Community Forums

by **Xsecrets** » Thu Sep 08, 2011 1:18 pm

wolfsteritory wrote:
JAY6390 wrote:There's no reason you can't update the cache file, but it should be the data input that's sanitized IMO

what exactly do you mean by that ?

thank you

he means that the data should be sanitized as soon as you assign it to a variable in the zone file not after you've passed it off to two other files and gotten to the chache file.

by **webpie it.** » Thu Sep 08, 2011 5:43 pm

So from reading this over time is it confirmed that the cache file should be updated?

Thanks

Chris

by **Xsecrets** » Thu Sep 08, 2011 6:25 pm

webpie it. wrote:So from reading this over time is it confirmed that the cache file should be updated?

Thanks

Chris

well yes currently it is the only solution to the problem that has been provided. Though it really should not have to be changed, because you should never pass data to it that has not been sanitized, but at this point yes I would implement the fix if you have a live store.

by **Qphoria** » Thu Sep 08, 2011 6:35 pm

webpie it. wrote:So from reading this over time is it confirmed that the cache file should be updated?

Thanks

Chris

Yes

by **fealldagal** » Thu Sep 08, 2011 6:58 pm

Can someone help me i have 3 stores thank you

by **fealldagal** » Thu Sep 08, 2011 7:02 pm

I am using 1491 and 1494

Thanks

by **MattW** » Thu Sep 08, 2011 7:15 pm

fealldagal wrote:Can someone help me i have 3 stores thank you

You should just be able to download the file from the attachment in the first post, and FTP it into your hosting and overwrite the old file.

by **webpie it.** » Thu Sep 08, 2011 7:17 pm

Thanks for the confirm guys!

by **fealldagal** » Thu Sep 08, 2011 7:21 pm

Thnaks MattW so just upload it and it should be find correct?

Thanks

by **MattW** » Thu Sep 08, 2011 7:37 pm

fealldagal wrote:Thnaks MattW so just upload it and it should be find correct?

Thanks

Yep, that is all I've done on the 3 stores I support (all 1.4.9.6)

by **FnF** » Fri Sep 09, 2011 3:09 am

How insane would it be to put this important update on the OpenCart news feed? ::)

by **Qphoria** » Fri Sep 09, 2011 3:17 am

FnF wrote:How insane would it be to put this important update on the OpenCart news feed?

Done

by **FnF** » Fri Sep 09, 2011 4:14 am

Beautiful
Thxs, Q

by **Daniel** » Fri Sep 09, 2011 4:26 pm

its also php version related. not all version of php allow this hack.

php 5.3+ does not have this problem but 5.2.9 has.

by **Xsecrets** » Fri Sep 09, 2011 5:07 pm

actually I'm running 5.3.6 and the hack somewhat works on it. You can create arbitrary files, but you cannot overwrite files because the %00 doesn't work.

by **JoaniesGifts** » Sat Sep 10, 2011 7:19 am

Thanks for letting us know guys.

Can someone post the actual code change here because we modified this file already with the @touch($file); fixes to stop the cache error in the log files.

Kind Regards, Joan