Question about certain patch edits

[cmrsf1]

I just spent about an hour trying to figure out where to post this question so I hope this spot is okay!

When going thru the patches recommended by Dr. Byte, the one for the admin/index.php is:
********************************
while (!$customers->EOF) {
$customers->fields['customers_firstname'] = zen_output_string_protected($customers->fields['customers_firstname']);
$customers->fields['customers_lastname'] = zen_output_string_protected($customers->fields['customers_lastname']);
echo ' <div class="row"><span class="left"><a href="' . zen_href_link(FILENAME_CUSTOMERS ....(code snipped here for brevity)........
*********************************
When going in to add this, I'm not sure what it means where it says ....(code snipped here for brevity)........

Here is the code in the original file:
***********************************
while (!$customers->EOF) {
echo ' <div class="row"><span class="left"><a href="' . zen_href_link(FILENAME_CUSTOMERS, 'search=' . $customers->fields['customers_lastname'] . '&origin=' . FILENAME_DEFAULT, 'NONSSL') . '" class="contentlink">'. $customers->fields['customers_firstname'] . ' ' . $customers->fields['customers_lastname'] . '</a></span><span class="rigth">' . "\n";
**************************************
Do I replace all the code down to the last of the original which is: "\n"; or just where do I end this snippet?

Code snipped here for brevity is rather confusing...

Thanks!
Casey

[cmrsf1]

Since I couldn't edit my first post, here is another question. When I went to edit the admin/customers.php file, it said that the new code should go "about line 1173". There are only 1135 lines total. Where should I add the new code?

This is my second zen cart so I'm not a total newbie but these pathes could use just a bit more explanation, or is there a more appropriate section where I should be looking? I've tried faq's and searches...

Thanks!
Casey

[Crunch]

If you are referring to the XSS protection patch - Nov 30 2009...

Question 1:

/admin/index.php
Look for this existing block of code:

Code:

  while (!$customers->EOF) {
    echo '              <div class="row"><span class="left"><a href="' . zen_href_link(FILENAME_CUSTOMERS, 'search=' . $customers->fields['customers_lastname'] . '&origin=' . FILENAME_DEFAULT, 'NONSSL') . '" class="contentlink">'. $customers->fields['customers_firstname'] . ' ' . $customers->fields['customers_lastname'] . '</a></span><span class="rigth">' . "\n";
    echo zen_date_short($customers->fields['customers_info_date_account_created']);
    echo '              </span></div>' . "\n";
    $customers->MoveNext();
  }

Replace existing block of code with this new block of code (note that the lines in red are the only new lines being added):

Code:

  while (!$customers->EOF) {
  	        $customers->fields['customers_firstname'] = zen_output_string_protected($customers->fields['customers_firstname']);
	        $customers->fields['customers_lastname'] = zen_output_string_protected($customers->fields['customers_lastname']);
    echo '              <div class="row"><span class="left"><a href="' . zen_href_link(FILENAME_CUSTOMERS, 'search=' . $customers->fields['customers_lastname'] . '&origin=' . FILENAME_DEFAULT, 'NONSSL') . '" class="contentlink">'. $customers->fields['customers_firstname'] . ' ' . $customers->fields['customers_lastname'] . '</a></span><span class="rigth">' . "\n";
    echo zen_date_short($customers->fields['customers_info_date_account_created']);
    echo '              </span></div>' . "\n";
    $customers->MoveNext();
  }

Question 2:

You should have more lines in that file (unless it's been modified for some reason). Make sure you are editing the correct file. I checked the stock 1.3.8a files and the /admin/customers.php file has 1227 lines.

/admin/customers.php

Look for this existing block of code:

Code:

    default:
      if (isset($cInfo) && is_object($cInfo)) {
        $customers_orders = $db->Execute("select o.orders_id, o.date_purchased, o.order_total, o.currency, o.currency_value,

Replace with this new block of code (note the line in red is the only new line being added):

Code:

    default:
      if (isset($cInfo) && is_object($cInfo)) {
        if (isset($_GET['search'])) $_GET['search'] = zen_output_string_protected($_GET['search']);
	    $customers_orders = $db->Execute("select o.orders_id, o.date_purchased, o.order_total, o.currency, o.currency_value,

[Crunch]

To answer your 3rd question about where to post this...

I probably would of posted your questions in the General section. This code suggestions section is used for "suggesting changes to existing code in order to do something more efficiently or more creatively."

Anyway, happy patching and good luck.

[cmrsf1]

Thanks for the info on the index.php file. I've updated that and it seems to work fine. As for the customers.php, I'm using version 1.3.7 I guess that could make a difference! I was hoping to wait for 2.0 to do any more upgrading. From the description, this doesn't seem to be a critical patch but I was just trying to follow directions.

I had gone into the general section at one point and then decided against posting there. guess I should have gone with my intuition but then, again, you found me here!

Thanks...!