osCommerce Online Merchant v2.3.3.1
27th August 2013 by Harald Ponce de Leon

osCommerce Online Merchant v2.3.3.1 is a security and general maintenance release focusing on improving core features.

This release is in preparation of v2.3.4 containing additional improvements.


  • Who's Online
    Parse REQUEST_URI with tep_db_prepare_input() before storing the value in the database. Replace REMOTE_ADDR with tep_get_ip_address().
  • Administration Tool -> Catalog -> Categories/Products
    Fix product price gross tax calculations when adding or editing products.
  • Session
    Register a shutdown function to close and write the session data. Also check for and allow , (comma) and - (minus) characters in the session ID.
  • tep_redirect()
    When redirecting from HTTPS -> HTTP and replacing the url with a HTTPS version, also take DIR_WS_HTTPS_CATALOG into consideration which may differ from DIR_WS_HTTP_CATALOG.

Upgrade from v2.3.3 to v2.3.3.1

A detailed upgrade guide is available online at:



Full and Update Packages of osCommerce Online Merchant v2.3.3.1 can be downloaded at:


Thank You!

We'd like to thank the community for their feedback on our releases. In addition, we thank the following people who participated in the development of this release.

Bug Reporters


A full list of source code changes can be seen at:



We'd like to thank Chris Wood for bringing a security issue to our attention.

Back to listing