osCommerce Online Merchant v184.108.40.206
27th August 2013 by Harald Ponce de Leon
osCommerce Online Merchant v220.127.116.11 is a security and general maintenance release focusing on improving core features.
This release is in preparation of v2.3.4 containing additional improvements.
- Who's Online
Parse REQUEST_URI with tep_db_prepare_input() before storing the value in the database. Replace REMOTE_ADDR with tep_get_ip_address().
- Administration Tool -> Catalog -> Categories/Products
Fix product price gross tax calculations when adding or editing products.
Register a shutdown function to close and write the session data. Also check for and allow , (comma) and - (minus) characters in the session ID.
When redirecting from HTTPS -> HTTP and replacing the url with a HTTPS version, also take DIR_WS_HTTPS_CATALOG into consideration which may differ from DIR_WS_HTTP_CATALOG.
Upgrade from v2.3.3 to v18.104.22.168
A detailed upgrade guide is available online at:
Full and Update Packages of osCommerce Online Merchant v22.214.171.124 can be downloaded at:
We'd like to thank the community for their feedback on our releases. In addition, we thank the following people who participated in the development of this release.
A full list of source code changes can be seen at:
We'd like to thank Chris Wood for bringing a security issue to our attention.