Help
Posted 13 August 2008 - 09:20 AM
The patch is very straightforward.
Open the file ini.inc.php and locate:
if (preg_match('#([^a-z0-9\-\_\:\@\|])#i', urldecode($key))) {
echo urldecode($key);
$die = "<h1 style='font-family: Arial, Helvetica, sans-serif; color: red;'>Security Warning</h1><p style='font-family: Arial, Helvetica, sans-serif; color: #000000;'>\nParsed array keys can not contain illegal characters! Script execution has been halted.</p><p style='font-family: Arial, Helvetica, sans-serif; color: #000000;'>It may be possible to fix this error by deleting your browsers cookies and refresh this page.</p>\n";
die($die);
}Replace this code with:
if (preg_match('#([^a-z0-9\-\_\:\@\|])#i', urldecode($key))) {
$die = "<h1 style='font-family: Arial, Helvetica, sans-serif; color: red;'>Security Warning</h1><p style='font-family: Arial, Helvetica, sans-serif; color: #000000;'>\nParsed array keys can not contain illegal characters! Script execution has been halted.</p><p style='font-family: Arial, Helvetica, sans-serif; color: #000000;'>It may be possible to fix this error by deleting your browsers cookies and refresh this page.</p>\n";
die($die);
}Once that has been done please upload the file back to the server and your store has been patched. The offending code is the line:
echo urldecode($key);before the line starting
$die = "<h1 style='font-family: Ari...If your stores doesn't have that line then no action is required.
We take security very seriously and will investigate every case reported thoroughly. In this occasion we have been able to produce a patch within an hour or the vulnerability report. CubeCart version 4.2.3 is due for release very soon which will contain this security update and other bug fixes.
If you have an active support plan and need assistance our staff will be willing to assist you in applying this patch. Please accept our apologies for any inconvenience this may cause.
Back to top
MultiQuote
