Security and Bugfix release 4.4.8 - Discord Server

Details
Written by: Max Milbers
Category: Latest News
Hits: 19

The security issue requires the permission to edit categories, so it is even likely that no shop is affected. Only multivendor shops that allow category editing may be affected. This issue was found by Adam Wallwork.

A small feature has been added for the checkboxes of “tos” and similar. It is now possible to use an article id or alias in the "default" field to load a joomla article if custom userfield and layout "tos" is selected. It is also possible to set the text to the "description" field only. Very handy for additional contract terms.

We have replaced our old TcPdf library with the official updated version 6.8.2 of TcPdf. The versioning was taken from the library. So it looks like a high jump, but the library has no new features, but is better secured and adapted for PHP8.

We have opened a new discord server which is in general free for any community member. The forum shows the invite link, if you are at least in the "Jr. Member" group, which is the first after "Beginner". You are welcome to join us there.

DOWNLOAD VirtueMart 4.4.8
NOW with a membership

Enhancements

  • Registration fields appear now at the end of the address data fields. This creates are more modern flow for one page checkouts.
  • Fixed getInvoiceName to use set layout.
  • Order edit, adding selection of tax for shipment/payment
  • Added pagination for shipment/payment administration list
  • Vendor view, added address fields to skip

Bugfixes

  • Function mergeSessionSgrps added cast to array
  • Table Media, added fields for convert to ints
  • Cart added property cart to prevent dynamic adding
  • Replaced shopFunctionsF::getInvoiceName against VirtueMartModelInvoice::getInvoiceName
  • vmplugin, added unsetForDebug
  • Added some cast to ints storing category xref table
  • Guests are only registered if isset($_REQUEST['register'] is true (optin by design)
  • Fixed deletion of positions in cart
  • vmJsApi fixed popup function so that we can use different containers, but load the same lib
  • Search module, removed wrong post data

DOWNLOAD VirtueMart 4.4.6
NOW without membership

Bugfix release 4.4.6

Details
Written by: Max Milbers
Category: Latest News
Hits: 330

I am sorry guys, the last release was rushed by the security issue and I underestimated that testers were not testing due holidays, silvester and all that. This version now is tested very well. Many hours by different testers went into testing. I added a small tool, which fixes all images which lost the image property for you.

DOWNLOAD VirtueMart 4.4.6
NOW with a membership


Fixed/enhanced/enabled Feature

  • Enabled registration on the first page of the BS5 native OPC
  • Added small tool, which updates the "is image" property for all media
  • Google drive images are working now (just enter the right link with https and set the "is image" checkbox)
  • Fixed pagination issues. Pagination should now keep the keyword, or set tags
  • Fixed order editing shipment tax
  • Added hidden config searchEnabled.
  • Fixed problem that people misused the notify list due following
    - captcha "repaired" by just replacing the checked option notify_captcha against ask_captcha. This means that the options for the ask a question are used
    - by checking if the feature is actually enabled
    - by checking if the product is actually out of stock
    read more here https://forum.virtuemart.net/index.php?topic=152246.msg543829

For 3rd party developers maybe interesting

  • Blocked writing of js if format is pdf, we never want js in our pdfs
  • vmjsapi function setPath, the second param is special now and listens on the word "admin" (which cannot be a normal path) to indicate that the script must be loaded from the admin area

Bugfixes

  • Fixed problem with "is image" checkbox, which is now prechecked if the media is an image.
  • Fixed captcha by removing second param of redirect
  • JRoute, second param should be yes (use Xhtml)
  • Fixed storing of user address if not in the checkout
  • Vmvalidator is now loaded with defer true
  • Product model, storing a product should not change the set filter of the list anylonger
  • Fixed that sometimes a non published category was used
  • Fixed precalculation of variants if an virtual empty option is used
  • Router fixes for full category tree and withoiut and menu item and category name mixed mode
  • bs5-stockandle layout replaced JFunctions against the vm ones
  • Fix in model customfields preventing trim for null
  • jQuery 3.7 needs "filter" not "find" (fixes ajax update if there are related products)

Security release 4.4.4 Update

Details
Written by: Max Milbers
Category: Latest News
Hits: 437

From time to time it happens. We have an XSS issue. Reported by Aman Rai. More Infos later. Version vm4.4.4 has a fix to prevent them.

[Update] After some further investigation together with the Joomla core team, this issue can not be exploited in the latest Joomla versions. If you have Joomla 5.1.4 or later or 4.4.8 or later installed, the issue is already fixed. We did not check against joomla 3.

[Update 2] Sorry guys, a little error found. If you store a product with media, the checkbox "is image" is not preselected. The fix is ready, but this time we want to take more time for testing to prevent such stupid errors (mea culpa).

  • Adjustments for Tableupdater to prevent unecessary updating of keys in mysql8
  • vmUri extended whitelist, function works now also with given query
  • vRequest extended function getVar to work with given source
  • install.sql fixed TINYINT(4) against TINYINT(1)
  • added the option to add no searchfield
  • added setConvertInt also for plugin tables
  • added property "isImage" for medias, works BC
  • fixed currency if none is set
  • fixed adding of new states in the new admin layout
  • fixed problem in router
  • user registration fix if not in checkout

 

Just a little update

Details
Written by: Max Milbers
Category: Latest News
Hits: 509

Just a note to my last news. The problem goes on, I just tried to install VirtueMart on the last joomla5.3 and it was not even possible to install it. On the other hand, it is funny to read the patch notes. One patch will fix an issue of joomla 5, but for j5.3, we solved it already in this release. The question is, why we have to solve something, which worked since vm2.6? After this release should be more time to work on WP and make some committs.

DOWNLOAD VirtueMart 4.4.2 with the Membership
NOW

Features

  • Template vmBasic, Added register and checkout button, removed registration fields from cart view.
  • Bundles added option "orderableBrowse" for disabling add to car in listing
  • Added option calculateVariantsOnFreshLoad, which directly calculates the price for the selected variant (with php)
  • Fixed dragndrop for customs, products, categories, countries
  • Added missing states list and states edit layouts to new admin template
  • Hiddden config reuseorders, default is set to 0/off now

For developers

  • New variable to set origin debug state, vmEcho::$debugSet and vmEcho::$logDebugSet
  • VmEcho added check for function_exists('var_dump'), which is used if existing
  • VmJsApi function setPath, we add BE and FE override paths only if given, also added the override paths of the current admin template

Fixes

  • Fixes for pagination in cowork with RuposTel, correct use of index.php and using categoryId via request over the one set in the menuItem
  • Fixed problem with jumping thumbs in product edit related products/categories
  • Enhanced table updater to work also with Index and better check which indexes should be modified
  • User model, unset register pw in case of fail in log
  • Added new pattern using vmEcho::$debugSet
  • Fixed old VmConfig::$_debug against VmEcho::$_debug
  • Customfields function calculateModificators added check for string before vmJsApi::safe_json_decode
  • xml format fixes
  • Translated text for "catalogue mode and accessing cart"
  • Textinputplugin checks letters only if there are some letters, fixed missing jQuery
  • Model customs function getCustoms, removed useless return as $data->items instead just as $data
  • Removed outdated dead code
  • PayPal Checkout fixed mix of dynamic and static calls
  • Use of new VmEcho debugSet pattern and new ppdebug

Release of VirtueMart 4.4 and Roadmap, always push beyond

Details
Written by: Max Milbers
Category: Latest News
Hits: 679

The new version 4.4 has few new features, but reflects the evolving development process. Longterm users know that VirtueMart is developed in a rapid prototyping and KaiZen philosophy style. So if we develop a new feature, our testers sometimes have 10 new test versions a day. On the other hand, we try to evolve the code without hard breaks. For example developers can use the same function to get a category tree, but the technic behind that function drastically changed over the years. No stone was left unturned. 

A known joomla ecommerce component announced last weeks, that they stop development. Of course some eager developers created a fork, but they will run into the same problems as the prior developers. And these problems are similar to our problems, in that it is not enough to just keep the core development paid and ongoing, we must as a community also keep our 3rd party developers and encourage new ones to join us. 

DOWNLOAD VirtueMart 4.4.0
NOW

Lets create a VirtueMart for Joomla and Wordpress

Read more: Release of VirtueMart 4.4 and Roadmap, always push beyond

  1. VmBasic, the new VirtueMart native Bootstrap 5 template and layouts
  2. 11000 committs, VirtueMart 4.2.12
  3. VirtueMart for Joomla 5
  4. VirtueMart 4.2 including new PayPal Checkout

Page 1 of 23

Subscribe to our News


Delivered by FeedBurner
Virtuemart Newsfeed Counter