View Full Version : Osc_Sec

12-24-2011, 11:01 PM
Whats New?
- Removed double up entries in the bypass function
- Added a filter to look specifically for osCommerce admin login bypass attempts. Unlike other filters, no requests or files are exempt from this filter.
- (re)Added a x_powered_by() function to overwrite the apache response header with a custom string to prevent automated attacks from identifying what version of PHP your site is hosted on if expose_php is enabled in the php.ini
- Added an option to disable the tell_a_friend.php page and therefore prevent it from being used to send spam (see readme.htm).
- Fixed issue with the emailer when IP Trap is enabled.
- Optional code additions for htaccess to further harden the security of your website.
- Added a check for the multi-byte GBK character
- Added a Local File Inclusion filter to prevent PHP stream php://filter LFI exploit attempts

New Install instructions: see the readme.htm, as per usual, all updates contain the complete package

Updating: Replace both the osc_sec.php and osc.php files in your website /includes/ directory with the osc_sec.php and osc.php files in the includes directory of this zip file.

Please report any bugs to the discussion forums at http://goo.gl/dQ3jH or email [email protected]

More... (http://addons.oscommerce.com/info/7834)