osHelpers - Help for your osCommerce store
Google Base Feed Germany
iFrame Defender v1.2
oscommerce Seo
  Seo Pack 2
  SE Friendly URLs
  Session ID Removal
  Title and Meta Tags
  Google Sitemap
Magnum Shopping Cart
  Magnum MVS 8.4 Basic
osCommerce Services
  osc / cre patch
  Data Entry
  Data Extraction
  bugs and fixing
  Site Transfer
  creloaded Transfer
  Design Special
osCommerce Templates
osCommerce Contributions
  Credit Modules
  Order Total Modules
  Payment Modules
  Shipping Modules
osCommerce Articles
osCommerce Tutorials
  Installing osCommerce
  Configuring your store
  Adding categories
  Adding products
  Adding product attributes
  Configuring currency
  Adding payment modules
  Adding shipping modules
  Configuring sales tax
  Editing your home page
  Editing columns
  Editing header and footer
  Creating specials
  Managing customers
  Sending out a newsletter
  Sending out email
  Managing your banners
  Backup database
CRELoaded Tutorials
  Add Administrators
  Add Article Author
  Additional Images
  Create a New Page
  Define Mainpage
  Disable cc Encryption
  Disable Company Field
  Disable Country
  Disable Date of Birth
  Display broken images
  Easypopulate Export
  Email confirmation
  Insert Faq
  Max Package Weight
  Require Terms of Use
  Affiliate Newsletter
  Enable Cache
CB Power Affiliate


Patch for osCommerce and CRE

Keep your osCommerce 2.2 store stable and secure by applying the latest patches. Patch2.2 takes care of 22 currently known issues in your osCommerce 2.2 store.

Why is it important to patch your osCommerce store?
If you do not patch your store, you might leave it vulnerable to certain exploits and some of your store features might stop funtioning properly as well. In order to prevent this damage it is highly recommend to keep up to date with all current patches.

The following patches for osCommerce 2.2 were released on August, 17th 2006:

  1. Magic Quotes Compatibility Layer Fix
  2. Parse GET Variables In Cache Functions
  3. PHP 3 Session ID XSS Issue
  4. Product Attributes SQL Injection
  5. Resize Images To Round Numbers
  6. Use The Correct Country Name Value When Formatting Addresses
  7. Prevent The Session ID Being Passed In Tell-A-Friend E-Mails
  8. Properly Remove Deleted Products That Exist In Shopping Carts

Files affected:

  • catalog/admin/includes/functions/compatibility.php (2 diffs)
  • catalog/admin/includes/functions/general.php (1 diff)
  • catalog/includes/classes/sessions.php (1 diff)
  • catalog/includes/classes/shopping_cart.php (2 diffs)
  • catalog/includes/functions/cache.php (4 diffs)
  • catalog/includes/functions/compatibility.php (2 diffs)
  • catalog/includes/functions/general.php (2 diffs)
  • catalog/includes/functions/html_output.php (1 diff)
  • catalog/shopping_cart.php (1 diff)
  • catalog/tell_a_friend.php (2 diffs)


The following osCommerce 2.2 patches were released after November, 12th 2005:

  1. customer_country_id in addressbook
  2. Cannot re-assign $this
  3. limit -20, 20
  4. Database Input Enhancement
  5. Adding Non-Existing Products To Cart
  6. Session ID XSS Issue
  7. Validate Session ID
  8. File Manager Problem
  9. HTTP Header Injection
  10. E-Mail Header Injection
  11. Contact Us Form XSS Issue
  12. Open Redirector
  13. Extra Slashes In New Products
  14. Order Status Filtering

If your store was launched prior to November 2005, we recommend the full patch, all 23 updates. If your store was launched recently or within the past couple of months, you require the osCommerce 2.2 patches released on August 17th only. For more documentation in regards to the release, please refer to:


osHelpers offers assistance in patching CRE Loaded stores as well. Please create a support ticket if you require assistance. We are looking forward to assisting you with your osCommerce store maintenance needs.

osc / cre patch