I have just spent 2 days straight upgrading a site from v1.2.6 -> v1.3.5, so humor me as I vent a bit. I wouldn't have bothered with the update except for multiple notifications I have seen/ received regarding security risks, specifically SQL injection attacks. Vulnerability to SQL injection attacks in an e-commerce package isn't good. The mistake that I made here was failing to archive the database so that I could revert it to its 1.2.6 state. After taking the database through its numerous updates to reach v1.3.5 I installed the latest copy of ZenCart. Then I moved my client's template into the new directory and all hell broke loose! Things just didn't work. After reinstalling the v1.2.6 backup, the site worked until you try to log in/ checkout. I was in a Catch-22: I could spend a considerable amount of time trying to revert the database to its 1.2.6 state (but then the site would still be vulnerable) or I could just figure out why the template wasn't working with the new code.
This was a nightmare. 95% of the changes I had made to the 1.2.6 ZenCart were stored to the custom templates directory. The other 5% were made to the core code itself. Re-applying the changes to the core wasn't too difficult (not much to do), but the template files were EXTREMELY difficult. First, filenames have changed, or what was once a single file is now comprised of 2 or 3 new files. Talk about a wild goose chase trying to track down where the code now resides within the template directory. Moving code was a real headache, but even layout/ style elements have changed DRASTICALLY! In comparison to the small iterative changes I have seen in the past, v1.3.5 should have been numbered v2.0 or something to indicate that it is absolutely incompatible with the previous 1.2.x version. I don't expect major compatibility issues in point upgrades.
Once all the functionality was in place and layout was largely fixed, the next problem was CSS. Many of the CSS identifiers have gotten a name change FOR NO GOOD REASON! I was trying to figure out which old identifier translated to which new identifier. Although the identifier names have changed, their purpose remains largely unchanged. Why were CSS identifier names changed? That effectively breaks 100% of the v.1.2.x templates out there. My current solution isn't elegant (tacked old CSS onto the end of the new CSS and removed some of the easier to spot redundancies... for a whopping 32K CSS file).
I think the reality is this: if you're attempting to upgrade your site from 1.2.x -> 1.3.5, you're going to have to redesign your web site (unless you're using the default ZenCart template). This is the same problem I have seen with Linux distributions... you decide to upgrade to the latest version of Linux for security reasons and your apps break or your system won't start. The way the Linux world solves the problem is committing to supporting a particular distribution for x years. That is to say, there should have been a 1.2.6a -> 1.2.6b security upgrade which affects only the code that is unsecure.
Yes, ZenCart is free. Yes, ZenCart has done lots of good things for code that was derived from the stagnant osCommerce core. Until now I would not have hesitated to recommend it to others. But what I am observing is this: what started out as complex code is becoming increasingly complex as parts are split, then split again; code is deeply interwined in design elements; it seems that a lot of effort went into upgrading the default template from its original ugly orange design to a new CSS-based green design that is nearly as ugly (a waste of time); many plug-ins seem to no longer be compatible; and many of those plug-ins can no longer be found after the ZenCart site update.
I would prefer to see a focus shift from changing the way things work to IMPROVING the way things work. Focus on security. Focus on improved usability (the admin interface is a jumbled mess). By changing the whole template system, you throw away the valuable efforts others have put into building custom templates (some for free). By drastically changing the way the code works, you throw away the valuable effort developers have put into coding plug-ins.
It is not my intention to anger anyone. This is simply my perspective from "in the trenches." I hope it is taken as constructive criticism and a helpful warning to anyone else attempting a similar upgrade. Thanks for all the hard work ZenCart.
Bookmarks