Following my last blog post about the security issues with OpenCart, I have released a secured version of OpenCart which current contain the following security fixes:
- CSRF Protection
- Local File Injection
- Disabled ability to view source code in template files (htaccess.txt must be renamed to .htaccess)
You can download a copy from: http://github.com/bmaynard/OpenCart-Secured
If you find any bugs or issues then please report them and I will try and fix them.
OpenCart Secured « Ben Maynard’s blog about anything…
Ben Maynard has released a secured version of OpenCart that fixes several security issues. Some of the security fixes are: * CSRF Protection * Local File Injection * Disabled ability to view source code in template files…
Hi, I greatly appreciate the work you’ve done on securing the OpenCart ecommerce solution.
Thank you Ben! I appreciate you doing this, and I hope that you can find the time to get together with other developers such as Miguel from the last post to get a new ecommerce package going that is well coded with true open source community involvement. The ecommerce world really needs a well thought-out and organized solution, I have been using zen cart and it’s making me money but there are so many bad things about it and it’s closed development and the devs are not very forthcoming with development plans.
thank you for all your hard work Ben, is really appreciated, now to keep you to your word
1.4.1 has been released as stable lol could you take a look at securing it up for all us non programmers out their.
Cheers buddy.
Cheers for the heads up. I have updated github. Any problems please let me know.
Cheers Ben your a legend,
Really appreciate you doing this, I love open cart and such as being a front end developer have found it easy to use in comparison to a lot of other commercial based and free based systems out there, to get up and running for small ecommerce jobs.
Unfortunately, open-cart does suffer from not having a strong roadmap and closed development process, and the inclusion of additional features and versions being released on broken and buggy code is infuriating, when all that’s needed is a strong and stable release with core functionality, however this falls on deaf ears within the open-cart development team/individual. (sorry to rant) so if it wasn’t for the generosity of individuals like yourself, us users would really have the wolves at the door so to speak.
Ill be following your progress in the hope that perhaps you may take up the challenge and develop a system that takes the a similar solution to opencart to the next level.
Regards
Geoff.
@Geoff, Yeah I am really surprised at how well OpenCart has done considering how badly it is developed. I shouldn’t be shocked but I was when I read the upgrade instructions, its is just plain wrong.
I have been working on my own e-commerce solution and at the moment I have the basic framework done but won’t release much information until I have something to show.
It is using a MVC architecture with dependency injection design pattern so the majority of the code can be unit tested. I am also using Doctrine as the database layer. One thing I need help with is the design, as I have no creative bone in my body. So if anyone wants to help with the front-end and back-end design then please give me a shout at ben[at]visionsource[dot]org.
Hi Ben,
Id me more than willing to commit a couple of hours per week to help build the front end and visuals, in return for free usage of your solution and being part of its development.
Geoff.
duh! 1.4.2 now
@Geoff, sounds good, i will be releasing it as open source.
Yeah I saw 1.4.2 had been released today, will update it when I get home tonight from work. (In a couple of hours)
OpenCart Secured « Ben Maynard’s blog about anything…
Ben Maynard has released a secured version of OpenCart that fixes several security issues. Some of the security fixes are: * CSRF Protection * Local File Injection * Disabled ability to view source code in template files…
Stay the heck away from OpenCart! If you’re currently using it I’d say run as fast as you can to a competitor!
This is the second thing in a week that has been brought to my attention regarding OpenCart and its lead admin Daniel. Check out how he responds to someone else that offers constructive feedback –
http://forum.opencart.com/viewtopic.php?p=72582#p72582
The guy can’t take even light criticism and has no place working on projects such as OpenCart.
is the secured version still available?
i’d like to see where the code fixes go, can’t find them
thanks
I love opencart, I think its one of the best opensource carts around.
No the secured version is no longer available.
Hi Ben
Where i can find the secured version of opencart? the version that fixed!
thanks
jp
OpenCart has since fixed the issue in their release. I have not tested it, but it looks like it does protect you from CSRF attacks.