PrestaShop Core Monthly - April 2023

As we enter May, let’s recap the key accomplishments within the PrestaShop project during April. We focused on vital security upgrades, namely PrestaShop 8.0.4 and 1.7.8.9, as well as putting the final touches on PrestaShop 8.1. A new project organization was also introduced, and the developer documentation received several updates. Read on to learn more about the latest developments in the PrestaShop project.

New project organization

On April 19th, 2023, @eternoendless unveiled “a clearer, more transparent, more collaborative organization” for the project, that has been under development for the past few months. This revamped organization aims to streamline decision-making within the project. To learn more about the new structure, how it will function, and the next steps, we highly recommend reading the dedicated article on the Build blog. The organization was also presented during April’s Live Update, you can watch the replay here.

PrestaShop 1.7.8.9 and 8.0.4

In April, the PrestaShop project released important security fixes for versions 1.7.8 and 8.0, addressing multiple vulnerabilities. These include a critical SQL filter bypass (GHSA-p379-cxqh-q822) that could lead to arbitrary write requests using “SQL Manager,” a high-severity arbitrary file read issue (GHSA-8r4m-5p6p-52rp), a high-severity XSS injection vulnerability through the Validate::isCleanHTML method (GHSA-fh7r-996q-gvcp), and a moderate-severity CSRF token fixation (GHSA-3g43-x7qr-96ph). The fixes have been implemented to bolster the platform’s security and protect users from potential threats. If you use PrestaShop 1.7.8 or 8.0 I highly recommend you to upgrade your store to the latest version.

The upgrades are small and do not require any database changes. You can implement those changes by simply replacing the files on your server. During the 8.0.4 and 1.7.8.9 upgrade process using the autoupgrade module, some issues were encountered, which were likely caused by the psgdpr module. However, it’s not the only reason for failed upgrades, and further investigation is needed.

PrestaShop 8.1

As PrestaShop 8.1 nears its second beta release, the project is focusing on several key elements necessary for a successful launch. Two of these crucial aspects include completing the translation catalog export and making the autoupgrade module compatible with PrestaShop 8.1. These efforts will enable the community to translate the new version and ensure a seamless upgrade process. You can follow the release process in the dedicated issue on GitHub.

Developer documentation improvements

April brought yet another round of enhancements to the DevDocs! This month, we introduced a revamped homepage for the documentation, emphasizing the main content sections. Additionally, we added a section featuring the most viewed pages in the docs.

Alongside these updates, we welcomed several improvements from the community and three significant additions to the documentation:

• PrestaShopCollection component documentation
• A full guide on how to extend the new product page in the PrestaShop 8.1 back office
• Refreshed upgrade guide showing how to upgrade from PrestaShop 1.7 to 8.0 using CLI.

You can see the full list of changes here.

Upgrades in native modules

Not that much happened around the modules in April, but something worth mentioning is a refactored version of the psgdpr module. The new 2.0.0 version caused some troubles, so it was reverted to the previous version. The module is now back to v1, and we are working on the new version to fix issues reported by the community. You can follow the progress in this issue.

Other than that, there are some wording improvements and other minor fixes in the modules.

PrestaShop Project Live Update May ‘23

Just a quick word on the “Live Update” - we had to shuffle things around a bit and postpone the original date. But no worries, we’ve now locked in a new date! So, grab your coffee and join us for the update on Wednesday, May 17th, 2023 at 4 pm (Paris time) on YouTube.

And that wraps up our Core Monthly summary for April! Don’t forget to join us on May 17th for the “PrestaShop Project Live” update. We’ll see you there!

Project releases

• PrestaShop, 8.0.4 released on 2023-04-25.

• PrestaShop, 1.7.8.9 released on 2023-04-25.

• Google Sitemap module, v4.3.0 released on 2023-04-06.

• Google Analytics module, v4.2.2 released on 2023-04-06.

A quick update about PrestaShop’s GitHub issues and pull requests:

• 170 new issues have been created in the project repositories;
• 161 have been closed, including 17 fixed issues on the core;
• 289 pull requests have been opened in the project repositories;
• 277 pull requests have been closed, including 218 merged pull requests.

Code changes in the ‘develop’ branch

Back office

• #32367: Add CLI command to list and toggle feature flags. Thank you, @jolelievre
• #32339: Fix mobile help button. Thank you, @boherm
• #32289: Replace use of “upgrade” with “update”. Thank you, @eternoendless
• #32193: Fix jquery deprecations. Thank you, @eternoendless
• #32190: Remove unused toolbar.tpl. Thank you, @eternoendless
• #32169: Features list export action. Thank you, @zuk3975
• #32156: Feature UpdatePosition action. Thank you, @zuk3975
• #32152: Improvement: displaying header toolbar on mobile. Thank you, @ga-devfront
• #32137: Don’t call Hook::getHookModuleExecList(‘displayAdminStatsModules’) twice. Thank you, @Tofandel
• #32115: Edit cart rule CQRS command. Thank you, @zuk3975
• #32106: Improve display of gift message on order view. Thank you, @Prestaworks
• #32042: Fix help card in popup instead of full page on create webservice. Thank you, @tleon
• #32023: Migrate Search Config Alias Grid. Thank you, @aleksiuno
• #32012: Revert displaying Customer Groups migrated page. Thank you, @0x346e3730
• #31984: Add an exit button in tablet and phone menu. Thank you, @JBLach
• #31904: Migrate Cart Rules Create action. Thank you, @zuk3975
• #31900: Use htmlspecialchars on trans parameters and deprecate _raw parameter. Thank you, @mflasquin
• #31802: Migrate “Shop parameters > Contact > Stores” list. Thank you, @zuk3975
• #31728: Clean up Add/Edit feature and introduce Delete/BulkDeleteFeatureCommand. Thank you, @zuk3975
• #31726: Migrate customer bought and viewed products to grids. Thank you, @Hlavtox
• #31689: Migrate Sell > Catalog > Feature listing. Thank you, @zuk3975
• #31218: Add index on ps_orders.‘invoice_date’. Thank you, @AdrienPlx
• #29951: Simplify category form. Thank you, @JevgenijVisockij
• #29920: Titles : Migrate Add & Edit Forms. Thank you, @Progi1984

CI

• #32050: Nightly Workflow: Fix combine report not working. Thank you, @boubkerbribri

Core

• #32362: Remove deprecated files. Thank you, @FabienPapet
• #32325: Factorize language selection into a single LocaleChoiceType. Thank you, @FabienPapet
• #32232: Remove unused functions getUrlRewriteInformation & getUrlRewriteInformations. Thank you, @eternoendless
• #32189: Remove deprecated displayFlags. Thank you, @eternoendless
• #32187: No longer try to include obsolete errors.php and admin.php. Thank you, @eternoendless
• #32043: Building all assets goes 🏎️. Thank you, @0x346e3730
• #32014: Fix linter. Thank you, @lartist
• #31997: Removed message by typehinting the class GetProfileForEditingHandler. Thank you, @Progi1984
• #31996: Remove triggered errors and deprecated for Grid. Thank you, @Progi1984
• #31995: Remove deprecated message in Pagination class by typehinting. Thank you, @Progi1984
• #31994: Removed method renderForm in namespace PrestaShopBundle\Controller. Thank you, @Progi1984
• #31993: Remove deprecated methods in LogRepository & RequestSqlRepository. Thank you, @Progi1984
• #31992: Remove deprecated classes TypeaheadRedirectionTargetTransformer and TranslateTextType in namespace PrestaShopBundle\Form\Admin. Thank you, @Progi1984
• #31991: Remove deprecated classes TranslationFinder and TranslationFinderTrait in namespace PrestaShopBundle\Translation\Provider. Thank you, @Progi1984
• #31976: Nicer docker compose & co for fast dev environment startup. Thank you, @tswfi
• #31961: Add discounted unit price and initial price to formatted specific price. Thank you, @tswfi
• #31894: Removed deprecated in Adapter namespace. Thank you, @Progi1984
• #31705: Remove deprecated upload classes. Thank you, @matthieu-rolland
• #31683: Set possibility to ignore warnings and notices in dev mode. Thank you, @web-cooking-factory
• #31421: Remove Tools::encrypt() and Tools::encryptIV() (deprecated). Thank you, @FabienPapet
• #31420: Migrate cookie constants usages to PSR4. Thank you, @FabienPapet
• #28102: Removed pear/archive_tar dependency. Thank you, @Progi1984

Front office

• #31309: Introduce manufacturer presenter. Thank you, @Hlavtox

LO

• #31826: Change profiles wording. Thank you, @micka-fdz

Tests

• #32373: Nightly: another fix to have PS_DOMAIN=localhost:8001 on 8.0.x. Thank you, @boubkerbribri
• #32364: Nightly: fix run for 8.0.x. Thank you, @boubkerbribri
• #32330: Nightly: add PS_DOMAIN to allow docker installation. Thank you, @boubkerbribri
• #32301: Nightly : Fix forgotten environment variable PS_ENABLE_SSL. Thank you, @Progi1984
• #32299: Bump eslint from 8.38.0 to 8.39.0 in /tests/UI. Thank you, @dependabot
• #32298: Bump @typescript-eslint/eslint-plugin from 5.58.0 to 5.59.0 in /tests/UI. Thank you, @dependabot
• #32297: Bump @typescript-eslint/parser from 5.58.0 to 5.59.0 in /tests/UI. Thank you, @dependabot
• #32236: Nightly : Fixed error in the worfklow for the nightly. Thank you, @Progi1984
• #32205: Nightly : Support for HTTPS. Thank you, @Progi1984
• #32176: Bump @typescript-eslint/parser from 5.57.1 to 5.58.0 in /tests/UI. Thank you, @dependabot
• #32124: Nightly : Migrate from prestashop.com to prestashop-project.org. Thank you, @Progi1984
• #32118: Remove un-used test file. Thank you, @laurentrousseau918
• #32114: Revert bump pdfjs-dist from 3.4.120 to 3.5.141 in /tests/UI. Thank you, @Progi1984
• #32107: Bump @typescript-eslint/eslint-plugin from 5.57.0 to 5.58.0 in /tests/UI. Thank you, @dependabot
• #32103: Bump playwright from 1.32.1 to 1.32.3 in /tests/UI. Thank you, @dependabot
• #32094: Bump typescript from 5.0.3 to 5.0.4 in /tests/UI. Thank you, @dependabot
• #32093: Bump eslint from 8.37.0 to 8.38.0 in /tests/UI. Thank you, @dependabot
• #32092: Bump @typescript-eslint/parser from 5.57.0 to 5.57.1 in /tests/UI. Thank you, @dependabot
• #32090: Bump pdfjs-dist from 3.4.120 to 3.5.141 in /tests/UI. Thank you, @dependabot
• #32071: Nightly : Fixes API Campaign. Thank you, @Progi1984
• #32033: Functional Tests : Move FO tests to classic directory. Thank you, @Progi1984
• #32015: Remove step for install npm in tests. Thank you, @tswfi
• #32009: Bump typescript from 5.0.2 to 5.0.3 in /tests/UI. Thank you, @dependabot
• #32008: Bump eslint from 8.36.0 to 8.37.0 in /tests/UI. Thank you, @dependabot
• #32007: Bump @typescript-eslint/eslint-plugin from 5.56.0 to 5.57.0 in /tests/UI. Thank you, @dependabot
• #32006: Bump @typescript-eslint/parser from 5.56.0 to 5.57.0 in /tests/UI. Thank you, @dependabot
• #31988: Use ’npm ci’ instead of ’npm i’. Thank you, @tswfi

Code changes in the ‘8.0.x’ branch

Back office

• #32215: Avoid html being escaped in translation in the alert box. Thank you, @eternoendless
• #32197: Smarty htmlspecialchars. Thank you, @0x346e3730
• #32028: Fix module active flag with group & shop contexts. Thank you, @boherm
• #31411: Display error message when language file is missing. Thank you, @Prestaworks

Core

• #32326: Changelog 8.0.4. Thank you, @FabienPapet
• #32130: Release 8.0.4. Thank you, @FabienPapet
• #31285: Allow JS action after module import. Thank you, @sowbiba

Installer

• #32112: Handle fallback in Tools::clearSf2Cache when container is not available. Thank you, @jolelievre

Web services

• #32044: Fix WS error: add product with empty unit-price. Thank you, @boherm

Code changes in the ‘8.1.x’ branch

Back office

• #32202: Add missing attribute in search categories API. Thank you, @jolelievre
• #32201: Fix undefined shop_id when updating image. Thank you, @zuk3975
• #32199: Set cover on table image when add image on product. Thank you, @mflasquin
• #32195: Clean product v2 routing. Thank you, @jolelievre
• #32194: Deprecate code related to old product page. Thank you, @jolelievre
• #32136: Fix reset all default parameters on currency. Thank you, @mflasquin
• #32116: Fix resetLanguage for Currencies. Thank you, @boherm
• #32060: Add admin breadcrumb hook. Thank you, @cvng
• #31968: Final UX improvement in PPV2. Thank you, @jolelievre

Core

• #32154: Fix domain translation. Thank you, @lartist
• #32135: Bump version for translation extraction. Thank you, @lartist
• #32087: Dump modern mail theme with new wordings. Thank you, @lartist

Front office

• #32061: Fix error when change product qty in cart. Thank you, @mflasquin

Installer

• #32027: Add install error message when a parameter is missing. Thank you, @eternoendless

Tests

• #32251: Functional Tests : BO - Design - Image Settings - Check product image format. Thank you, @Progi1984
• #32221: UI Tests : Unskip tests now that #31812 is fixed. Thank you, @Progi1984
• #32153: Functional tests - Add new test ‘BO > Logs > Log by email’. Thank you, @nesrineabdmouleh
• #32149: Functional tests - Add some tests in ‘Customer service > Merchandise return’ page. Thank you, @nesrineabdmouleh
• #32123: Nightly : Support for HTTPS. Thank you, @Progi1984
• #32082: Functional tests - Add new test ‘CRUD cart rule > Actions > Apply to specific product’. Thank you, @nesrineabdmouleh
• #32041: UI Tests : Use HTTPS. Thank you, @Progi1984
• #32040: UI Tests : Fixed commands. Thank you, @Progi1984
• #32032: Functional Tests : Move FO tests to classic directory. Thank you, @Progi1984
• #32025: Functional Tests : CLDR - Search a currency by enable/disable. Thank you, @Progi1984
• #32018: Functional tests - Add some tests in ‘BO > Cart rules > Create cart rule > Condition tab’. Thank you, @nesrineabdmouleh
• #31895: Functional tests - Refacto ‘BO > Customer service’. Thank you, @nesrineabdmouleh
• #31888: Functional Tests : BO - Design - Image Settings - Image Generation on creation. Thank you, @Progi1984

Code changes in the ‘1.7.8.x’ branch

Back office

• #32140: Fix CVE 2023-25170 on 1.7.8.x. Thank you, @mflasquin
• #32105: Release/manual verifications 1789. Thank you, @mflasquin

Tests

• #32144: Nightly : Migrate from nightly.prestashop.com to nightly.prestashop-project.org. Thank you, @Progi1984

Code changes in modules, themes and tools

Auto Upgrade module

• #579: Nightly : Migrate from nightly.prestashop.com to nightly.prestashop-project.org. Thank you, @Progi1984
• #578: Update composer.lock. Thank you, @ValentinGratz
• #577: Helper for adding hooks in upgrade scripts. Thank you, @kpodemski
• #562: Update product page feature flag values. Thank you, @jolelievre

Automated tests on Pull Requests

• #29: Support for HTTPS (with Docker). Thank you, @Progi1984
• #28: Migrate GA with using Dockerfile. Thank you, @Progi1984
• #26: Separate classic / hummingbird. Thank you, @Progi1984

Changes in developer documentation site

• #23: Improve homepage of Devdocs. Thank you, @thomasnares

Changes in developer documentation sources

• #1652: Improve homepage of Devdocs : Main categories icons, and flags to display pages on homepage. Thank you, @thomasnares
• #1647: Example implementation of hookActionModifyFrontendSitemap. Thank you, @kpodemski
• #1646: Bad relativePath. Thank you, @fabienVernieres
• #1645: PrestaShopCollection component. Thank you, @thomasnares
• #1644: Template display.tpl must extend page.tpl. Thank you, @fabienVernieres
• #1643: Document new product page extendability. Thank you, @thomasnares
• #1642: fix: update password on docker docs to use the new one. Thank you, @boubkerbribri
• #1640: Update helperoptions.md. Thank you, @LaBisquerie
• #1639: Update HelperOptions documentation. Thank you, @LaBisquerie
• #1638: RenderForm / RenderList search items. Thank you, @thomasnares
• #1637: Document Locale component (formatPrice / formatNumber). Thank you, @thomasnares
• #1623: Document PR30588 - services configurations priority. Thank you, @thomasnares
• #1611: Refresh upgrade guide. Thank you, @thomasnares

Changes in developer documentation theme

• #30: Modify link to support, move gitinfo location. Thank you, @thomasnares
• #29: Improve homepage of Devdocs and footer with git-info . Thank you, @thomasnares
• #28: Improve version selector in sidebar. Thank you, @thomasnares

Currency selector

• #33: Fix the module description. Thank you, @mflasquin

Customer reassurance block module

• #525: Bump webpack from 5.77.0 to 5.78.0. Thank you, @dependabot
• #524: Update phpdevtoool v3 to v4, phpcsfixer v2 to v3. Thank you, @leemyongpakvn

Dashboard Products module

• #50: Fix category retrive for bestsellers. Thank you, @mflasquin

Dashboard Trends module

• #62: Removed deprecated methods displayNumber in class Tools. Thank you, @Progi1984

Distribution API

• #26: fix: workflow access token. Thank you, @MaxencePerrinPrestashop
• #25: Added filter on prerelease versions. Thank you, @nicosomb

Docker images

• #332: Add images for PS 1.7.8.9 and 8.0.4. Thank you, @mflasquin
• #331: Add images for PS 8.0.3. Thank you, @matthieu-rolland

Email Alerts module

• #127: Fix add action customer id. Thank you, @boherm

Example modules

• #143: Update version into Readme. Thank you, @PrestaEdit
• #142: Add an example of hooks in old product page. Thank you, @thomasnares
• #140: Bump minimist and mkdirp in /example_module_mailtheme. Thank you, @dependabot

Faceted search module

• #733: Replace oudated jquerySortable plugin by SortableJS lib. Thank you, @leemyongpakvn

GDPR module

• #209: Release 2.0.1. Thank you, @lartist
• #208: fix: db-prefix miss. Thank you, @fox-john
• #206: Removing require autoload.php in psgdpr.php and version bumping. Thank you, @lartist
• #205: Release 2.0.0. Thank you, @lartist
• #204: fix: path to sql install and update files. Thank you, @fox-john
• #203: fix: revert autowire service declarations. Thank you, @fox-john
• #201: Fix wordings. Thank you, @lartist
• #200: refactor: remove Router instance in controllers. Thank you, @fox-john
• #198: feat: update response into customer controller. Thank you, @fox-john

Google Analytics module

• #147: Fix typo. Thank you, @lartist
• #146: Release 4.2.2. Thank you, @lartist
• #145: Bump version. Thank you, @lartist
• #142: Fix wording. Thank you, @lartist

Google Sitemap module

• #163: Release 4.3.0. Thank you, @lartist
• #162: Fix wording. Thank you, @lartist

Hummingbird theme

• #492: refactor(product): simplify code. Thank you, @davidglezz

Issues Bot

• #104: Fix removing Waiting for author label behaviour. Thank you, @boherm
• #103: Fix license headers. Thank you, @matks

Keycloak_connector_demo

• #5: Fixed wording & configuration page. Thank you, @Progi1984
• #4: Bump phpstan/phpstan from 1.10.13 to 1.10.14. Thank you, @dependabot
• #3: Bump phpstan/phpstan from 1.10.11 to 1.10.13. Thank you, @dependabot
• #2: Bump phpstan/phpstan from 1.9.8 to 1.10.11. Thank you, @dependabot
• #1: Improvements on the module. Thank you, @Progi1984

Links list module

• #167: Replaces deprecated setHookDispatcher method. Thank you, @0x346e3730

MJML Theme Converter

• #29: Update wordings. Thank you, @lartist

Native-modules

• #1: Remove v2.0.0 for GPDR addon. Thank you, @nicosomb

Nightly board

• #119: Rework CD from Jenkins to GitHub Action . Thank you, @elodie-bil3

Pages not found module

• #24: Add stacking responsive table for mobile screen. Thank you, @leemyongpakvn

PrestaShop test scenarios

• #8: Fixed called tests in tests. Thank you, @Progi1984

Presthubot

• #124: Bump phpstan/phpstan from 1.10.13 to 1.10.14. Thank you, @dependabot
• #123: Bump guzzlehttp/guzzle from 7.5.0 to 7.5.1. Thank you, @dependabot
• #122: Bump phpunit/phpunit from 9.6.6 to 9.6.7. Thank you, @dependabot
• #121: Nightly : Migrate from nightly.prestashop.com to nightly.prestashop-project.org. Thank you, @Progi1984
• #120: Bump phpstan/phpstan from 1.10.11 to 1.10.13. Thank you, @dependabot
• #119: Bump phpstan/phpstan from 1.10.10 to 1.10.11. Thank you, @dependabot
• #118: Bump symfony/var-dumper from 5.4.21 to 5.4.22. Thank you, @dependabot
• #117: Bump symfony/dotenv from 5.4.21 to 5.4.22. Thank you, @dependabot
• #116: Bump phpstan/phpstan from 1.10.9 to 1.10.10. Thank you, @dependabot
• #115: Bump symfony/console from 5.4.21 to 5.4.22. Thank you, @dependabot

PrestonBot

• #139: Reproduce webhook behavior as cli. Thank you, @lartist

Product Comments module

• #159: Remove yarn dependency. Thank you, @leemyongpakvn

QA nightly results

• #68: Rework CD from Jenkins to GitHub Action. Thank you, @elodie-bil3

The PrestaShop open source project

• #177: Fix broken release cycle image. Thank you, @eternoendless
• #176: Reorganize content & add about page. Thank you, @eternoendless
• #175: Nightly : Migrate from nightly.prestashop.com to nightly.prestashop-project.org. Thank you, @Progi1984
• #174: remove misguiding notice. Thank you, @matthieu-rolland
• #168: Improves and refactor installHugo. Thank you, @leagris

Theme customization module

• #56: fix(bo): replace deprecated translation method. Thank you, @tleon
• #55: Replace removed deprecated methods in PS9. Thank you, @0x346e3730

Theme for the PrestaShop open source project website

• #10: Backport commits from upstream. Thank you, @eternoendless

Traces

• #38: Bump guzzlehttp/psr7 from 1.9.0 to 1.9.1. Thank you, @dependabot

Wishlist block module

• #217: Update phpdevtools to v4, phpcsfixer to v3 with Updated composer.lock. Thank you, @leemyongpakvn
• #212: Update eslint, downgrade copywebpack, remove uglify. Thank you, @leemyongpakvn

Thank you to the contributors whose pull requests were merged since the last Core Monthly Report: @0x346e3730, @AdrienPlx, @FabienPapet, @Hlavtox, @JBLach, @JevgenijVisockij, @LaBisquerie, @MaxencePerrinPrestashop, @PrestaEdit, @Prestaworks, @Progi1984, @Tofandel, @ValentinGratz, @aleksiuno, @boherm, @boubkerbribri, @cvng, @davidglezz, @dependabot, @elodie-bil3, @eternoendless, @fabienVernieres, @fox-john, @ga-devfront, @jolelievre, @kpodemski, @lartist, @laurentrousseau918, @leagris, @leemyongpakvn, @matks, @matthieu-rolland, @mflasquin, @micka-fdz, @nesrineabdmouleh, @nicosomb, @sowbiba, @thomasnares, @tleon, @tswfi, @web-cooking-factory, @zuk3975!

Thank you to the contributors whose PRs haven’t been merged yet! And of course, a big thank you to all those who contribute with issues and comments on GitHub!

Coding is only just one of the ways you can contribute. Here are some ideas on how you can get involved in the project.

If you need help with contributing or have questions about it, feel free to contact me, @kpodemski, on the project’s Slack.

Happy contributin’ everyone!