CVE-2009-2266: Specially crafted cookie can lead to unauthorized access to session information of unregistered users.
General hints for this package Removed WYSIWYG-editor from admin UI for guestbook entries – changed to textarea since in frontend it is simple text entries only. Enabled language abbrevation support for SEO URLs. After you update shop to newest version go to “Master Settings -> Core Settings –> SEO” and press “Update SEO URLs” to […]
General hints for this package Current release contains session handling improvements related to users whose browsers do not accept cookies. session is only started and session id appended to URL only after special action or on special view init. By default these are: views: register, account function: tobasket, login_noredirect, tocomparelist If you need to define […]
General hints for this package replaced the drop down by an ajax list for product bundle assignment in admin. from now on, it is not possible any longer to assign products to price categories in admin. Products will be assigned to price categories automatically. if you run ssl/non ssl shop on different subdomains and have […]
CVE-2009-3113: Specially crafted parameter can lead to unauthorized write access to product reviews in the shop.
General hints for this package None Installation See our instructions for detailed information about patching/updating. Fixed Bugs 0000419: [Order processing] eShop doesn’t send emails via SMTP 0000379: [Admin area] Promotions cannot be de-activated 0000405: [Order processing] Registration email is sent although the user purchased without a registration 0000382: [PDF invoice] Wrong VAT in PDF-invoice for […]
General hints for this package None Installation You will find an installation instruction within the package you download. The regular manual for updating available at our website will not cover all the steps you have to do this time. So make sure you read the INSTALL file within your package carefully. Fixed Bugs 0000441: [Files […]
General hints for this package This package does not contain any template changes. Please note, that quite a lot files are included in patch package. As packages are prepared automatically, most of these files are included only because the year changed in file header. Installation See our instructions for detailed information about patching/updating. Fixed Bugs […]
General hints for this package None Installation See our instructions for detailed information about patching/updating. Fixed Bugs 0000527: [Patches] Users without password cannot register – bug in update script generates wrong passwords 0000539: [RSS] RSS for Listmania lists of product not works in DE language 0000536: [3rd party libraries] Problem when loading tag cloud in […]
General hints for this package Version numbers The version numbers will consist of three digits from now on: 4.1.0 “Save-on-Tab” functionality Due to complexity of implementation, maintenance and bugs “Save-on-Tab” functionality was removed. EUR sign In previous update due to general shop encoding change (from ISO-8859-1 to ISO-8859-15) euro character may be broken in shop […]
General hints for this package File cache reset now will not erase cached objects structure info (files starting with “oxc_fieldnames_…”) from temp directory. Developers need manualy delete these files from temp directory if updating objects structure. This will save time when rebuilding cache. Since the OXID eShop version 4.1.0_17976 the templates of the previous versions […]
CVE-2009-3112: Specially crafted parameter can lead to unauthorized administrative access to shop backend.