Jump to content

Improved Security Fix & 3.0.7-pl1 Released


Recommended Posts

It has come to our attention that the fix released before the new year for remote scripting attacks has caused a 403 error for many.

To patch your store please follow the following instructions. This has been tested with Register Globals On and Off and is a good patch for now. We are also working to release a rock solid version using defined constants rather than variables wich will take a reasonable amount of recoding.

We have instructions below from 3.0.x - 3.0.7-pl1 and 3.0.7 - 3.0.7-pl1

or download CubeCart_3.0.7-pl1

Instructions for 3.0.x - 3.0.7-pl1:

Pease open the following files:

includes/orderSuccess.inc.php <-- Vital File to Patch

includes/content/viewProd.inc.php

includes/content/viewOrders.inc.php

includes/content/viewOrder.inc.php

includes/content/viewDoc.inc.php

includes/content/viewcat.inc.php

includes/content/unsubscribe.inc.php

includes/content/tellafriend.inc.php

includes/content/overWeight.inc.php

includes/content/noShip.inc.php

includes/content/newsletter.inc.php

includes/content/logout.inc.php

includes/content/login.inc.php

includes/content/index.inc.php

includes/content/gateway.inc.php

includes/content/forgotPass.inc.php

includes/content/dnExpire.inc.php

includes/content/confirmed.inc.php

includes/content/changePass.inc.php

includes/content/cart.inc.php

includes/content/account.inc.php

includes/boxes/siteDocs.inc.php

includes/boxes/shoppingCart.inc.php

includes/boxes/session.inc.php

includes/boxes/searchForm.inc.php

includes/boxes/saleItems.inc.php

includes/boxes/randomProd.inc.php

includes/boxes/popularProducts.inc.php

includes/boxes/mailList.inc.php

includes/boxes/language.inc.php

includes/boxes/info.inc.php

includes/boxes/currency.inc.php

includes/boxes/categories.inc.php

includes/boxes/cartNavi.inc.php

includes/session.inc.php

includes/currencyVars.inc.php

includes/sslSwitch.inc.php

admin/includes/auth.inc.php

admin/includes/currencyVars.inc.php

admin/includes/footer.inc.php

admin/includes/header.inc.php

admin/includes/navigation.inc.php

Find at around line 31:

if(!isset($config)){





or:


if(!isset($glob)){





Replace this with:


if (ereg(".inc.php",$HTTP_SERVER_VARS['PHP_SELF'])) {



If you recieve a notice your version is out of date in admin...



open includes/ini.inc.php and change:


$ini['CCver'] = '30011';



to


$ini['CCver'] = '30012';



Instructions for 3.0.7 - 3.0.7-pl1:



To repatch yout store from 3.0.7 to 3.0.7-pl1 please see the changes in the attached HTML document below.



If you recieve a notice your version is out of date in admin...



open includes/ini.inc.php and change:


$ini['CCver'] = '30011';



to


$ini['CCver'] = '30012';

Link to post
Share on other sites

×
×
  • Create New...