Joomla, Magento and Wordpress Professor

We deliver a wide range of template and extension for Joomla, Magento and Wordpress. We update our products frequently on this blog so that you can find what you need here.
For more options, please visit our main page: http://www.smartaddons.com/

VirtueMart 3.2.6 Release with Security Fixing and Overhauled Infrastructure

Posted by on in Joomla General
  • Font size: Larger Smaller
  • Hits: 272
  • 0 Comments
  • Subscribe to this entry
  • Print

VirtueMart 3.2.6 has been released to address a minor XSS vulnerability present in previous versions as well as improve the infrastructure. It occurred when the features feeds and search were used together. It happened only for feed enabled, so administrators can close the leak by disabling the feed functions.

The vulnerability has been addressed by using getCurrentUrlBy function, which works with a whitelist for variable names and it urlencodes any value.



VirtueMart 3.2.6 Improvements

  • Important patch to prevent memory leak when switching languages.
  • usermodel, extra check if the already loaded user has the right id.
  • Renamed order_done layout to orderdone to be able to create a menu item.
  • New feature customfield of type S and M have now a new parameter, which enables the added price as percentage.
  • Added redirect per system plugin "vmLoaderPluginUpdate" for register and login.
  • Shipment plugin shows now also multiple countries.
  • vmJsApi, fix for correct language of the datepicker.
  • mediahandler has now a deleteAllThumbs of a certain image function (works with regex, may delete accidently too much thumbs which is quite likely unimportant.
  • Vendor model getVendorAddressFields does not work with internal id anylonger.
  • BE category list keeps selected category.
  • Very important fix for multivariants, which lost in some conditions the parent option, when changing to a child.
  • Language dependent caching.
  • install.sql, removed NULLs for product group booleans, like featured, discontinued, ...
  • More security for function getMyOrderDetails.
  • Enhanced search plugin.
  • Removed double // in function displayLogos in vmpsplugin.php. When the shipment/payment logo dissapeared in checkout, please read http://forum.virtuemart.net/index.php?topic=138927.0
  • Function changeShopper, address is not pre-filled with userdata of the switching user (in case the address is not provided).
  • Fixed frontend manager link permission in user accountmaintenance.

View full list of changes here

Thanks for reading!

Last modified on
Rate this blog entry:
0

SmartAddons specialize in products for Joomla. Up to now, we've had over 169+ Professional Joomla Extensions and over 60+ Professional Joomla Templates which are built-in with the latest standards plus optimized to sastify customers' demands.
Our products are steadily updated to adapt any future Joomla release versions. With our design, you can build complex templates in the fastest way as well as use them for various purposes.
Our supporting team is always ready to answer any question or problem - we're here to help!
Join us now to catch up our latest news!

Comments

  • No comments made yet. Be the first to submit a comment

Leave your comment

Guest Thursday, 13 December 2018

Shortcuts

Wohnung Löbau Auf wohnen-in-loebau.de finden Sie bestimmt Ihre neue Wohnung in Löbau.