Our site www.viart.com site is operated by latest Viart Shop 5 with default Clear design
Topic Information
SajMalik
SajMalik
Try putting pinoc.com in a search and see how it is widespread and malicious Wall Bash
 
on2dvd
on2dvd
jty,
 
No, mine is working. However, in the first release of version 3.5 the options prices were not showing properly and i advised Viart who fixed it. I believe they also posted a thread with download links to the fix. I am unsure if it's included in the full downlaod now.
 
Dan (Guest)
Dan (Guest)
Yes, this critical bug was a monster. This weakness was huge and I'm surprised that ViArt wouldn't have had enough security to block this type of interaction.
 
I'm happy they were in all day on saturday to assist with people though.
 
The support seems to be there when you need them, but cause the situations when you need them sometimes.
 
jty (Guest)
jty (Guest)
Thanks on2dvd. I dunno what's up on my end but option's prices are not showing in Checkout, like before you reported it and we got the patch
Thanks for letting me know. I'll have another look at my end.
 
Christopher, thanks for the heads up
 
jty (Guest)
jty (Guest)
on2dvd, my options prices are definitely broken on Checkout
The offending file is order_items_properties.php
Roll that file back, options prices show in checkout
re-Upload the latest version of that file and options prices are zero in checkout Crazy
 
on2dvd
on2dvd
jty. Viart must have altered my pages (as i reported the first case of intrusion) from within my FTP rather than from a local file of theirs which seems to be an old file.
I'd just give them a buzz (support ticket or chat) and they will be able to work it out.
 
jty (Guest)
jty (Guest)
ah, I see Wacko Shock Crazy
Thanks on2DVD. I have sent in a trouble support ticket
In the meantime, I am choosing to be open to a malicious attack rather than to sell things at zero cost I don't know
 
SajMalik
SajMalik
jty, I upgraded this fix on five sites with no problems; I would urge you to resolve this problem as the risk you run is extremely serious Sad
 
DickS
DickS
We updated our shops also, no issues at all.
 
DickS
 
jty (Guest)
jty (Guest)
Hi Christopher & dickS,
Do you have products with options ?
The problem I am having is for products with options. The options price is not showing in cart
The rest is fine, just prices for options
 
SajMalik
SajMalik
Yes, jty, I use masses of options - sometimes two different options per product.
 
jty (Guest)
jty (Guest)
Thanks Christopher,
I think I've narrowed it down now. It has something to do with a clash between the versions of block_order_info and order_items_properties.php
 
On a fresh install, no bug fixes added, installing this critical patch works ie option prices are shown in cart
BUT, if I apply the block_order_info patch from before, the prices don't show
 
But if I apply the block_order_info patch and not the critical patch, all is fine.
 
So it looks like a conflict between the versions of the 2 files.
 
The other thing I suspect I found is that a new download/install doesn't require the block_order_info patch to show prices.
 
I need to investigate further to confirm though
It's all too confusing at the moment Wacko
 
Thanks for your feedback. I'll go away and play with the various versions of the various files and see what's up
 
jty (Guest)
jty (Guest)
Conclusion - there are 3 versions of block_order_info
The original block_order_info wasn't showing option prices
So, Viart brought out the patch as posted in this forum
The patch version with this critical patch order_items_properties.php results in zero prices for options
 
The versions that work is the block_order_info in the current download (not original download) with order_items_properties.php from this critical patch but do not install the block_order_info thatis supposed to fix options prices but instead turns it into zero with this critical patch.
 
Or something like that. I'm not interested anymore. Too hard
 
SajMalik
SajMalik
Perhaps Viart would comment on this - please?
 
on2dvd
on2dvd
The new email i got last night, does that have any new security fixes or is it just to fix the options pricing? As my options were OK I am wondering if I really need to install second round of patches?
 
jty (Guest)
jty (Guest)
on2dvd, how do I get on the email list ?
I'm not getting Viart emails tho' I have a paid license Sad
 
Where is the new patch referred to in the email ?
 
To check/compare the files, I am using a program called winmerge.
 
GingerSue
GingerSue
Holy cow! I'm glad I checked in here. As a paying customer, I'd also like to know how to get on an email list to inform me of security upgrades - or any kind of patch or release.
 
poplarman (Guest)
poplarman (Guest)
Regarding the changing of name of the admin folder - I found that I had to change the Favourites/Bookmarks links and then everything worked fine.
 
Anjula
Anjula
A small update as to the SQL injection. We have updated the below files yesterday (24/07/2008) once again to fix a few new issues and in order to increase security:
 
* items_properties.php
* order_items_properties.php
* shopping_cart.php
 
We would recommend you to download an updated version of the files from here for your release: http://www.viart.com/downloads/includes-3.0.1.zip
http://www.viart.com/downloads/includes-3.1.zip
http://www.viart.com/downloads/includes-3.2.zip
http://www.viart.com/downloads/includes-3.3.2.zip
http://www.viart.com/downloads/includes-3.4.5.zip
http://www.viart.com/downloads/includes-3.4.7.zip
http://www.viart.com/downloads/includes-3.4.zip
http://www.viart.com/downloads/includes-3.5.zip
 
With kind regards,
ViArt Support Team
 
 
on2dvd
on2dvd
jty,
 
I don't know actually, they just come, maybe was an option when i bought, I can't remember.
 
Looks like i will be upgrading these new files and hoping the options pricing thing is fixed. I will make backups.
 
on2dvd
on2dvd
Anjula
 
These fixes only break other stuff.
 
I updated these files and got this error when I clicked a banner which had a link to pages with options.
 
Notice: Undefined variable: db in /home/xxxx/public_html/shop/includes/shopping_cart.php on line 2234
 
Fatal error: Call to a member function tosql() on a non-object in /home/xxxx/public_html/shop/includes/shopping_cart.php on line 2234
 
The options Anjula, the options. Why are options pricing always breaking or causing problems?
 
I have removed these fixes and wait for real fixes.
 
SajMalik
SajMalik
I have installed the fixes and have no problem I don't know
 
Vito
Vito
Hello on2dvd,
 
You was absolutely right, as two arhives has incorrect instructions updated recently
http://www.viart.com/downloads/includes-3.4.7.zip
http://www.viart.com/downloads/includes-3.5.zip
 
As for options issue it's recommended to use latest patch for block_order_info.php file for version 3.5 along with patches above
http://www.viart.com/downloads/block_order_info-3.5.zip
 
In case if you still have problems with options please contact our Support Team with your site details so we can check this issue for you.
 
Thanks,
Yoda
Last modified: 26 Jul 2008 12:55 PM
 
tw (Guest)
tw (Guest)
I downloaded includes-3.4.7 on 7/24. Everything is working fine so far. Does the above link from Master Yoda have a different version?
 
Another question, if I upgrade to 3.5 later, do I need to intall all patches including the above, or the current 3.5 download has everything incorporated already?
 
freezer
freezer
Hi,
 
Are the links for http://www.viart.com/downloads/includes-3.5.zip
 
on 7/26/08 12:52 PM
 
different than those at 7/25/08 10:33 AM
 
I think it would be much clearer if the link names included some sort of reference. either the date or numerical starting with 1..2..3
 
e.g http://www.viart.com/downloads/includes-3.4.7(1).zip
http://www.viart.com/downloads/includes-3.4-7(2).zip
 
or similar.
 
Than we could all keep track of which was the most recent link to avoid unecessary uploading of the same file.
 
As each time this is done I have to make custom changes each time.
 

 First 1 2 of 3 3 Last