osCommerce Online Merchant v2.3.3.1

[Harald Ponce de Leon]

osCommerce Online Merchant v2.3.3.1 is a security and general maintenance release focusing on improving core features.

 

This release is in preparation of v2.3.4 containing additional improvements.

 

Changes

• Who's Online
  Parse REQUEST_URI with tep_db_prepare_input() before storing the value in the database.
  Replace REMOTE_ADDR with tep_get_ip_address().
  
• Administration Tool -> Catalog -> Categories/Products
  Fix product price gross tax calculations when adding or editing products.
  
• Session
  Register a shutdown function to close and write the session data. Also check for and allow , (comma) and - (minus) characters in the session ID.
  
• tep_redirect()
  When redirecting from HTTPS -> HTTP and replacing the url with a HTTPS version, also take DIR_WS_HTTPS_CATALOG into consideration which may differ from DIR_WS_HTTP_CATALOG.
  

Upgrade from v2.3.3 to v2.3.3.1

 

A detailed upgrade guide is available online at:

 

http://library.oscommerce.com/Online&en&oscom_2_3&release_notes&v2_3_3_1

 

Download

 

Full and Update Packages of osCommerce Online Merchant v2.3.3.1 can be downloaded at:

 

http://www.oscommerce.com/solutions/downloads

 

Thank You!

 

We'd like to thank the community for their feedback on our releases. In addition, we thank the following people who participated in the development of this release.

 

Bug Reporters

• VanAlles
  
• jerico
  

Reference

 

A full list of source code changes can be seen at:

 

https://github.com/osCommerce/oscommerce2/compare/v2.3.3...upgrade2331

 

Acknowledgements

 

We'd like to thank Chris Wood for bringing a security issue to our attention.

[Harald Ponce de Leon]

Please forward any replies to the following topic:

 

http://www.oscommerce.com/forums/topic/394288-oscommerce-online-merchant-v2331/