Another important security and bugfix release 4.6.0
An XSS found again by Adam Wallwork. This time I did general update of our filters, many functions got enhanced. Some filters are now always active, we do not leave it to the developers. This version is NOT working on Joomla 6, we will release a new VirtueMart 5 too match all the changes.
What else happened? We heavily work on a namespaced VirtueMart version, which runs without legacy plugin on Joomla 3 up to Joomla 6.
I backported some of the new technics, so that new code may also run on the old unnamespaced version. The namespaced version will be pushed forward and the unnamespaced version, which will never run on Joomla 6, will recieve only security updates.
The main work left to be done is to sort our own compatibility aliases and make them optional. Currently even old extensions written for VirtueMart 3 and Joomla 3 may still work on the new VirtueMart 5. Yeah :-) The new VirtueMart 5 has a significantly changed core base. Btw this reached compatibilty was a kind of accident. I have been working on VirtueMart for WordPress and have started to add namespaces to VirtueMart in order to better understand which Joomla classes and libraries are really needed. As a result, VirtueMart is increasingly developing into a standalone solution based on Joomla.
DOWNLOAD Hotfix for VM3.6 - VM4.4.10
Features
- Product groups just for the active category
- Enhancements for Pagination,
- Unpublishable customfields per product
- OPC bs5 layout, display always shipment/payment options.
- userfields, added data-dynamic-update to country dropdown
- Added new namespaced files to VM unnamespaced, so new code can also work on the old 4.6 core
- New vmdefines is using the composer autoload
- New install routines
- Integrated new customised composer autoloader works case INsensitive!
- cart enhanced storing of user data
Fixes
- Fixes for vRequest
- Fix for storing userdata in OPC
- Fix for price display with unit
- Enhanced method to prevent javascript in pdfs
- Js fixes; dynupdate.js Dropdown in cart kicks the ajax updater, meant for the country dropdown
- toggleCartButton.js function iStraxx.toggleAddToCartButton, added event.stopSendtocart remove click event from addtocart button. To prevent an event queque if other scripts use this button
- changed all in one installer, integrated modules vmlanguage and vendor,
- changed default position from position-4 to sidebar-right
- changed package.xml, removed the both modules
- Important small update for the router, which prevents a 1.5 loop
- changed default order of the email userfield
- Important new JS for the OPC, added js which reacts on textinput field changes and sets a saveUserData=1 to the form, which controlls if user data should be stored
- enhanced getRegisterGuestOptions
- carthelper fixed function which tests how of a coupon got used, works now also for guests (checking per email and for registered by user id)
- It is important that the router is not calling somehow a vRequest get, because the variables are not set, which creates wild iterations, replaced some requests by proper booleans in a class.
- Router fixed problem with productdetail menu items and products displayed in a common category with menu item
- more recaptcha
- .... and more little stuff.
