A thread was started in the General Support area of this forum addressing a security issue in version 0.7.7 pointed out by secunia. Apart from a suggestion by Bruce, this issue is still largely unresolved.
This thread has since been arbitrarily closed-off with a claim that the issue has been fixed in SVN. (At least one of theses "fixes" ie., the inclusion of a "htmlspecialchars_deep" function in "library/session/session.php", was already in the original release of 0.7.8 and appears to have no effect on the output of inserted html.)
My question is, how does closing this thread provide support for users of 0.7.7 wishing to fix this security issue?
Fido-X.
Modules for OpenCart 2.3.0.2
Homepage Module [Free - since OpenCart 0.7.7]
Multistore Extensions
Store Manager Multi-Vendor/Multi-Store management tool
If you're not living on the edge ... you're taking up too much space!
I tend to agree fido-x!
A patch should be released immediately for existing 0.7.7 users to resolve this! Alot of users are still using and will likely continue to use 0.7.7 even after the official release of 0.8.
The proposed code changes of 0.8 are going to see many users having to either tediously update their existing store and update any custom modules/payment gateways/shipping methods etc. to suit the new code base or stick with 0.7.7. If it were me, I'd take the first option, but then I have the skills to do so. Many users however do not possess the skills to update code to work with 0.8 and unless they paid someone, would likely need to stick with what they've got!
Daniel, HM2K, Qphoria: Please see the need for this update and get it out ASAP!
-Dave
A patch should be released immediately for existing 0.7.7 users to resolve this! Alot of users are still using and will likely continue to use 0.7.7 even after the official release of 0.8.
The proposed code changes of 0.8 are going to see many users having to either tediously update their existing store and update any custom modules/payment gateways/shipping methods etc. to suit the new code base or stick with 0.7.7. If it were me, I'd take the first option, but then I have the skills to do so. Many users however do not possess the skills to update code to work with 0.8 and unless they paid someone, would likely need to stick with what they've got!
Daniel, HM2K, Qphoria: Please see the need for this update and get it out ASAP!
-Dave
Professional Website Services - http://www.davidmgilbert.com/
Active Member
The patch is in the SVN, all you have to do is download the SVN.
If you want it now, just do that, and you're fixed!
Hope this helps!
PS. I will have 0.7.9 out very soon, we're just trying to fix one last issue.
If you want it now, just do that, and you're fixed!
Hope this helps!
PS. I will have 0.7.9 out very soon, we're just trying to fix one last issue.
Last edited by hm2k on Fri Oct 03, 2008 1:35 am, edited 1 time in total.
Who is online
Users browsing this forum: No registered users and 1 guest
