/////////////////////////////
// CubeCart v3 3.0.3 to 3.0.4 
// UPGRADE INSTRUCTIONS
/////////////////////////////

PLEASE TAKE A FULL BACKUP OF YOUR CURRENT SITE FILES AND 
DATABASE DUMP BEFORE PROCEEDING WITH THE UPGRADE PROCESS

+------------------------------------------------
| Auto Method
+------------------------------------------------
	Upload every file to the server replacing your existing ones excluding: 
	
	includes/global.inc.php
	install/
	language/*/home.inc.php (If you have made changes.)

+------------------------------------------------
| Manual Method
+------------------------------------------------

///////////////////////////////////////
// 1. Open: /includes/content/reg.inc.php
////////

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Find at around line 123:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

$redir = base64_decode($_GET['redir']);

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Replace with:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

$redir = base64_decode(treatGet($_GET['redir']));

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Find at around line 170:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

$reg->assign("VAL_ACTION","cart.php?act=reg&amp;redir=".$_GET['redir']);

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Replace with:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

$reg->assign("VAL_ACTION","cart.php?act=reg&amp;redir=".treatGet($_GET['redir']));

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Save, close and upload this file.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


///////////////////////////////////////
// 2. Open: /includes/content/login.inc.php
////////


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Find at around line 55:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

header("Location: ".str_replace("&amp;","&",base64_decode($_GET['redir'])));

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Replace with:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

header("Location: ".str_replace("&amp;","&",base64_decode(treatGet($_GET['redir']))));

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Find at around line 74:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

$login->assign("VAL_SELF",$_GET['redir']);

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Replace with:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

$login->assign("VAL_SELF",treatGet($_GET['redir']));

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Save, close and upload this file.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


///////////////////////////////////////
// 3. Open: /includes/boxes/searchForm.inc.php
////////

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Find at around line 40:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

$box_content->assign("SEARCHSTR",$_GET['searchStr']);

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Replace with:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

$box_content->assign("SEARCHSTR",treatGet($_GET['searchStr']));

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Save, close and upload this file.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


///////////////////////////////////////
// 4. Open: /includes/content/viewCat.inc.php
////////

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Find at around line 108:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

$searchwords = split ( "[ ,]", $_GET['searchStr']);

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Replace with:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

$searchwords = split ( "[ ,]", treatGet($_GET['searchStr']));

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Find at around line 308:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

$view_cat->assign("TXT_NO_PRODUCTS",$lang['front']['viewCat']['no_products_match']." ".$_GET['searchStr']);

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Replace with:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

$view_cat->assign("TXT_NO_PRODUCTS",$lang['front']['viewCat']['no_products_match']." ".treatGet($_GET['searchStr']));

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Save, close and upload this file.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


///////////////////////////////////////
// 5. Open: /includes/functions.inc.php
////////


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
At around line 25 find:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

|	functions.inc.php
|   ========================================
|	Core Frontend Functions	
+--------------------------------------------------------------------------
*/

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Directly under this add:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

//////////////////////////////////
// treat GET vars stop XSS
////////
function treatGet($text){
	
	$text = preg_replace("/(\<script)(.*?)(script>)/si", "", "$text");
	$text = strip_tags($text);
	$text = str_replace(array("'","\"",">","<","\\"), "", $text);
	return $text;
	
}



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
At around line 384 find:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

function currentPage(){
	
	$currentPage = $_SERVER['PHP_SELF'];
	
	if (isset($_SERVER['QUERY_STRING'])) {
  	
		$currentPage .= "?" . htmlentities($_SERVER['QUERY_STRING']);
	
	}
	
	return $currentPage;

}


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Replace this with:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

function currentPage(){
	
	$currentPage = $_SERVER['PHP_SELF'];
	
	if (isset($_SERVER['QUERY_STRING'])) {
  	
		$currentPage .= "?" . htmlentities(treatGet($_SERVER['QUERY_STRING']));
	
	}
	
	return $currentPage;

}

///////////////////////////////////////
// 6. Open: /includes/ini.inc.php
////////

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Find at around line 6:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

$ini['ver'] = '3.0.3';

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Replace with:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

$ini['ver'] = '3.0.4';

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Find at around line 7:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

$ini['CCver'] = '30007';

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Replace with:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

$ini['CCver'] = '30008';

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Save, close and upload this file.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
// end of manual fix :O)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

		
+------------------------------------------------
| Upgrade complete. Happy CubeCarting :O)
+------------------------------------------------