VirtueMart 3.2.14 has been released to fix a serious XSS vulnerability that related to the administration area only. Therefore, most shops are not affected. If you are running a multi-vendor store or avoiding the risk of using this leak, you should update as soon as possible.
In addition, VirtueMart 3.2.14 includes new invoice handling enhancement that related to the new French financial law. And it also comes with some fixes for PHP 7.1 - 7.2 compatibility.
Invoice Handling Enhancement in VirtueMart 3.2.14
As announced a bout the new French law that applies to VirtueMart when it is considered as a Cash Software, in VirtueMart 3.2.14 has been integrated some fraud protection requirements to comply with the new law.
VirtueMart users will experience new invoice processing system. When an invoice was changed, the system renamed the originally created invoice and created a new invoice with the same invoice number. The old invoice remains listed and accessible.
Important notice: This new invoice system is not completed yet.
New Features
- Behaviour of the table object is more consistent and reliable.
- Behaviour of payment plugins after pressing confirm in the cart and cancelling the payment is now more consistent.
- Removed w3c validation errors.
- Corrected routing for orderdone layout.
- Trigger 'plgVmAfterStoreProduct', added array key "new" to $data, so that we know if a product is new or just updated.
- Customfield date has now two extra parameters to set the initial date and year range. The initial date uses as format DateInterval, so the P0D means use the current.
- Language files updated.
- Long desired fix, dropdowns of prices in product edit work now directly.
- Enhanced handling of the orderdone layout.
- Minor compatibility enhancements of javascript and html.
- _triesValidateCoupon is now emptied after entering a valid coupon.
- Coupons are not automatically removed any longer when expired.
- Full installer now also works with multilingual setup.
Thanks for reading!