instructions.
I advise you to read discussion on this at http://forum.x-cart.com/showthread.php?t=35125).

Also, X-Cart v4.1.9 is a working version which we recommend to use especially if you are concerned about social engineering hacking methods. At the same time you do not have to upgrade to 4.1.9 at all, especially if you feel confident that you will not be swindled and if you are satisfied by how your current X-Cart version works. In this case we recommend you to apply security patch #2007-10-29 (I advise you to monitor discussion at http://forum.x-cart.com/showthread.php?p=192813#post192813 as we are going to release improved version of the patch soon).


why upgrade to 4.1.9 is so hard?

In July 2007 we sent a newsletter about potential security issue in X-Cart which contained the following information:
Quote:
Recently we have found a moderate security issue that renders X-Cart-based stores and other similar Web applications requiring user authorization (shopping carts, CMS solutions, etc) potentially vulnerable to attackers wishing to gain access to the application back-end and sensitive information stored in the user profiles. The issue is not limited to X-Cart, but is typical for the majority of Web applications. The issue is based on the assumption that an attacker might use a "phishing" technique to lure the store administrator into opening a specially crafted Web link and performing a sequence of steps that might allow him to gain full access to the store back end.

In connection with this issue, we would like to remind you of the necessity to exercise extreme caution in opening Web links from unknown or unverified sources. We strongly advise that you do not follow any links from people you do not know. Even if someone asks you to open a link leading to your own store, open this link using a separate browser session (not the session you are using to work on your store - the session where you log in to the store back-end and enter sensitive data). If you have accidentally opened such a link in the same session and are now viewing what seems to be a page of your own store, do not do anything on this page (most important - do not log in or provide any sensitive information!) Close the browser window, then open the browser again and type in a trusted web address for you store website into the address bar of your browser to bypass the link provided in the suspected phishing message. Following these recommendations will fully protect you from attacks of this type.

We have already devised a solution to minimize the risk imposed by this issue and will implement it in one of the future releases of X-Cart software.

The difference in this upgrade is that 4.1.9 contains that solution, i.e. besides usual number of various bug-fixes and minor changes in "every-day" features core of X-Cart v4.1.9 contains a good deal of completely new code which implements multiple protection schemes against the aforementioned and some other phishing ways to hack your online shop using social engineering methods.

The new code in X-Cart v4.1.9 core affected significant number of X-Cart PHP files in different places thus made upgrade to 4.1.9 harder than usual upgrade between minor versions. E.g. upgrade 4.1.8->4.1.9 affects 708 files and 50757 lines of code while upgrade 4.1.7->4.1.8 affects 391 files and 21313 lines of code and those changes between 4.1.8 and 4.1.9 are not just bug-fixes but portions of new code.

If you want to upgrade your store to v4.1.9 I recommend you to read http://forum.x-cart.com/showthread.php?t=35125 before you start.
__________________
Sincerely yours,
Alex Mulin
VP of Business Development for X-Cart
X-Payments product manager
Reply With Quote
  #59  
Old 11-12-2007, 04:30 AM
 
carpeperdiem carpeperdiem is offline
 

X-Guru
  
Join Date: Jul 2006
Location: New York City, USA
Posts: 5,399
 

Default Re: 4.1.9 changelog

Alexander,

Can you please comment on the new sql serialized array and how we should convert a 4.1.8 database to 4.1.9 (as this is hanging many people up and cauding upgrade errors). ?

Can we expect a pacth to toe sql update to correct this at some point?

Can we get an engineer to discuss why the change, and how we can modify our old code to become comptible.

Since there appears to be a data structure change, do you feel this upgrade would qualify for more than a single increment? Shouldnd't 4.1.9 have become 4.2?

I agree that for the most part, a 4.1.9 upgrade can be applied effortlessly in less than a few minutes -- IF the 4.1.8 store doesn't have many changes -- but if the changes are data fleds, there will be issues. Forget template edits -- let's talk real-world... 4.1.9 is great, agreed - but we need to get our 4.1.8 and earlier stores to 4.1.9 --- the database needs to be patched too. How can we do this?

Thanks,

Jeremy
__________________
xcart 4.5.4 gold+ w/x-payments 1.0.6; xcart gold 4.4.4
Reply With Quote
  #60  
Old 11-12-2007, 07:50 AM
 
matt2005 matt2005 is offline
 

Advanced Member
  
Join Date: Dec 2004
Location: Michigan
Posts: 58
 

Default Re: 4.1.9 changelog

I got mine to work.. what I did was apply the patch.sql to the database before updating the rest of the files.. cleared out the template cache and bam! everything worked great..

I only had to manually modify 10-12 files.. nothing too bad.. the only one that took more than a couple minutes was the meta.tpl.. just had to figure out the right spot to put the javascript below my custom code in there.. I use some of the cdseo mods..
__________________
XC4.1.12
Reply With Quote
Reply
   X-Cart forums > News and Announcements


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -8. The time now is 09:32 AM.

   

 
X-Cart forums © 2001-2020