DukaPress 2.3.2 Security Update

6

This is a tiny albeit important update that fixes a security issue with timthumb.php which can be found inside the “lib” folder within DukaPress.

We use timthumb.php to resize images. It turns out that there is a grave security risk with using an unmodified timthumb.php. The vulnerability is described here.

Fortunately, fixing this is simple. You need to open up timthumb.php and change Line 27 to look like this:

$allowedSites = array ();

Please take note of the empty parentheses above.

Alternatively, you can download and install DukaPress version 2.3.2

6 Responses

  1. nowit says:

    Hi, I don’t know if I should open new topic about this: My Basic Shop Settings can’t be save, after editing the fields then I clink save-settings but if I went back to the settings it was not saved. All settings went out

  2. Conan says:

    I think there is a small problem in 2.3.2 – the empty cart button did not work for me.

    i tried on my site and on the dukapress demo

    the link in dp-widgets is #

    i replaced it with “/index.php?dpsc_ajax_action=empty_cart” and its working again.

    great plugin!

  3. Usman Fayyaz says:

    empty cart option working on only Firefox.

Leave a Reply

© 2016 DukaPress. All rights reserved.
Design By Madoido.