Running OSCommerce with register_global=OFF and Safe_mode=ON

How to modify your osCommerce master file in Fantastico to make it work server default with php Safe_Mode = ON and register_global = OFF

As the World-Wide-Web is turning more and more into the Wild-Wild-Web you might haverealize that you need to implement tighter security measures for PHP on your Linux server.
Having register globals enabled is a very serious security issue; it allows an attacker to inject
variables into the running PHP code. Just in case you don’t realise, this is a VERY BAD THING.

The changes to your php.ini file you would want to do is :

PHP SafeMode = ON
Register_global = OFF
And allow_url_fopen = OFF

And so after this security upgrade you probably would experience a lot of problems with your osCommerce shopping carts.

osCommerce will run with safe_mode on but you may get errors displaying on the screen, if you do, you need to make the following change

The patch for oscommerce to run with register_globals off can be downloaded from http://www.oscommerce.com/community/contributions,2097

For ALL new installs of osCommerce you can hack your osCommerce master file in Fantastico to make it work server default with php Safe_Mode=ON and register_global=OFF by following the below steps.  

Firstly log into shell and find your netenberg install

locate netenberg

Mine is located in the home directory but if you have chosen a different directory, when you initially installed fantastico, then the locate command will give you the correct info where to find it Double check the correctness of the path cd /home/netenberg/archives/fantastico_de_luxe/
and

ls

Copy netenbergs/osCommerce master package into your root directory

cp /home/netenberg/archives/fantastico_de_luxe/OS_Commerce.tgz /

Go to the root directory

cd /

Double check the copy has been successful ls Unzipping osCommerce for editing

tar -zxvf OS_Commerce.tgz
 
So now the whole install-files are there for the taking , actually editing 🙂 I simply downloaded the patch file from http://www.oscommerce.com/community/contributions,2097 , unzipped it and uploaded the patch files to the osCommerce directory called OS_Commerce/ (PS , the upload was done via FileZilla , with the root shell access)

One thing you just need to be aware of is that all the files in the the "admin" folder go to "admin" and only the "includes" files of catalog/includes go into your "includes" root folder

Now go back to your shell window cd / We’ll need to repackage the files so firstly copy a backup of your OS_Commerce.tgz (in case something is going wrong 🙂

cp OS_Commerce.tgz OS_Commerce.tgz.bak double check you created the backup by doing ls Now we’ll delete the old OS_Commerce.tgz package

rm -f OS_Commerce.tgz

And then repackage the edited version of OS_Commerce with this command

tar -czvf OS_Commerce.tgz OS_Commerce/

Now you just need to copy this over and replace it with your OS_Commerce.tgz Fantastico Master file (please make sure again to be using your individual path to netenberg)

cp OS_Commerce.tgz /home/netenberg/archives/fantastico_de_luxe/OS_Commerce.tgz

It will ask you if you wanna overwrite it just press Y and enter So now you did the edit to your fantastico master file for OSCommerce

Better go and test it with a fresh test install. With this guide you can actually do a lot of edits for your preinstalled scripts like edit the footer to reflect your hosting company or others !

Leave a Reply