Results 1 to 2 of 2
  1. #1
    Join Date
    Jan 2004
    Posts
    66,363
    Blog Entries
    7
    Plugin Contributions
    274

    Default v1.3.7 Released !

    v1.3.7 has been released !!!
    and can be downloaded here



    A couple important notes if upgrading:
    1. If you are using the PayPal IPN module, please write down your settings, then remove the module and re-install it, and then fill in your settings again.
    2. If you are using the AuthorizeNet AIM module, please write down your settings, then remove the module and re-install it, and then fill in your settings again.




    About v1.3.7

    SECURITY UPDATES. There are two important security updates related to XSS vulnerabilities included in this release. YOU SHOULD PREPARE TO UPGRADE ASAP While exploitation risk is only moderate, it is wise to plan your upgrade ASAP.


    Zen Cart v1.3.7 is officially PayPal-Certified for PayPal Express Checkout

    PayPal Express Checkout
    NOTE: This is *not* Website Payments Pro -- it is presently only Express Checkout, which can be used with any PayPal "business" or "premier" account. See the configuration instructions for setup details.

    Some of the features include:
    • NO LONGER RELIES ON IPN POST-BACKS TO RELEASE ORDERS *
    • Requires CURL for operation, and supports CURL by Proxy if required by hosting server
    • Customers can initiate Express Checkout directly from the Shopping-Cart page or from the Login page (if they have something in their shopping cart already)
    • Depending on configuration settings, checkout could be done in two clicks at your site (apart from processing login and address selection on the PayPal site).
      - can auto-select "cheapest"-available shipping method for the customer
      - can skip the payment-selection page if no coupons or gift certificates are active
      - customer can jump directly from PayPal page to confirmation page to complete an order
    • PayPal can still be selected from the regular payments page as a regular option instead of Express Checkout if the customer prefers or requires such an approach.
    • PayPal invoices can now include detailed line-item transaction information (as long as no discounts were applied to the order)
    • Merchant can now "require" that the customer supply a PayPal-"confirmed" address
    • If an account doesn't already exist for the customer using express-checkout, it is auto-created for them. If the customer purchases downloads or gift certificates, their password is emailed to them along with the create-account welcome message. This can be always-on by default if the module's settings are configured as such.
    • Supports all 17 currencies supported by PayPal
    • Refund all or part of an order directly from Admin
    • PayPal page-style support built-in
    • Still uses IPN functionality to update orders when status is changed in PayPal account, but orders will not be held
    • Older PayPal IPN payment module can still be used, or can be turned off in lieu of this one


    Configuration instructions can be found here: PayPal Express Checkout Setup Instructions
    (Module needs the PayPal API Username, Password, and Signature key, which you can obtain from your PayPal profile screens -- see the link above for details.)

    Future enhancements will include Website Payments Pro support and UK-merchant support.


    Other Features Added in v1.3.7:
    • Split login page -- is auto-activated if using PayPal Express Checkout with an active cart. Can also be enabled by default via a Layout switch in the admin area, regardless of PayPal module status.
    • Logoff button added to Checkout-Success page
    • Stylesheet: Added #indexHomeBody to identify the "home" page. This also means that a css file named "home.css" can now optionally be used to override just the home page.
    • Breadcrumb switch for Home page: Added switch to Admin->Configuration->Layout Settings for breadcrumb to show on home page or not
    • Security-sensitive configuration keys (such as passwords) can now be set to be displayed obfuscated. New functions added: zen_cfg_password_input() & zen_cfg_password_display() allow this.
    • Refund Support for compliant payment modules: Admin orders page can now hook into an order-refund method if a given payment module has support for such built-in.
    • Credit Card choice auto-selection - Credit Card fields on built-in payment modules will now auto-select that payment module if the customer clicks in one of the fields for the module. This prevents the need for them to click on a certain radio-button to choose their desired module.
    • Shipping Estimator now has dynamically-updated pulldowns similar to create-account
    • Copyright Date now auto-updates based on current year



    Changes in this release
    • Change: CSS -- Some template ID tags were changed to classes because they are rendered from inside a loop and may be repeated on the page
    • Change: Updated some payment modules to display "not configured" alerts if appropriate
    • Change: free-shipping-icon switch at product-type level now affects both product listing and template
    • Change: when a customer creates an account during the checkout flow, they do not see the create_account_success page; instead, they go back to the checkout page they came from


    Older PayPal IPN Module changes:
    • PayPal IPN: Important bugfix related to properly processing data via SSL
    • PayPal IPN: Added override to prevent PayPal from adding tax to orders


    Other bugfixes applied
    • Bugfix: installer no longer requires "admin" folder be named "admin" just to upgrade database
    • Bugfix: ez-pages name set for HEADING_TITLE constant for consistency and tracking
    • Bugfix: ez-pages problem fixed with header -- was preventing prev/next navigation since 1.3.6
    • Bugfix: removed stray </a> tag from gv-send template
    • Bugfix: search was returning error if only a space was entered for search criteria
    • Bugfix: removed vulgar comments embedded in htmlarea code by its original authors
    • Bugfix: MySQL5 error on admin copy-to-confirm script and on coupon_admin values
    • Bugfix: MySQL5 syntax fixes to install script for BLOB and TEXT fields
    • Bugfix: improved warnings on USPS shipping module for those who don't read instructions
    • Bugfix: media-manager was crashing if the media folder was not writable
    • Bugfix: fixed uninitialized array in create_account_success related to displaying address info
    • Bugfix: fixed gv_redeem page logic to verify whether a given code is a GV vs a coupon
    • Bugfix: added missing javascript for coupon popupwindow link on account-history-info pages
    • Bugfix: down-for-maintenance was not properly listening to alternate redirection logic
    • Bugfix: relocated <form> element in admin product-preview page so that forms in product descriptions wouldn't break the preview page
    • Bugfix: GV redeem amounts weren't converting currencies correctly
    • Bugfix: REMOTE_ADDR is now restricted to a single and sanitized value
    • Bugfix: button_sold_out_sm.gif image file rebuilt
    • Bugfix: button_delete_small.gif implemented
    • Bugfix: added "small" search button
    • Bugfix: PHP 5.2.0 quirk now accounted for
    • Bugfix: fix HTML email line-breaks for attributes and comments in order emails
    • Bugfix: turn off alpha filter on categories with subcats and no immediate products
    • Bugfix: email options for sendmail-f were inconsistently working
    • Bugfix: email error messages were not displaying the actual errors
    • Bugfix: html-formatted emails weren't displaying CC type if CC used for payment
    • Bugfix: fixed misnamed button on address book page
    • Bugfix: Fixed popup windows to regain focus if accidentally pushed behind current window
    • Bugfix: rare JS validator script problem fixed on payment page
    • Bugfix: some programming changes implementing require_once/include_once to prevent duplicate loading of components if calling from modular points
    • Bugfix: on fresh installs, if GV module wasn't removed and re-installed, the order-status key wasn't made available. Thus, orders paid-in-full via GV were set to the store's default order status upon completion. (In most cases this was still okay.)
    • Bugfix: techsupp.php utility wasn't register-globals friendly. Changed+enhanced+sanitized.
    • Other: example zip files in the /download folder fixed -- now are working zip's


    NOTES:
    * PayPal Express Checkout module *does* rely on IPN support to release orders if the customer is paying via echeck (it notfies you when the echeck clears) or if you have your PayPal account configured such that you have to manually accept orders placed with a non-confirmed address, etc. As such, it is still important to have your IPN infrastructure working. See here for assistance on configuring PayPal IPN support: http://www.zen-cart.com/wiki/index.php/PayPal
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  2. #2
    Join Date
    Jan 2004
    Posts
    66,363
    Blog Entries
    7
    Plugin Contributions
    274

    Default Re: v1.3.7 Released !

    NOTE: two small bugs were fixed overnight and the ZIP has been updated to include the fixes.
    You can get the new [FONT="Courier New"]zen-cart-v1.3.7-full-fileset-12302006.zip [/FONT]by following the download link posted above, or from the SourceForge link in the lower-right corner of this page.

    Changes between the 12292006.zip and the 12302006.zip file are:

    1. For upgraders, the database-upgrade script was missing part of the new breadcrumb switch options. Simply re-running the database-upgrade script should suffice.
      Or you can manually apply this single additional SQL fix after upgrading using the 12292006 edition:
      Code:
      UPDATE configuration set configuration_description = 'Enable the Breadcrumb Trail Links?<br />0= OFF<br />1= ON<br />2= Off for Home Page Only', set_function = 'zen_cfg_select_option(array(\'0\', \'1\', \'2\'), ' WHERE configuration_key = 'DEFINE_BREADCRUMB_STATUS';
      BUT -- you still need to download the new ZIP in order to deal with this part:

      .
    2. The PayPal Express Checkout module was updated to handle some error conditions in a more friendly way. Simply replace the /includes/modules/payment/paypalwpp.php file from the updated ZIP.
      The symptom indicating the need to update this file is:
      Warning: Missing argument 3 for _errorhandler() in /public_html/includes/modules/payment/paypalwpp.php on line 2447
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

 

 

Similar Threads

  1. v1.3.8a Released!
    By DrByte in forum Zen Cart Release Announcements
    Replies: 1
    Last Post: 11 Dec 2007, 11:30 PM
  2. v1.3.5 Released !
    By DrByte in forum Zen Cart Release Announcements
    Replies: 2
    Last Post: 6 Sep 2006, 03:20 AM
  3. v1.3.0.2 Released
    By DrByte in forum Zen Cart Release Announcements
    Replies: 0
    Last Post: 22 Jun 2006, 01:55 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR