Version 1.3 of VrShop has been released today. This update contains a number of bug fixes, logic improvements and a couple of important changes. One of these is for a minor cross-site scripting flaw in the search routines in VrShop Server (although a default installation would not be prone to this and it depends upon certain template changes) and the capturing and dealing with a particularly poorly written robot that is not handling URLs correctly and can cause undue load on servers through requesting erroneous URLs when safe URLs are activated in VrShop.

New Features / Enhancements

_ mySQL 5 STRICT_TRANS_TABLES compliance. This has required a variety of coding changes in the system and changes to the database structure which will be actioned when running the update
_ Code to handle a particularly poorly written bot that cannot handle safe urls correctly and may cause excessive bandwidth usage. This change will not stop the requests happening, as there is no way for us to achieve that as it is outside of our control. This change will, however, try to stop VrShop executing these as a normal page request leading to less PHP processing and no mySQL connection being made. Patches have been made available for older versions to include this change without upgrading
_ Several new spiders now detected by spiderDetect.php
_ Changes to the Worldpay integration for test and live URLs

Bug Fixes

_ Changes to session handling, specifically for AOL users
_ Strip slashes on Paypal response (for characters that are 'escaped')
_ Removed double line break in email headers
_ Fix for minor XSS flaw in search results page (please note that this is not a problem in the default VrShop installation and search.html template, however if you are outputting the search string anywhere other than the search string entry box, you should apply this) Patches have been made available for older versions to include this change without upgrading
_ Changes to replace insert logic when importing
_ Several other import and export logic changes
_ Stock warning emails with product options may not have output the product options on the email
_ Erroneous > by supplier selection field on the product editing screen
_ Minimum quantity field now available on Import
_ Searching for & on admin searches may have led to being logged out
_ Quickbooks COGS account now correctly output on the exported IIF file
_ Improved logic for picking normal price when base prices exist for different account types and other discount structures are used
_ Improved stock control logic for items where you only wish to track option level stock
_ Stock level table (for product template) now created correctly
_ Remote password now saves correctly on SecPay settings screen

This post was last modified: 04-06-08 08:02 AM by vwdesigns.