Would have loved some warning on this one! Never Mind!

For anyone using oscommerce the 'upgrade' is fairly straight forward. If you got the link matt posted above and download the lastest version of the patch. If you have done mods to you site and dont want to start from scratch you will need to go through the following process:

Application_top.php, in both admin/includes and catalog/includes a simple change is needed at the top of this file to comment out the following lines of code:

// Check if register_globals is enabled.
// Since this is a temporary measure this message is hardcoded. The requirement will be removed before 2.2 is finalized.
// if (function_exists('ini_get')) {
// ini_get('register_globals') or exit('FATAL ERROR: register_globals is disabled in php.ini, please enable it!');
// }

Step 2 is to replace sessions.php in both admin/includes/functions and catalog/includes/functions

If you have mods install then 99% of the time they dont affect these files so just overwrite them with the new one.

Step 3 in product_attributes.php in /admin add the following lines of code under

require('includes/application_top.php');
$languages = tep_get_languages();


ADD:

link_get_variable('option_page');
link_get_variable('value_page');
link_get_variable('attribute_page');

Step 4 in general.php in admin/includes/functions and catalog/includes/functions

find the function:

function tep_browser_detect($component) {

replace the entire function (a couple of lines ending in } with

function tep_browser_detect($component) {

return stristr($_SERVER['HTTP_USER_AGENT'], $component);

}

Then before the last ?> ADD:

function link_get_variable($var_name)
{
// Map global to GET variable
if (isset($_GET[$var_name]))
{
$GLOBALS[$var_name] =& $_GET[$var_name];
}
}
function link_post_variable($var_name)
{
// Map global to POST variable
if (isset($_POST[$var_name]))
{
$GLOBALS[$var_name] =& $_POST[$var_name];
}
}

Step 5 replace gzip_compression.php with the new version in catalog/includes/functions

Step 6 in order.php in catalog/includes/classes find

$this->customer = array();
$this->delivery = array();
if (tep_not_null($order_id)) {
$this->query($order_id);
} else {

UNDERNEATH ADD

link_post_variable('cc_type');
link_post_variable('cc_owner');
link_post_variable('cc_number');
link_post_variable('cc_expires');
link_post_variable('comments');


Once that is done that should get you back to the store functioning correctly. Some of the additional mods may require extra basic tweeking but you shop will be functioning and secure after the above is done.