Security Release VirtueMart 3.0.12, plus new goal, new docs

More Security

The company Qualys.com found a new issue, a possible XSS. It misuses the array keys in the URL. Most servers prevent such an URL by default, but nevertheless we've added another protection. We also found and fixed some smaller bugs and glitches in advanced functions and last but not least we added missing backward compatibility for some cases. This release follows 3 release candidates with more than 2000 downloads altogether.

New Goal

Sticking to the Joomla API has emerged as an unlucky decision for us. The future plan is to write more for our own framework VMF, which will give us the freedom to also use other systems than Joomla. The idea is to write a small framework, so that extensions written for VirtueMart should also work on different platforms than Joomla. In other words, instead of developing a standalone VirtueMart, we will try to write an easily bridgeable VirtueMart. We already saw a VirtueMart running on Drupal, so it can't be too hard. But first we want to look into Wordpress. Of course we will need test users and suggestions from developers who are familiar with Wordpress and VirtueMart. So please join our forum if you have some experience with these. We also think about using the Joomla platform by the team of Johan Janssens https://github.com/joomlatools/joomla-platform for our next full installer.

New Docs

Due to our membership system http://extensions.virtuemart.net/support/virtuemart-supporter-membership-detail we did find some time to update our manual. We added a lot of pages, which explain general VirtueMart concepts at http://docs.virtuemart.net/manual/general-concepts.html - It's worthwhile to read them. Even VirtueMart veterans already found some new tricks in it!

Some New Features/Fixes:

  • different thumbnail sizes are possible now (actually a fix, but no one knew it anyway, for templates please read here http://forum.virtuemart.net/index.php?topic=132128.msg456671#msg456671)
  • cart should keep address data of the user, if an error happens like "email already taken"
  • use captcha only for guests
  • Added "None" option for some order status lists.
  • media handling per vendor
  • vmUploader checks uploaded files by MIME and may cancell the upload, controlled by ACL
  • vRequest is now also filtering the array keys (recursive)
  • enhanced synchronise Media (no 10k limit anylonger)
  • moved creation of virtuemart_userinfos and virtuemart_order_userinfos to install_essential_data.sql to prevent that changed fields are reverted updating vm
  • added hidden config updEngine to prevent changing of the table engine
  • added main controller missing for joomla3 to the AIO

The full bug fix list is available here this time: http://forum.virtuemart.net/index.php?topic=131898.0

We also updated VirtueMart 2.6. The new version got the security fixes, enhanced payment plugins and uses now mainly the vm3 table layout. It increases noticeable the performance

Templaters:

Please read here http://forum.virtuemart.net/index.php?topic=132128.msg456671#msg456671