Nueva revisión ya disponible desde el download de OsCommerce , osCommerce 2.2 Milestone 2 Update 060817
Los cambios en esta nueva revisión de oscommerce son los siguientes:
## Update 060817 (17th August 2006)
- Magic Quotes Compatibility Layer Fix
- Parse GET Variables In Cache Functions
- PHP 3 Session ID XSS Issue
- Product Attributes SQL Injection
- Resize Images To Round Numbers
- Use The Correct Country Name Value When Formatting Addresses
- Prevent The Session ID Being Passed In Tell-A-Friend E-Mails
- Properly Remove Deleted Products That Exist In Shopping Carts
Y estos son las soluciones , por si quieres actualizar tu oscommerce :
Cambio 1:
Reemplazar en catalog/includes/functions/compatibility.php:
Lineas 22-23, de:
if (is_array($value)) {
do_magic_quotes_gpc($value);
a:
if (is_array($ar[$key])) {
do_magic_quotes_gpc($ar[$key]);
Reemplazar en catalog/admin/includes/functions/compatibility.php:
Lineas 22-23, de:
if (is_array($value)) {
do_magic_quotes_gpc($value);
a:
if (is_array($ar[$key])) {
do_magic_quotes_gpc($ar[$key]);
——————————————————————————
Parse GET Variables In Cache Functions
http://svn.oscommerce.com/trac/changeset/708
——————————————————————————
Cambio 2:
Reemplazar en catalog/includes/functions/cache.php:
Linea 121, de:
if (isset($HTTP_GET_VARS['manufactuers_id']) && tep_not_null($HTTP_GET_VARS['manufacturers_id'])) {
a:
if (isset($HTTP_GET_VARS['manufactuers_id']) && is_numeric($HTTP_GET_VARS['manufacturers_id'])) {
Lineas 142-148, de:
if (($refresh == true) || !read_cache($cache_output, 'also_purchased-' . $language . '.cache' . $HTTP_GET_VARS['products_id'], $auto_expire)) {
ob_start();
include(DIR_WS_MODULES . FILENAME_ALSO_PURCHASED_PRODUCTS);
$cache_output = ob_get_contents();
ob_end_clean();
write_cache($cache_output, 'also_purchased-' . $language . '.cache' . $HTTP_GET_VARS['products_id']);
}
a:
$cache_output = '';
if (isset($HTTP_GET_VARS['products_id']) && is_numeric($HTTP_GET_VARS['products_id'])) {
if (($refresh == true) || !read_cache($cache_output, 'also_purchased-' . $language . '.cache' . $HTTP_GET_VARS['products_id'], $auto_expire)) {
ob_start();
include(DIR_WS_MODULES . FILENAME_ALSO_PURCHASED_PRODUCTS);
$cache_output = ob_get_contents();
ob_end_clean();
write_cache($cache_output, 'also_purchased-' . $language . '.cache' . $HTTP_GET_VARS['products_id']);
}
}
——————————————————————————
PHP 3 Session ID XSS Issue
http://svn.oscommerce.com/trac/changeset/709
——————————————————————————
Cambio 3:
Añadir a catalog/includes/classes/sessions.php:
Linea 380:
if (!empty($session->id)) {
if (preg_match('/^[a-zA-Z0-9]+$/', $session->id) == false) {
unset($session->id);
}
}
——————————————————————————
Product Attributes SQL Injection
http://svn.oscommerce.com/trac/changeset/703
——————————————————————————
Cambio 4:
Reemplazar en catalog/includes/classes/shopping_cart.php:
Linea 84, de:
if (is_numeric($products_id) && is_numeric($qty)) {
a:
$attributes_pass_check = true;
if (is_array($attributes)) {
reset($attributes);
while (list($option, $value) = each($attributes)) {
if (!is_numeric($option) || !is_numeric($value)) {
$attributes_pass_check = false;
break;
}
}
}
if (is_numeric($products_id) && is_numeric($qty) && ($attributes_pass_check == true)) {
Linea 125, de:
if (is_numeric($products_id) && isset($this->contents[$products_id_string]) && is_numeric($quantity)) {
a:
$attributes_pass_check = true;
if (is_array($attributes)) {
reset($attributes);
while (list($option, $value) = each($attributes)) {
if (!is_numeric($option) || !is_numeric($value)) {
$attributes_pass_check = false;
break;
}
}
}
if (is_numeric($products_id) && isset($this->contents[$products_id_string]) && is_numeric($quantity) && ($attributes_pass_check == true)) {
Reemplazar en catalog/shopping_cart.php:
Lineas 84-85, de:
where pa.products_id = '" . $products[$i]['id'] . "'
and pa.options_id = '" . $option . "'
a:
where pa.products_id = '" . (int)$products[$i]['id'] . "'
and pa.options_id = '" . (int)$option . "'
Line 87, de:
and pa.options_values_id = '" . $value . "'
a:
and pa.options_values_id = '" . (int)$value . "'
Lines 89-90, de:
and popt.language_id = '" . $languages_id . "'
and poval.language_id = '" . $languages_id . "'");
a:
and popt.language_id = '" . (int)$languages_id . "'
and poval.language_id = '" . (int)$languages_id . "'");
——————————————————————————
Resize Images To Round Numbers
http://www.oscommerce.com/community/bugs,1371
http://svn.oscommerce.com/trac/changeset/707
——————————————————————————
Cambio 5:
Reemplazar en catalog/includes/functions/html_output.php:
Line 91, de:
$width = $image_size[0] * $ratio;
a:
$width = intval($image_size[0] * $ratio);
Line 94, de:
$height = $image_size[1] * $ratio;
a:
$height = intval($image_size[1] * $ratio);
——————————————————————————
Use The Correct Country Name Value When Formatting Addresses
http://www.oscommerce.com/community/bugs,1291
http://svn.oscommerce.com/trac/changeset/713
——————————————————————————
Cambio 6:
Reemplazar en catalog/includes/functions/general.php:
Line 453, de:
$country = tep_output_string_protected($address['country']);
a:
$country = tep_output_string_protected($address['country']['title']);
La siguiente linea debe ser borrada:
Line 483:
if ($country == '') $country = tep_output_string_protected($address['country']);
——————————————————————————
Prevent The Session ID Being Passed In Tell-A-Friend E-Mails
http://www.oscommerce.com/community/bugs,3986
http://svn.oscommerce.com/trac/changeset/715
——————————————————————————
Cambio 7:
Reemplazar en catalog/tell_a_friend.php:
Linea 77, de:
$email_body .= sprintf(TEXT_EMAIL_LINK, tep_href_link(FILENAME_PRODUCT_INFO, 'products_id=' . $HTTP_GET_VARS['products_id'])) . "\n\n" .
a:
$email_body .= sprintf(TEXT_EMAIL_LINK, tep_href_link(FILENAME_PRODUCT_INFO, 'products_id=' . $HTTP_GET_VARS['products_id'], 'NONSSL', false)) . "\n\n" .
——————————————————————————
Properly Remove Deleted Products That Exist In Shopping Carts
http://www.oscommerce.com/community/bugs,3193
http://svn.oscommerce.com/trac/changeset/717
——————————————————————————
Cambio 8:
Reemplazar en catalog/admin/includes/functions/general.php:
Lines 900-901, de:
tep_db_query("delete from " . TABLE_CUSTOMERS_BASKET . " where products_id = '" . (int)$product_id . "'");
tep_db_query("delete from " . TABLE_CUSTOMERS_BASKET_ATTRIBUTES . " where products_id = '" . (int)$product_id . "'");
a:
tep_db_query("delete from " . TABLE_CUSTOMERS_BASKET . " where products_id = '" . (int)$product_id . "' or products_id like '" . (int)$product_id . "{%'");
tep_db_query("delete from " . TABLE_CUSTOMERS_BASKET_ATTRIBUTES . " where products_id = '" . (int)$product_id . "' or products_id like '" . (int)$product_id . "{%'");