-
Posts
6,681 -
Joined
-
Last visited
-
Days Won
125
Posts posted by Al Brookbanks
-
-
To add a link on your CubeCart powered site please follow the instructions in this post:
http://www.cubecart.com/site/forums/index....indpost&p=19987
Thanks to Booker :)
-
-
Thanks for this. We've added it to our homepage too.
Any other donation links for other countries welcome.
-
125,000+ dead, 5 Million Homeless and desperate help needed. A little money goes a long way...
Read more at BBC News
For UK donations:
For USA donations:
https://www.redcross.org/donate/donation-form.asp
or choose
http://www.usaid.gov/locations/asia_near_e...mi/ngolist.html
For Australian donations:
https://www.redcross.org.au/Donations/onlin...miDonations.asp
For Dutch donations:
For Belgium donations:
http://www.ikwilhelpen.be/iwh/action.php?aid=4
For German donations:
-
Yeah some nice ideas...
We would upgrade this board but the whole site has been built around it and it has even had a little customisation so its low priority.
Oh and you have to pay to download the IPB2 now. We only purchased copyright removal at $275 I think as support etc isn't required.
Maybe sometime next year we will spare the time and cash to do this.
I like the idea about mods to.. but again its time and priority.
-
I think Stjinj summed this up perfectly...
The voting system has a look up table to store IP address per vote and sets a cookie. You can only vote for your store once a week unless you spoof your IP and delete the cookie every time. Or have a dynamic IP and delete the cookie.
This is about as much security you can take for voting systems.
Obviously any suggestions are always welcome...
p.s. you should be able to edit your listing if logged on. Please email any bugs to us as the 3rd Party section of CubeCart.com was muddled together in about half a day.
-
apachectl graceful
-
Thanks to you all for your support and custom over 2004.
Have a fantastic Christmas and all the best for the new year.
-
Hello folks,
In an attempt to clean these forums of 3rd party people/companies offering services, a new site section has been made ...
The intention of this is to make a place where you can freely advertise your services and people can leave feedback about their experience.
Check it out:
http://www.cubecart.com/site/3rdparty/
Many thanks to Stijnj for his suggestions and input.
Please note that a far improved modifications section is on its way too.
This section is brand new so please contact us if any bugs are found.
-
################################################## ###### UPGRADE FROM CubeCart 2.0.2 to 2.0.3 ###### ################################################## This update fixes Server Path Disclosure and a bug in register.php Upgrade instructions: Please follow the instructions outlined below. Estimated time: 10 Mins. If you have a version of CubeCart which has no modifications simply overwrite the files on your server with the ones listed below. If you have made modifications please follow the manual instructions below. Changed files: 1. register.php 2. link_navi.php 3. ver.php PLEASE REPORT AND BUGS RELATED TO THIS UPGRADE FILE TO [email protected] AT THE FIRST OPPORTUNITY. ################################# ## START OF MANUAL FIX ################################# Files to edit: 1. register.php /////////////////////////////// // Open register.php //////// At around line 33 find: +---------------------------------------------------- include("admin/config.php"); +---------------------------------------------------- Directly after this on the next line add: +---------------------------------------------------- include( "admin/settings.inc.php"); +---------------------------------------------------- At around line 39, 68, 99, 128, 158, 188 but NOT line 297 Remove the line +---------------------------------------------------- include( "admin/settings.inc.php"); +---------------------------------------------------- 2. link_navi /////////////////////////////// // Open link_navi.php //////// Directly after line 28 +---------------------------------------------------- // build link navigation for current category +---------------------------------------------------- After add: +---------------------------------------------------- include_once("admin/settings.inc.php"); +---------------------------------------------------- Find line 34 +---------------------------------------------------- $sql_1 = "select * from ".$prefix."store_category where cat_id = $cat_id"; +---------------------------------------------------- Replace it with: +---------------------------------------------------- $sql_1 = "select * from ".$prefix."store_category where cat_id = '".cleanData($cat_id,"int")."'"; +---------------------------------------------------- 3. ver.php /////////////////////////////// // Open ver.php //////// Find +---------------------------------------------------- <?php $estore_ver="2.0.2"; ?> +---------------------------------------------------- Replace it with: +---------------------------------------------------- <?php $estore_ver="2.0.3"; ?> +---------------------------------------------------- ################################# ## END OF MANUAL FIX #################################
-
Please download the latest stable release of CubeCart 2.0.3 below:
Upgrade instructions are provided with in the download package and outlined below:
PLEASE ENSURE YOU HAVE UPGRADED FROM 2.0.1 BEFORE MAKING THESE CHANGES
-
Yeah yetisports rocks.
-
I did all the popup score charts and competition pages. :D
-
-
Rebooted apache and all is looking good. :D
-
True but the server is using too much memory and is 25% disk swapping which is bad news!
Need to get that sorted.
-
Yeah it's because I have a slight config issue on the server and 94 processes are running at once....
Hmmmmmm.... need to get a managed solution soon.
Sorry folks.
-
Hello folks CC.com is run on a dedicated server (with only 3 websites on) but I find it is slow at times... does anybody else find this?
Posting a forum post can take a few seconds sometimes...?!?!?
-
################################################## ###### UPGRADE FROM CubeCart 2.0.1 to 2.0.2 ###### ################################################## This update fixes some important security issues which may otherwise lead to MySQL Injection or Server Path Disclosure. Upgrade instructions: Please follow the instructions outlined below. Estimated time: 5 Mins to 1hr depending on experience and upgrade method. If you have a version of CubeCart which has no modifications simply overwrite the files on your server with the ones listed below. If you are a licensed customer please edit admin/settings.inc.php manually as outlined below. IMPORTANT. MANUAL UPDATE MAY TAKE UPTO ONE HOUR DEPENDING ON EXPERIENCE. IF YOU HAVE LIMITED TIME PLEASE USE QUICK FIX METHOD (A) AND THEN DO A COMPLETE UPGRADE AT YOUR CONVENIANCE (RECOMMENDED FIX METHOD (B)). See below. PLEASE REPORT AND BUGS RELATED TO THIS UPGRADE FILE TO [email protected] AT THE FIRST OPPORTUNITY. ################################# ## START OF QUICK FIX METHOD (A) ################################# Files to edit: 1. index.php /////////////////////////////// //Open index.php //////// At around line 169 find: +---------------------------------------------------- $sql_select = mysql_query( "SELECT * FROM ".$prefix."store_category where cat_father_id = $cat_id order by $cat_order"); +---------------------------------------------------- Replace with: +---------------------------------------------------- $sql_select = mysql_query( "SELECT * FROM ".$prefix."store_category where cat_father_id = '$cat_id' order by $cat_order"); +---------------------------------------------------- ################################# ## END OF QUICK FIX METHOD ################################# ################################# ## START OF RECOMMENDED FIX METHOD (B) ################################# Files to edit: 1. admin/settings.inc.php 2. index.php 3. view_product.php 4. tellafriend.php 5. view_cart.php 6. ver.php 7. login.php ################################################## ###### START OF MANUAL UPGRADE INSTRUCTIONS ###### ################################################## /////////////////////////////// //Open admin/settings.inc.php //////// At around line 246 find: +---------------------------------------------------- ?> +---------------------------------------------------- Replace with: +---------------------------------------------------- function cleanData($variable, $type, $theDefinedValue = "", $theNotDefinedValue = "") { Â $variable = (!get_magic_quotes_gpc()) ? addslashes($variable) : $variable; Â switch ($type) { Â Â case "text": Â Â Â $variable = ($variable != "") ? $variable : "NULL"; Â Â Â break; Â Â Â Â case "long": Â Â case "int": Â Â Â $variable = ($variable != "") ? intval($variable) : "NULL"; Â Â Â break; Â Â case "double": Â Â Â $variable = ($variable != "") ? doubleval($variable) : "NULL"; Â Â Â break; Â Â case "date": Â Â Â $variable = ($variable != "") ? $variable : "NULL"; Â Â Â break; Â Â case "defined": Â Â Â $variable = ($variable != "") ? $theDefinedValue : $theNotDefinedValue; Â Â Â break; Â } Â return $variable; } ?> +---------------------------------------------------- /////////////////////////////// // Open view_doc.php //////// At around line 42 find +---------------------------------------------------- $sql = "select doc_name,doc_content from ".$prefix."store_docs where doc_id='$view_doc'"; +---------------------------------------------------- Replace with: +---------------------------------------------------- $sql = "select doc_name,doc_content from ".$prefix."store_docs where doc_id=".cleanData($view_doc,"int"); +---------------------------------------------------- /////////////////////////////// //Open index.php //////// At around line 154 find: +---------------------------------------------------- $sql_select = mysql_query( "SELECT * FROM ".$prefix."store_category where cat_id='$cat_id' order by $cat_order"); +---------------------------------------------------- Replace with: +---------------------------------------------------- $sql_select = mysql_query( "SELECT * FROM ".$prefix."store_category where cat_id='".cleanData($cat_id,"int")."' order by ".cleanData($cat_order,"text")); +---------------------------------------------------- At around line 169 find: +---------------------------------------------------- $sql_select = mysql_query( "SELECT * FROM ".$prefix."store_category where cat_father_id = $cat_id order by $cat_order"); +---------------------------------------------------- Replace with: +---------------------------------------------------- $sql_select = mysql_query( "SELECT * FROM ".$prefix."store_category where cat_father_id = '".cleanData($cat_id,"int")."' order by ".cleanData($cat_order,"text")); +---------------------------------------------------- Find at around Line 242: +---------------------------------------------------- $query_count = " SELECT * FROM ".$prefix."store_inventory where cat_id='$cat_id' order by $prod_order"; +---------------------------------------------------- Change to: +---------------------------------------------------- $query_count = " SELECT * FROM ".$prefix."store_inventory where cat_id='".cleanData($cat_id,"int")."' order by ".cleanData($prod_order,"text"); +---------------------------------------------------- Find at around line 251: +---------------------------------------------------- $query = "SELECT * FROM ".$prefix."store_inventory where cat_id='$cat_id' order by $prod_order LIMIT $limitvalue, $limit"; +---------------------------------------------------- Replace with: +---------------------------------------------------- $query = "SELECT * FROM ".$prefix."store_inventory where cat_id='".cleanData($cat_id,"int")."' order by ".cleanData($prod_order,"text")." LIMIT ".$limitvalue.", ".cleanData($limit,"int"); Â +---------------------------------------------------- /////////////////////////////// // Open view_product.php //////// Find at around line 52: +---------------------------------------------------- $select_prod = mysql_query( "SELECT * FROM ".$prefix."store_inventory WHERE product='$product'"); +---------------------------------------------------- Replace with: +---------------------------------------------------- $select_prod = mysql_query( "SELECT * FROM ".$prefix."store_inventory WHERE product='".cleanData($product,"text")."'"); +---------------------------------------------------- Find at around line 77: +---------------------------------------------------- $sql_update = "update ".$prefix."store_inventory set popularity='$new_pop' where product='$product';"; +---------------------------------------------------- Replace with: +---------------------------------------------------- $sql_update = "update ".$prefix."store_inventory set popularity='$new_pop' where product='".cleanData($product,"text")."'"; +---------------------------------------------------- Find at around line 84: +---------------------------------------------------- $select_cat = mysql_query( "SELECT * FROM ".$prefix."store_category WHERE cat_id='$cat_id'"); +---------------------------------------------------- Replace with: +---------------------------------------------------- $select_cat = mysql_query( "SELECT * FROM ".$prefix."store_category WHERE cat_id='".cleanData($cat_id,"int")."'"); +---------------------------------------------------- /////////////////////////////// // Open file tellafriend.php //////// At around line 45 find: +---------------------------------------------------- $select = mysql_query ("select * from ".$prefix."store_inventory where product='$product'"); +---------------------------------------------------- Replace with: +---------------------------------------------------- $select = mysql_query ("select * from ".$prefix."store_inventory where product='".cleanData($product,"text")."'"); +---------------------------------------------------- /////////////////////////////// // Open file view_cart.php //////// At around line 48: +---------------------------------------------------- $result = mysql_query("SELECT * FROM ".$prefix."store_inventory WHERE product='$add'"); +---------------------------------------------------- Replace with: +---------------------------------------------------- $result = mysql_query("SELECT * FROM ".$prefix."store_inventory WHERE product='".cleanData($add,"text")."'"); +---------------------------------------------------- Find at around line 94: +---------------------------------------------------- $result = mysql_query("SELECT * FROM ".$prefix."store_inventory WHERE product='$remove'"); +---------------------------------------------------- Replace with: +---------------------------------------------------- $result = mysql_query("SELECT * FROM ".$prefix."store_inventory WHERE product='".cleanData($remove,"text")."'"); +---------------------------------------------------- Find at about line 128: +---------------------------------------------------- mysql_query( "DELETE FROM ".$prefix."store_shopping WHERE session='$session' AND id='$prod_id'"); +---------------------------------------------------- Replace with: +---------------------------------------------------- mysql_query( "DELETE FROM ".$prefix."store_shopping WHERE session='".cleanData($session,"text")."' AND id='".cleanData($prod_id,"text")."'"); +---------------------------------------------------- /////////////////////////////// //Open ver.php //////// At around line 2 find: +---------------------------------------------------- $estore_ver="2.0.1"; +---------------------------------------------------- Replace with: +---------------------------------------------------- $estore_ver="2.0.2"; +---------------------------------------------------- /////////////////////////////// // Open login.php //////// At around line 35 find: +---------------------------------------------------- if ($email && $password) +---------------------------------------------------- Replace with: +---------------------------------------------------- if ($_POST['email'] && $_POST['password']) +---------------------------------------------------- At around line 39 find: +---------------------------------------------------- $query = "select * from ".$prefix."store_customer where email='$email' and password=('$passwd')"; +---------------------------------------------------- Replace with: +---------------------------------------------------- $query = "select * from ".$prefix."store_customer where email='".cleanData($_POST['email'],"text")."' and password=('$passwd')"; +---------------------------------------------------- ################################# ## END OF RECOMMENDED FIX METHOD (B) #################################
-
Hello,
CC 2.0.2 has been released today which fixes possible SQL Injection and/or path disclosure in its predecessor.
Please download this here: CubeCart 2.0.2
Upgrade instructions are provided with in the download package and outlined below:
-
Below is a screenshot of the current standard product listing page. This has been built using 100% seperated php code from the template files which are simple html.
This means that CubeCart 3 can be skinned so that each install can look completely individual and with absolutely no php knowledge required. Whats better is that different template files will be available.
Please remember that we expect this new version to be released early next year.
-
There's only been 2 days a week available to develop it which has meant slow progress. The whole of december, january and febuary will be available for intensuve work.
The code will be far more modular, efficient and secure.
-
lol I expect Febuary to be the date.
-
As another step to improve support for our customers all emails sent through this website by our customers are flagged that you are in this member group (if you are logged in).
Although support is not offered with a License Key purchase we can now determine emails sent from prospective customers and existing ones in order to prioritise work accordingly.
Keep your eyes peeled as we introduce further incentives for our customers over the next few months.
:P
DISASTER IN ASIA
in General Discussion
Posted
I added it to the news post thanks Booker.