Update highlights
This version resolves an issue when loading options on certain pages other than the main AdminCP settings page.
A new user group permission has been added for allowing users to create items in the front-end without requiring the approval queue.
Lastly, browsing to the next page when viewing inventories on profiles other than your own profile now works as intended.
Complete Change Log
Feature: New user group permission: Add items without approval
Fix: When viewing options from pages other than the "Settings" page, a server error could be generated
Fix: Fix multi-page inventories on profiles when viewing other users' profiles
Update highlights
This version updates the Infinite Scroll library to reduce its size, thus reducing load time for first time visitors. Furthermore, a bug has been resolved with the Infinite Scroll integration where it would not work correctly when the item display style was set to "Grid" in the style properties.
Lastly, an issue has been resolved with the Create Forum item where it had not been updated for the changes in XenForo 2.2.
Complete Change Log
Change: Update Infinite Scroll library to reduce its file size
Fix: The "Create Forum" item was not fully updated for the changes in XF 2.2
Fix: Infinite Scroll would not work correctly when the item display style was set to Grid
6.4.8
Update highlights
This version resolves a regression from v6.4.6 as well as improving the checkout experience by making it possible to gift the same item during checkout to multiple users simultaneously.
Complete Change Log
Feature: It is now possible to gift the same item during checkout to multiple users simultaneously
Fix: Fix regression from 6.4.6 that caused issues when purchasing items
6.4.7
Update highlights
This version fixes an XSS issue affecting thread titles and post messages.
Please see this thread for more information: https://www.dragonbyte-tech.com/thr...n-xss-in-dragonbyte-shop-v6-1-0-v6-4-6.25078/
Complete Change Log
Fix: Fix a security issue affecting thread titles and post messages
Security Notification: XSS in DragonByte Shop v6.1.0 - v6.4.6
Hey all,
An XSS security issue has been discovered affecting all versions of DragonByte Shop from v6.1.0 to v6.4.6. This issue is critical in nature and you should patch your site immediately. This affects XenForo 2.0, 2.1 and 2.2 versions.
All affected versions of DragonByte Shop have been patched, so even if your license has expired or you cannot update for whatever, you can still login and download a fixed version of the version you're currently running.
If you cannot login or download, you can opensrc/addons/DBTech/Shop/Listener.php
and find:
public static function templaterFilterRichThreadTitle(
Replace its contents with:
Thanks to @TickTackk for discovering the issue.PHP:if (!$thread->thread_id || !$thread->User ) { return $value; } /** @var \DBTech\Shop\XF\Entity\User $user */ $user = $thread->User; $styleProps = []; /** @var \DBTech\Shop\Entity\Purchase[]|ArrayCollection $purchases */ $purchases = \XF::repository('DBTech\Shop:Purchase')->filterActivePurchasesForUser($user); foreach ($purchases as $purchase) { $handler = $purchase->handler; $handler->fire('thread_title_markup', [$thread, &$styleProps], $thread->thread_id); } if ($styleProps) { $escape = false; // Ensure we only add the span if needed return '<span style="' . implode('; ', $styleProps) . '">' . htmlspecialchars($value) . '</span>'; } return $value;
6.4.6
Update highlights
This version implements multiple changes to deal with IP logging, in order to prevent the IP log from being "tainted" with incorrect entries.
Furthermore, it includes a few other miscellaneous bugfixes. Thanks to our community for reporting the issues!
Complete Change Log
Change: Disable IP logging for items created in the AdminCP
Change: Disable IP logging by default for purchases
Fix: Older transactions would sometimes cause a server error
Fix: Prefix quick set in the AdminCP would not work as intended
Fix: Ensure the username style cache doesn't break if the purchase belongs to a deleted user or deleted item
Fix: Creating or editing an item will now associate the IP address log with the visitor, not the assigned owner
Update highlights
This version fixes a regression from 6.4.4 that could cause glitches in configurable items, as well as fixes an issue with copying items.
Complete Change Log
Fix: Copying items would produce a server error in certain circumstances
Fix: Fix an issue where item configuration would be incorrectly cached, leading to glitches in things like user name colours
Update highlights
This version fixes a couple race condition bugs, as well as an issue where old purchases without a purchase handler could generate a server error.
Complete Change Log
Fix: Fix race condition triggering "Cannot delete an entity that has been partially updated" server error
Fix: Fix race condition with deleted users when upgrading from certain older versions
Fix: Fix "Call to a member function setPurchase() on null"
Update highlights
This version adds support for og:image / twitter:image meta tags for item URLs, making your rich embeds in places like Twitter or Discord show the item's icon.
Furthermore, some internal code tweaks took place, for improved support for Xon's MultiPrefix.
Lastly, a few bugs discovered by @JoyFreak have been resolved. Thanks!
Note: If you are running Xon's MultiPrefix, please update to v2.8.14.
Complete Change Log
Feature: Add og:image / twitter:image metadata tags for the main item page
Change: Update type hints for Inline Moderation
Fix: The postbit integration would cause a server error on a post by a deleted or guest user
Fix: Setting "Item rating style" to "Circle" would not work due to missing templates
Fix: Compatibility fixes for MultiPrefix
Update highlights
This version resolves a number of bugs reported by the community, as well as improving the UX of the Thread Highlight and Thread Title Style items by correctly flagging them as only working on the user's own threads.
Complete Change Log
Change: Thread Highlight and Thread Title Style items can now only affect threads posted by the user who owns the item
Change: The default category description's link should now be correct
Fix: Fix a server error when adding comments to trade posts
Fix: (Potentially) resolve an error that could occur when viewing older transaction log entries
Fix: Made the "Currency column" field required in the templates to prevent a server error from being logged
Fix: In certain cases, a server error could be generated when running rebuild jobs or merging users
Fix: Manually adding new items via the AdminCP would produce a server error
Update highlights
This version contains a couple internal changes, but also fixes an issue that could occur while attempting to read a purchase's configuration.
Complete Change Log
Change: Update bundled Infinite Scroll library
Change: Add a missing property to type hinting
Fix: Fix server error when attempting to obtain purchase configuration
Update highlights
!!! THIS VERSION REQUIRES XENFORO 2.2.0 AND PHP 7.2.0 !!!
Coinciding with the release of XenForo 2.2.0, all XenForo 2.2 versions are now Gold ? This is also the last version that will contain the XF 2.2 / PHP 7.2 warning in the release notes.
Complete Change Log
Feature: Implement wildcard search for item names in the Purchase log in the AdminCP
Fix: Delete clean-up services would produce a server error
Update highlights
!!! THIS VERSION REQUIRES XENFORO 2.2.0 AND PHP 7.2.0 !!!
This version fixes an issue where formatted currency values displayed across the site would display 1 instead of the real currency value. No data was lost, it was a display bug only.
This version is flagged as a Beta version as it has not been tested on a live site.
Complete Change Log
Fix: Fix formatted currency values always returning 1
Update highlights
!!! THIS VERSION REQUIRES XENFORO 2.2.0 AND PHP 7.2.0 !!!
This version contains coding style updates and changes for XenForo 2.2.0 / PHP 7.2.0. Furthermore, this version features compatibility with the "Live forum statistics" add-on. This integration has not been tested.
Other minor back-end issues have also been resolved.
This version is flagged as a Beta version as it has not been tested on a live site.
Complete Change Log
Feature: Add support for LinkableInterface
Feature: Thread Title Style / Thread Title Background compatibility with "Live forum statistics"
Change: Make various custom fields extendable
Fix: Fix permissions sometimes not rebuilding when upgrading