| Tim | |  | | 3223 total posts | |
|
| | Subject: Security patch available for Photo Cart 4.1 | Posted: March 24, 2008 @ 9:51 AM | | Someone has pointed out a possible security issue with the way action messages are displayed on the pages, for example, when someone removes something from the cart a message is displayed.
I have made a patch for this issue and have it available for download at :
http://www.picturespro.com/sp/
You should download the patch (it’s a zip file with about 15 files included). Save it to your computer and unzip it. Upload the included files to your Photo Cart folder on your website.
Your Photo Cart folder is the name of the folder your Photo Cart is in. Yourwebsite.com/photocart or /proofs or whatever
This will overwrite existing files
That’s all that needs to be done.
Please post below if you have any questions.
Also, I have many people asking when the next version is going to be available. Trust me I am working on it every day and will be getting it ready soon.
Tim
Click here to download the security patch zip file
| This message was edited by Tim on October 21, 2008 @ 5:03 PM |
-----------------------------------------------------------------------------
Tim Grissett - DIA | picturespro.com | info@picturespro.com |
|
| | |
| | Subject: Security patch available for Photo Cart 4.1 | Posted: March 24, 2008 @ 12:05 PM | | | I'm not really savvy in this department. I've been looking for the folder in my file manager for 30 minutes, but the only thing I see that's related to Photocart is the MySQL database. |
|
| | |
| Tim | | | | 3223 total posts | |
|
| | Subject: Security patch available for Photo Cart 4.1 | Posted: March 24, 2008 @ 12:32 PM | | You would want to upload through FTP. If you are in a file manager I wouldn't think you would see a mysql folder.
-----------------------------------------------------------------------------
Tim Grissett - DIA | picturespro.com | info@picturespro.com |
|
| | |
| | Subject: Security patch available for Photo Cart 4.1 | Posted: March 24, 2008 @ 2:34 PM | | Tim,
When I try to download, the patch, I'm told "you are not authorized for this action". I entered my reg key and even logged in here.
Shelley |
|
| | |
| Tim | | | | 3223 total posts | |
|
| | Subject: Security patch available for Photo Cart 4.1 | Posted: March 24, 2008 @ 3:01 PM | |
Quoting: shelley
Tim,
When I try to download, the patch, I'm told "you are not authorized for this action". I entered my reg key and even logged in here.
Shelley
|
Give it a try now.
-----------------------------------------------------------------------------
Tim Grissett - DIA | picturespro.com | info@picturespro.com |
|
| | |
| | Subject: Security patch available for Photo Cart 4.1 | Posted: March 24, 2008 @ 3:53 PM | | Uhhhhhhhhh....
I have NO idea how to upload a file to my site...I am an ftp/html idiot 
I can get into my control panel on BlueHost, but I don't know what to do once I am there...
I have no clue how to ftp anything. I can't even figure out how to open my ftp control!
ugh.......
Anyone else have bluehost and can walk me through it? 
You rock!  |
|
| | |
| ccw | |  | | 11 total posts | |
|
| | Subject: Security patch available for Photo Cart 4.1 | Posted: March 24, 2008 @ 4:35 PM | | Tim,
I've uploaded all files except for the following:
action.addtocart.drop
action.addtocart.list
action.finalcheckout
checkout.confirm
favorites.action
packages.actions
registry.create
registry.edit
registry.search
When I try to upload the above files, I get this message:
"For security reasons, only files of type 'asp aspx bas cfm cgi css csv doc dwf gif gz htm html ico inc jpeg jpg js mdb pdf php php3 php4 php5 pl pm png ppt py shtm shtml sql swf tar txt wav wmv xls xml zip' can be uploaded"
My web host is iPower. Any suggestions on how I can get these files uploaded? Thanks.
Donna |
|
| | |
| | Subject: Security patch available for Photo Cart 4.1 | Posted: March 24, 2008 @ 5:55 PM | | MSbrett, I have bluehost there is actually a couple of ways you can do it. One is through the control panal
Under Files go to File Manager
Open your WebRoot
once here you will get a window that is split
On the left side you will need to expand your folder of your domain name
Then select Public_html
then select Photocart
Then go to the very top of the screen and select the Uplaod Icon
this will open a window (make sure that it says that you are uploading to photocart)
it will give you windows to browse to the files on your computer to upload.
I think it will only allow you to upload 3 at a time
the easier way is to use an ftp program like FileZilla
If you need help using either msg just shoot me an email www.info@cfmills.com |
|
| | |
| | Subject: Security patch available for Photo Cart 4.1 | Posted: March 24, 2008 @ 8:36 PM | | Should there be any indication from the management side that the patch is installed and effective (ex: updated version number)?
-- Mitch
|
|
| | |
| | Subject: Security patch available for Photo Cart 4.1 | Posted: March 25, 2008 @ 2:01 AM | | oh boy, I'm another ftp clueless person:-( my website is hosted by network solutions and I simply use their website editor (template) to work on my site. I downloaded and unzipped the files, but clueless as to how to proceed.
-----------------------------------------------------------------------------
Jode
www.hoofnpawsimages.com/photocart |
|
| | |
| | Subject: Security patch available for Photo Cart 4.1 | Posted: March 25, 2008 @ 2:08 PM | | | Do I add the patch files to the "php_uploads" folder? |
|
| | |
| | Subject: Security patch available for Photo Cart 4.1 | Posted: March 25, 2008 @ 2:15 PM | | No, they go into your *main* Photocart folder. You should see the same files already existing in that directory. These are updates to the files that already exist.
-- Mitch
|
|
| | |
| | Subject: Security patch available for Photo Cart 4.1 | Posted: March 25, 2008 @ 4:24 PM | |
Quoting: sysman
MSbrett, I have bluehost there is actually a couple of ways you can do it. One is through the control panal
Under Files go to File Manager
Open your WebRoot
once here you will get a window that is split
On the left side you will need to expand your folder of your domain name
Then select Public_html
then select Photocart
Then go to the very top of the screen and select the Uplaod Icon
this will open a window (make sure that it says that you are uploading to photocart)
it will give you windows to browse to the files on your computer to upload.
I think it will only allow you to upload 3 at a time
the easier way is to use an ftp program like FileZilla
If you need help using either msg just shoot me an email www.info@cfmills.com
|
YOU ROCK! I did it! Woo hooo! Thanks!  |
|
| | |
| Tim | | | | 3223 total posts | |
|
| | Subject: Security patch available for Photo Cart 4.1 | Posted: March 25, 2008 @ 4:46 PM | |
Quoting: MitchInOmaha
Should there be any indication from the management side that the patch is installed and effective (ex: updated version number)?
-- Mitch
|
Not for this, it was a quick fix before it was released on a "security website" 
-----------------------------------------------------------------------------
Tim Grissett - DIA | picturespro.com | info@picturespro.com |
|
| | |
| Tim | | | | 3223 total posts | |
|
| | Subject: Security patch available for Photo Cart 4.1 | Posted: March 25, 2008 @ 4:49 PM | |
Quoting: Kari
Do I add the patch files to the "php_uploads" folder?
|
No, into the folder your Photo Cart is in.
-----------------------------------------------------------------------------
Tim Grissett - DIA | picturespro.com | info@picturespro.com |
|
| | |
| | Subject: Security patch available for Photo Cart 4.1 | Posted: March 26, 2008 @ 8:39 AM | | I think I did it ok. I hope I was supposed to replace the old files with the same names, because that is what I did! Can someone please confirm this? |
|
| | |
| | Subject: Security patch available for Photo Cart 4.1 | Posted: March 26, 2008 @ 8:40 AM | | | Yes, that's right. |
|
| | |
| | Subject: Security patch available for Photo Cart 4.1 | Posted: March 26, 2008 @ 4:37 PM | | I've uploaded the new files in my main photocart directory & I'm getting this error message:
Warning: main(main.menu.php) [function.main]: failed to open stream: No such file or directory in /home/jenagold/public_html/photocart/main.php on line 80
Warning: main(main.menu.php) [function.main]: failed to open stream: No such file or directory in /home/jenagold/public_html/photocart/main.php on line 80
Fatal error: main() [function.require]: Failed opening required 'main.menu.php' (include_path='.:/usr/php4/lib/php:/usr/local/php4/lib/php') in /home/jenagold/public_html/photocart/main.php on line 80
Any clue what's going on?
Thanks,
Jena |
|
| | |
| | Subject: Security patch available for Photo Cart 4.1 | Posted: March 26, 2008 @ 6:42 PM | | Jena,
I think I'd reload the files from your original .zip file, and then re-apply the patch. It would appear that there's a corrupted or missing file somewhere.
-- Mitch
|
|
| | |
| | Subject: Security patch available for Photo Cart 4.1 | Posted: March 26, 2008 @ 10:37 PM | | Mitch,
When i updated mine, the date and time changed to the current date and time. that might help you tell whether or not your files were uploaded.
|
|
| | |
| | Subject: Security patch available for Photo Cart 4.1 | Posted: March 26, 2008 @ 11:08 PM | | i don't know if it's the reason, but i upgraded my security patch and now I can't log into my admin.
Anyone know why? |
|
| | |
| | Subject: Security patch available for Photo Cart 4.1 | Posted: April 21, 2008 @ 11:14 AM | | I am having the same issue now that I uploaded the patch. Whenever anyone goes to the cart, they have to enter a password and user name before they get to the index.php sote. If they do not have this information because they have not set up an account, what do I do?
Help please. |
|
| | |
| | Subject: Security patch available for Photo Cart 4.1 | Posted: May 1, 2008 @ 10:42 AM | | | I've just purchased Photo Cart today. Do I still need to install the updated patch? |
|
| | |
| | Subject: Security patch available for Photo Cart 4.1 | Posted: May 1, 2008 @ 11:22 AM | | | I did |
|
| | |
| | Subject: Security patch available for Photo Cart 4.1 | Posted: May 1, 2008 @ 11:32 AM | | Thanks for the reply but that doesn't answer my question.
IF the author of this software has updated the full download package since the sercurity patch release then it would not be necessary to update.
|
|
| | |
| Tim | | | | 3223 total posts | |
|
| | Subject: Security patch available for Photo Cart 4.1 | Posted: May 1, 2008 @ 2:21 PM | |
Quoting: newseed
I've just purchased Photo Cart today. Do I still need to install the updated patch?
|
No, it is already in there.
-----------------------------------------------------------------------------
Tim Grissett - DIA | picturespro.com | info@picturespro.com |
|
| | |
| | Subject: Security patch available for Photo Cart 4.1 | Posted: October 8, 2008 @ 10:59 PM | |
Quoting: sysman
MSbrett, I have bluehost there is actually a couple of ways you can do it. One is through the control panal
Under Files go to File Manager
Open your WebRoot
once here you will get a window that is split
On the left side you will need to expand your folder of your domain name
Then select Public_html
then select Photocart
Then go to the very top of the screen and select the Uplaod Icon
this will open a window (make sure that it says that you are uploading to photocart)
it will give you windows to browse to the files on your computer to upload.
I think it will only allow you to upload 3 at a time
the easier way is to use an ftp program like FileZilla
If you need help using either msg just shoot me an email www.info@cfmills.com
|
Hi I am just getting around to doing this security patch thing, and am on bluehost. I'm following the directions listed above, but when I get to the split window and on the left side expand the folder of my domain name - first of all the folder at the top says home/nanineph (so it's a shortened version of my domain name) when I click on that and then the public_html, there is no "photocart" to select. there is:
admin
bu
cg-bin
layout
payment
photos
So I get the rest of it and have found the upload icon, but no "photocart" file.. can you help me out with this? I am not the most technically savvy person here, so any help with this would be greatly appreciated!
many thanks
Nanine |
|
| | |
| | Subject: Security patch available for Photo Cart 4.1 | Posted: October 9, 2008 @ 9:31 AM | | There is no photocart file.
They are referring to the folder and it sounds like you are in it. |
|
| | |
| | Subject: Security patch available for Photo Cart 4.1 | Posted: October 27, 2008 @ 10:32 PM | | I still have not done this. should I do it or wait until the new version is released?
thank you.
Nanine |
|
| | |
| | Subject: Security patch available for Photo Cart 4.1 | Posted: October 28, 2008 @ 8:33 AM | | Wait!
I heard from a very good source that PhotoCart 5.0 beta is ready to release this week. It will have this patch or won't need it.
Tim is now working on the manual.
I am sure that hackers will find new ways to turn your website into a Zombie Junk E-mail server. I recently had to ask for an "upgrade" to my Plesk control panel on my dedicated Server for this reason.
PS Tim,
Perhaps you or someone you delineate should delete old, soon to be redundant Subjects like this and combine others, just to clean up the forum space?
| This message was edited by RRRoger on October 28, 2008 @ 8:43 AM |
|
|
| | |
