June 2009 Admin Security Patch and Contributions

[NewsBot]

June 2009 Admin Security Patch and Contributions
24 June 2009, 9:28 am

We have had some reports that the current security patch is affecting the operation of some contributions.

The symptom would typically be, trying to carry out some action (a form post) and being redirected to the admin home page, and the form post failing.

The security patch is intended to modify the way forms are submitted, by automatically appending a hidden field containing a security token. This token is then used to 'validate' the form. This is intended to add protection against XSRF attacks.

If a contribution does not use the zen_draw_form function, by either using a hard coded tag, or using its own function for rendering the form, it will fail the security check.

Contribution authors should update their code asap.

Any one having problems with admin contributions should post to the appropriate contributions thread.

NOTE: The security patch has no affect on your store code and will not affect the operation of the store itself.



Source: Zen Cart Support - Zen Cart Release Announcements