PDA

View Full Version : RC 2a Admin Security Patch



michael_s
03-24-2011, 09:10 AM
This patch is to fix the known MS2.2 RC2a security vulnerability.

The issue is with the the use of $PHP_SELF.

In admin/application top change

$current_page = basename($PHP_SELF);

to

$current_page = basename($_SERVER['SCRIPT_FILENAME']);


Also rename your admin folder to another name for extra security and change your configure.php file to match.


More... (http://addons.oscommerce.com/info/7940)