osCommerce News
Recent posts
post item
"Buy Now, Pay Later" with new PayPal for new osCommerce
December 13, 2022
Upgrade PayPal module and osCommerce to offer Buy Now, Pay Later feature to customers. Click here to learn more... ...
post item
osCommerce 4.08 release and Connecting to the App Shop
December 09, 2022
osCommerce 4.08 release notes, including how to connect to the App Shop if you were not able to do it before ...
post item
osCommerce 4.07 release
October 26, 2022
osCommerce 4.07 release notes  ...
post item
FREE osCommerce Design Webinar
October 18, 2022
osCommerce is looking to have a Webinar to demonstrate how to modify existing and create new designs. All interested parties, businesses, designers, and developers, are welcome to indicate their interest to participate by commenting on this post in our Forums: https://forums.oscommerce.com/topic/497631-webinar-oscommerce-design/ See you online soon! ...
post item
osCommerce Apps - free until 1/1/23
October 13, 2022
While the osCommerce team are working hard on adding apps to the App Shop, we have decided to make ALL available osCommerce-made applications free in the App Shop until the 1st of January 2023.  You're welcome to download any app via the App shop, and use it to build your own osCommerce site or such for your client. Your feedback is highly appreciated.  With best wishes, osCommerce team ...
post item
osCommerce 4.05 release
September 21, 2022
osCommerce 4.05 has been released! Read more to find out how to upgrade to the latest version and what has changed ...
post item
Hybrid Ecommerce
August 16, 2022
osCommerce brings a new type of Ecommerce platform to the market - a so called Hybrid Ecommerce. So what is Hybrid Ecommerce? We see it to be the best of both worlds - an open source (and free) Ecommerce solution that is also hosted as if it was SaaS (or EaaS - Ecommerce as a Service). This means users (businesses and developers) do not need to worry about hosting requirements and at the same time have full access to the source code and can change or implement any custom features, integrations, etc. Of course, it is always possible to host osCommerce on your own server! It is just so much easier (and quite likely more cost effective!) to use osCommerce's own hosting solutions.  Hybrid Ecommerce from osCommerce Users can choose to have osCommerce installed for free on one of our servers to try osCommerce before use.  Once satisfied with its features, speed, robustness - they can choose to move to a paid osCommerce hosting account or to download and use osCommerce site on their own server. Move to an osCommerce-managed server is done automatically. Server environment is optimised for osCommerce, allowing it to give the best performance. It is also managed and upgraded with the latest server software. Most importantly, osCommerce installation can be automatically updated to the latest version of osCommerce (and Applications) as well. Any customisations, done right, will stay but all the standard modules and the core of osCommerce will be regularly updated, bringing fixes, changes, new features. Full FTP and mySQL access are offered to businesses and developers should they require such.   ...
post item
osCommerce 4.03 release
August 16, 2022
osCommerce 4.03 has been released. Read more about what's new in the latest version of popular open source free shopping cart! ...
post item
osCommerce 4.02 release
August 09, 2022
osCommerce 4.02 release, update notes, download instructions ...
post item
osCommerce 4.01 release
August 04, 2022
osCommerce 4.01 is available from https://www.oscommerce.com   Changes are available from osCommerce Wiki:  https://wiki.oscommerce.com/index.php?title=Change_Log We will continue working on fixing issues and adding features, osCommerce will be regularly developed and updated. ...

Issue #29: June 13, 2003

By Harald Ponce de Leon

June 13, 2003

osCommerce 2.2 Milestone 2 Release Date
User Input Now Sanitized
default.php Now index.php
New In The Press Section

Discussions regarding this weekly report can be found here:


osCommerce 2.2 Milestone 2 Release Date

The release date for osCommerce 2.2 Milestone 2 has been set to 17.06.2003.

This allows the Administration Tool to be put through the standards updates routine, and to perform a security audit on the code, which has already been performed on the Catalog module.

We appreciate it if you can help strengthen the codebase by testing the CVS sources, and by submiting problems to the Bug Reporter.

The Bug Reporter can be reached here:


User Input Now Sanitized

All user input provided on the Catalog module is now being put through a "strip-then-parse" process to prevent Cross Site Scripting vulnerabilities from occuring.

The "stripping" part replaces all occurances of "<" and ">" characters in the user input with "_" characters, and the "parsing" part wraps the string around htmlspecialchars() or a weaker equivalent where appropriate (eg, form input fields) when it is being displayed.

A "strip-then-parse" proposal will soon be added to the Wiki documentation site which will go into further details of the implementatation.

Once the proposal is online, it will be mentioned in the pending Weekly Summary Report as it is important that contribution authors follow the project standards to keep their work secure.

The Wiki documentation site can be reached here:


default.php Now index.php

The main catalog page has been renamed from default.php to index.php to minimize problems encountered on new installations.

All three modules (Catalog, Administration Tool, Installation) are now consistent with using index.php.

New In The Press Section

A new In The Press section has been added to the support site, which contains short blurbs on the project being reviewed in the public media.

This section has been pending for a while to be added to the site, with Internet Professionell giving it a higher priority on our to-do list when it gave the project a whopping 94% rating in an open source online shop comparison review.

If you find the project being reviewed in the public media, please inform us about it and if possible forward the related material.

The new In The Press section can be reached here: