Results 1 to 8 of 8
  1. #1
    Join Date
    May 2008
    Posts
    468
    Plugin Contributions
    0

    Default are the 1.3.8 security patches included in 1.3.9?

    Have the 1.3.8 security patches been incorporated into 1.3.9? I thought they were, but a file diff on html_output.php revealed that 1.3.9 doesn't seem to have Security Patch v138 20090619 (or at least, it's not in the same form as 1.3.8).

    Thanks for any information.

  2. #2
    Join Date
    Jan 2004
    Posts
    65,307
    Blog Entries
    7
    Plugin Contributions
    228

    Default Re: are the 1.3.8 security patches included?

    Quote Originally Posted by mzimmers View Post
    Have the 1.3.8 security patches been incorporated into 1.3.9?
    Yes, they are.
    See the release notes and/or the original announcement here: http://www.zen-cart.com/forum/showthread.php?t=153088
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  3. #3
    Join Date
    May 2008
    Posts
    468
    Plugin Contributions
    0

    Default Re: are the 1.3.8 security patches included?

    Thanks, doc. I did look at that page you cited, but I didn't find a specific reference to 20090619. And since the file I looked in didn't have the same code for that patch, it made me wonder. i guess it was implemented differently in 1.3.9?

  4. #4
    Join Date
    Apr 2006
    Location
    West Salem, IL
    Posts
    2,515
    Plugin Contributions
    0

    Default Re: are the 1.3.8 security patches included in 1.3.9?

    from the change log for 1.3.9a

    OLD Security Patch Files TO BE DELETED
    The following files which were included in patches for 1.3.8/a are no longer needed in 1.3.9, and should be deleted from your server:

    * /admin/includes/auto_loaders/config.security_patch_v138_20090619.php
    * /admin/includes/extra_configures/security_patch_v138_20090619.php
    * /admin/includes/functions/extra_functions/security_patch_v138_20090619.php
    * /admin/includes/init_includes/init_security_patch_v138_20090619.php

    (There are files by this name inside the 1.3.9 zip, but they are essentially blank, so if you use them to overwrite the older ones on your old site, that will prevent duplication if you forget to delete them from the server. But, it's better to clean up instead of leaving a mess behind.)
    Mike
    GeekHost - Zen Cart Certified & PCI Compliant Hosting
    The Zen Cart Forum...Better than a monitor covered with post-it notes!

  5. #5
    Join Date
    May 2008
    Posts
    468
    Plugin Contributions
    0

    Default Re: are the 1.3.8 security patches included in 1.3.9?

    Ah, thanks, barco. I guess I didn't look deep enough. I'll wipe them out from my old install before merging.

    Regarding admin/includes/functions/html_output.php, it appears that, while some of the comments weren't picked up, the patch itself was. I'll just use the new file.

    Thanks again.

  6. #6
    Join Date
    Aug 2005
    Location
    Arizona
    Posts
    27,828
    Plugin Contributions
    9

    Default Re: are the 1.3.8 security patches included in 1.3.9?

    Quote Originally Posted by mzimmers
    Regarding admin/includes/functions/html_output.php, it appears that, while some of the comments weren't picked up, the patch itself was. I'll just use the new file.
    You should use all the new files for 1.3.9....a mis-mash of 1.3.x files will cause issues
    Zen-Venom Get Bitten

  7. #7
    Join Date
    May 2008
    Posts
    468
    Plugin Contributions
    0

    Default Re: are the 1.3.8 security patches included in 1.3.9?

    Hey, Kobra -

    I am doing that. But I'm also comparing old vs. new files to make sure I'm not leaving any changes behind. When I didn't see this particular patch in the new release, it made me wonder, and that's why I asked the question.

    Despite my best efforts, though, I'm sure that this upgrade will be filled with "issues" for me.

  8. #8
    Join Date
    Aug 2005
    Location
    Arizona
    Posts
    27,828
    Plugin Contributions
    9

    Default Re: are the 1.3.8 security patches included in 1.3.9?

    mzimmers,

    Just wanted to insure that you were not combining file releases!!!
    Zen-Venom Get Bitten

 

 

Similar Threads

  1. v139g handling charges are not being included in the total
    By greenman161 in forum Built-in Shipping and Payment Modules
    Replies: 1
    Last Post: 28 Jun 2013, 02:51 PM
  2. Replies: 1
    Last Post: 27 Apr 2010, 09:53 AM
  3. Replies: 5
    Last Post: 6 Feb 2010, 09:03 PM
  4. Download Zen-Cart 1.3.8 with all the patches included
    By cactusman2 in forum General Questions
    Replies: 2
    Last Post: 15 Dec 2009, 12:48 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR