If you are referring to the XSS protection patch - Nov 30 2009...
Question 1:
/admin/index.php
Look for this existing block of code:
Replace existing block of code with this new block of code (note that the lines in red are the only new lines being added):Code:while (!$customers->EOF) { echo ' <div class="row"><span class="left"><a href="' . zen_href_link(FILENAME_CUSTOMERS, 'search=' . $customers->fields['customers_lastname'] . '&origin=' . FILENAME_DEFAULT, 'NONSSL') . '" class="contentlink">'. $customers->fields['customers_firstname'] . ' ' . $customers->fields['customers_lastname'] . '</a></span><span class="rigth">' . "\n"; echo zen_date_short($customers->fields['customers_info_date_account_created']); echo ' </span></div>' . "\n"; $customers->MoveNext(); }
Code:while (!$customers->EOF) { $customers->fields['customers_firstname'] = zen_output_string_protected($customers->fields['customers_firstname']); $customers->fields['customers_lastname'] = zen_output_string_protected($customers->fields['customers_lastname']); echo ' <div class="row"><span class="left"><a href="' . zen_href_link(FILENAME_CUSTOMERS, 'search=' . $customers->fields['customers_lastname'] . '&origin=' . FILENAME_DEFAULT, 'NONSSL') . '" class="contentlink">'. $customers->fields['customers_firstname'] . ' ' . $customers->fields['customers_lastname'] . '</a></span><span class="rigth">' . "\n"; echo zen_date_short($customers->fields['customers_info_date_account_created']); echo ' </span></div>' . "\n"; $customers->MoveNext(); }
Question 2:
You should have more lines in that file (unless it's been modified for some reason). Make sure you are editing the correct file. I checked the stock 1.3.8a files and the /admin/customers.php file has 1227 lines.
/admin/customers.php
Look for this existing block of code:
Replace with this new block of code (note the line in red is the only new line being added):Code:default: if (isset($cInfo) && is_object($cInfo)) { $customers_orders = $db->Execute("select o.orders_id, o.date_purchased, o.order_total, o.currency, o.currency_value,
Code:default: if (isset($cInfo) && is_object($cInfo)) { if (isset($_GET['search'])) $_GET['search'] = zen_output_string_protected($_GET['search']); $customers_orders = $db->Execute("select o.orders_id, o.date_purchased, o.order_total, o.currency, o.currency_value,



