Posted by Wayne Smith on 07 June 2010 08:37 AM
This patch fixes several critical bugs affecting PR7 stores.

Bug Fixes:
  • #5565: XSS: Session_ID on store selection
  • #5568: MMUI Inline CSS Styles - needs terminating semicolons / remove extra ampersand in Buy More link
  • #5570: Module - doesn't collect the response to the CVV code
  • #5573: Cookie without HTTPOnly attribute - Flagged by ControlScan on client's site
  • #5575: With no secure URL and Domain:mm_params set to 'always', customer, affiliate, and checkout sessions are set incorrectly
Other Changes:
  • All cookies set using the SetCookie() function now automatically get the HttpOnly attribute. If callers of this function wish to suppress the attribute (not recommended), they must manipulate the output cookie list directly.
(19 vote(s))
This article was helpful
This article was not helpful

Comments (0)
Post a new comment
Full Name:
CAPTCHA Verification 
Please enter the text you see in the image into the textbox below. This is required to prevent automated registrations and form submissions.

Help Desk Software by Kayako