XSS protection patch - Nov 30 200930 November 2009, 5:14 pmWhile XSS or CSRF attacks are difficult to trigger and may not manifest very often, it is still important to protect against the ill effects which could be caused by them.
As such, the following XSS patches are advised in order to protect yourself from a recently-reported vulnerability:
The following edits should be made to the respective files.
THESE UPDATES APPLY TO ALL VERSIONS OF ZEN CART UP TO (& including)v1.3.8a (although line numbers may vary)
NOTE: These updates should be made EVEN if you've renamed your admin folder. (Merely renaming your admin folder will NOT protect you from XSS issues.)
/admin/index.php
Add the new lines shown, around approx line 135:
Code:
while (!$customers->EOF) {
$customers->fields['customers_firstname'] = zen_output_string_protected($customers->fields['customers_firstname']);
$customers->fields['customers_lastname'] = zen_output_string_protected($customers->fields['customers_lastname']);
echo '
Logged
================================
This post was created by the osCommerce University News Bot. Feel free to reply, attach polls, etc -- but do not hold the osCommerce University responsible for the content of the post itself. PM the Administrator for SPAM, thanks!
Home
Help
Search
Login
Register
Print