Dear admins! Enable security options in Admin account settings (../admin/account/
user/addinfo?id=1): - IP-address change control = Х.Х.Х.Х - Bind session to IP-
address = yes - Forbid parallel sessions = yes - Auto logout after N minutes (0 -
default) = 5 It will eliminate risk of your session stealing.
On popular request we've added extended statistics to admin panel
Multi-level currency indication added. Now you can change user's payment details
from admin panel.
ATTENTION! Cases of cracking PerfectMoney merchant became more frequent by
trial and error method "Alternative code phrase". If it is "simple", then malefactor will
evaluate it and "sign" for it fake transaction. Script will put stated sum on malefactor's
balance. Create code phrases no shorter than 16 SyMBolS/numbers length.
One curious tester (thanks for that) found vulnerability: If you send a message with
special js-script to a user (or admin), then it will be executed on opening this message.
1. Vulnerability worked only when message was opened from Profile. 2. Malefactor
could receive user's cookies, and if user hasn't set IP-binding, then malefactor could
access user's profile(and in admin case - Control panel). To fix vulnerability update
file ..module/message/show.php . If you have disabled "Personal messages" (or
activated "only support" mode), then you are on safe ground.
On popular request: now you can reply to letters from support form from your mail.
Custom variable update in database "Was on site" now not oftener than once in a
minute (deloading database server).
API address updated for MeraPay. Small defects fixed (non-critical).