How to fix exploit in Quick.Cms v1.0 and older

treewood (OpenSolution)

2007-07-19 10:59

User Prometheus send us info that there is exploit for Quick.Cart v2.2. We checked it and it will works in Quick.Cms v1.0 and older too.
We have solution for that exploit:

Edit config/general.php
Find:
if( isset( $_COOKIE['sLanguage'] ) )
Change to:
if( isset( $_COOKIE['sLanguage'] ) && strlen( $_COOKIE['sLanguage'] ) == 2 )