OSCommerce Security Upgrades

An update to the osCommerce 2.2 Milestone 2 version has been released that addresses security related issues and bug reports that exist in the released version.

It is recommended for osCommerce 2.2 Milestone 2 store owners to apply the changes to their installations due to the security issues and bug reports that have been fixed. The changes involved are minimal, do not break compatibility with contributions, and further strengthens the security of the shop installation.

This update release focuses solely on security related issues and bug reports, and does not introduce any new features that have been made for the next development milestone release.

This release is a full release package containing updated source files (including the updates from the 051113 Update release), documentation, and information on what changes have been made to easily apply to existing installations.

This update release includes the following changes:

* Magic Quotes Compatibility Layer Fix
* Parse GET Variables In Cache Functions
* PHP 3 Session ID XSS Issue
* Product Attributes SQL Injection
* Resize Images To Round Numbers
* Use The Correct Country Name Value When Formatting Addresses
* Prevent The Session ID Being Passed In Tell-A-Friend E-Mails
* Properly Remove Deleted Products That Exist In Shopping Carts

The documented changes found inside the download package can be seen here:


The 2.2 Milestone 2 060817 Update release involves the following file changes for the security and bug fixes made:

catalog/admin/includes/functions/compatibility.php (2 diffs)
catalog/admin/includes/functions/general.php (1 diff)

catalog/includes/classes/sessions.php (1 diff)
catalog/includes/classes/shopping_cart.php (2 diffs)
catalog/includes/functions/cache.php (4 diffs)
catalog/includes/functions/compatibility.php (2 diffs)
catalog/includes/functions/general.php (2 diffs)
catalog/includes/functions/html_output.php (1 diff)
catalog/shopping_cart.php (1 diff)
catalog/tell_a_friend.php (2 diffs)

Facebook Comments

More Stuff

Get Windscribe VPN: Lifetime Pro Subscription by Ravi Saive | Published: February 7, 2018 | February 7, 2018Are you worried of your privacy online to extend that you are looking for a safe way ...
Guide for transferring all accounts to a new server I found this guide at forum-forum. I found it VERY useful in making a smooth transfer of accounts. I hope you'll find it useful too. I did not write t...
5 Promising Cryptocurrencies under $10 to invest in for 2018–2019... From Zero transaction fees to helping content creators. Can these cryptocurrencies perform well into 2019? The question of the “best” cryptocurrency...
10 Top Most Popular Linux Distributions of 2015 As the end of 2015 approaches, it is not only a time to start drafting your new year’s resolutions but also to check out what were the most popular Li...
Spread the love

Posted by News Monkey