Thread: Security Patch?

Results 1 to 7 of 7
  1. #1
    Join Date
    Jan 2006
    Posts
    117
    Plugin Contributions
    0

    Default Security Patch?

    I'm doing an early 1.3.9 to current 1.3.9 upgrade, going through every file to winmerge in changes. I note that my html_output.php (functions) file includes: the following code:

    /* ~~~~! Line added re: ZenCart Security Patch 090619 */
    $form .= '<input type="hidden" name="securityToken" value="' . $_SESSION['securityToken'] . '" />';
    The current version of this file does not include this line as far as I can see. Does this mean the patch is no longer required, or are we to keep it in even though it has not been implimented in the newest official releases of the files?

  2. #2
    Join Date
    Aug 2005
    Location
    Arizona
    Posts
    27,761
    Plugin Contributions
    9

    Default Re: Security Patch?

    going through every file to winmerge in changes
    If you are using the template overrides - - those are the only files you should have to check for new versions and merge if there is one

    And yes that has been "fixed"
    Zen-Venom Get Bitten

  3. #3
    Join Date
    Jan 2006
    Posts
    117
    Plugin Contributions
    0

    Default Re: Security Patch?

    Quote Originally Posted by kobra View Post
    If you are using the template overrides - - those are the only files you should have to check for new versions and merge if there is one

    And yes that has been "fixed"
    I think that's a bit of a naive comment given the multitude of plugins and what I'm sure is hundreds of users who are capable of customizing the script. Many people make changes to Zencart's code beyond the cosmetics of the templates.

    Thank you for the response though. I will delete the patched line.

  4. #4
    Join Date
    Feb 2004
    Location
    Simcoe, Ontario, Canada
    Posts
    2,479
    Plugin Contributions
    1

    Default Re: Security Patch?

    What is trying to be explained here is that in an override directory, any file you retouch should be put in a folder with you template name in the directory you are working in.

    The reason is when you do any upgrade you can simply upload the full contents of Zen Cart without the fear that you may overwrite any of your changes.

    To answer your first question simply replace that file with the new one. If you don't want to do that because of changes that you made within that file, you will need to carry those changes over to the new file and disregard the old.

    Removing that code from that file will cause problems with login.
    Windows, BSD, Linux, Cisco, Hardware & IT Security Tech
    GeekHost - Zen Cart Certified & PCI Compliant Hosting

    Qdixon's Security Blog

  5. #5
    Join Date
    Aug 2005
    Location
    Arizona
    Posts
    27,761
    Plugin Contributions
    9

    Default Re: Security Patch?

    Quote Originally Posted by TheHYPO
    Many people make changes to Zencart's code beyond the cosmetics of the templates.
    You apparently do not fully comprehend the override system as it extends beyond just the template cosmetics
    Zen-Venom Get Bitten

  6. #6
    Join Date
    Jan 2006
    Posts
    117
    Plugin Contributions
    0

    Default Re: Security Patch?

    Quote Originally Posted by kobra View Post
    You apparently do not fully comprehend the override system as it extends beyond just the template cosmetics
    Are you suggesting (and if you are, then I'm in fact not aware of the full extent of the override system) that I could put a[template] folder and that will work in any folder of zencart, period?

    I was certainly aware there were sections of zencart where I could do that (such as the langages folder, the english subfolder and the modules folder where I could (and have) put [template] subfolders in to make my changes).

    But I was under the impression that this was limited to specific fodlers, and if I wanted to edit, for example, functions, functions/[template]/newfile.php would not work to override - same with classes. What about the individual "pages" under modules?

    I see only now that there is an 'overrides' folder under "init_includes" - is this a different system of override that doesn't use my template name?

    The other point to make is that at least 75% of changes I make are to the admin section (the backend) for the ease of the store-owner, including both installation of custom addons, and creation of my own additions or improvements. As far as I know, there is no override system in the admin section (where approximately 50% of the files I have to update were)

    If I'm wrong about any of this, please let me know, as it certainly WOULD make things easier for me in the future.

    Cheers.

  7. #7
    Join Date
    Aug 2005
    Location
    Arizona
    Posts
    27,761
    Plugin Contributions
    9

    Default Re: Security Patch?

    TheHYPO,
    There are not overrides for the admin
    As a good coder, any core file altered is commented as such, I place kobra in the head of any edited core file so that when an upgrade is in order a quick grep of the files will list all files with that term and I now have a list of changed core files

    Any added item that has it's own file(s), will not be over written in an upgrade

    There are others not template related, extra_functions, override, extra_definitions, and others

    As far as where template overrides can be used:

    Ant dir with a classic present can have any file at that level overridden in a template dir named for the template
    Zen-Venom Get Bitten

 

 

Similar Threads

  1. Security patch?
    By Cindy2010 in forum General Questions
    Replies: 1
    Last Post: 28 Aug 2010, 02:23 AM
  2. Replies: 15
    Last Post: 2 Oct 2009, 11:45 AM
  3. security patch question
    By wickedRelevant in forum Upgrading from 1.3.x to 1.3.9
    Replies: 2
    Last Post: 24 Sep 2009, 05:08 PM
  4. Security Patch
    By Snotori in forum General Questions
    Replies: 1
    Last Post: 2 Sep 2006, 06:34 PM
  5. Security Patch Question
    By HeartMan in forum Templates, Stylesheets, Page Layout
    Replies: 6
    Last Post: 21 Aug 2006, 03:42 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR