Upgrading to 1.3.9f - few questions

[WhitePhantom]

Hi all,

I'm in the process of trying to upgrade from 1.3.8a to 1.3.9f - feels pretty daunting at the moment, but hopefully I'll get there in one piece!!

My PHP5 is currently running as a cgi application - I set it this way when I was setting things up, (not sure why I chose that option), but I have uploaded 1.3.9f to a ZC_New folder and when I go to do the install it warns me about this ("The session.use_trans_sid setting in your server's PHP.INI file is set to ON. This could potentially cause you some problems with session handling and possibly even security concerns.") I tried working around this by settng a .htaccess parameter, but it made no difference, so I checked with my hosting company. The support dept there said I can change it to an Apache module no problem - however they also said:

"Running PHP5 as a CGI application is generally seen as more secure as it runs as your own user on the server. This means that it uses a set of permissions that no other user has access to. The downside is that you cannot set php variables in a .htaccess file.

Running PHP5 as an Apache module does mean that you can set these php variables however you may run into permission issues when you try to edit files as any files created by the website will become owned by the apache user which you then cannot edit.

Switching from CGI to Apache is relatively simple and you should have no problems doing this, however switching from Apache to CGI is not quite as simple as some of the website files may be owned by the Apache user and you will need to contact us to change the permissions on the files."

What to do???

Also, how often do I need to upgrade? It seems like a rather unnerving undertaking, specially when I read things like "However, you will see many extra differences that may not be related to your own customizations, or that may conflict. Be careful making changes to program code." I don't want to go through this process every time a minor change comes out!

TIA,
J.

[stevesh]

I can't address the CGI thing, but as for your second question, you need to upgrade every time a new version is released.

The upgrade from 1.3.8 to 1.3.9 is fairly complicated, but upgrading from one 1.3.9 version to another is just a matter of copying files. You still have to look at the list of changed files to see if you have overriden any through customization or installing mods, but most of the updated files (so far) aren't files that are often modified.

[kobra]

What to do???

As cgi it does provide additional security especially is they also employ SUEXEC & PHPSUEXEC -
Ask them if you can use a local php.ini file to control your session.use_trans_sid setting

[WhitePhantom]

Thanks guys,

Re. upgrading - every time there's a letter change? So when it changes from 1.3.9f to 1.3.9g I'll have to upgrade again? Noooo!

I asked my hosting company about using a local php.ini file, and they said they could, but that "it looks quite complicated to set up and run, and may lead to problems in the long run. I would reccomend just switching it to Apache mode where you can set the settings in
the .htaccess file."

The website is in its own webspace, with no other sites in that webspace, so based on that they said that "Since it is on its own webspace you shouldn't run into any difficulties with running this in Apache mode. The only thing to look out for is that if you need to edit any files owned by the Apache user they need to have the 777 permissions (beware that this is a rather insecure permission setting to use so use it sparingly)."

I changed the PHP5 support to Apache module, and did a re-check on the system inspection - I am now getting lots of errors about files / directories not being writable, so I guess I need to chmod them? To 777? 664? They're mostly 644 at the moment.

I don't want to do this any more! I want to go and live on top of a mountain and look after goats!!

J.

[DrByte]

Re. upgrading - every time there's a letter change? So when it changes from 1.3.9f to 1.3.9g I'll have to upgrade again?

Yes, but a minor letter-change upgrade is basically just replacing a small handful of files.

[WhitePhantom]

Thanks all,

Well I got brave and started into it, and it hasn't been too bad (so far!)

I'm working my way through WinMerge, and I'm not sure what to do about files that are showing up as different - with some of them, they are listed as 'Text files are different', but when I go in to check the differences, it displays a message saying that the files are identical...??

With others, eg. when I compare the zen_backup/includes/templates/<my template> and the zen_138a/includes/templates/template_default folder it tells me that, eg. tpl_header.php is different - what do I do then? Do I just create the <my template> folder inside the folder containing the new version and copy across those files that are showing up?

And there are others that I don't recognise at all, I'm not aware of having modified them - eg. admin/includes/functions/html_output.php - what do I do with them?

Some of the files have minor changes, like a line that reads "$link = ereg_replace('&', '&amp;', $link);" in one file is "$link = preg_replace('/&/', '&amp;', $link);" in the other.

Sorry for all the questions, I'm just not experienced enough with this to be sure which differences require some work, and which don't.

Many thanks!

[DrByte]

Look at it from another angle: Basically you're redoing your site with new files. (No, don't let that thought scare you.)
The reason you're using WinMerge is to identify *your* customizations vs original files. Armed with what *you* have changed, you can quickly repeat those changes in the *new* files.

So, in the case where you're seeing changes to files you've not touched, you'll just copy that new file over directly.
In the case of a file where you *did* change something for your needs, you'll want to use the new file, and then redo your changes in that new file. The info you see in WinMerge (comparing your current files against OLD original files) will let you know what needs changing/adding/editing in the new files. That way you can leave *other* changes in the new files alone (ie: you need to let the ereg() stuff be replaced with the preg() stuff, cuz that's important ... and you most likely didn't touch anything related to that when you had done your own customizing, so you'd only touch the *other* stuff in that file that *you* had made edits to).

[WhitePhantom]

Thanks DrByte,

I'm still a little confused though. I've got three ZenCart folders at this stage:

1. The ftp download I did of my entire current site. I called that folder zen_backup

2. The original 1.3.8a which I downloaded earlier today from the 'older versions' link, as I couldn't find the download I did back along when I was getting my store set up. I called that folder zen_138a.

3. The new version, 1.3.9f. I called that folder zen_139f.

To take an example, there are some differences between the application_top.php files in my zen_backup/admin/includes folder, and the zen_138a/admin/includes folder. These are not changes that I have (knowingly) made, unless they were made because of something I did in the store admin, but I don't think so - like the following lines appear in the zen_138a folder, but are completely absent in the zen_backup folder:

/*
* turn off magic-quotes support, for both runtime and sybase, as both will cause problems if enabled
*/
set_magic_quotes_runtime(0);
if (@ini_get('magic_quotes_sybase') != 0) @ini_set('magic_quotes_sybase', 0);

I have no idea what these lines mean. I have checked that same file in the zen_139f folder, and they are also absent. So do I copy them into the new application_top.php file?

I am in the same quandry with many of the changes that are showing up through WinMerge - I don't know why they are there in the original 138a file, but not in the site transfer that I have done.

I really do appreciate your time, patience and help.

[DrByte]

Those lines are probably in the 1.3.9 file but in a different form. But, since the latest version of PHP makes them redundant (deprecated actually), you don't need them.


Keep in mind that if you've applied any patches to your site, then those patched files will cause you to see mismatches between your zen_backup and your zen_138a files. Sorry; you'll have to sort those out individually. Fortunately most of those files aren't things *you* would normally have touched in the course of customizing typical functionality.

[WhitePhantom]

Thanks for that.

I don't think I've applied any patches, but I've been learning / doing so many new things lately that I can't remember. Can I basically just carry across the changes that I know I made?

When you say "Fortunately most of those files aren't things *you* would normally have touched in the course of customizing typical functionality." do you mean 1.3.9f will handle them? I'm really puzzled about how I'm supposed to know which changes I need to replicate and which I don't!

One of my download site files have the following:
/**
* BOF Security Patch v138 20090619
*/
$form .= '<input type="hidden" name="securityToken" value="' . $_SESSION['securityToken'] . '" />';
/**
* EOF Security Patch v138 20090619
*/

but the equivalent 138a file doesn't - can I take it that 1.3.9f will have that security patch and I don't need to worry about it?

Another of my downloaded site files shows date_diff while the 138a equivalent shows zen_date_diff - the 139f equivalent file also has zen_date_diff. Things like this I can ignore, yes?

In fact, the more I look through the differences, the more I think there are little or no changes that I need to worry about! Most (maybe all) of my changes were template overrides, which I will re-apply once I have the new version installed.

Maybe this upgrade thing is not so bad after all... or maybe I'm missing something!