Results 1 to 1 of 1
  1. #1
    Join Date
    Jun 2003
    Location
    Newcastle UK
    Posts
    2,896
    Blog Entries
    2
    Plugin Contributions
    2

    Default June 2009 Admin Security Patch vs some Addons/Contributions

    We have had some reports that the current security patch is affecting the operation of some contributions.

    The symptom would typically be, trying to carry out some action (a form post) and being redirected to the admin home page, and the form post failing.

    The security patch is intended to modify the way forms are submitted, by automatically appending a hidden field containing a security token. This token is then used to 'validate' the form. This is intended to add protection against XSRF attacks.

    If a contribution does not use the zen_draw_form function, by either using a hard coded <form> tag, or using its own function for rendering the form, it will fail the security check.

    Contribution authors should update their code asap.
    Any one having problems with admin contributions should post to the appropriate contributions thread.

    NOTE: The security patch has no affect on your store code and will not affect the operation of the store itself.
    Last edited by wilt; 24 Jun 2009 at 02:37 PM.

 

 

Similar Threads

  1. XSS protection patch - Nov 30 2009
    By DrByte in forum Zen Cart Release Announcements
    Replies: 0
    Last Post: 30 Nov 2009, 11:14 PM
  2. Applying the admin security patch from June 09
    By jrtayloriv in forum Templates, Stylesheets, Page Layout
    Replies: 2
    Last Post: 19 Sep 2009, 08:57 PM
  3. Problems after installing security patch 06 19 2009
    By maria82g in forum General Questions
    Replies: 24
    Last Post: 1 Jul 2009, 04:59 AM
  4. June 25th Security Patch effect Banners?
    By marcopolo in forum General Questions
    Replies: 9
    Last Post: 30 Jun 2009, 07:54 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR