June 2009 Admin Security Patch vs some Addons/Contributions
We have had some reports that the current security patch is affecting the operation of some contributions.
The symptom would typically be, trying to carry out some action (a form post) and being redirected to the admin home page, and the form post failing.
The security patch is intended to modify the way forms are submitted, by automatically appending a hidden field containing a security token. This token is then used to 'validate' the form. This is intended to add protection against XSRF attacks.
If a contribution does not use the zen_draw_form function, by either using a hard coded <form> tag, or using its own function for rendering the form, it will fail the security check.
Contribution authors should update their code asap.
Any one having problems with admin contributions should post to the appropriate contributions thread.
NOTE: The security patch has no affect on your store code and will not affect the operation of the store itself.
Last edited by wilt; 24 Jun 2009 at 02:37 PM.
By maria82g in forum General Questions
Last Post: 1 Jul 2009, 04:59 AM
By marcopolo in forum General Questions
Last Post: 30 Jun 2009, 07:54 PM
By DrByte in forum Zen Cart Release Announcements
Last Post: 1 Jul 2007, 10:57 PM
Content and Graphics Copyright (c) 2003 - 2013 Zen Ventures, LLC - all rights reserved
Zen Cart® is a Registered Trademark of Zen Ventures, LLC