Tag > security and osCommerce

Zen-Cart¤äosCommerce¤Ê¤É¤Î¥Ü¥¿¥óºîÀ®¤Ï¡¢¡Ö¥í¥°¥¤¥ó¡×¡Ö¥í¥°¥¢¥¦¥È¡×¡Ö¥«¡¼¥È¤ËÆþ¤ì¤ë¡×¡Ö¥ì¥¸¤Ë¿Ê¤à¡×¤Ê¤É¥Ü¥¿¥ó¥Æ¥­¥¹¥È¤â¿ÍͤǤ¢¤ê¡¢Èó¾ï¤ËÌÌÅݤǤ¹¡£Zen-Cart v1.3¤Î¾ì¹ç¤Ç¤¹¤È(includes/templates/template_default/buttons/japaneseÆâ¤Î¤ß¤Ç)40¼ïÎà°Ê¾å¤Ë¤â¤Ê¤ê¤Þ¤¹¡£
¤½¤³¤Ç¡¢S-page¤Ç¤Ï¡¢Zen-Cart¤äosCommerce¸þ¤±¤Î¥Ü¥¿¥ó¤ò¥ª¥ó¥é¥¤¥ó¤Ç¼ê·Ú¤ËºîÀ®¤Ç¤­¤ëWEB¥µ¡¼¥Ó¥¹¤ò°ÊÁ°¤«¤é¹½ÁÛ¤·¤Æ¤ª¤ê¤Þ¤·¤¿¡£
¤Þ¤À¡¢²þÎÉÅÀ¤Ï¿¡¹¤¢¤ë¤È»×¤¤¤Þ¤¹¤¬¡¢¤è¤¦¤ä¤¯¥ª¡¼¥×¥ó¤Ç¤­¤ë¤è¤¦¤Ê¾õÂ֤ˤʤê¤Þ¤·¤¿¤Î¤Ç¡¢¤´Êó¹ð¤¤¤¿¤·¤Þ¤¹¡£
Titile¡ËButtons Generator + ShowCase
URL¡Ëhttp://button.s-page.net/
¤³¤Î¥µ¥¤¥È¤Ç¤Ï¡¢¥Ü¥¿¥óºîÀ®¤ò¹Ô¤¦¡ÖGenerator¡×¤È¤½¤ÎÀ®²Ìʪ¤òɽ¼¨¡¦¥À¥¦¥ó¥í¡¼¥É¤¹¤ë¤³¤È¤¬¤Ç¤­¤ë¡ÖShowCase¡×¤«¤é¹½À®¤µ¤ì¤Þ¤¹¡£
¤Ê¤ª¡¢Zen-Cart¤äoscommerce°Ê³°¤Ç¤â¼«Í³¤Ë¥Æ¥­¥¹¥È¤òÀßÄê¤Ç¤­¤ëfree¥â¡¼¥É(CMSÁªÂò»þ¤Ëfree¤òÁªÂò)¤âÍÑ°Õ¤·¤Þ¤·¤¿¡£
¥æ¡¼¥¶ÅÐÏ¿¤âɬÍפ¢¤ê¤Þ¤»¤ó¤Î¤Ç¡¢¤ªµ¤·Ú¤Ë¤´ÍøÍѤ¯¤À¤µ¤¤¡£(̵ÎÁ¤Ç¤¹)
 

ZenCartÆüËܸì¸ø¼°¥µ¥¤¥È¤Ç
* v1.3.0.2-l10n-jp-1ÍÑ
* v1.2-l10n-jp-6ÍÑ
¤ÎSession Fixation ÀȼåÀ­¤ËÂФ¹¤ë¥Ñ¥Ã¥Á¤¬¥ê¥ê¡¼¥¹¤µ¤ì¤Þ¤·¤¿¡£
¥À¥¦¥ó¥í¡¼¥É¤Ï¡¢¤³¤Á¤é
v1.3.0.2-l10n-jp-1ÍÑ
¥ª¡¼¥Ð¡¼¥é¥¤¥ÉÂбþ¤Ç¡¢¥³¥¢¥Õ¥¡¥¤¥ë¤ò½¤Àµ¤¹¤ëɬÍפϤʤ¤¤Î¤Ç
(¤â¤Á¤í¤ó¥ª¡¼¥Ð¡¼¥é¥¤¥É¤µ¤ì¤ë¥Õ¥¡¥¤¥ë¤Ë¼ê¤ò²Ã¤¨¤Æ¤¤¤ë¾ì¹ç¤Ï½¤Àµ¤¬É¬ÍפǤ¹¤¬)
raadme¤Ëµ­ºÜ¤µ¤ì¤Æ¤¤¤ëÄ̤ê¤Ëºî¶È¤ò¤¹¤ì¤Ð´Êñ¤ËƳÆþ¤¹¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£
v1.2-l10n-jp-6ÍÑ
v1.2-l10n-jp-6ÍѤξì¹ç¤Ï¡¢¥³¥¢¥Õ¥¡¥¤¥ë¤ò½¤Àµ¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
patch¥³¥Þ¥ó¥É¤¬»È¤¨¤ë´Ä¶­ÍѤ˥ѥåÁ¥Õ¥¡¥¤¥ë¤¬Æ±º­¤µ¤ì¤Æ¤Þ¤¹¤¬¡¢
¤³¤³¤Ç¤Ï¡¢patch¥³¥Þ¥ó¥É¤¬»È¤¨¤Ê¤¤´Ä¶­¤ÎÊý¸þ¤±¤Ë¡¢
session_fixation.patch¤ÎÃæ¿È(Êѹ¹Á°¤ÈÊѹ¹¸å)¤ò¾Ò²ð¤·¤Þ¤¹¡£
Step 1
—————
admin/includes/application_top.php 20¹ÔÌÜÉÕ¶á
// Start the clock for the page parse time log
define(’PAGE_PARSE_START_TIME’, microtime());
¢­
ini_set("session.use_only_cookies", "1");
ini_set("session.use_cookies", "1");
ini_set("session.use_trans_sid", "0");

// Start the clock for the page parse time log
define(’PAGE_PARSE_START_TIME’, microtime());
admin/includes/functions/sessions.php 90¹ÔÌÜÉÕ¶á
function zen_session_start() {
return […]