PrestaShop logo

PrestaShop

Open source e-commerce platform for building an online store

Alternative to: shopify, woocommerce, bigcommerce, magento


About Versions (100)

1.7.6.6

2020-07-02

Main fixes

Below are listed the 6 regressions that were found and fixed in this version:

Front-office regression:

  • A BC break was mistakenly introduced in 1.7.6.5 on some selectors in the front-office #18509

Back-office regressions:

  • It was not possible to use Stocks page without the rights for Translation page #19713
  • Bad button color in Modules pages modal window #9699
  • No success message in Customer page after editing a voucher #18842

Other regressions:

  • It was not possible to update currencies using the Webservice #18865
  • There was an error at the end of the upgrade if it was run manually #18723

Security fixes

7 security fixes have been included in this patch version:

More information about why it is important to update:

Notable change

In order to correctly handle user session expiration, two new SQL tables have been added to PrestaShop MySQL schema: ps_customer_session and ps_employee_session. These SQL tables are used for security purposes.

Breaking or risky changes

Dashboard modules can no longer use AdminDashboardController::ajaxProcessSaveDashConfig() to save values. This is not possible anymore in PrestaShop 1.7.6.6 in order to enforce the shop’s security.

A bug fix included in 1.7.6.5 required changing a CSS selector in the Front Office’s product page and rendering it more specific. However, this new selector did not work with some third party themes which were based on Classic. In 1.7.6.6, a new generic selector has been added: .product-container. If you are a theme developer, make sure to add this class to the appropriate container on your product page in order to allow your product page to be refreshed on changes.

Full Changelog

  • Back Office:
    • Bug fix:
      • #19814: Change buttons in modal bulk of module page to avoid black color (by @NeOMakinG)
      • #18975: BO - Customer View page - Added Green alert when editing a voucher (by @Progi1984)
      • #19942: Cast changelogs to array for twig - Backport of #19778 (by @atomiix)
      • #19718: Remove i18n access restrictions (by @PierreRambaud)
      • #19990: Fix BO page Module permission checks (by @jolelievre)
  • Front Office:
    • Improvement:
      • #19800: Add a new selector in order to select the product page more precisely (by @NeOMakinG)
  • Core:
    • Improvement:
      • #19943: Update Composer dependencies and prestashop module versions (by @PierreRambaud)
      • #19980: Update version number to 1.7.6.6 (by @matks)
      • #19979: Update outdated assets in 176x (by @matks)
      • #19984: Update license headers for PS 1.7.6.6 (by @matks)
    • Bug fix:
      • #19010: Added missing required_once for Datas class (by @atomiix)
      • #19986: Fix php7-only code into 1766 (by @matks)
      • #20018: Remove COLLATION placeholder from 1.7.6.6.sql (by @matks)
      • #GHSA-mc98-xjm3-c4fm - External control of configuration setting in the dashboard (by @PierreRambaud)
      • #GHSA-997j-f42g-x57c - Information exposure in upload directory (by @PierreRambaud)
      • #GHSA-492w-2pp5-xhvg - Information disclosure in release archive (by @PierreRambaud)
      • #GHSA-ccvh-jh5x-mpg4 - Improper authentication (by @PierreRambaud)
      • #GHSA-xp3x-3h8q-c386 - Improper access controls in Carrier page, Module Manager and Module Positions (by @PierreRambaud)
      • #GHSA-qgh4-95j7-p3vj - Reflected XSS in product page (by @PierreRambaud)
      • #GHSA-v4pg-q2cv-f7x4 - Stored XSS in AdminQuickAccesses (by @PierreRambaud)
  • Web Services:
    • Bug fix:
      • #18969: Make api backward compatible for Currencies (by @atomiix)