Results 1 to 3 of 3
  1. 12 Oct 2006, 01:28 PM #1
    athena
    athena is offline Totally Zenned
    Join Date
    Feb 2006
    Location
    NM
    Posts
    750
    Plugin Contributions
    1

    Zero-Day XSS Security Fix

    fix instructions for 1.3.0.2...I've kept up with the security releases but the changed files for this recent xxs fix don't match my files. Is leaving the changed files alone and simply adding the change as instructed manually ok?

    I implimented the code addition to init_general_funcs.php adding at the bottom:

    //-----------------
    if (isset($_GET) & sizeof($_GET) > 0 ) {
    foreach ($_GET as $key=>$value) {
    $_GET[$key] = strip_tags($value);
    }
    }
    //-----------------

    Good enough?
  2. 12 Oct 2006, 07:50 PM #2
    DrByte's Avatar
    DrByte
    DrByte is offline Sensei
    Join Date
    Jan 2004
    Posts
    66,373
    Blog Entries
    7
    Plugin Contributions
    274

    Default Re: Zero-Day XSS Security Fix

    The posted ZIP includes the XSS fixes for both announcements made recently.
    If you already applied the first fixes then you only need to make the one change as you indicated.
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.
  3. 12 Oct 2006, 08:17 PM #3
    athena
    athena is offline Totally Zenned
    Join Date
    Feb 2006
    Location
    NM
    Posts
    750
    Plugin Contributions
    1

    Default Re: Zero-Day XSS Security Fix

    Appreciate the short cut...thanks.
 

 
« Previous Thread | Next Thread »

Similar Threads

  1. v139h Question for checkout_confirmation/header_php.php XSS comment field fix
    By cstdenis in forum Bug Reports
    Replies: 1
    Last Post: 2 Dec 2015, 07:31 PM
  2. xss fix vs google checkout - how do I do this?
    By fats1964 in forum General Questions
    Replies: 0
    Last Post: 5 Jul 2007, 05:04 PM
  3. [FIX] v1.3.5 XSS Exploits Found
    By catv in forum Bug Reports
    Replies: 19
    Last Post: 29 Oct 2006, 05:51 PM
  4. Zero-Day XSS Security Fix (applies to all versions)
    By wilt in forum Zen Cart Release Announcements
    Replies: 1
    Last Post: 6 Oct 2006, 11:38 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules

disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR
Content and Graphics Copyright (c) 2003 - 2024 Zen Ventures, LLC - all rights reserved
Zen Cart® is a Registered Trademark of Zen Ventures, LLC