Customer address data security patch

**jeking** · 5 Apr 2024, 03:28 PM

Thank you to the Zen Cart team and the other contributors for finding and fixing this issue.

Two questions, after installing the patch and running the SQL patch.

1. The spam customer records are not deleted. Just curious to know why? The leave an audit trail? Less risk to just disable the thread but not delete?
2. The clean up check page still reports spam accounts after running the patch. I still get the "80 statement(s) processed" message. Is that to be expected?

**lat9** · 5 Apr 2024, 03:42 PM

They're not removed to, as indicated, keep the audit-trail but also to keep the database-schema 'intact'.

I'm guessing that the message you refer to is coming from the Install SQL Patches tool, correct? If so, that's to be expected.

**lat9** · 5 Apr 2024, 03:49 PM

Note, too, that the checker-tool simply looks for any changes made by the SQL script and reports if any such changes were made.

**jeking** · 5 Apr 2024, 03:56 PM

Originally Posted by lat9

They're not removed to, as indicated, keep the audit-trail but also to keep the database-schema 'intact'.

I'm guessing that the message you refer to is coming from the Install SQL Patches tool, correct? If so, that's to be expected.

Thanks for confirming #1

I think my second question was confusing. Let me clarify. After running the SQL patch, the file 'spam_cleanup_check.php' uploaded to the admin folder is still reporting spam accounts.

Having said that, I see the file is looking for four specific pieces of text, so very likely it's a false positive. On one site, I see a valid customer with fake###################### as the email address. The rest of the record looks like a simple test custom account.

**DrByte** · 5 Apr 2024, 04:15 PM

The patch zip files have been updated to fix the spam_cleanup_check.php false-positives.

**jeking** · 5 Apr 2024, 04:22 PM

Originally Posted by DrByte

The patch zip files have been updated to fix the spam_cleanup_check.php false-positives.

Thank you!!

**att_mike** · 6 Apr 2024, 11:44 AM

Hi, I'm running 1.5.8a and do not have a includes/functions/database.php file to replace. Should I just add the new file or do I have other issues?

**swguy** · 6 Apr 2024, 01:01 PM

There should be a file called `includes/functions/database.php` starting from the root of your shop. This is not under the admin, this is a storefront file.

**att_mike** · 6 Apr 2024, 02:57 PM

Thanks for the speedy reply.

There is definitely no database.php file in /public_html/includes/functions folder.

However I do have one in my /public_html/admin***/includes/functions folder.

**lat9** · 6 Apr 2024, 03:25 PM

Originally Posted by att_mike

Thanks for the speedy reply.

There is definitely no database.php file in /public_html/includes/functions folder.

However I do have one in my /public_html/admin***/includes/functions folder.

Are you sure you're running on zc158a? That release (a) has /includes/functions/database.php and (b) does not have an admin/includes/functions/database.php.

I'm having a hard time envisioning a zc158a storefront that's not going to whitescreen without that storefront function file.

Thread: Customer address data security patch

Thread Tools

Search Thread

Display

Customer address data security patch

Re: Customer address data security patch

Re: Customer address data security patch

Re: Customer address data security patch

Re: Customer address data security patch

Re: Customer address data security patch

Re: Customer address data security patch

Re: Customer address data security patch

Re: Customer address data security patch

Re: Customer address data security patch

Similar Threads

Patch: PHPMailer security patch (Dec 2016) for v155c and older

Security patch?

How to get of New PATCH Available: v1.3.8a - patch: [1] :: Important Security Patch

Security Patch

Bookmarks

Bookmarks

Posting Permissions