Results 1 to 2 of 2
  1. #1
    Join Date
    Jun 2003
    Plugin Contributions

    Default Zen Cart v1.3.9g -- Released!

    What's New In v1.3.9g:
    Download available here:

    Contains new Security Fixes

    Updates include:
    • CHANGE-74 - Security: Fix LFI/FD threat
    • CHANGE-74 - Security: Fix bSQLi vulnerability
    • CHANGE-74 - Security: Fix multiple XSS vulnerabilities
    • BUGSFORUM-1514 - Added admin warning page to prevent admin use if admin folder hasn't been renamed. (For XSS prevention and other security reasons, to deter hackers.)
    • BUGSFORUM-1514 - Added admin warning page to prevent admin use if zc-install folder hasn't been deleted
    • BUGSFORUM-531 - Fix to prevent "2006 MySQL server has gone away" messages
    • BUGSFORUM-1116 - Fix htmlspecialchars problem in ezpages
    • BUGSFORUM-1422 - Fix intermittent PayPal Express Checkout error 10413 & 10417 with large quantities and items on sale
    • BUGSFORUM-1438 - Improvements to canonical <link> support to minimize duplicate content reports
    • BUGSFORUM-1459 - Fix PayPal Express/Pro 10413 problem caused by rounding error with shipping taxes
    • BUGSFORUM-1472 - Set httpOnly attribute in session cookies, to minimize XSS risks
    • BUGSFORUM-1473 - Fix debug log problem
    • BUGSFORUM-1475 - Fix occasional Linkpoint problem when discounts/coupons are used
    • BUGSFORUM-1481 - Remove layout table in PayPal Pro VBV message
    • BUGSFORUM-1482 - Checkout Confirmation occassionally takes user back to log in after multiple purchases in one shopping session
    • BUGSFORUM-1490 - Fix PayPal Express Checkout quirk where customers selecting PP addresses for countries deleted from store would still be allowed to checkout
    • BUGSFORUM-1498 - Fix small quirk where debug history order numbers might have trailing additional digits in debug data
    • BUGSFORUM-1499 - Fix PayPal echecks problem where echecks wouldn't activate the order when cleared, due to a problem introduced when fixing a duplicate-orders issue in v1.3.9d
    • BUGSFORUM-1507 - Security: Fix multiple XSS vulnerabilities
    • BUGSFORUM-1515 - Security: Fix multiple XSS vulnerabilities
    • BUGSFORUM-1519 - uninitialized variable causing odd display results if an error condition occurs
    • BUGSFORUM-1520 - Fix error where deleting an order wasn't removing associated download records.
    • BUGSFORUM-1522 - Featured, Specials, What's New sidebox div correction
    • BUGSFORUM-1527 - PayPal display bug in admin when Transaction IDs start with 0
    • ADDED: option added to disable PayPal Express Checkout shortcut button for those merchants whose customers are confused by it. However, it's best to leave it on for the added benefit of increased sales and conversions.
    • MINOR: small fix to modules to prevent a brief delay from occurring when drawing the admin modules->payments screen
    • MINOR: added .xsl to approved filetypes in /includes/.htaccess
    • Removed obsolete cache.php language file

    If you're upgrading from v1.3.9a or b or c or d or e or f, you can simply update the files listed in EACH OF the various "Changelog for v1.3.9b" and "c" and "d" and "e" and "f" in the /docs/ folder of the download zip.
    (There are no database changes between v1.3.9a-b-c-d-e-f-g.)
    (there's no need to remove/re-install payment modules between "d" and "e" and "f" and "g")

    If you're upgrading from v1.3.8a or older versions, you need to follow the FULL upgrade instructions, also in your /docs/ folder

    It is advisable to clear your browser cache and cookies after upgrading, before attempting to access your Admin section. Old admin cookies may prevent you from logging in until you clear the cache and cookies and restart the browser.


    Many people have asked about the "missing ?> at the end of some PHP files".
    This is INTENTIONAL, and explained here:
    It is NOT an error in the files or the download.
    Please do not PM for support issues: a private solution doesn't benefit the community.

    Be careful with unsolicited advice via email or PM - Make sure the person you are talking to is a reliable source.

  2. #2
    Join Date
    Jan 2004
    Blog Entries
    Plugin Contributions

    Default Re: Zen Cart v1.3.9g -- Released!

    Documentation errata:

    Two files were changed that are not in the changelog file:
    - /includes/classes/payment.php
    - /includes/modules/payment/paypal/tpl_ec_button.php

    There may be a few other files that have ONLY a change in the date stamp in their header, but no other changes. Those files are intentionally NOT listed in the changelog.

    Also note: A small bug exists in admin editing screens, caused by some security protections added in this release. Temporary workaround is posted here:

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.



Similar Threads

  1. Zen Cart v1.5.4 Released!
    By DrByte in forum Zen Cart Release Announcements
    Replies: 0
    Last Post: 31 Dec 2014, 08:57 PM
  2. Zen Cart v1.5.3 Released!
    By DrByte in forum Zen Cart Release Announcements
    Replies: 0
    Last Post: 5 Jul 2014, 05:11 AM
  3. Zen Cart v1.3.9e -- Released!
    By Kim in forum Zen Cart Release Announcements
    Replies: 1
    Last Post: 28 Jul 2010, 05:43 PM
  4. Zen Cart v1.3.9a -- Released!
    By DrByte in forum Zen Cart Release Announcements
    Replies: 1
    Last Post: 2 May 2010, 12:17 AM


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
Zen-Cart, Internet Selling Services, Klamath Falls, OR