This is a tiny albeit important update that fixes a security issue with timthumb.php which can be found inside the “lib” folder within DukaPress.
We use timthumb.php to resize images. It turns out that there is a grave security risk with using an unmodified timthumb.php. The vulnerability is described here.
Fortunately, fixing this is simple. You need to open up timthumb.php and change Line 27 to look like this:
$allowedSites = array ();
Please take note of the empty parentheses above.
Alternatively, you can download and install DukaPress version 2.3.2
Hi, I don’t know if I should open new topic about this: My Basic Shop Settings can’t be save, after editing the fields then I clink save-settings but if I went back to the settings it was not saved. All settings went out
I sent you an email, please check.
I think there is a small problem in 2.3.2 – the empty cart button did not work for me.
i tried on my site and on the dukapress demo
the link in dp-widgets is #
i replaced it with “/index.php?dpsc_ajax_action=empty_cart” and its working again.
great plugin!
thank you for this.
empty cart option working on only Firefox.
Thanks for this, we’re looking into this.