General hints for this package
- Tested on PHP 5.3 and 5.4
For update instructions please see
No template changes in this patch.
- Avoid path traversal for downloadable files from the admin panel. This way a user with access to the admin panel might gather access to files of the OXID eShop system. Fix: OXID eShop now checks the path of the file, only file names in specific paths like downloads/ can now be altered. Many thanks Tim Herres of LSExperts (https://lsexperts.de/) for pointing us to that place.
- Clean up basket after user logs out. (fix for bug #5771)
Bugtrack change log: https://bugs.oxid-esales.com/changelog_page.php?version_id=314
No new features in this patch.