Al Brookbanks Posted January 2, 2006 Share Posted January 2, 2006 It has come to our attention that the fix released before the new year for remote scripting attacks has caused a 403 error for many. To patch your store please follow the following instructions. This has been tested with Register Globals On and Off and is a good patch for now. We are also working to release a rock solid version using defined constants rather than variables wich will take a reasonable amount of recoding. We have instructions below from 3.0.x - 3.0.7-pl1 and 3.0.7 - 3.0.7-pl1 or download CubeCart_3.0.7-pl1 Instructions for 3.0.x - 3.0.7-pl1: Pease open the following files: includes/orderSuccess.inc.php <-- Vital File to Patch includes/content/viewProd.inc.php includes/content/viewOrders.inc.php includes/content/viewOrder.inc.php includes/content/viewDoc.inc.php includes/content/viewcat.inc.php includes/content/unsubscribe.inc.php includes/content/tellafriend.inc.php includes/content/overWeight.inc.php includes/content/noShip.inc.php includes/content/newsletter.inc.php includes/content/logout.inc.php includes/content/login.inc.php includes/content/index.inc.php includes/content/gateway.inc.php includes/content/forgotPass.inc.php includes/content/dnExpire.inc.php includes/content/confirmed.inc.php includes/content/changePass.inc.php includes/content/cart.inc.php includes/content/account.inc.php includes/boxes/siteDocs.inc.php includes/boxes/shoppingCart.inc.php includes/boxes/session.inc.php includes/boxes/searchForm.inc.php includes/boxes/saleItems.inc.php includes/boxes/randomProd.inc.php includes/boxes/popularProducts.inc.php includes/boxes/mailList.inc.php includes/boxes/language.inc.php includes/boxes/info.inc.php includes/boxes/currency.inc.php includes/boxes/categories.inc.php includes/boxes/cartNavi.inc.php includes/session.inc.php includes/currencyVars.inc.php includes/sslSwitch.inc.php admin/includes/auth.inc.php admin/includes/currencyVars.inc.php admin/includes/footer.inc.php admin/includes/header.inc.php admin/includes/navigation.inc.php Find at around line 31: if(!isset($config)){ or: if(!isset($glob)){ Replace this with: if (ereg(".inc.php",$HTTP_SERVER_VARS['PHP_SELF'])) { If you recieve a notice your version is out of date in admin... open includes/ini.inc.php and change: $ini['CCver'] = '30011'; to $ini['CCver'] = '30012'; Instructions for 3.0.7 - 3.0.7-pl1: To repatch yout store from 3.0.7 to 3.0.7-pl1 please see the changes in the attached HTML document below. If you recieve a notice your version is out of date in admin... open includes/ini.inc.php and change: $ini['CCver'] = '30011'; to $ini['CCver'] = '30012'; Link to comment Share on other sites More sharing options...
Recommended Posts