Customer address data security patch
Thank you to the Zen Cart team and the other contributors for finding and fixing this issue.
Two questions, after installing the patch and running the SQL patch.
1. The spam customer records are not deleted. Just curious to know why? The leave an audit trail? Less risk to just disable the thread but not delete?
2. The clean up check page still reports spam accounts after running the patch. I still get the "80 statement(s) processed" message. Is that to be expected?
Re: Customer address data security patch
They're not removed to, as indicated, keep the audit-trail but also to keep the database-schema 'intact'.
I'm guessing that the message you refer to is coming from the Install SQL Patches tool, correct? If so, that's to be expected.
Re: Customer address data security patch
Note, too, that the checker-tool simply looks for any changes made by the SQL script and reports if any such changes were made.
Re: Customer address data security patch
Quote:
Originally Posted by
lat9
They're not removed to, as indicated, keep the audit-trail but also to keep the database-schema 'intact'.
I'm guessing that the message you refer to is coming from the Install SQL Patches tool, correct? If so, that's to be expected.
Thanks for confirming #1
I think my second question was confusing. Let me clarify. After running the SQL patch, the file 'spam_cleanup_check.php' uploaded to the admin folder is still reporting spam accounts.
Having said that, I see the file is looking for four specific pieces of text, so very likely it's a false positive. On one site, I see a valid customer with fake###################### as the email address. The rest of the record looks like a simple test custom account.
Re: Customer address data security patch
The patch zip files have been updated to fix the spam_cleanup_check.php false-positives.
Re: Customer address data security patch
Quote:
Originally Posted by
DrByte
The patch zip files have been updated to fix the spam_cleanup_check.php false-positives.
Thank you!!
Re: Customer address data security patch
Hi, I'm running 1.5.8a and do not have a includes/functions/database.php file to replace. Should I just add the new file or do I have other issues?
Re: Customer address data security patch
There should be a file called `includes/functions/database.php` starting from the root of your shop. This is not under the admin, this is a storefront file.
Re: Customer address data security patch
Thanks for the speedy reply.
There is definitely no database.php file in /public_html/includes/functions folder.
However I do have one in my /public_html/admin***/includes/functions folder.
Re: Customer address data security patch
Quote:
Originally Posted by
att_mike
Thanks for the speedy reply.
There is definitely no database.php file in /public_html/includes/functions folder.
However I do have one in my /public_html/admin***/includes/functions folder.
Are you sure you're running on zc158a? That release (a) has /includes/functions/database.php and (b) does not have an admin/includes/functions/database.php.
I'm having a hard time envisioning a zc158a storefront that's not going to whitescreen without that storefront function file.