Need help with Joomla? We are available for hire to help with Joomla customization, upgrades, maintenance, and custom development.
Explore our services [17-July-2026] EShop version 5.6.0 - Security Release
- Giang Dinh Truong
-
Topic Author
- Offline
- Administrator
-
Less
More
1 day 19 hours ago #178994
by Giang Dinh Truong
[17-July-2026] EShop version 5.6.0 - Security Release was created by Giang Dinh Truong
Dear customers !
I’m happy to announce the next release of EShop Shopping Cart version 5.6.0! This release address two medium security items found in the earlier versions and some improvements of function and layout:
1. Check whole of source code to avoid / prevent possible SQL Injection.
- Check to make sure that all of user input data from front-end side to be Type Casting (integer, float) when using them in Where clauses of SQL staments.
- Check to make sure all of string to be quoted with $db->quote function when using them in Where clauses of SQL statements.
2. Missing CSRF token check on upload file.
- The extension has an end point to allow customers to upload file for products using ajax upload. The code in previous release does not have CSRF token check, this is now added to enhance security.
- Further more, I also added .htaccess to prevent direct access to files into the folder that includes uploaded file, just in case admin allows uploading php files by mistake. Also, additional check has been added so that if you do not use File custom field types, the upload end point will be disabled to prevent attackers from uploading files (to abuse server quota for some reasons).
- Additional checks below are implemented to prevent mass uploads attack (assume your site is on target of attack):
+ Reject unsafe files (files with unsafe file extensions, files contain code) for older Joomla version to make it works in the same way with security improvements implement in Joomla 6.1.2 File::upload method
+ Max Files Per Session: Limit maximum number of files which can be uploaded per session. By default, I set it to 100.
+ Max Files Per Minute: Limit maximum number of files which can be be uploaded per minutes. By default, I set it to 20.
+ Folder Size Limit: If you worry that too many files can be uploaded which makes your hosting space becomes full, you can limit it to something like 1024MB (mean 1GB), or smaller size.
+ Max Files In Folder: If you worry that too many files can be uploaded, you can limit total number of files can be uploaded for your site via upload files in EShop. For example, set it to 5000 files.
All of these can be configured by going to EShop -> System -> Configuration -> Option tab, under File section.
3. Weights / Lengths Manager Improvements.
From this version, the Weight / Length (Length, Width, Height) in EShop has more parameters to format number when they are displayed on the front-end side. They are: Decimal Symbol, Decimal Place and Thousands Separator. So now, you can format the number of weight and measurement easily to meet your requirement.
4. Layout Improvements.
I added the configuration to have Addtional Action Style layout for action buttons (Quickview, Wishlist, Compare, Notify buttons) on the products list. This allows to add additional style for buttons easily to have flexible layouts in different themes of EShop.
5. Payfast payment plugin fix.
There is a small issue when processing order with Payfast and it is fixed in this version of EShop.
Please update your site to this latest version of EShop to have these updates. Thanks for continue using our product and support our developments.
Sincerely, Giang
I’m happy to announce the next release of EShop Shopping Cart version 5.6.0! This release address two medium security items found in the earlier versions and some improvements of function and layout:
1. Check whole of source code to avoid / prevent possible SQL Injection.
- Check to make sure that all of user input data from front-end side to be Type Casting (integer, float) when using them in Where clauses of SQL staments.
- Check to make sure all of string to be quoted with $db->quote function when using them in Where clauses of SQL statements.
2. Missing CSRF token check on upload file.
- The extension has an end point to allow customers to upload file for products using ajax upload. The code in previous release does not have CSRF token check, this is now added to enhance security.
- Further more, I also added .htaccess to prevent direct access to files into the folder that includes uploaded file, just in case admin allows uploading php files by mistake. Also, additional check has been added so that if you do not use File custom field types, the upload end point will be disabled to prevent attackers from uploading files (to abuse server quota for some reasons).
- Additional checks below are implemented to prevent mass uploads attack (assume your site is on target of attack):
+ Reject unsafe files (files with unsafe file extensions, files contain code) for older Joomla version to make it works in the same way with security improvements implement in Joomla 6.1.2 File::upload method
+ Max Files Per Session: Limit maximum number of files which can be uploaded per session. By default, I set it to 100.
+ Max Files Per Minute: Limit maximum number of files which can be be uploaded per minutes. By default, I set it to 20.
+ Folder Size Limit: If you worry that too many files can be uploaded which makes your hosting space becomes full, you can limit it to something like 1024MB (mean 1GB), or smaller size.
+ Max Files In Folder: If you worry that too many files can be uploaded, you can limit total number of files can be uploaded for your site via upload files in EShop. For example, set it to 5000 files.
All of these can be configured by going to EShop -> System -> Configuration -> Option tab, under File section.
3. Weights / Lengths Manager Improvements.
From this version, the Weight / Length (Length, Width, Height) in EShop has more parameters to format number when they are displayed on the front-end side. They are: Decimal Symbol, Decimal Place and Thousands Separator. So now, you can format the number of weight and measurement easily to meet your requirement.
4. Layout Improvements.
I added the configuration to have Addtional Action Style layout for action buttons (Quickview, Wishlist, Compare, Notify buttons) on the products list. This allows to add additional style for buttons easily to have flexible layouts in different themes of EShop.
5. Payfast payment plugin fix.
There is a small issue when processing order with Payfast and it is fixed in this version of EShop.
Please update your site to this latest version of EShop to have these updates. Thanks for continue using our product and support our developments.
Sincerely, Giang
Please Log in or Create an account to join the conversation.
Moderators: Giang Dinh Truong
Support
Documentation
Information
Copyright © 2026 Joomla Extensions by Joomdonation. All Rights Reserved.
joomdonation.com is not affiliated with or endorsed by the Joomla! Project or Open Source Matters.
The Joomla! name and logo is used under a limited license granted by Open Source Matters the trademark holder in the United States and other countries.
The Joomla! name and logo is used under a limited license granted by Open Source Matters the trademark holder in the United States and other countries.