CHANGES TO REMOVE register_globals REQUIREMENT - V 1.4 - Richard Bentley 06/03/2006
-----------------------------------------------------------------------------------

Before proceding, read the README file !

In this directory, you will find a set of files that have been pre-patched. The net result
is exactly the same as applying the patch instructions yourself.

There are 13 files in total that have replacements. These are as follows :

Admin...
---------
.../admin/products_attributes.php
.../admin/includes/application_top.php
.../admin/includes/functions/general.php
.../admin/includes/functions/sessions.php

On a default installation of OSC, the 'admin' directory is actually contained within the
'catalog' directory (ie .../catalog/admin/), but I have split it out here to make the
division clearer (as an aside, you will find that if you move admin/ out of catalog/,
it makes the admin section somewhat more straightforward to secure, but this is outside
the scope of this patch)

Catalogue...
------------
.../catalog/install/includes/application.php

   NOTE: If you have already installed OSC (ie - run through the installation procedure),
   ----  then the above file may not exist (in which case you should not add it back in
         with the replacement file); once installation of OSC is complete, you should
         delete the whole of the .../catalog/install/ directory - it is not needed after
         installation and having it hanging around is a security risk

.../catalog/includes/application_top.php
.../catalog/include/classes/order.php
.../catalog/includes/functions/general.php
.../catalog/includes/functions/gzip_compression.php
.../catalog/includes/functions/sessions.php
.../catalog/includes/languages/english/password_forgotten.php
.../catalog/includes/languages/espanol/password_forgotten.php
.../catalog/includes/languages/german/password_forgotten.php

NOTE: I have NOT included a pre-patched version of the easypopulate file. This is because
----  it will probably be out of date by the time you read this. Instead, if you need to
      patch easypopulate (if it STILL needs patching, and by now it really should have been
      reworked so that it doesn't need patching) then refer to the manual patching
      instructions (the very last entry in the admin_patch text file will tell you what
      you need to do - it's very simple... honest)

================================================================================
>>> WARNING <<<

These files are based on the MS 2.2 release, dated 13/11/2005 (ie - the
security/bugfix update to the original MS 2.2). If you are using some other version
of OSC then I strongly suggest you apply this patch manually and NOT use these pre-patched
files

================================================================================
>>> WARNING <<<

If you have already applied some other changes (contributions/patches) to your OSC code
then make sure you are not blatting over those changes by copying these files over. If in
doubt then I strongly suggest you use the manual instructions in the 'patch_instructions'
directory and apply the patch line by line; despite what many people say, it really
doesn't take very long - it took me about 20 minutes!

================================================================================
INSTALLATION
------------

1/ Copy the above files to their appropriate places in your existing OSC code tree

2/ Make sure you set the permissions of the replacement files appropriately for the
   environment you are using. If you fancy getting the shit hacked out of you then
   feel free to set permissions of '777'. If you fancy something a tad more secure
   then I suggest engaging brain and thinking about it :-)
   If you don't KNOW how to set some sensible file pemissions then find yourself
   a good text book and learn how to use your computer

3/ It's been mentioned in the README file already, but once you have made this
   change, you MUST disable the register_globals option in php.ini

   ie, in php.ini :

   register_globals = Off

================================================================================

-eof-
