WP e-Commerce Guest Downloads Exploit

This morning I became aware of a critical exploit affecting WP e-Commerce stores selling electronic Products.

The vulnerability allows a guest user using a specially crafted URL to download electronic Products from WP e-Commerce stores without logging in or purchasing Products.

The Instinct team will make a patch available shortly but I want to give store owners the heads up so that they can address this issue immediately. Below are the required changes required to close this vulnerability.

  1. Open user-downloads.php within /wp-content/plugins/wp-e-commerce/…
  2. On line #3 replace the existing line starting with “$purchases = “, with the following: $purchases= $wpdb->get_col("SELECT 'id' FROM '".WPSC_TABLE_PURCHASE_LOGS."' WHERE user_ID = '".(int)$user_ID."' AND user_ID != 0") ;
  3. On line #11 replace the existing line starting with “$sql = “, with the following:$sql = "SELECT * FROM '".WPSC_TABLE_DOWNLOAD_STATUS."' WHERE 'purchid' IN ".$perchidstr." AND 'active' IN ('1') ORDER BY 'datetime' DESC";
  4. Save changes to user-downloads.php

That’s it, access the My Downloads page as a guest (e.g. http://www.visser.com.au/account/downloads=true) to confirm this patch worked. All the best!

WordPress 2.9.2 Security Update

WordPress users will notice a new automatic update available for 2.9.2, this security update fixes a vulnerability affecting all WordPress installations since the recent introduction of the Trash feature in the 2.9.* series.

Every logged in user, even those with the subscriber role, can access all deleted articles and posts that have been moved to the trash. This might not affect the majority of blogs as there need to be at least two registered users and at least one user that is not trusted by the administrator of the site.

Excerpt from WordPress 2.9.2 Released at ghacks.net.

Missing SQL file attached to Add to Wishlist

I’ve updated the documentation and included the missing SQL file to create the wp_wpsc_favourites table that stores the individual wishlist items that powers Add to Wishlist.

Please re-download Add to Wishlist from the original purchase e-mail that was sent to you. Shortly I’ll be making member facilities to allow customers to log in, manage their downloads/purchases and get priority support within the WP e-Commerce forum for Visser Labs addons.

Gold Cart 3.7.6.1 Beta 1 Upgrade Fix for WP E-Commerce

WP E-Commerce 3.7.6.1 Beta 1 throws a fatal error with activation of Gold Cart when opening the Settings tab of Store, the error is:

Fatal error: Call to undefined function nzshpcrt_listdir() in /home/public_html/wp-content/uploads/wpsc/upgrades/gold_cart_files/gold_shopping_cart.php on line 746

Good news is Jeff the ninja coder from Instinct has already released a quick patch resolving this issue which is included below:

Change the function call (around line 745) in `upgrades/gold_cart_files` from:
$gold_nzshpcrt_merchant_list = nzshpcrt_listdir($gold_gateway_directory);
to:
$gold_nzshpcrt_merchant_list = wpsc_list_dir($gold_gateway_directory);

cForms and WP E-commerce tinyMCE incompatibility fix

There is a plugin compatibility issue for WordPress sites running cForms (v 10.6) and WP E-commerce (v 3.7) plugin affecting the rich-text editor tinyMCE frequently used within the WordPress Admministration.

I noticed the tinyMCE editor used for maintaining product descriptions and rich-text fields had stuffed up on a client site, white text on white background = stuffed up! After some poking and prodding there is an checkbox in cForms > Global Settings > WP Editor Button support, labeled “Select in case you experience a TinyMCE editor error caused by other plugins”. Check it, save changes and tinyMCE works again with WP E-commerce!

Thumbnail Generation PHP Memory Limit NextGEN Gallery

When uploading a set of admittedly large images using NextGEN Gallery to my WordPress site I exceeded my web hosts default memory usage allocation for PHP applications. The error was:

Follow thumbnails could not created. sample.jpg (Error : Exceed Memory limit. Require : 80.65 MByte)

This issue can be resolved by increasing the memory usage allocation at a per-plugin level for PHP applications that require more grunt than others. It’s quick and easy!

Continue reading