User Prometheus send us info that there is exploit for Quick.Cart v2.2 (http://secunia.com/advisories/25513/)
We have solution for that exploit:
if( isset( $_COOKIE['sLanguage'] ) )
if( isset( $_COOKIE['sLanguage'] ) && strlen( $_COOKIE['sLanguage'] ) == 2 )
I just checked the Quick.Cart_v2.2_english.zip in the download area and the security fixes aren't patched yet. Would be nice if the latest versions have the patches in it.
I am using 1.4 Fat & wanted to patch any holes but I can't see this code in my config\general.php file ?? Is there anything else I need to do for 1.4 ?
eauman - this exploit is about languages selection, but in v1.4 there were no languages, so it doesn't concern this version.
Thanks for the update