- Details
- Written by: Max Milbers
- Category: Latest News
- Hits: 33874
This fairly serious XSS discovered by Mattia Furlani pertained only the administration area, so most shops are not affected. Shop owners running a multi-vendor store or fearing that their employees may use this leak should update as soon as possible.
The new core has some fixes for php 7.1 - 7.2 compatibility.
Compliance to the new french financial law
At present we have also integrated some fraud protection requirements to comply with the new French law. This includes, for example, the new invoice processing system. When an invoice was changed, the old treatment renamed the originally created invoice and created a new invoice with the same invoice number. The new treatment creates a regular new invoice number while the old invoice remains listed and accessible. We also added an order item history table. The class vmtable can now automatically save a hash to any entry. For example the order entries store a hash of the important data per line, so it is now possible to check the integrity of an entry. This system is not completed yet.
Further features:
- Behaviour of the table object is more consistent and reliable.
- Behaviour of payment plugins after pressing confirm in the cart and cancelling the payment is now more consistent.
- Removed w3c validation errors.
- Corrected routing for orderdone layout.
- Trigger 'plgVmAfterStoreProduct', added array key "new" to $data, so that we know if a product is new or just updated.
- Customfield date has now two extra parameters to set the initial date and year range. The initial date uses as format DateInterval, so the P0D means use the current.
- Language files updated.
- Long desired fix, dropdowns of prices in product edit work now directly.
- Enhanced handling of the orderdone layout.
- Minor compatibility enhancements of javascript and html.
- _triesValidateCoupon is now emptied after entering a valid coupon.
- Coupons are not automatically removed any longer when expired.
- Full installer now also works with multilingual setup.
The full list is available here http://forum.virtuemart.net/index.php?topic=139652.msg490664
- Details
- Written by: Valérie Isaksen
- Category: Latest News
- Hits: 25297
The purpose of the french financial law n° 2017-1837 is to combat VAT fraud. Since January 1, 2018, it obliges French ecommerce websites to use an extension that meets the requirements of inalterability, security, preservation and archiving of data for control of the french tax administration.
Read more: VirtueMart and the new french financial law valid since January 1, 2018
- Details
- Written by: Max Milbers
- Category: Latest News
- Hits: 23046
Just a hotfix update.
Here is the complete list of fixes:
- PayPal: Check IPN provider IP extra config parameter for standard and hosted (disabled by default now)
- Important fix for vmcrypt preventing creation of keys, if there is already an existing one.
- important fix for the date, the call was accidently using "null" as timezone parameter, which returns the server time. Added parameter and replaced the null against a default "false", which uses then the joomla configuration for the Timezone.
- category browse view, added "alreadyLoadedIds" to group product for the feature "omitt already loaded"
- Details
- Written by: Max Milbers
- Category: Latest News
- Hits: 24809
Unfortunately, we were a bit too fast with our security release, having found an error in the testing phase we created another small bug while we were fixing it.
VirtueMart usually sets the default Joomla frontend language as the shop language, it is this function that had an issue. Some multi-lingual shops failed to load products when the shop language was not explicitly set, or not by default in english.
We have tested this new fix and we do not see any bugs.
Finally, we dropped our dependency on SimplePie for RSS feeds and now use the JFeedFactory of Joomla to display the news and product feed on the dashboard.
Here is the complete list of fixes:
- Fixes for search options and display of search results
- Search plugin, added SKU (by Franz-Peter Scherer)
- Shop language is correctly set by Joomla default front end language
- Fixed another problem with the order language
- While loop finding a product alias got increased to 40 (was 20) to prevent errors when child products did not find a proper alias
- Fixed broken new Coupon
- Fixed broken displayLogos function (was missing a DS)
- Fixed version.php revision number
- Fixed lost sorting of product list if a product was stored
- Uncategorized products are listed again in the admin product list
- The fixed thumbnail size in the product list is now set to 90px
- Added layout of customfield to customfields list
- vmLoaderPluginUpdate. Removed buggy isClient() against isAdmin(). So vm3.2.8 should be Joomla 2.5 compatible again
- Browsing for products of a manufacturer now activates the subordinated settings analogous to categories
- Removed links in Order print view (destroyed layouts without correct css)
- Removed ShipTo address in invoice, if the address is the same as BillTo
- Changed RSS feed, dropping simplepie and using jfeedFactory instead, see http://forum.virtuemart.net/index.php?topic=138918.msg487976#msg487976
- fancybox/jquery.fancybox-1.3.4.pack.js got updated. Removed a little bug. See https://forum.virtuemart.de/installation-updates-einrichtung-156/fancybox-fehlerverhalten-loesung-3146/
- Fix for the router when the URL of the product uses the language fallback
- Fix XPF currency
- Paybox: fix min_amount, countries and check server availability new parameter