AbanteCart Community

Shopping Cart Operations => Support => Topic started by: Tomato Joe on July 20, 2016, 11:31:29 AM

Title: XSS Vulnerability Fix for v1.15 to v1.2.7
Post by: Tomato Joe on July 20, 2016, 11:31:29 AM

I made the fix below: 

XSS Vulnerability Fix for v1.15 to v1.2.7
Message status:
notice
Date:
06/15/2016 03:24:39 PM
Number of repetitions:
113
If you run AbanteCart version 1.1.5 to 1.2.7, we suggest that you apply the fix provided in the link :
http://forum.abantecart.com/index.php/topic,4727.0.html

but now I am getting this error message AND assume it related as I've never had this error until I made this fix.

Incorrect config.php file permissions
Message status:
warning
Date:
07/20/2016 09:22:29 AM
Number of repetitions:
86
/home/tomatojo/public_html/system/config.php file needs to be set to read and execute modes to keep it secured from editing!

SHOULD I REVERT BACK TO THE INSTALLED SETTING ??   

THANK YOU, JOE LEIST

Title: Re: XSS Vulnerability Fix for v1.15 to v1.2.7
Post by: Basara on July 21, 2016, 01:18:50 AM

Hello.

It is very easy to improve file permission of the config.php file. Login to your Cpanel filemanager of FTP and change it to 644 or 444 see http://docs.abantecart.com/pages/tips/troubleshooting.html#permissions

Title: Re: XSS Vulnerability Fix for v1.15 to v1.2.7
Post by: Tomato Joe on July 21, 2016, 08:57:11 AM

They were already changed to 0644.   Not sure why the error / notice then. 

Title: Re: XSS Vulnerability Fix for v1.15 to v1.2.7
Post by: Basara on July 21, 2016, 09:13:08 AM

Quote from: Tomato Joe on July 21, 2016, 08:57:11 AM

They were already changed to 0644.   Not sure why the error / notice then.

On some servers you need to set even 440. So change and remove this error from messages