News:

AbanteCart v1.4.2 is released.

Main Menu
support

XSS Vulnerability Fix for v1.15 to v1.2.7

Started by Tomato Joe, July 20, 2016, 11:31:29 AM

Previous topic - Next topic

Tomato Joe

I made the fix below: 

XSS Vulnerability Fix for v1.15 to v1.2.7
Message status:
notice
Date:
06/15/2016 03:24:39 PM
Number of repetitions:
113
If you run AbanteCart version 1.1.5 to 1.2.7, we suggest that you apply the fix provided in the link :
http://forum.abantecart.com/index.php/topic,4727.0.html

but now I am getting this error message AND assume it related as I've never had this error until I made this fix.

Incorrect config.php file permissions
Message status:
warning
Date:
07/20/2016 09:22:29 AM
Number of repetitions:
86
/home/tomatojo/public_html/system/config.php file needs to be set to read and execute modes to keep it secured from editing!

SHOULD I REVERT BACK TO THE INSTALLED SETTING ??   

THANK YOU, JOE LEIST

Basara

Hello.

It is very easy to improve file permission of the config.php file. Login to your Cpanel filemanager of FTP and change it to 644 or 444 see http://docs.abantecart.com/pages/tips/troubleshooting.html#permissions

Tomato Joe

They were already changed to 0644.   Not sure why the error / notice then. 

Basara

Quote from: Tomato Joe on July 21, 2016, 08:57:11 AM
They were already changed to 0644.   Not sure why the error / notice then.

On some servers you need to set even 440. So change and remove this error from messages

Forum Rules Code of conduct
AbanteCart.com 2010 -