Thelia Network
E-commerce solution

E-commerce software, useful to create and manage online stores, published under a free license. Discover our new version, based on many modern technologies !

Download Thelia
Business

A team of experts at your service.

Community

Join the trend!

Showcase

Over 7000 online stores powered by Thelia

Modules & Themes

Customize your Thelia.

Openstudio

Thelia editor.

ARCHIVES

Version 2.1.2 with security fix

24 Feb 2015 | Comments: 0 | Posted by: Stéphanie Pinet

The version 2.1.2 of Thelia was released and includes a security fix.

Simon Vieille from web&design has reported a XSS injection present in the BackOffice of Thelia (error.html template). This vulnaberability is present in version 2.1.0 and 2.1.1 but not version 2.0.*

Here is the complete changelog :

  • Add the possibility to delete a coupon from the backoffice.
  • module list is now reversed. Delivery modules appear first, then payment and finally classic modules.
  • display a loader when a module is uploaded
  • Change product prices export and import format to be compatible, now using product_sale_elements id as key to identify PSE.
  • Fix unused variable in Thelia\Controller\Api\CustomerController::getDeleteEvent
  • change default order for cart loop.
  • Add missing static keyword for Thelia\Core\HttpFoundation\JsonResponse::createError
  • Do not register previous url on XmlHttpRequest
  • Fix deploy image directory destination
  • Fix redirect response if a AuthenticationException is catched
  • Prevent XSS injection in error.html template
  • The hook method is now stored in the ignored_module_hook table
  • Allow to hardlink TinyMCE rather than symlink
  • Add bootstrap paths for thelia-project
  • Enlarge order dropdown menu to prevent wrapping in some languages
  • Fixed langugage when previewing e-mails

Download version 2.1.2

Read more →