Jump to content

  • You cannot start a new topic
  • You cannot reply to this topic

CS-Cart.com: New post to 'Important Security Update'‏ Rate Topic   - - - - -

 

Posted 01 September 2008 - 07:20 PM #1

Just wondering if anybody else besides me got the security email from cs cart today regarding the patch

 
  • pbannette
  • Senior Member
  • Members
  • Join Date: 09-Aug 07
  • 1036 posts

Posted 01 September 2008 - 07:23 PM #2

I received one. I would assume that all registered owners would have received a notice.
Bob

 

Posted 01 September 2008 - 08:18 PM #3

I received one. I would assume that all registered owners would have received a notice.
Bob


Correct ...
I've moved on from CS-Cart to WooC******** - If you need anything I can be of little help.

 
  • ThomH
  • Senior Member
  • Members
  • Join Date: 20-Nov 07
  • 1534 posts

Posted 03 September 2008 - 01:56 PM #4

Yes, received. a very good thing.

WebGraphiq offers a wide range of professionally developed, ready to use CS-Cart add-ons to provide additional functionality and boost your sales. The oldest active CS-Cart add-on development team. -- Since 2006 --


CS-CART ADD-ONS | FREE QUOTE | CS-CART DEVELOPMENT | @webgraphiq


 

Posted 04 September 2008 - 12:02 AM #5

It would be nice if you guys posted here also for those who's registered email account no longer exists.

 
  • Darius
  • Douchebag
  • Members
  • Join Date: 20-Apr 08
  • 3231 posts

Posted 04 September 2008 - 06:13 AM #6

It would be nice if you guys posted here also for those who's registered email account no longer exists.


It is available in

http://helpdesk.cs-cart.com/

File area.

 
  • user2008
  • Member
  • Members
  • Join Date: 17-Jan 08
  • 90 posts

Posted 26 October 2008 - 08:35 AM #7

I want to make this patch manually. Because of my fn_common.ph already changed by me.

What is the details for this patch? would you tell me? I remember 1-2 lines changing. but I cannot find description for now..

 
  • The Tool
  • Been Here Way Too Long Member
  • Members
  • Join Date: 30-Mar 07
  • 3716 posts

Posted 26 October 2008 - 08:10 PM #8

Sign in to helpdesk and look for the message. It contains the instructions.

 
  • user2008
  • Member
  • Members
  • Join Date: 17-Jan 08
  • 90 posts

Posted 26 October 2008 - 08:42 PM #9

message not available, may be I have deleted this message and e mail.

only file present in file area. But no instructions.

would you tell me which lines will be edited in fn_common.php ?

 
  • The Tool
  • Been Here Way Too Long Member
  • Members
  • Join Date: 30-Mar 07
  • 3716 posts

Posted 26 October 2008 - 09:32 PM #10

Here you go.


Dear CS-Cart users,

Our company has just released a security patch that eliminates a vulnerability in CS-Cart 1.3.5 (earlier versions are not affected). The vulnerability could allow a malicious user to perform an SQL injection if the "magic_quotes_gpc" PHP setting is disabled on a server.

It is strongly recommended that you install the updates to all your CS-Cart 1.3.5 installations following these instructions:

1) Download the Security Update CS-20080901 archive file under the "Patches" section on the "File area" page in your Customer Help Desk account;
2) Extract it on your local computer;
3) Upload the extracted "fn_common.php" file to the "core" directory of your CS-Cart installation overwriting the default one.

If your "fn_common.php" file is customized, it is required to apply the patch manually:

1) Open the "fn_common.php" file in any text editor (e.g Notepad);
2) Find the following part of the code:

function fn_get_cookie($var)
{
return !empty($_COOKIE['cs_cookies'][$var]) ? $_COOKIE['cs_cookies'][$var] : '';
}

and replace it with this one:

function fn_get_cookie($var)
{
return !empty($_COOKIE['cs_cookies'][$var]) ? (defined('QUOTES_ENABLED') ? $_COOKIE['cs_cookies'][$var] : addslashes($_COOKIE['cs_cookies'][$var])) : '';
}

Please contact the CS-Cart support team, if you experience any problems with applying the patch or have any questions related to this issue.

--
Thank you
CS-Cart team



 
  • dcontois
  • Member
  • Members
  • Join Date: 29-Mar 07
  • 32 posts

Posted 06 November 2008 - 03:03 PM #11

Hi,

Can anyone tell me if this patch has been applied to 1.3.5 SP4?
Do I have to apply the above code change to SP4?

Thanks!

 
  • ThomH
  • Senior Member
  • Members
  • Join Date: 20-Nov 07
  • 1534 posts

Posted 06 November 2008 - 03:09 PM #12

Hi,

Can anyone tell me if this patch has been applied to 1.3.5 SP4?
Do I have to apply the above code change to SP4?

Thanks!


sp4 contains this update

WebGraphiq offers a wide range of professionally developed, ready to use CS-Cart add-ons to provide additional functionality and boost your sales. The oldest active CS-Cart add-on development team. -- Since 2006 --


CS-CART ADD-ONS | FREE QUOTE | CS-CART DEVELOPMENT | @webgraphiq