Jump to content

  • You cannot start a new topic
  • You cannot reply to this topic

Critical Cs-Cart Vulnerability: Please Protect Your Store Asap Rate Topic   - - - - -

 
  • tbirnseth
  • CS Cart Expert
  • Authorized Reseller
  • Join Date: 08-Nov 08
  • 11180 posts

Posted 22 November 2017 - 07:54 PM #21

Thanks. My restore was going from 4.6.3 Service Pack 1  to  4.6.3, so it should be ok, then?

 

Thanks for your help.

If the version of the DB  backup and restore are the same (other than the SP1) then you should be fine restoring.


EZ Merchant Solutions: Custom (USA based) B2B Development, Consulting, Development and Special Projects (get a quote here).
Commercial addons, payment methods and modifications to meet your business and operations needs.


 

Posted 01 April 2018 - 12:00 AM #22

Guys, what if I have this on line 98

 if (empty($server['HTTP_USER_AGENT'])) {

instead of advised

 if (empty($server[‘REQUEST_METHOD’])) {

Would I still need to change it to

if (PHP_SAPI === ‘cli’) {

Many thanks

Vic



 
  • tbirnseth
  • CS Cart Expert
  • Authorized Reseller
  • Join Date: 08-Nov 08
  • 11180 posts

Posted 01 April 2018 - 06:11 PM #23

Line 98 of what file?

 

Note that SERVER variables are only set when PHP is launched from a web server (Apache, Ngix, etc.).  However, some instances of a CLI might set some values.  Easiest way is to let cs-cart tell you if it's running in CLI.  If it is, then defined('CONSOLE') would be true.


EZ Merchant Solutions: Custom (USA based) B2B Development, Consulting, Development and Special Projects (get a quote here).
Commercial addons, payment methods and modifications to meet your business and operations needs.


 
  • straygecko
  • Advanced Member
  • Members
  • Join Date: 01-May 13
  • 93 posts

Posted 02 April 2018 - 01:25 AM #24

Line 98 of what file?


I'm sure he's talking about app/Tygh/bootstrap.php, the file the OP is telling him to patch to fix the security vulnerability caused by cs-cart incorrectly identifying console mode and causing the CONSOLE constant to be set incorrectly. The real questions is why line 98? The OP says to look for a particular string not a particular line. The line to be patched is the first line of function initConsoleMode - its line 167 of app/Tygh/bootstrap.php in the couple of versions I looked at.