- Details
- Written by: Max Milbers
- Category: Latest News
- Hits: 24694
Just a hotfix update.
Here is the complete list of fixes:
- PayPal: Check IPN provider IP extra config parameter for standard and hosted (disabled by default now)
- Important fix for vmcrypt preventing creation of keys, if there is already an existing one.
- important fix for the date, the call was accidently using "null" as timezone parameter, which returns the server time. Added parameter and replaced the null against a default "false", which uses then the joomla configuration for the Timezone.
- category browse view, added "alreadyLoadedIds" to group product for the feature "omitt already loaded"
- Details
- Written by: Max Milbers
- Category: Latest News
- Hits: 26382
Unfortunately, we were a bit too fast with our security release, having found an error in the testing phase we created another small bug while we were fixing it.
VirtueMart usually sets the default Joomla frontend language as the shop language, it is this function that had an issue. Some multi-lingual shops failed to load products when the shop language was not explicitly set, or not by default in english.
We have tested this new fix and we do not see any bugs.
Finally, we dropped our dependency on SimplePie for RSS feeds and now use the JFeedFactory of Joomla to display the news and product feed on the dashboard.
Here is the complete list of fixes:
- Details
- Written by: Max Milbers
- Category: Latest News
- Hits: 22828
A minor XSS vulnerability was present in versions prior to 3.2.6. It occurred when the features feeds and search were used together. It happened only for feed enabled, so administrators can also close the leak in earlier versions by disabling the feed functions. The URL creation of the feed function used an improper call for JRoute. So urlencoded js was executed. The problem is fixed now by using our getCurrentUrlBy function, which works with a whitelist for variable names and it urlencodes any value.
Changes in VirtueMart version 3.2.6
Read more: VirtueMart 3.2.6 - Security Release and overhauled infrastructure
- Details
- Written by: Max Milbers
- Category: Latest News
- Hits: 32587
The new version comes with a slightly improved PayPal plugin and a new PayPal product named "PayPal Credit". It allows to finance a purchase with PayPal's partner Comenity Capital Bank.
Furthermore Amazon Pay is now ready for productive use. It makes the cart more efficient by using the same login as for amazon.com which autofills the customer's address into the VirtueMart BillTo and ShipTo address forms.
Also, we worked hard to improve PHP 7 compatibility, exchanged volatile loops and conditions for more robust code and added more error handling code to prevent breaking javascripts. New abstract language helper functions now create the SQL for the language fallbacks, thus reducing bugs and increasing consistent behaviour. The backend now provides more functions for a comfortable workflow, more tooltips, filters, stored states of filters, fixed links and small GUI enhancements. Editing an order now calculates proper results. For example, changing the order status for one item now updates the inventory correctly.
The whole 'Tools' section got cleaned up and a more logical layout. We added a new wizard for setting the safepath, which sets a secure safepath with one click. The old function to change the storeowner got enhanced and now works reliable even when the vmuser entry is missing.
The revenue report now works correctly to the second. There is also a new hidden config to set the mode for the week.
The new joomla core 3.7.4 creates the plugin object while updating, so updating a VirtueMart plugin ends in a fatal error because the VM plugins need the loaded VirtueMart environment. Therefore we added a small system plugin, which ensures that the vm environment is loaded.
New triggers increase the flexibility of VirtueMart. The triggers plgVmBeforeStoreProduct and plgVmAfterStoreProduct in the product model allows automatically set product properties. The triggers plgVmOnUpdateCart (in cart controller) and plgVmOnAddToCart (in cart helper function add) give programmers more control when a user is adding an item to the cart.
The cart also has been enhanced with new features. We now have the intuitive automatic shipment/payment. The old method was to set a shipment/payment automatically, when there was only one choice. Then we added a small javascript, which sets the configured method automatically, when available. This had the disadvantage that only one method could be automatically configured and when it was not available, nothing happened. The new method automatically sets the first method. The item update within the cart now also uses ajax, except for removing a product, because there was no backward compatible solution (we may find one later). The new cart layout does not show an extra 'Save' button for the shipment/payment selection anylonger. Plugins which provide extra data must add the button themself.
Opening the order details now works also with ajax. Ajax for the category browse view currently is too complex considering backward compatibility, but it is of course planned for the future. The new productdetails layout now uses the thumbnail function to display the main image. This sounds a bit strange at first, but at the end it makes the automatic resizing feature also available for the main images. Layout overriders can now also change the used layout for the order list and order detail views per hidden config.
To read the complete change list http://forum.virtuemart.net/index.php?topic=137816.0
- Details
- Written by: Max Milbers
- Category: Latest News
- Hits: 45880
A Joomla 3.7.1 release containing a security fix will be published on Wednesday 17th May, BUT you should update to VirtueMart 3.2.2 BEFORE updating to Joomal 3.7.1. VirtueMart 3.2 addresses significant changes from Joomal 3.6.5 to Joomla 3.7. If you were still running VM 3.0.18.x with Joomla 3.6.5 to avoid update problems, you will now be forced to update to Joomla 3.7.1. Everybody, regardless of the Joomla or VM 3 version used, should update to the latest VirtueMart version 3.2.2 on Joomla 3.7.0 in order to find and solve any compatibility problems prior to the mandatory Joomla 3.7.1 security release.
The new VirtueMart 3.2.2 is mainly a bugfix release with very few new features. In VirtueMart 3.2.x the backend language behaviour changed. Previously VM always took the shop language for displaying the content in the VM administration views, regardless the selected backend language. Since VM 3.2 it uses the selected backend language. That created some confusion especially with language fallbacks, because managers had no indication whether or not they saw a language fallback. Now country flags are added to display the origin of the language string, when a language fallback is displayed. Some additional language options are now available. The shop language can now be set directly in the VirtueMart configuration. The language issue of the registration emails is fixed. Also we found a fix for the width of the chosen dropdowns.
Other minor features and bug fixes address quick-and-dirty written plugins, outdated relations and adjustments for joomla 3.7.0.
