Explore advanced SEO techniques tailored for PrestaShop users in this comprehensive guide. Learn how to optimize your online store with strategic content, technical enhancements, and effective off-page tactics to significantly boost your search engine ranking and drive traffic, ensuring your PrestaShop platform achieves its full potential.
PrestaShop 8 is a major update that brings an updated Symfony 4.4 version, compatibility with PHP 8.1, new password policy and session management features, support for WebP, and more.
If you don't know what an XSS (Cross-Site Scripting) flaw is, I recommend that you do a quick search on the Internet. The most common XSS error is using GET or POST values in templates.
Even though PrestaShop has been using the PDO library since version 1.5, it still does not call some important methods, such as bindParam() or bindValue(), which are designed to protect SQL queries. So we have to protect them manually.
Of your PHP files that are in your modules, you should only have class definitions and no dots - except for Ajax scripts (and again, you should only go through front or admin controllers). It is still recommended to prohibit access to all subdirectories containing PHP files or templates.
Directory listing functionality is enabled by default on many web servers. And, depending on your host, it will be more or less easy to deactivate it.