A bundled patch for v1.3.7 has been released for the sake of convenience for those doing new installs.
You DO NOT need to upgrade v1.3.7 to v1.3.7.1 if you have already installed the released patches or do not need the benefits provided from the list of fixes below:
- XSS vulnerability fix April 2007
- Admin security fix June 2007
- USPS patch for May 2007
- Resource allocation problems caused by missing dir->close() function calls
- PHPMailer vulnerability patch
- Payment Method footer problems in order-confirmation emails (order class)
- PayPal patches for IPN and Express Checkout -- ie: June 17/07 patch contents included
- Shipping Estimator display glitch (previously included in PayPal patch)
- $this_is_home_page in tpl_main_page.php
Download is available from SourceForge as usual.
zen-cart-v1.3.7.1-full-patched-07052007.zip
Upgrade Questions
If you do not already have the listed patches installed, you have 3 options:
a) do nothing (not advisable)
b) apply the patches manually
c) do a full upgrade using the v1.3.7.1 fileset.
Also note: Upgrading to v1.3.7.1 does not require any database changes. Only the php files are affected.
For folks planning to do new installs, the v1.3.7.1 full patch fileset is the recommended starting point.
Bookmarks