osCommerce News
Recent posts
post item
osCommerce 4.05 release
September 21, 2022
osCommerce 4.05 has been released! Read more to find out how to upgrade to the latest version and what has changed ...
post item
Hybrid Ecommerce
August 16, 2022
osCommerce brings a new type of Ecommerce platform to the market - a so called Hybrid Ecommerce. So what is Hybrid Ecommerce? We see it to be the best of both worlds - an open source (and free) Ecommerce solution that is also hosted as if it was SaaS (or EaaS - Ecommerce as a Service). This means users (businesses and developers) do not need to worry about hosting requirements and at the same time have full access to the source code and can change or implement any custom features, integrations, etc. Of course, it is always possible to host osCommerce on your own server! It is just so much easier (and quite likely more cost effective!) to use osCommerce's own hosting solutions.  Hybrid Ecommerce from osCommerce Users can choose to have osCommerce installed for free on one of our servers to try osCommerce before use.  Once satisfied with its features, speed, robustness - they can choose to move to a paid osCommerce hosting account or to download and use osCommerce site on their own server. Move to an osCommerce-managed server is done automatically. Server environment is optimised for osCommerce, allowing it to give the best performance. It is also managed and upgraded with the latest server software. Most importantly, osCommerce installation can be automatically updated to the latest version of osCommerce (and Applications) as well. Any customisations, done right, will stay but all the standard modules and the core of osCommerce will be regularly updated, bringing fixes, changes, new features. Full FTP and mySQL access are offered to businesses and developers should they require such.   ...
post item
osCommerce 4.03 release
August 16, 2022
osCommerce 4.03 has been released. Read more about what's new in the latest version of popular open source free shopping cart! ...
post item
osCommerce 4.02 release
August 09, 2022
osCommerce 4.02 release, update notes, download instructions ...
post item
osCommerce 4.01 release
August 04, 2022
osCommerce 4.01 is available from https://www.oscommerce.com   Changes are available from osCommerce Wiki:  https://wiki.oscommerce.com/index.php?title=Change_Log We will continue working on fixing issues and adding features, osCommerce will be regularly developed and updated. ...
post item
osCommerce 4.0 Interview
August 03, 2022
What is osCommerce 4.0? How it was created and why? What is the team behind osCommerce? How was osCommerce released during the war in Ukraine?  All of this and more in the video interview, done by David Goodale of Merchant Accounts (Canada):     Visit Merchant Accounts Canada  for the full video and transcript ...
post item
osCommerce proudly developed in the UK and Ukraine
July 27, 2022
As many readers would know, osCommerce is headquartered from the UK but the majority of our team members are in Ukraine. Same as it was for Magento btw, and for many other amazing technological solutions. What many readers perhaps do not realize is that osCommerce continues to be developed while the war is raging in Ukraine.  For example, the final touches to version 4 were made in the evening, while air raid sirens were wailing in many locations in Ukraine where our colleagues are located. We would like to once again express our appreciation and applaud the strong spirit of our colleagues who managed to complete their task (be it with a delay) and release osCommerce 4.0! Those men and women who continue to work hard on adding more features, enabling the App Shop, fixing those teething problems that users of osCommerce report to us. We are working hard to release more features and solutions, and will be updating you in due course! ...
post item
osCommerce v4 release
July 25, 2022
osCommerce 4 released today ...
post item
osCommerce Roadmap
July 25, 2022
Read more about osCommerce Roadmap ...
post item
osCommerce is dead... Long live osCommerce!
July 25, 2022
How osCommerce started, became extremely popular, went into decline and almost died... And was re-born and is being launched today on the way to success! ...
Products

Issue #10: August 19, 2002

By Harald Ponce de Leon

August 19, 2002

Cross Site Scripting Vulnerabilities
Checkout And Order Security Issues
Search Engine Safe Urls
PHP3 Compatibility
Windows Date Problem Readdressed
Installation Module Updates For PHP-CGI Servers
Whos Online Logic Update
File Upload Standards

Cross Site Scripting Vulnerabilities

Tamura Toshihiko informed the developers forum of cross site scripting vulnerabilities existing in the 2.2-CVS codebase.

The posting can be read at:

https://www.oscommerce.com/community.php/forum,2/action,read/i,16332/t,16332

Fixes to the problem areas have been commited, but we are still working on a complete solution by validating user input.

Mattice has submitted a global fix which can be used on live stores, which can be read at:

https://www.oscommerce.com/community.php/forum,2/action,read/i,16432/t,16432

Checkout And Order Security Issues

Geoff Ford forwarded issues concerning the checkout procedure and how orders are made. It is possible for a customer to bypass the checkout procedure and head straight to the processing logic creating false orders.

This issue is most serious to those offering downloadable products that may be active to the customer as soon as an order has been falsely made.

A fix to the problem has been commited which can be seen here:

https://marc.theaimsgroup.com/?l=tep-commits&m=102975528416119&w=2

Search Engine Safe Urls

The logic to the Search Engine Safe Urls feature has been updated to properly parse all GET parameters, including the session ID where necessary.

This update may cause robots to cycle in a live store - we are currently discussing possible solutions to overcome this issue.

One nice solution mentioned is to start the session only when it is needed, for example when adding a product to the cart, and when a customer logs in or creates an account.

PHP3 Compatibility

Updates to the code logic have been made to bring back PHP3 compatibility. The estimated minimum for PHP3 versions is 3.0.7 - tests on bringing back the PHP3 compatibility were done on 3.0.11, the earliest version found for Windows servers.

Windows Date Problem Readdressed

Michael Burke has forwarded an update to the logic used for parsing dates prior 1970 on Windows based servers.

Dates prior 1970 should now be displayed correctly.

Installation Module Updates For PHP-CGI Servers

The installation module has been updated to allow for easier installation with servers that have PHP setup as CGI.

If you encounter any problems with the provided default path parameters during the installation procedure, please forward relevant information to the developers forum.

Whos Online Logic Update

The logic to the whos online feature has been updated to use only the necessary session variables from the customer on the catalog side.

Previously if the customer was viewing the store in a foreign language, selecting their entry on the Whos Online feature would use that language variable on the Administration Tool itself.

The logic calculating the customers shopping cart total has also been updated to calculate the right tax amount if display_price_with_tax is enabled. The [sub]total price shown is the exact price shown to the customer in their shopping cart box.

File Upload Standards

A new standard has been defined to handle file upload processing - which is compatible with all PHP versions, taking advantage of the features available of the PHP version in use.

The API documentation for this standard will soon be added to the CVS repository.