Thread: For DR Byte

Results 1 to 3 of 3
  1. 18 Aug 2006, 01:53 PM #1
    BlushFashions
    BlushFashions is offline Zen Follower
    Join Date
    Jul 2006
    Location
    South Shields - UK
    Posts
    124
    Plugin Contributions
    0

    Default For DR Byte

    Hello Dr Byte

    I have completed your new secirity bug fix:

    http://www.zen-cart.com/forum/showthread.php?t=43579

    However could I confim that where you mention

    should be several lines:
    Code:
    $sql = "SELECT *
    FROM " . TABLE_PAYPAL_SESSION . "
    WHERE session_id = :sessionID";
    $sql = $db->bindVars($sql, ':sessionID', $session_stuff[1], 'string');

    There is only 4 lines of code

    Also how can we test these fixes..... what screens should we use?

    Yours Blushfashions
  2. 18 Aug 2006, 01:57 PM #2
    DrByte's Avatar
    DrByte
    DrByte is offline Sensei
    Join Date
    Jan 2004
    Posts
    66,443
    Plugin Contributions
    279

    Default Re: For DR Byte

    ---------------------------

    includes/modules/payment/paypal/paypal_functions.php
    line 35:
    Code:
        $sql = "select * from " . TABLE_PAYPAL_SESSION . " where session_id = '" . $session_stuff[1] . "'";
    should be replaced with these lines:
    Code:
        $sql = "SELECT * 
            FROM " . TABLE_PAYPAL_SESSION . " 
            WHERE session_id = :sessionID";
    $sql = $db->bindVars($sql, ':sessionID', $session_stuff[1], 'string');
    ---------------------------

    replace the one line ... with the several lines shown.
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.
  3. 18 Aug 2006, 03:08 PM #3
    BlushFashions
    BlushFashions is offline Zen Follower
    Join Date
    Jul 2006
    Location
    South Shields - UK
    Posts
    124
    Plugin Contributions
    0

    Default Re: For DR Byte

    Many thanks for the quick response

    I tried adding an item to the shopping cart and all worked fine, however I did not test the purchase button.

    Yours BlushFashions
 

 
« Previous Thread | Next Thread »

Similar Threads

  1. v154 PayPal Express Checkout: Invalid multi-byte characters for non-UTF-8 sites
    By lat9 in forum Bug Reports
    Replies: 0
    Last Post: 13 Jan 2015, 09:59 PM
  2. Improving Time to First Byte
    By jeking in forum General Questions
    Replies: 1
    Last Post: 17 Aug 2011, 04:23 AM
  3. Dr. Byte...about your column layout grid for 1.3...
    By digidiva-kathy in forum Templates, Stylesheets, Page Layout
    Replies: 2
    Last Post: 10 Jul 2006, 08:38 PM
  4. Dr Byte and Roadmap
    By ben_golant in forum General Questions
    Replies: 2
    Last Post: 31 May 2006, 05:18 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules

disjunctive-egg
Content and Graphics Copyright (c) 2003 - 2026 Zen Ventures, LLC - all rights reserved
Zen Cart® is a Registered Trademark of Zen Ventures, LLC