Re: X-Cart v4.1.10 released
 

$Id: CHANGELOG-4.1.11,v 1.1.2.6 2008/09/03 07:35:38 sheriff Exp $

----------------- X-CART v4.1.11 RELEASED

Important!
Starting from X-Cart 4.1.11 due to security reasons all special characters,
contained in the variables which are not included into trusted arrays, will be converted to entities.
Please keep this in mind if you do any code modifications.

Improvements:
-----------------

*SECURITY*

[+] 30 Jul 2008, Joy - Improvement (0047684): The trusted/untrusted provider feature has been added.
[+] 17 Jul 2008, Joy - Improvement (0047053): Installation script is now renamed after installation is finished.
[+] 27 May 2008, Joy - Improvement (0043012): The edit return details restriction was added to the customer front-end.
[!] 05 Aug 2008, Joy - Bug (0047444): Any provider had access to all possible export packs. Fixed.
[!] 30 Jul 2008, Joy - Bug (0047479): It was possible to subscribe to newsletters without going through the image procedure. Fixed.
[!] 30 Jul 2008, Joy - Bug (0042891): HTML tags were not removed from the GET, POST variables in the install.php script. Fixed.
[!] 28 Jul 2008, Joy - Bug (0045440): Several bugs in the files management functionality. Fixed.
[!] 17 Jul 2008, Joy - Bug (0046995): The data type casting was missing in several scripts. Fixed.

*PERFORMANCE*

[+] 04 Jun 2008, Max - Improvement (004364): Working with large numbers of products has been improved.
[+] 23 May 2008, Joy - Improvement (004291): The products search sorting has been improved.
[+] 19 May 2008, Zaa - Improvement (0042534): Product removing procedure has been improved.
[+] 08 May 2008, Zaa Improvement (0041370): Snapshot generation process has been improved.
[!] 31 Jul 2008, Joy - Bug (0042876): Memory_limit value was set incorrectly during upgrade. Fixed.
[!] 14 Jul 2008, Joy - Bug (0046680): Latest security patch caused an error if the store was located on a windows-based server. Fixed.
[!] 15 May 2008, Zaa - Bug (0042304): Setting Subscription pay dates on a server with Suhosin PHP extension sent the calendar script to an endless loop. Fixed.
[!] 14 May 2008, Max - Bug (0042203): Some database fields were not cleared during admin profile deleting process. Fixed.

*INTERFACE*

[+] 07 Jul 2008, Ferz - Improvement (0046177): A field name has been changed on the Google Analytics configuration page.
[+] 23 Jun 2008, Joy - Improvement (004494): The eSelect payment description note has been updated.
[+] 20 Jun 2008, Joy - Improvement (0044982): The unnecessary sort field (orderby) has been removed from the Product features chart page.
[+] 17 Jun 2008, Joy - Improvement (0042935): Several design changes in the Light and Lucid skin.
[+] 14 May 2008, Ferz - Improvement (0042179): The text field to add featured products to a category now cannot be edited.
[+] 13 May 2008, Ferz - Improvement (0042115): Displaying of the bill_message variable has been improved.
[+] 13 May 2008, Joy - Improvement (0041915): The Light&Lucid skin is now the default one during the installation process
[+] 12 May 2008, Ferz - Improvement (0041963): Some interactive forms have been removed from the printable version of product page.
[!] 14 Aug 2008, Ferz - Bug (0048677): W3C errors on 'secure login form' page. Fixed.
[!] 08 Jul 2008, Joy - Bug (0046176): A Feature Comparison option had a wrong language label. Fixed.
[!] 26 Jun 2008, Ferz - Bug (0045472): The list of special offers was sometimes displayed incorrectly. Fixed.
[!] 25 Jun 2008, Ferz - Bug (0045286): Google Analytics tracking code was presented twice on the invoice page. Fixed.
[!] 23 Jun 2008, Joy - Bug (0044902): In some cases the Fancy Categories submenu was not correctly shown on the 2-columns reversed template.
[!] 29 May 2008, Joy - Bug (0043459): The product navigation path was displayed incorrectly if wrong category parameter was defined in the URL. Fixed.
[!] 27 May 2008, Joy - Bug (0042983): Fancy Categories drop-down menus were not displayed on top of the windowed components in MSIE. Fixed.
[!] 14 May 2008, Max - Bug (0039925): A typo on the Appearance options page. Fixed.
[!] 13 May 2008, Joy - Bug (0041916): Typo error in the Bibit payment script. Fixed.
[!] 13 May 2008, Joy - Bug (0042061): The demo company address was changed.

Re: X-Cart v4.1.10 released
 

*USABILITY*

[+] 04 Jul 2008, Joy - Improvement (0046007): Scrolling has been added to the product modify page after POST query when the "Display all dialogs for product editing on one page" configuration is set.
[+] 03 Jul 2008, Joy - Improvement (0045972): The state field on the Contact us page is now filled with the default state value.
[+] 18 Jun 2008, Joy - Improvement (0042943): A warning message has been added to the import script with the list of the sections that are not supported for importing.
[+] 10 Jun 2008, Zaa - Improvement (0044441): Search by company field has been added to the advanced order search functionality.
[+] 30 May 2008, Joy - Improvement (0042976): The write permissions checking has been added for the pages directory.
[+] 29 May 2008, Joy - Improvement (0043365): A non-active countries warning has been added to the Summary page.
[+] 28 May 2008, Joy - Improvement (0042925): Administrator is now able to select a crypting method on the test data encryption page.
[+] 27 May 2008, Joy - Improvement (0043010): Product amount information has been added to the return forms.
[+] 27 May 2008, Joy - Improvement (0043230): A JavaScript confirmation dialog has been added to the "restore file" procedure.
[+] 27 May 2008, Max - Improvement (004326): Search results sorting functionality has been improved (Referred sales page).
[+] 16 May 2008, Zaa - Improvement (0042442): It is now possible to see customer login from the Order details page and switch to his profile editing page.
[+] 14 May 2008, Zaa - Improvement (0031897): Error messaging in Froogle export has been improved.
[+] 13 May 2008, Joy - Improvement (0041922): The lost MySQL connection verification has been added.
[+] 13 May 2008, Joy - Improvement (0041907): The new "Order is queued customer notification" option has been added.
[+] 13 May 2008, Zaa - Improvement (0037599): Trouble-shooting information has been added to the installer.
[+] 08 May 2008, Zaa Improvement (0024326): Re-slice all images functionality has been added in X-Magnifier.
[!] 08 Aug 2008, Joy - Bug (0048609): Thumbnail images were not displayed when a product had variants. Fixed
[!] 29 Jul 2008, Joy - Bug (004783): Maximum zipcode length was not defined for several countries. Fixed.
[!] 17 Jul 2008, Ferz - Bug (004703): The "Thumbnail width in the products list" option value could not be empty or zero. Fixed.
[!] 16 Jul 2008, Ferz - Bug (0046882): Google ad-words redirection was functioning incorrectly. Fixed.
[!] 20 Jun 2008, Joy - Bug (0044849): There was a possibility to redirect from the error message page using func_header_location. Fixed.
[!] 19 Jun 2008, Joy - Bug (0044943): The Froogle service does not support the language attribute now. Removed.
[!] 10 Jun 2008, Zaa - Bug (0044437): Sorting direction was not specified in the Edit ratings section. Fixed.
[!] 28 May 2008, Max - Bug (0043431): Detailed images/product images were not displayed. Fixed.
[!] 27 May 2008, Max - Bug (004324): Advertising campaigns management was switched to Add mode if a user selected any campaign and modified it. Fixed.
[!] 20 May 2008, Joy - Bug (0042643): Thumbnail images could not be uploaded if file names contained spaces and quote symbols. Fixed.
[!] 15 May 2008, Zaa - Bug (0042299): The subscription module allowed to enter negative values for Pay period. Fixed.
[!] 14 May 2008, Max - Bug (0042113): Clicking on the "If JavaScript is disabled in your browser click here" changed the skin to Light & Lucid. Fixed.

*ORDERS*

[+] 29 May 2008, Max - Improvement (0043446): Shipping method name is now stored in the order.

*SHIPPING/TAXES*

[+] 19 May 2008, Ferz - Improvement (0042362): USPS shipping methods have been updated.
[!] 29 Aug 2008, Joy - Bug (0049852): The Google Checkout module did not work with the local and international shippings that had same name. Fixed.
[!] 24 Jul 2008, Joy - Bug (0047463): Defined shipping methods were not available in several cases. Fixed.
[!] 18 Jul 2008, Ferz - Bug (004209): Data was cleared from the form in UPS Online Tools after a user clicked on the Fill from profile button. Fixed.
[!] 24 Jun 2008, Ferz - Bug (0045235): If taxes for a tax exempt product had already been calculated, these taxes were not removed and the product was considered as having taxes in X-AOM. Fixed.
[!] 29 May 2008, Max - Bug (0043534): The same price was displayed for all the shipping methods during editing order totals in X-AOM. Fixed.
[!] 13 May 2008, Zaa - Bug (0042064): Shipping label generator always used flat rates for USPS Express Mail. Fixed.

Re: X-Cart v4.1.10 released
 

*PAYMENT*

[!] 29 Jul 2008, Joy - Bug (0046420): PayPal did not allow to use empty StateOrProvince field in DirectPayment transactions. Fixed.
[!] 17 Jul 2008, Joy - Bug (0046937): There was an open php tag in several payment scripts. Fixed.
[!] 15 Jul 2008, Joy - Bug (0046820): The total amount in the Protx Form response could contain additional delimiters. Fixed.
[!] 03 Jul 2008, Ferz - Bug (0045935): Processing credit cards using NetRegistry gateway was functioning incorrectly. Fixed.
[!] 24 Jun 2008, Joy - Bug (0045169): The Linkpoint payment script did not correctly define the AVS response. Fixed.
[!] 23 Jun 2008, Joy - Bug (0044821): The payment cluster key command did not work in some cases in the Triple Deal payment. This option was moved to the admin defined option. Fixed.
[!] 03 Jun 2008, Ferz - Bug (0043845): Nochex payment method worked incorrectly, if order prefix contained a slash. Fixed.
[!] 27 May 2008, Max - Bug (0043253): iDeal Advanced payment module caused PHP warnings in test mode. Fixed.
[!] 15 May 2008, Joy - Bug (0042249): After the online payment procedure in several cases the script did not log the payment errors. Fixed.

*CHECKOUT*

[+] 15 May 2008, Joy - Improvement (0042326): New "online payment checkout processing notices" logging option has been added. If the online payment transaction is approved and X-Cart finds some errors then the checkout notice will be logged.
[!] 08 Aug 2008, Joy - Bug (0048545): County name was missed on the Fast Lane Checkout module templates. Fixed.
[!] 20 May 2008, Joy - Bug (0042419): Discount was calculated incorrectly if a discount coupon and tax were set up in different units. Fixed.
[!] 14 May 2008, Max - Bug (0042180): The Google checkout button was disabled when a gift certificate was bought. Fixed.

*IMPORT/EXPORT*

[!] 17 Jul 2008, Joy - Bug (0047437): Several import sections were unavailable in Simple mode. Fixed.
[!] 14 Jul 2008, Joy - Bug (0046704): The POST query was restricted in the import scripts when imported provider was changed. Fixed.
[!] 16 Jun 2008, Ferz - Bug (0044333): Timestamp for exported orders/users was incorrect. Fixed.
[!] 27 May 2008, Joy - Bug (004321): The time zone offset checking functionality had wrong value limits. Fixed.
[!] 20 May 2008, Joy - Bug (0042745): It was possible to enter a negative product price using the import products functionality. Fixed.
[!] 14 May 2008, Ferz - Bug (0042167): During exporting of order items, the product options of the ordered product were not exported. Fixed.

*USERS*

[!] 18 Jul 2008, Ferz - Bug (0047125): User profile could not be modified after the latest security patch has been applied. Fixed.

*BACKUP/RESTORE*

[!] 26 Jun 2008, Ferz - Bug (0045450): DB backup/restore functionality did not work. Fixed.

*PATCH/UPGRADE*

[!] 24 Jun 2008, Joy - Bug (0035384): The temporary files were not correctly removed during the patch procedure. Fixed.

*LANGUAGES*

[!] 16 May 2008, Zaa - Bug (003590): A non-logged in user could not switch the store language after visiting html-catalog. Fixed.
[!] 16 May 2008, Zaa - Bug (0034824): A non-logged in user could not switch the store language in IE7 or Navigator 9.0b1. Fixed.
[!] 14 May 2008, Joy - Bug (0042162): Multi-language products and categories tables were not updated during product and categories import. Fixed.

*MODULES/ADD-ONS*

[!] 06 Aug 2008, Joy - Bug (0048479): It was allowed to use incorrect paths for the Gift Certificates preview templates. Fixed.
[!] 17 Jul 2008, Joy - Bug (0046637): The gift certificate template file path could be non-allowed. Fixed.
[!] 07 Jul 2008, Ferz - Bug (0046009): The retail price for the variant turned to $0 when updating the wholesale price. Fixed.
[!] 30 Jun 2008, Joy - Bug (0045573): Gift certificates could be used twice when order status was changed from 'Declined' to 'Processed'. Fixed.
[!] 28 May 2008, Max - Bug (0043361): Advanced statistics module displayed the number of orders, containing the specified products, not the number of sold items of these products. Fixed.
[!] 28 May 2008, Joy - Bug (0043272): AOM restricted price editing for Egoods products. Fixed.
[!] 26 May 2008, Joy - Bug (0042906): The product with the variants was removed from the cart if the quantity in stock was less than the ordered quantity in the cart. Fixed.
[!] 26 May 2008, Max - Bug (0043182): Search on partner commissions page did not work. Fixed.
[!] 13 May 2008, Joy - Bug (0041453): Wrong type of images on the Product Configurator page in the customer area. Fixed.


----------------- X-CART v4.1.10 RELEASED

Re: X-Cart v4.1.10 released
 

Ah interesting, I'll have to do some testing to ensure this doesn't affect my addons.

Funny how the email from Qualiteam minimized the size of this upgrade, yet it's still a pretty sizable changelog. Regardless, gj Qualiteam

Re: X-Cart v4.1.11 released
 

Would be nice if Qualiteam could verify that this release includes ALL of the recent security patches (I would assume it does)

Re: X-Cart v4.1.11 released
 

Yes. This release includes all of the security patches.

Re: X-Cart v4.1.11 released
 

Just a note, applied the 4.1.11 patch against 4.1.10, now logins don't work.

Troubleshooting, but just an early FYI. Hopefully this is specific to my own install and won't happen for everyone.

EDIT: interesting, I had to clear browser cookies to get it to work properly. Just FYI in case that happens to anyone else.

Re: X-Cart v4.1.11 released
 

"due to security reasons all special characters, contained in the variables which are not included into trusted arrays, will be converted to entities"

Could you please explain ? What do you mean by variables ?

As I save each template some spaces are being converted to little squares. Is this related, or is this a different problem ?

Re: X-Cart v4.1.11 released
 

Jon,

Thanks for sharing. A good habit after an upgrade is to clear everything, recompile templates, cookies, cache, etc. (on both your server and local browsers). This SHOULD be in the X-cart docs...

Re: X-Cart v4.1.11 released
 

Question....

As states here...

!] 24 Jun 2008, Joy - Bug (0045169): The Linkpoint payment script did not correctly define the AVS response. Fixed.

We use linkpoint. Wondering what exactly does this mean and how does the current broken code in my build effect my sales or lack there of?

Re: X-Cart v4.1.10 released
 

Looking at the DIFF files, a lot of them do nothing but "update" the version number and date of the file.

Re: X-Cart v4.1.11 released
 

I traced the little black squares problem to a php file that hadn't saved properly.

As to the HTML entities, the handling of   has changed since I last worked on a template. " €" is converted to " €" in a template. Why is   changed and not €? Is ths a security issue?

In fact are all instances of " " changed to " " before being saved in the database? Is this what is meant by variables? Or is it just some sections of the database?

Does variables refer to language variables? Unix servers have never been very friendly to accented characters and non english alphabets. What is now the best practice for saving accented characters in the database?

Re: X-Cart v4.1.10 released
 

lmfao, I've seen that happen in other updates as well. Quite annoying if you ask me, if you're having to manually patch files and keep running across DIFFs like that. :?

Re: X-Cart v4.1.11 released
 

Hi Jon or Anyone!

Edit--> Worked through the blank page and now live on 4.1.11 - Info on the link below

Any clues why during the upgrade after step 1 is all ok that in step 2 the page goes to a blank x-cart/admin/patch.php?mode=result page?

This has happened to 2 of us now. More details in the upgrading section http://forum.x-cart.com/showthread.php?t=42176

Thank you,

Paul

Re: X-Cart v4.1.11 released
 

Minor disaster doing this upgrade, but I am getting through it. Big problems with some include/func/*.php upgrades, and then some new security mechanism locked me out of my store because the SQL patch had not been applied. So I applied the patch through phpmyadmin.

Noted a discrepancy in

include/templater/plugins/modifier.escape.php ...already patched

In fact the gold version I downloaded for reference does not match the patch version.

include\templater\plugins\modifier.escape.php

case 'htmlall':
$string = func_unhtmlentities($string);

is not the same in the gold version. So should I take it out of the patched version or should Qualiteam add it to the gold version?

George

Re: X-Cart v4.1.11 released
 

Hi George,

My include/templater/plugins/modifier.escape.php from 4.1.10 was "could not patch" with the differences shown below

Code in 4.1.10 after both security patches <--edited

Code in 4.1.11

Hope this helps,

Paul

Re: X-Cart v4.1.11 released
 

I found the cause of the discrepancy - there was a security patch dated 7-31 which I applied

+++ include/templater/plugins/modifier.escape.php 2008-07-31 16:23:54.000000000 +0400
@@ -50,12 +50,14 @@

switch ($esc_type) {
case 'html':
+ $string = func_unhtmlentities($string);
if (phpversion() >= '4.1.0')
return htmlspecialchars($string, ENT_QUOTES, $char_set);
else
return htmlspecialchars($string, ENT_QUOTES);

case 'htmlall':
+ $string = func_unhtmlentities($string);
if (phpversion() >= '4.1.0')
return htmlentities($string, ENT_QUOTES, $char_set);
else


But the line after htmlall is not in the gold version distributive nor in the new patch. No idea if this is important or not. Could be nothing, or could be the cause of future subtle bugs impossible to track down.

Re: X-Cart v4.1.11 released
 

How important is this update? For instance, we use linkpoint, and linkpoint is pointed out in the docs. DOES this mean my current version is messed up with this processor?

Just trying to figure out if this truly needs to be done for that alone and other levels?

Thanks

Re: X-Cart v4.1.11 released
 

You make an excellent point! Did QT mean to remove this line in 4.1.11 or did they forget to add it in from the second security patch???
Edited 9/8 --> Vyacheslav from Qualiteam was nice enough to reply that in 4.1.11 this line is not needed due to changes in other files.

Re: X-Cart v4.1.11 released
 

re: html entities

I have most of my database encoded using html entities like &eacute. These still display correctly and I can create descriptions using them, however I cannot edit these items without losing most of the codes.

Try some of these for yourself:

&acute; U+00B4
&AElig; U+00C6
&aelig; U+00E6
&Agrave; U+00C0
&agrave; U+00E0
&alefsym; U+2135
&Alpha; U+0391
&alpha; U+03B1
&amp; U+0026

It seems like all the entities which are less than hex x00FF value cannot be edited in xcart.

Can Qualiteam please confirm if this is expected behaviour now? The message in the changelog about entities is very vague.

Thanks

Re: X-Cart v4.1.11 released
 

If you use AVS for Linkpoint transactions, the answer is "Yes". Sometimes X-Cart 4.1.10 marks "Linkpoint" orders as processed even in the case of a failed address verification for them.

If you don't use AVS for Linkpoint transactions, you won't notice a difference.


In 4.1.11 this line is not needed due to changes in other files.

Re: X-Cart v4.1.11 released
 

I got this error on the UPS:
Error processing request at UPS
This measurement system is not valid for the selected country. (errorcode: 111057)
----------------------------
I fixed


I fixed! I put a wrong configuration on the UPS Tools Settings.

Thanks a lot!

Re: X-Cart v4.1.11 released
 

I have noticed that in the Company Options when i add the
company address in Greek after saving i cannot see them correctly
even though i can use the variables at my template.
Same thing happens at General Options with the currency symbol.

Re: X-Cart v4.1.11 released
 

I upgraded from 4.1.9 to 4.1.11 and now paypal is broken.. I get that damn express checkout token is missing error..

Re: X-Cart v4.1.11 released
 

nevermind.. I tried it from another computer / ip address and my payment worked.

Re: X-Cart v4.1.11 released
 

I am running 4.1.10, Do I have to upgrade or just leave it at 4.1.10?

Re: X-Cart v4.1.11 released
 

Is it just me, or are these upgrades increasingly unstable out of the gate?

I'm getting from 4.1.9 to 4.1.10-11 attempts to upgrade all kinds of errors ... just in attempting the SQL patch alone.

Either it's the platform I'm on, or the programmers are not up on their craft.

Re: X-Cart v4.1.11 released
 

X-Cart...

I love you guys. I was one of your first customers using the early version of X-Cart. I started a one person company and grew to a medium size business all thanks to X-Cart.

But why don't you guys give us a one page checkout upgrade already?

* many X-Cart users nodding in agreement *

Re: X-Cart v4.1.11 released
 

I went from v 4.1.10 to 4.1.11 and they changed the database again.

I tried to do the patch/upgrade from a totally unmodified version and got problems.
Went for the fresh install them import tables direct into the database

Re: X-Cart v4.1.11 released
 

I am about to setup a new store with x-cart. Should I go with the v4.1.11 or should I stick with v4.1.10?

Re: X-Cart v4.1.11 released
 

We are using both, a site that was upgraded from 4.0.x to 4.1.10 and a new site using 4.1.11. No problems with 4.1.11 (but there are some limitations that I will address in a minute), but we did choose not to upgrade the 4.1.10 store to 4.1.11 because of some of the "security improvements" in the process.

Now the limitations. The 4.1.11 version, and the security patches for earlier versions create a scenario where only lowercase letters and numbers 0 through 9 may be used as usernames. This means that a customer can not use their email address, their name (usually capitalized), anything with hypens, dashes, dollar signs, etc, as part of their username. To compound this problem, there is no warning given to the customer other than the "Please make sure you properly filled in all the required fields!" type generic message.

More on this here http://forum.x-cart.com/showthread.php?t=41583

That said, you should probably use 4.1.11 and do the following.
1. Make the modification suggested at http://forum.x-cart.com/showthread.php?t=41583&page=4 ... Post #38.

Make a change in register.php to allow capital letters

to


2. Add a notation to skin1/main/register_account.tpl telling the customer to use letters and numbers only (we changed register.php to allow Caps).
In skin1/main/register_account.tpl, find
It is after where it says {* NOT anonymous account *}

and change it to
Added {$lng.txt_numbers_letters_only} before the closing </td>

Then go to admin and in the languages section add the txt_numbers_letters_only variable. We used "(Letters and Numbers only)". This will place this text just to the right of where the customer enters their username when registering, and it seems to work fine.

Re: X-Cart v4.1.11 released
 

I try to delete a product and I got this message on the top of my page.

INVALID SQL: 1054 : Unknown column 'xcart_categories.categoryid' in 'on clause'
SQL QUERY FAILURE:SELECT IF(xcart_categories_lng.category != '', xcart_categories_lng.category, xcart_categories.category) as category FROM xcart_categories, xcart_products_categories LEFT JOIN xcart_categories_lng ON xcart_categories.categoryid = xcart_categories_lng.categoryid AND xcart_categories_lng.code = 'US' WHERE xcart_products_categories.productid = '1' AND xcart_products_categories.categoryid = xcart_categories.categoryid AND xcart_products_categories.main = 'Y'


Could you please hepl me out and let me know who to fix it. I just have a fresh install and 10 products.

Thanks!

Re: X-Cart v4.1.11 released
 

http://forum.x-cart.com/showthread.php?t=42499&page=2

Re: X-Cart v4.1.11 released
 

God bless you!

Thank you!

Re: X-Cart v4.1.11 released
 

Thanks Ene!

I got this error on my database: I delete a product before your patch. Could you please help me to fix this error?

Error: The table xcart_ge_products contains some records for which related data in the table xcart_products has not been found:
productid: 3

Thank you so much!

Re: X-Cart v4.1.11 released
 

Just delete all rows from the xcart_ge_products table.

Re: X-Cart v4.1.11 released
 

Thank you!

I have a last question... When I in admin and I create a new product...
I have: Product details/Thumbnail and Product image.
When I upload a photo to Thumbnail after I save it I have a option to delete it (perfect) but when I upload a photo to Product image after I save it I don't have a option to delete it just a option to change image...

How can I have a option as Thumbnail to delete image?


Thank you so much for all your help!

Re: X-Cart v4.1.11 released
 

This will stop me from updating to 4.1.11

What would happen to customers that already had uppercase letters in usernames?

Uppercase AND lowercase AND symbols ARE A PART OF STRONG SECURITY!!!!!!
Why not just have all users log in as user and all admins log in as admin :(

Re: X-Cart v4.1.11 released
 

I imported all customers from my really old version and the there aren't many log in failures
I applied the JWait mod to allow capitals (thanks) All old customers can log in using their old details including capitals,spaces,underscore etc -why would x-cart make such a backward step??

Re: X-Cart v4.1.11 released
 

Light Speed, Check the thread mentioned earlier
( http://forum.x-cart.com/showthread.php?t=41583 ) as it has a fix for this.
Also check page 4 of the same thread.

Please note that you need to pay attention to the variables "eregi" and "!preg_match" depending on what version you have (it really should be in your signature). You can choose to allow uppercase letters and symbols if you want to but since it is part of a security update I chose uppercase letters only as the thing added. It has no effect on existing customers or passwords, just new user names only.