[DBTech] DragonByte Shop 7.2.4

Update highlights

This version is a culmination of bugfixes in v6.4.x, and adds a new feature that aims to significantly improve the usability of the "User has purchased the following item" criteria.

In the past, this was limited to one item only, but is now a multi-select. You can also choose whether a user must have purchased all, or just any, of the items selected.

Secondly, this version updates the usability of deleting currencies, which will now no longer delete associated lotteries and items.


Complete Change Log

Feature: "User has purchased the following item" criteria is now a multi-select
Fix: Do not delete lotteries or items when a currency is deleted.
Fix: Prevent donating if either source is incapable of sending, OR target is incapable of receiving, donations

Update highlights

This version fixes an issue with the currency privacy setting, as well as an issue with the User Title Change items.


Complete Change Log

Fix: User Title Change / User Title Change (Pre-Defined) would not reapply correctly if the inventory item was deactivated then re-activated
Fix: Fix an issue where the "Show to self and designated user groups" currency privacy setting did not apply correctly

Update highlights

This version fixes an issue with the currency privacy setting, a performance issue with thread bans, as well as a permissions check issue for trade posts.


Complete Change Log

Fix: Fix an issue where the "Show to self and designated user groups" currency privacy setting did not apply correctly
Fix: Improve performance for checking thread bans
Fix: Fix permission check for new trade posts

Update highlights

This version resolves a potential server error when viewing certain pages (mostly administrative editing pages).

Furthermore, a PHP 8 compatibility issue has also been resolved.


Complete Change Log

Fix: Fix potential server errors when viewing certain pages
Fix: Fix server error when running on PHP 8

Update highlights

This version resolves an issue with prefixes preventing them from being selectable when adding or editing an item.

Furthermore, the various widgets now save the correct currency settings.


Complete Change Log

Fix: Fix prefixes when editing an item
Fix: The Wallet widget would not save the correct values when choosing which currencies to display

Update highlights

This version resolves an issue when loading options on certain pages other than the main AdminCP settings page.

A new user group permission has been added for allowing users to create items in the front-end without requiring the approval queue.

Lastly, browsing to the next page when viewing inventories on profiles other than your own profile now works as intended.


Complete Change Log

Feature: New user group permission: Add items without approval
Fix: When viewing options from pages other than the "Settings" page, a server error could be generated
Fix: Fix multi-page inventories on profiles when viewing other users' profiles

Update highlights

This version updates the Infinite Scroll library to reduce its size, thus reducing load time for first time visitors. Furthermore, a bug has been resolved with the Infinite Scroll integration where it would not work correctly when the item display style was set to "Grid" in the style properties.

Lastly, an issue has been resolved with the Create Forum item where it had not been updated for the changes in XenForo 2.2.


Complete Change Log

Change: Update Infinite Scroll library to reduce its file size
Fix: The "Create Forum" item was not fully updated for the changes in XF 2.2
Fix: Infinite Scroll would not work correctly when the item display style was set to Grid

Update highlights

This version resolves a regression from v6.4.6 as well as improving the checkout experience by making it possible to gift the same item during checkout to multiple users simultaneously.


Complete Change Log

Feature: It is now possible to gift the same item during checkout to multiple users simultaneously
Fix: Fix regression from 6.4.6 that caused issues when purchasing items

Update highlights

This version fixes an XSS issue affecting thread titles and post messages.

Please see this thread for more information: https://www.dragonbyte-tech.com/thr...n-xss-in-dragonbyte-shop-v6-1-0-v6-4-6.25078/


Complete Change Log

Fix: Fix a security issue affecting thread titles and post messages

Hey all,

An XSS security issue has been discovered affecting all versions of DragonByte Shop from v6.1.0 to v6.4.6. This issue is critical in nature and you should patch your site immediately. This affects XenForo 2.0, 2.1 and 2.2 versions.

All affected versions of DragonByte Shop have been patched, so even if your license has expired or you cannot update for whatever, you can still login and download a fixed version of the version you're currently running.

If you cannot login or download, you can open src/addons/DBTech/Shop/Listener.php and find:
public static function templaterFilterRichThreadTitle(

Replace its contents with:

PHP:

        if (!$thread->thread_id
            || !$thread->User
        ) {
            return $value;
        }

        /** @var \DBTech\Shop\XF\Entity\User $user */
        $user = $thread->User;

        $styleProps = [];

        /** @var \DBTech\Shop\Entity\Purchase[]|ArrayCollection $purchases */
        $purchases = \XF::repository('DBTech\Shop:Purchase')->filterActivePurchasesForUser($user);
        foreach ($purchases as $purchase)
        {
            $handler = $purchase->handler;
            $handler->fire('thread_title_markup', [$thread, &$styleProps], $thread->thread_id);
        }

        if ($styleProps)
        {
            $escape = false;

            // Ensure we only add the span if needed
            return '<span style="' . implode('; ', $styleProps) . '">' . htmlspecialchars($value) . '</span>';
        }

        return $value;

Thanks to @TickTackk for discovering the issue.