Try putting pinoc.com in a search and see how it is widespread and malicious
on2dvd
22 Jul 2008 1:27 PM
jty,
No, mine is working. However, in the first release of version 3.5 the options prices were not showing properly and i advised Viart who fixed it. I believe they also posted a thread with download links to the fix. I am unsure if it's included in the full downlaod now.
Dan (Guest)
22 Jul 2008 2:50 PM
Yes, this critical bug was a monster. This weakness was huge and I'm surprised that ViArt wouldn't have had enough security to block this type of interaction.
I'm happy they were in all day on saturday to assist with people though.
The support seems to be there when you need them, but cause the situations when you need them sometimes.
jty (Guest)
22 Jul 2008 2:58 PM
Thanks on2dvd. I dunno what's up on my end but option's prices are not showing in Checkout, like before you reported it and we got the patch
Thanks for letting me know. I'll have another look at my end.
Christopher, thanks for the heads up
jty (Guest)
22 Jul 2008 3:40 PM
on2dvd, my options prices are definitely broken on Checkout
The offending file is order_items_properties.php
Roll that file back, options prices show in checkout
re-Upload the latest version of that file and options prices are zero in checkout
on2dvd
22 Jul 2008 4:24 PM
jty. Viart must have altered my pages (as i reported the first case of intrusion) from within my FTP rather than from a local file of theirs which seems to be an old file.
I'd just give them a buzz (support ticket or chat) and they will be able to work it out.
jty (Guest)
22 Jul 2008 4:51 PM
ah, I see
Thanks on2DVD. I have sent in a trouble support ticket
In the meantime, I am choosing to be open to a malicious attack rather than to sell things at zero cost
SajMalik
24 Jul 2008 9:54 AM
jty, I upgraded this fix on five sites with no problems; I would urge you to resolve this problem as the risk you run is extremely serious
DickS
24 Jul 2008 10:15 AM
We updated our shops also, no issues at all.
DickS
jty (Guest)
24 Jul 2008 12:56 PM
Hi Christopher & dickS,
Do you have products with options ?
The problem I am having is for products with options. The options price is not showing in cart
The rest is fine, just prices for options
SajMalik
24 Jul 2008 1:09 PM
Yes, jty, I use masses of options - sometimes two different options per product.
jty (Guest)
24 Jul 2008 1:29 PM
Thanks Christopher,
I think I've narrowed it down now. It has something to do with a clash between the versions of block_order_info and order_items_properties.php
On a fresh install, no bug fixes added, installing this critical patch works ie option prices are shown in cart
BUT, if I apply the block_order_info patch from before, the prices don't show
But if I apply the block_order_info patch and not the critical patch, all is fine.
So it looks like a conflict between the versions of the 2 files.
The other thing I suspect I found is that a new download/install doesn't require the block_order_info patch to show prices.
I need to investigate further to confirm though
It's all too confusing at the moment
Thanks for your feedback. I'll go away and play with the various versions of the various files and see what's up
jty (Guest)
24 Jul 2008 1:50 PM
Conclusion - there are 3 versions of block_order_info
The original block_order_info wasn't showing option prices
So, Viart brought out the patch as posted in this forum
The patch version with this critical patch order_items_properties.php results in zero prices for options
The versions that work is the block_order_info in the current download (not original download) with order_items_properties.php from this critical patch but do not install the block_order_info thatis supposed to fix options prices but instead turns it into zero with this critical patch.
Or something like that. I'm not interested anymore. Too hard
SajMalik
24 Jul 2008 3:18 PM
Perhaps Viart would comment on this - please?
on2dvd
24 Jul 2008 11:37 PM
The new email i got last night, does that have any new security fixes or is it just to fix the options pricing? As my options were OK I am wondering if I really need to install second round of patches?
jty (Guest)
25 Jul 2008 1:22 AM
on2dvd, how do I get on the email list ?
I'm not getting Viart emails tho' I have a paid license
Where is the new patch referred to in the email ?
To check/compare the files, I am using a program called winmerge.
GingerSue
25 Jul 2008 1:43 AM
Holy cow! I'm glad I checked in here. As a paying customer, I'd also like to know how to get on an email list to inform me of security upgrades - or any kind of patch or release.
poplarman (Guest)
25 Jul 2008 9:05 AM
Regarding the changing of name of the admin folder - I found that I had to change the Favourites/Bookmarks links and then everything worked fine.
Anjula
25 Jul 2008 10:33 AM
A small update as to the SQL injection. We have updated the below files yesterday (24/07/2008) once again to fix a few new issues and in order to increase security:
In case if you still have problems with options please contact our Support Team with your site details so we can check this issue for you.
Thanks,
Yoda
Last modified: 26 Jul 2008 12:55 PM
tw (Guest)
26 Jul 2008 4:11 PM
I downloaded includes-3.4.7 on 7/24. Everything is working fine so far. Does the above link from Master Yoda have a different version?
Another question, if I upgrade to 3.5 later, do I need to intall all patches including the above, or the current 3.5 download has everything incorporated already?
