Al Brookbanks Posted December 6, 2004 Share Posted December 6, 2004 Please download the latest stable release of CubeCart 2.0.3 below: CubeCart 2.0.3 Upgrade instructions are provided with in the download package and outlined below: PLEASE ENSURE YOU HAVE UPGRADED FROM 2.0.1 BEFORE MAKING THESE CHANGES Link to comment Share on other sites More sharing options...
Al Brookbanks Posted December 6, 2004 Author Share Posted December 6, 2004 ################################################## ###### UPGRADE FROM CubeCart 2.0.2 to 2.0.3 ###### ################################################## This update fixes Server Path Disclosure and a bug in register.php Upgrade instructions: Please follow the instructions outlined below. Estimated time: 10 Mins. If you have a version of CubeCart which has no modifications simply overwrite the files on your server with the ones listed below. If you have made modifications please follow the manual instructions below. Changed files: 1. register.php 2. link_navi.php 3. ver.php PLEASE REPORT AND BUGS RELATED TO THIS UPGRADE FILE TO [email protected] AT THE FIRST OPPORTUNITY. ################################# ## START OF MANUAL FIX ################################# Files to edit: 1. register.php /////////////////////////////// // Open register.php //////// At around line 33 find: +---------------------------------------------------- include("admin/config.php"); +---------------------------------------------------- Directly after this on the next line add: +---------------------------------------------------- include( "admin/settings.inc.php"); +---------------------------------------------------- At around line 39, 68, 99, 128, 158, 188 but NOT line 297 Remove the line +---------------------------------------------------- include( "admin/settings.inc.php"); +---------------------------------------------------- 2. link_navi /////////////////////////////// // Open link_navi.php //////// Directly after line 28 +---------------------------------------------------- // build link navigation for current category +---------------------------------------------------- After add: +---------------------------------------------------- include_once("admin/settings.inc.php"); +---------------------------------------------------- Find line 34 +---------------------------------------------------- $sql_1 = "select * from ".$prefix."store_category where cat_id = $cat_id"; +---------------------------------------------------- Replace it with: +---------------------------------------------------- $sql_1 = "select * from ".$prefix."store_category where cat_id = '".cleanData($cat_id,"int")."'"; +---------------------------------------------------- 3. ver.php /////////////////////////////// // Open ver.php //////// Find +---------------------------------------------------- <?php $estore_ver="2.0.2"; ?> +---------------------------------------------------- Replace it with: +---------------------------------------------------- <?php $estore_ver="2.0.3"; ?> +---------------------------------------------------- ################################# ## END OF MANUAL FIX ################################# Link to comment Share on other sites More sharing options...
Recommended Posts