[DBTech] DragonByte Shop

[DBTech] DragonByte Shop 6.4.11

No permission to buy ($24.95)
Update highlights

This version resolves an issue with prefixes preventing them from being selectable when adding or editing an item.

Furthermore, the various widgets now save the correct currency settings.


Complete Change Log

Fix: Fix prefixes when editing an item
Fix: The Wallet widget would not save the correct values when choosing which currencies to display
  • Like
Reactions: Sunka
Update highlights

This version resolves an issue when loading options on certain pages other than the main AdminCP settings page.

A new user group permission has been added for allowing users to create items in the front-end without requiring the approval queue.

Lastly, browsing to the next page when viewing inventories on profiles other than your own profile now works as intended.


Complete Change Log

Feature: New user group permission: Add items without approval
Fix: When viewing options from pages other than the "Settings" page, a server error could be generated
Fix: Fix multi-page inventories on profiles when viewing other users' profiles
Update highlights

This version updates the Infinite Scroll library to reduce its size, thus reducing load time for first time visitors. Furthermore, a bug has been resolved with the Infinite Scroll integration where it would not work correctly when the item display style was set to "Grid" in the style properties.

Lastly, an issue has been resolved with the Create Forum item where it had not been updated for the changes in XenForo 2.2.


Complete Change Log

Change: Update Infinite Scroll library to reduce its file size
Fix: The "Create Forum" item was not fully updated for the changes in XF 2.2
Fix: Infinite Scroll would not work correctly when the item display style was set to Grid
Update highlights

This version resolves a regression from v6.4.6 as well as improving the checkout experience by making it possible to gift the same item during checkout to multiple users simultaneously.


Complete Change Log

Feature: It is now possible to gift the same item during checkout to multiple users simultaneously
Fix: Fix regression from 6.4.6 that caused issues when purchasing items
Update highlights

This version fixes an XSS issue affecting thread titles and post messages.

Please see this thread for more information: https://www.dragonbyte-tech.com/thr...n-xss-in-dragonbyte-shop-v6-1-0-v6-4-6.25078/


Complete Change Log

Fix: Fix a security issue affecting thread titles and post messages
  • Like
Reactions: Sunka
Hey all,

An XSS security issue has been discovered affecting all versions of DragonByte Shop from v6.1.0 to v6.4.6. This issue is critical in nature and you should patch your site immediately. This affects XenForo 2.0, 2.1 and 2.2 versions.

All affected versions of DragonByte Shop have been patched, so even if your license has expired or you cannot update for whatever, you can still login and download a fixed version of the version you're currently running.

If you cannot login or download, you can open src/addons/DBTech/Shop/Listener.php and find:
public static function templaterFilterRichThreadTitle(

Replace its contents with:
PHP:
        if (!$thread->thread_id
            || !$thread->User
        ) {
            return $value;
        }

        /** @var \DBTech\Shop\XF\Entity\User $user */
        $user = $thread->User;

        $styleProps = [];

        /** @var \DBTech\Shop\Entity\Purchase[]|ArrayCollection $purchases */
        $purchases = \XF::repository('DBTech\Shop:Purchase')->filterActivePurchasesForUser($user);
        foreach ($purchases as $purchase)
        {
            $handler = $purchase->handler;
            $handler->fire('thread_title_markup', [$thread, &$styleProps], $thread->thread_id);
        }

        if ($styleProps)
        {
            $escape = false;

            // Ensure we only add the span if needed
            return '<span style="' . implode('; ', $styleProps) . '">' . htmlspecialchars($value) . '</span>';
        }

        return $value;

Thanks to @TickTackk for discovering the issue.
  • Like
Reactions: Sunka and TickTackk
Update highlights

This version implements multiple changes to deal with IP logging, in order to prevent the IP log from being "tainted" with incorrect entries.

Furthermore, it includes a few other miscellaneous bugfixes. Thanks to our community for reporting the issues!


Complete Change Log

Change: Disable IP logging for items created in the AdminCP
Change: Disable IP logging by default for purchases
Fix: Older transactions would sometimes cause a server error
Fix: Prefix quick set in the AdminCP would not work as intended
Fix: Ensure the username style cache doesn't break if the purchase belongs to a deleted user or deleted item
Fix: Creating or editing an item will now associate the IP address log with the visitor, not the assigned owner
  • Like
Reactions: 51463 and Sunka
Update highlights

This version fixes a regression from 6.4.4 that could cause glitches in configurable items, as well as fixes an issue with copying items.


Complete Change Log

Fix: Copying items would produce a server error in certain circumstances
Fix: Fix an issue where item configuration would be incorrectly cached, leading to glitches in things like user name colours
Update highlights

This version fixes a couple race condition bugs, as well as an issue where old purchases without a purchase handler could generate a server error.


Complete Change Log

Fix: Fix race condition triggering "Cannot delete an entity that has been partially updated" server error
Fix: Fix race condition with deleted users when upgrading from certain older versions
Fix: Fix "Call to a member function setPurchase() on null"
  • Like
Reactions: 51463
Update highlights

This version adds support for og:image / twitter:image meta tags for item URLs, making your rich embeds in places like Twitter or Discord show the item's icon.

Furthermore, some internal code tweaks took place, for improved support for Xon's MultiPrefix.

Lastly, a few bugs discovered by @JoyFreak have been resolved. Thanks!

Note: If you are running Xon's MultiPrefix, please update to v2.8.14.



Complete Change Log

Feature: Add og:image / twitter:image metadata tags for the main item page
Change: Update type hints for Inline Moderation
Fix: The postbit integration would cause a server error on a post by a deleted or guest user
Fix: Setting "Item rating style" to "Circle" would not work due to missing templates
Fix: Compatibility fixes for MultiPrefix
Top