Byla uvolněna nová verze Zen-Cart 1.3.7!!!
POZOR: Kdo stahoval soubor s datumem ....12292006.zip tak si stáhněte
aktuální opravenou verzi .....12302006.zip
Více o verzi 1.3.7 (kopie anglického textu)
SECURITY UPDATES. There are two important security updates related to XSS vulnerabilities included in this release. YOU SHOULD PREPARE TO UPGRADE ASAP
While exploitation risk is only moderate, it is wise to plan your upgrade ASAP.
Zen Cart v1.3.7 je oficiálně certifikován pro expresní PayPal platby
(bohužel pouze pro US zákazníky)
PayPal Express Checkout
(ONLY supports North American PayPal accounts at the present time (ie: UK merchants *not* yet supported))
NOTE: This is *not* Website Payments Pro -- it is presently only Express Checkout, which can be used with any North-American-based PayPal "business" or "premier" account. See the configuration instructions for setup details.
Novinky přidané do verze 1.3.7:
- Split login page -- is auto-activated if using PayPal Express Checkout with an active cart. Can also be enabled by default via a Layout switch in the admin area, regardless of PayPal module status.
- Logoff button added to Checkout-Success page
- Stylesheet: Added #indexHomeBody to identify the "home" page. This also means that a css file named "home.css" can now optionally be used to override just the home page.
- Breadcrumb switch for Home page: Added switch to Admin->Configuration->Layout Settings for breadcrumb to show on home page or not
- Security-sensitive configuration keys (such as passwords) can now be set to be displayed obfuscated. New functions added: zen_cfg_password_input() & zen_cfg_password_display() allow this.
- Refund Support for compliant payment modules: Admin orders page can now hook into an order-refund method if a given payment module has support for such built-in.
- Credit Card choice auto-selection - Credit Card fields on built-in payment modules will now auto-select that payment module if the customer clicks in one of the fields for the module. This prevents the need for them to click on a certain radio-button to choose their desired module.
- Shipping Estimator now has dynamically-updated pulldowns similar to create-account
- Copyright Date now auto-updates based on current year
Some of the features include:
- NO LONGER RELIES ON IPN POST-BACKS TO RELEASE ORDERS
- Requires CURL for operation, and supports CURL by Proxy if required by hosting server
- Customers can initiate Express Checkout directly from the Shopping-Cart page or from the Login page (if they have something in their shopping cart already)
- Depending on configuration settings, checkout could be done in two clicks at your site (apart from processing login and address selection on the PayPal site).
- can auto-select "cheapest"-available shipping method for the customer
- can skip the payment-selection page if no coupons or gift certificates are active
- customer can jump directly from PayPal page to confirmation page to complete an order
- PayPal can still be selected from the regular payments page as a regular option instead of Express Checkout if the customer prefers or requires such an approach.
- PayPal invoices can now include detailed line-item transaction information (as long as no discounts were applied to the order)
- Merchant can now "require" that the customer supply a PayPal-"confirmed" address
- If an account doesn't already exist for the customer using express-checkout, it is auto-created for them. If the customer purchases downloads or gift certificates, their password is emailed to them along with the create-account welcome message. This can be always-on by default if the module's settings are configured as such.
- Supports all 17 currencies supported by PayPal
- Refund all or part of an order directly from Admin
- PayPal page-style support built-in
- Still uses IPN functionality to update orders when status is changed in PayPal account, but orders will not be held
- Older PayPal IPN payment module can still be used, or can be turned off in lieu of this one
Configuration instructions can be found here: PayPal Express Checkout Setup Instructions
(Module needs the PayPal API Username, Password, and Signature key, which you can obtain from your PayPal profile screens -- see the link above for details.)
Future enhancements will include Website Payments Pro support and UK-merchant support. Changes in this release
Older PayPal IPN Module changes:
- Change: CSS -- Some template ID tags were changed to classes because they are rendered from inside a loop and may be repeated on the page
- Change: Updated some payment modules to display "not configured" alerts if appropriate
- Change: free-shipping-icon switch at product-type level now affects both product listing and template
- Change: when a customer creates an account during the checkout flow, they do not see the create_account_success page; instead, they go back to the checkout page they came from
Other bugfixes applied
- PayPal IPN: Important bugfix related to properly processing data via SSL
- PayPal IPN: Added override to prevent PayPal from adding tax to orders
- Bugfix: installer no longer requires "admin" folder be named "admin" just to upgrade database
- Bugfix: ez-pages name set for HEADING_TITLE constant for consistency and tracking
- Bugfix: ez-pages problem fixed with header -- was preventing prev/next navigation since 1.3.6
- Bugfix: removed stray tag from gv-send template
- Bugfix: search was returning error if only a space was entered for search criteria
- Bugfix: removed vulgar comments embedded in htmlarea code by its original authors
- Bugfix: MySQL5 error on admin copy-to-confirm script and on coupon_admin values
- Bugfix: MySQL5 syntax fixes to install script for BLOB and TEXT fields
- Bugfix: improved warnings on USPS shipping module for those who don't read instructions
- Bugfix: media-manager was crashing if the media folder was not writable
- Bugfix: fixed uninitialized array in create_account_success related to displaying address info
- Bugfix: fixed gv_redeem page logic to verify whether a given code is a GV vs a coupon
- Bugfix: down-for-maintenance was not properly listening to alternate redirection logic
- Bugfix: relocated
- Bugfix: GV redeem amounts weren't converting currencies correctly
- Bugfix: REMOTE_ADDR is now restricted to a single and sanitized value
- Bugfix: button_sold_out_sm.gif image file rebuilt
- Bugfix: button_delete_small.gif implemented
- Bugfix: added "small" search button
- Bugfix: PHP 5.2.0 quirk now accounted for
- Bugfix: fix HTML email line-breaks for attributes and comments in order emails
- Bugfix: turn off alpha filter on categories with subcats and no immediate products
- Bugfix: email options for sendmail-f were inconsistently working
- Bugfix: email error messages were not displaying the actual errors
- Bugfix: html-formatted emails weren't displaying CC type if CC used for payment
- Bugfix: fixed misnamed button on address book page
- Bugfix: Fixed popup windows to regain focus if accidentally pushed behind current window
- Bugfix: rare JS validator script problem fixed on payment page
- Bugfix: some programming changes implementing require_once/include_once to prevent duplicate loading of components if calling from modular points
- Bugfix: on fresh installs, if GV module wasn't removed and re-installed, the order-status key wasn't made available. Thus, orders paid-in-full via GV were set to the store's default order status upon completion. (In most cases this was still okay.)
- Bugfix: techsupp.php utility wasn't register-globals friendly. Changed+enhanced+sanitized.
- Other: example zip files in the /download folder fixed -- now are working zip's