  |
12 | 12 | | PHP 3 Session ID XSS Issue |
| |
13 | 13 | | Product Attributes SQL Injection |
| |
14 | 14 | | Resize Images To Round Numbers |
 |
| 15 | + | Use The Correct Country Name Value When Formatting Addresses |
|
15 | 16 | | |
| |
16 | 17 | | ## Update 051113 (13th November 2005) |
| |
17 | 18 | | |
| |
|
|
 |
… |
|
253 | 254 | | |
| |
254 | 255 | | $height = intval($image_size[1] * $ratio); |
| |
255 | 256 | | |
|
| 257 | + | ------------------------------------------------------------------------------ |
| |
| 258 | + | Use The Correct Country Name Value When Formatting Addresses |
| |
| 259 | + | http://www.oscommerce.com/community/bugs,1291 |
| |
| 260 | + | http://svn.oscommerce.com/trac/changeset/713 |
| |
| 261 | + | ------------------------------------------------------------------------------ |
| |
| 262 | + | |
| |
| 263 | + | Problem: |
| |
| 264 | + | |
| |
| 265 | + | Depending on the values passed to tep_address_format(), an array value could be used as the country name instead of a string value. |
| |
| 266 | + | |
| |
| 267 | + | Solution: |
| |
| 268 | + | |
| |
| 269 | + | The following line must be replaced in catalog/includes/functions/general.php: |
| |
| 270 | + | |
| |
| 271 | + | Line 453, from: |
| |
| 272 | + | |
| |
| 273 | + | $country = tep_output_string_protected($address['country']); |
| |
| 274 | + | |
| |
| 275 | + | to: |
| |
| 276 | + | |
| |
| 277 | + | $country = tep_output_string_protected($address['country']['title']); |
| |
| 278 | + | |
| |
| 279 | + | The following line must be removed: |
| |
| 280 | + | |
| |
| 281 | + | Line 483: |
| |
| 282 | + | |
| |
| 283 | + | if ($country == '') $country = tep_output_string_protected($address['country']); |
| |
| 284 | + | |
|
256 | 285 | | ########################### |
| |
257 | 286 | | ###### Update 051113 ###### |
| |
258 | 287 | | ########################### |