Jump to content

New version V3.1

Patrick

By Patrick,

Recommended Posts

ClicShopping Contributor

ClicShopping

Posted

 Hi everybody

 

You will find inside the zip a folder called update in the root. Open it and include the DB modification. Before to make that, look inside your DB if you have not these fields.

Else, if you have installed modules use the products table, you must make an update .
The most impact is inside ClicShopping, I recommend you to make before your update, a copy of your version and make the upgrade. If you have o problem, it's cool, else you can make a comment here.


About the modules (free and paid)

 

header_menu :slimmenu, upcomming products
header_tag : grdp, analytics, facebook pixel, twitter_card,
apps : antispam, frontpage_specials, favorites, featured, image, manufacturer
modules_products_info : also_purchased,  products_related,  reviews, download

 

This is the most of apps and modules impacted by the update.
Note : the paid modules will be updated today

 

 

  • Like 1
  • Thanks 10
Link to post
Drack Apprentice

Drack

Posted
(edited)

Thank you for this update and recommendations.

I looked the news, to include a status inside a categories, it's a good new for the shop owner to display or not a category.

Just a question, if the category is on Off, the products inside the categories is displayed or not ?

Edited by Drack
Link to post
Patrick Apprentice

Patrick

Posted
  • Author

I have testing the new 3.1 version.

What's new!

First, the category has now a status, it's a good thing to manage the categories. When you click on a status on the categories, the child becomes offline.

But be careful, when a parent category is on Off and a child category is on ON, the product appears, the system does not seem to verify if inside a specific category if a parent category -n  is on Off, just the first parent. It could be a problem if the administrator does not know this point.

I look if the product appears when a category is off. No, same if the status product is On. A good thing because now the product depends also on the parent category status. As I said just above when you research a product and inside a category Off there is a category child is on ON, the product appear.

If you are in this case you must open the category on On and make this other on Off.

 

The attributes have 2 new elements, one field on the B2B and another field called status but the stock doesn't appear for this version; Maybe later !!

 

Now the migration, inside the update directory, you have a field with the db, you have just to include these requests in your db if it does not exist and upload all the files.

 

@ClicShopping is my little report about this new version.

Link to post
ClicShopping Contributor

ClicShopping

Posted

@Patrick,

Thank you for your deep test. You have right, but if a category is on Off, it's supposedly all his other must be on OFF. In this case, there is no problem.

But you have reason if inside an Off category there is a category on On, in this case, the product is displayed.

 

About the products attributes, the system must be rewritten in the future, no delay on that. it could be an on next release, now, like always, the focus is to discover the  bugs.

 

  • Like 1
Link to post
Fantomas Newbie

Fantomas

Posted

hello,

I tried to install ClicShopping but I have this problem : 

PHP Warning: escapeshellcmd() has been disabled for security reasons in ........./public_html/shop/ext/PHPMailer-master/vendor/phpmailer/phpmailer/src/PHPMailer.php on line 1632

Is a problem with the application ?

Link to post
ClicShopping Contributor

ClicShopping

Posted

I looked more deeply on this problem: escapeshellcmd(). If your hoster lock the default Sendmail function, you must use the SMTP inside configuration / Mail

I will make other test and make an update about as soon as possible. But you can use the application without problem. Just in case in your hoster block this function, use the other.

 

That's why you hoster create protection on that. https://exploitbox.io/paper/Pwning-PHP-Mail-Function-For-Fun-And-RCE.html

 

Quote

The attacker can however inject additional command parameters to the sendmail command itself as the escapeshellcmd() function called by mail() does not quote the $additional_parameters parameter by default. It gives a programmer freedom to pass multiple arguments to sendmail, but may introduce a vulnerability to unaware programmers. A successful injection of additional parameters to sendmail, might trigger additional functionality of the sendmail program itself. For example, if the attacker managed to set $return variable to: attackere@remote -LogFile /tmp/output_file The sendmail program would be called as a shell command: /usr/sbin/sendmail -t -i -f attackere@remote -LogFile /tmp/output_file If the -LogFile was a valid argument for the sendmail interface installed on the target machine, this could cause the program to write out a log file into /tmp/output_file. As it turns out Sendmail MTA has such a logging function in its implementation of /usr/sbin/sendmail interface, which can be enabled by -X parameter and could be used to save malicious code provided by the attacker.

 

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use

  I accept