Zen Cart Security – are you up to date?

If you’re running a version of Zen Cart prior to 1.3.9, you must must must apply the known critical patches for you rZen Cart version.  I came across a site just this weekend that had the earliest version of this hack I had ever seen.  Going to Admin->Extras->Record Companies showed this in the right hand sidebar:

Pressing the edit button on this shows that it’s not an image at all, but rather a PHP file called “own.php”:

This was done 6/25/09, and the announcement of the vulnerability was made 06/19/09.

The best way to prevent this from happening to you is to upgrade to the latest version of Zen Cart!

It’s very important to stay on top of Zen Cart Security Announcements.  Follow that link and then click on the link that says “Click here to subscribe to these announcements.”

And while you’re at it, subscribe to That Software Guy’s Zen Cart Newsletter.  I nag people to stay on top of things like this!

Updates to Sale Ending/Special Ending for Zen Cart

Zen Cart Sale Ending/Special Ending has been updated to permit you to have multiple ways to display a sale’s end date.

The way Zen Cart handles expiry dates is that a sale or special with an end date of X actually ends at midnight the day before X. For instance, a sale which has an enddate of July 12th actually ends at midnight on July 11th, but the sale ending date shows July 12th. Some people don’t like this. If you want the sale to end at midnight on July 12th and show this date in sale ending/special ending, set the end date to July 13th in Zen Cart (us usual) and follow the instructions in this mod.

And if you like showing the Sale Ending/Special Ending text on the product info page, you can also show it on your listing pages; this extension is only $19.95.