Follow us on Twitter X-Cart on Facebook Wiki
Shopping cart software Solutions for online shops and malls
 

X-Cart v4.1.11 released

 
Reply
   X-Cart forums > News and Announcements
 
Thread Tools
  #1  
Old 09-03-2008, 11:10 AM
  RichieRich's Avatar 
RichieRich RichieRich is offline
 

X-Adept
  
Join Date: Sep 2004
Location: London, England
Posts: 750
 

Default Re: X-Cart v4.1.10 released

$Id: CHANGELOG-4.1.11,v 1.1.2.6 2008/09/03 07:35:38 sheriff Exp $

----------------- X-CART v4.1.11 RELEASED

Important!
Starting from X-Cart 4.1.11 due to security reasons all special characters,
contained in the variables which are not included into trusted arrays, will be converted to entities.
Please keep this in mind if you do any code modifications.

Improvements:
-----------------

*SECURITY*

[+] 30 Jul 2008, Joy - Improvement (0047684): The trusted/untrusted provider feature has been added.
[+] 17 Jul 2008, Joy - Improvement (0047053): Installation script is now renamed after installation is finished.
[+] 27 May 2008, Joy - Improvement (0043012): The edit return details restriction was added to the customer front-end.
[!] 05 Aug 2008, Joy - Bug (0047444): Any provider had access to all possible export packs. Fixed.
[!] 30 Jul 2008, Joy - Bug (0047479): It was possible to subscribe to newsletters without going through the image procedure. Fixed.
[!] 30 Jul 2008, Joy - Bug (0042891): HTML tags were not removed from the GET, POST variables in the install.php script. Fixed.
[!] 28 Jul 2008, Joy - Bug (0045440): Several bugs in the files management functionality. Fixed.
[!] 17 Jul 2008, Joy - Bug (0046995): The data type casting was missing in several scripts. Fixed.

*PERFORMANCE*

[+] 04 Jun 2008, Max - Improvement (004364): Working with large numbers of products has been improved.
[+] 23 May 2008, Joy - Improvement (004291): The products search sorting has been improved.
[+] 19 May 2008, Zaa - Improvement (0042534): Product removing procedure has been improved.
[+] 08 May 2008, Zaa Improvement (0041370): Snapshot generation process has been improved.
[!] 31 Jul 2008, Joy - Bug (0042876): Memory_limit value was set incorrectly during upgrade. Fixed.
[!] 14 Jul 2008, Joy - Bug (0046680): Latest security patch caused an error if the store was located on a windows-based server. Fixed.
[!] 15 May 2008, Zaa - Bug (0042304): Setting Subscription pay dates on a server with Suhosin PHP extension sent the calendar script to an endless loop. Fixed.
[!] 14 May 2008, Max - Bug (0042203): Some database fields were not cleared during admin profile deleting process. Fixed.

*INTERFACE*

[+] 07 Jul 2008, Ferz - Improvement (0046177): A field name has been changed on the Google Analytics configuration page.
[+] 23 Jun 2008, Joy - Improvement (004494): The eSelect payment description note has been updated.
[+] 20 Jun 2008, Joy - Improvement (0044982): The unnecessary sort field (orderby) has been removed from the Product features chart page.
[+] 17 Jun 2008, Joy - Improvement (0042935): Several design changes in the Light and Lucid skin.
[+] 14 May 2008, Ferz - Improvement (0042179): The text field to add featured products to a category now cannot be edited.
[+] 13 May 2008, Ferz - Improvement (0042115): Displaying of the bill_message variable has been improved.
[+] 13 May 2008, Joy - Improvement (0041915): The Light&Lucid skin is now the default one during the installation process
[+] 12 May 2008, Ferz - Improvement (0041963): Some interactive forms have been removed from the printable version of product page.
[!] 14 Aug 2008, Ferz - Bug (0048677): W3C errors on 'secure login form' page. Fixed.
[!] 08 Jul 2008, Joy - Bug (0046176): A Feature Comparison option had a wrong language label. Fixed.
[!] 26 Jun 2008, Ferz - Bug (0045472): The list of special offers was sometimes displayed incorrectly. Fixed.
[!] 25 Jun 2008, Ferz - Bug (0045286): Google Analytics tracking code was presented twice on the invoice page. Fixed.
[!] 23 Jun 2008, Joy - Bug (0044902): In some cases the Fancy Categories submenu was not correctly shown on the 2-columns reversed template.
[!] 29 May 2008, Joy - Bug (0043459): The product navigation path was displayed incorrectly if wrong category parameter was defined in the URL. Fixed.
[!] 27 May 2008, Joy - Bug (0042983): Fancy Categories drop-down menus were not displayed on top of the windowed components in MSIE. Fixed.
[!] 14 May 2008, Max - Bug (0039925): A typo on the Appearance options page. Fixed.
[!] 13 May 2008, Joy - Bug (0041916): Typo error in the Bibit payment script. Fixed.
[!] 13 May 2008, Joy - Bug (0042061): The demo company address was changed.
__________________
Richard


Ultimate 5.4 testing
Reply With Quote
  #2  
Old 09-03-2008, 11:12 AM
  RichieRich's Avatar 
RichieRich RichieRich is offline
 

X-Adept
  
Join Date: Sep 2004
Location: London, England
Posts: 750
 

Default Re: X-Cart v4.1.10 released

*USABILITY*

[+] 04 Jul 2008, Joy - Improvement (0046007): Scrolling has been added to the product modify page after POST query when the "Display all dialogs for product editing on one page" configuration is set.
[+] 03 Jul 2008, Joy - Improvement (0045972): The state field on the Contact us page is now filled with the default state value.
[+] 18 Jun 2008, Joy - Improvement (0042943): A warning message has been added to the import script with the list of the sections that are not supported for importing.
[+] 10 Jun 2008, Zaa - Improvement (0044441): Search by company field has been added to the advanced order search functionality.
[+] 30 May 2008, Joy - Improvement (0042976): The write permissions checking has been added for the pages directory.
[+] 29 May 2008, Joy - Improvement (0043365): A non-active countries warning has been added to the Summary page.
[+] 28 May 2008, Joy - Improvement (0042925): Administrator is now able to select a crypting method on the test data encryption page.
[+] 27 May 2008, Joy - Improvement (0043010): Product amount information has been added to the return forms.
[+] 27 May 2008, Joy - Improvement (0043230): A JavaScript confirmation dialog has been added to the "restore file" procedure.
[+] 27 May 2008, Max - Improvement (004326): Search results sorting functionality has been improved (Referred sales page).
[+] 16 May 2008, Zaa - Improvement (0042442): It is now possible to see customer login from the Order details page and switch to his profile editing page.
[+] 14 May 2008, Zaa - Improvement (0031897): Error messaging in Froogle export has been improved.
[+] 13 May 2008, Joy - Improvement (0041922): The lost MySQL connection verification has been added.
[+] 13 May 2008, Joy - Improvement (0041907): The new "Order is queued customer notification" option has been added.
[+] 13 May 2008, Zaa - Improvement (0037599): Trouble-shooting information has been added to the installer.
[+] 08 May 2008, Zaa Improvement (0024326): Re-slice all images functionality has been added in X-Magnifier.
[!] 08 Aug 2008, Joy - Bug (0048609): Thumbnail images were not displayed when a product had variants. Fixed
[!] 29 Jul 2008, Joy - Bug (004783): Maximum zipcode length was not defined for several countries. Fixed.
[!] 17 Jul 2008, Ferz - Bug (004703): The "Thumbnail width in the products list" option value could not be empty or zero. Fixed.
[!] 16 Jul 2008, Ferz - Bug (0046882): Google ad-words redirection was functioning incorrectly. Fixed.
[!] 20 Jun 2008, Joy - Bug (0044849): There was a possibility to redirect from the error message page using func_header_location. Fixed.
[!] 19 Jun 2008, Joy - Bug (0044943): The Froogle service does not support the language attribute now. Removed.
[!] 10 Jun 2008, Zaa - Bug (0044437): Sorting direction was not specified in the Edit ratings section. Fixed.
[!] 28 May 2008, Max - Bug (0043431): Detailed images/product images were not displayed. Fixed.
[!] 27 May 2008, Max - Bug (004324): Advertising campaigns management was switched to Add mode if a user selected any campaign and modified it. Fixed.
[!] 20 May 2008, Joy - Bug (0042643): Thumbnail images could not be uploaded if file names contained spaces and quote symbols. Fixed.
[!] 15 May 2008, Zaa - Bug (0042299): The subscription module allowed to enter negative values for Pay period. Fixed.
[!] 14 May 2008, Max - Bug (0042113): Clicking on the "If JavaScript is disabled in your browser click here" changed the skin to Light & Lucid. Fixed.

*ORDERS*

[+] 29 May 2008, Max - Improvement (0043446): Shipping method name is now stored in the order.

*SHIPPING/TAXES*

[+] 19 May 2008, Ferz - Improvement (0042362): USPS shipping methods have been updated.
[!] 29 Aug 2008, Joy - Bug (0049852): The Google Checkout module did not work with the local and international shippings that had same name. Fixed.
[!] 24 Jul 2008, Joy - Bug (0047463): Defined shipping methods were not available in several cases. Fixed.
[!] 18 Jul 2008, Ferz - Bug (004209): Data was cleared from the form in UPS Online Tools after a user clicked on the Fill from profile button. Fixed.
[!] 24 Jun 2008, Ferz - Bug (0045235): If taxes for a tax exempt product had already been calculated, these taxes were not removed and the product was considered as having taxes in X-AOM. Fixed.
[!] 29 May 2008, Max - Bug (0043534): The same price was displayed for all the shipping methods during editing order totals in X-AOM. Fixed.
[!] 13 May 2008, Zaa - Bug (0042064): Shipping label generator always used flat rates for USPS Express Mail. Fixed.
__________________
Richard


Ultimate 5.4 testing
Reply With Quote
  #3  
Old 09-03-2008, 11:14 AM
  RichieRich's Avatar 
RichieRich RichieRich is offline
 

X-Adept
  
Join Date: Sep 2004
Location: London, England
Posts: 750
 

Default Re: X-Cart v4.1.10 released

*PAYMENT*

[!] 29 Jul 2008, Joy - Bug (0046420): PayPal did not allow to use empty StateOrProvince field in DirectPayment transactions. Fixed.
[!] 17 Jul 2008, Joy - Bug (0046937): There was an open php tag in several payment scripts. Fixed.
[!] 15 Jul 2008, Joy - Bug (0046820): The total amount in the Protx Form response could contain additional delimiters. Fixed.
[!] 03 Jul 2008, Ferz - Bug (0045935): Processing credit cards using NetRegistry gateway was functioning incorrectly. Fixed.
[!] 24 Jun 2008, Joy - Bug (0045169): The Linkpoint payment script did not correctly define the AVS response. Fixed.
[!] 23 Jun 2008, Joy - Bug (0044821): The payment cluster key command did not work in some cases in the Triple Deal payment. This option was moved to the admin defined option. Fixed.
[!] 03 Jun 2008, Ferz - Bug (0043845): Nochex payment method worked incorrectly, if order prefix contained a slash. Fixed.
[!] 27 May 2008, Max - Bug (0043253): iDeal Advanced payment module caused PHP warnings in test mode. Fixed.
[!] 15 May 2008, Joy - Bug (0042249): After the online payment procedure in several cases the script did not log the payment errors. Fixed.

*CHECKOUT*

[+] 15 May 2008, Joy - Improvement (0042326): New "online payment checkout processing notices" logging option has been added. If the online payment transaction is approved and X-Cart finds some errors then the checkout notice will be logged.
[!] 08 Aug 2008, Joy - Bug (0048545): County name was missed on the Fast Lane Checkout module templates. Fixed.
[!] 20 May 2008, Joy - Bug (0042419): Discount was calculated incorrectly if a discount coupon and tax were set up in different units. Fixed.
[!] 14 May 2008, Max - Bug (0042180): The Google checkout button was disabled when a gift certificate was bought. Fixed.

*IMPORT/EXPORT*

[!] 17 Jul 2008, Joy - Bug (0047437): Several import sections were unavailable in Simple mode. Fixed.
[!] 14 Jul 2008, Joy - Bug (0046704): The POST query was restricted in the import scripts when imported provider was changed. Fixed.
[!] 16 Jun 2008, Ferz - Bug (0044333): Timestamp for exported orders/users was incorrect. Fixed.
[!] 27 May 2008, Joy - Bug (004321): The time zone offset checking functionality had wrong value limits. Fixed.
[!] 20 May 2008, Joy - Bug (0042745): It was possible to enter a negative product price using the import products functionality. Fixed.
[!] 14 May 2008, Ferz - Bug (0042167): During exporting of order items, the product options of the ordered product were not exported. Fixed.

*USERS*

[!] 18 Jul 2008, Ferz - Bug (0047125): User profile could not be modified after the latest security patch has been applied. Fixed.

*BACKUP/RESTORE*

[!] 26 Jun 2008, Ferz - Bug (0045450): DB backup/restore functionality did not work. Fixed.

*PATCH/UPGRADE*

[!] 24 Jun 2008, Joy - Bug (0035384): The temporary files were not correctly removed during the patch procedure. Fixed.

*LANGUAGES*

[!] 16 May 2008, Zaa - Bug (003590): A non-logged in user could not switch the store language after visiting html-catalog. Fixed.
[!] 16 May 2008, Zaa - Bug (0034824): A non-logged in user could not switch the store language in IE7 or Navigator 9.0b1. Fixed.
[!] 14 May 2008, Joy - Bug (0042162): Multi-language products and categories tables were not updated during product and categories import. Fixed.

*MODULES/ADD-ONS*

[!] 06 Aug 2008, Joy - Bug (0048479): It was allowed to use incorrect paths for the Gift Certificates preview templates. Fixed.
[!] 17 Jul 2008, Joy - Bug (0046637): The gift certificate template file path could be non-allowed. Fixed.
[!] 07 Jul 2008, Ferz - Bug (0046009): The retail price for the variant turned to $0 when updating the wholesale price. Fixed.
[!] 30 Jun 2008, Joy - Bug (0045573): Gift certificates could be used twice when order status was changed from 'Declined' to 'Processed'. Fixed.
[!] 28 May 2008, Max - Bug (0043361): Advanced statistics module displayed the number of orders, containing the specified products, not the number of sold items of these products. Fixed.
[!] 28 May 2008, Joy - Bug (0043272): AOM restricted price editing for Egoods products. Fixed.
[!] 26 May 2008, Joy - Bug (0042906): The product with the variants was removed from the cart if the quantity in stock was less than the ordered quantity in the cart. Fixed.
[!] 26 May 2008, Max - Bug (0043182): Search on partner commissions page did not work. Fixed.
[!] 13 May 2008, Joy - Bug (0041453): Wrong type of images on the Product Configurator page in the customer area. Fixed.


----------------- X-CART v4.1.10 RELEASED
__________________
Richard


Ultimate 5.4 testing
Reply With Quote
  #4  
Old 09-03-2008, 11:26 PM
 
intel352 intel352 is offline
 

X-Wizard
  
Join Date: Dec 2005
Posts: 1,071
 

Default Re: X-Cart v4.1.10 released

Quote:
Originally Posted by Changelog
Important!
Starting from X-Cart 4.1.11 due to security reasons all special characters,
contained in the variables which are not included into trusted arrays, will be converted to entities.
Please keep this in mind if you do any code modifications.

Ah interesting, I'll have to do some testing to ensure this doesn't affect my addons.

Funny how the email from Qualiteam minimized the size of this upgrade, yet it's still a pretty sizable changelog. Regardless, gj Qualiteam
__________________
-Jon Langevin
WARNING: Unethical developer - NOT RECOMMENDED
See details here
Reply With Quote
  #5  
Old 09-04-2008, 03:19 AM
 
balinor balinor is offline
 

Veteran
  
Join Date: Oct 2003
Location: Connecticut, USA
Posts: 30,253
 

Default Re: X-Cart v4.1.11 released

Would be nice if Qualiteam could verify that this release includes ALL of the recent security patches (I would assume it does)
__________________
Padraic Ryan
Ryan Design Studio
Professional E-Commerce Development
Reply With Quote
  #6  
Old 09-04-2008, 04:00 AM
  Ene's Avatar 
Ene Ene is offline
 

X-Cart team
  
Join Date: Aug 2004
Posts: 907
 

Default Re: X-Cart v4.1.11 released

Quote:
Would be nice if Qualiteam could verify that this release includes ALL of the recent security patches

Yes. This release includes all of the security patches.
__________________
Eugene Kaznacheev,
Evangelist/Product Manager at Ecwid: http://www.ecwid.com/ (since Sept 2009)

ex-Head of X-Cart Tech Support Department
ex- X-Cart Hosting Manager - X-Cart hosting
ex-X-Cart Technical Support Engineer


Note: For the official guaranteed tech support services please turn to the Customers HelpDesk.
Reply With Quote
  #7  
Old 09-04-2008, 04:46 AM
 
intel352 intel352 is offline
 

X-Wizard
  
Join Date: Dec 2005
Posts: 1,071
 

Default Re: X-Cart v4.1.11 released

Just a note, applied the 4.1.11 patch against 4.1.10, now logins don't work.

Troubleshooting, but just an early FYI. Hopefully this is specific to my own install and won't happen for everyone.

EDIT: interesting, I had to clear browser cookies to get it to work properly. Just FYI in case that happens to anyone else.
__________________
-Jon Langevin
WARNING: Unethical developer - NOT RECOMMENDED
See details here
Reply With Quote
  #8  
Old 09-04-2008, 05:31 AM
 
tobychapman tobychapman is offline
 

Senior Member
  
Join Date: Sep 2005
Location: France
Posts: 112
 

Default Re: X-Cart v4.1.11 released

"due to security reasons all special characters, contained in the variables which are not included into trusted arrays, will be converted to entities"

Could you please explain ? What do you mean by variables ?

As I save each template some spaces are being converted to little squares. Is this related, or is this a different problem ?
__________________
XCart Gold 4.0.18
Fedora 6 - Apache 2.2.4 - PHP 5.1.6 - MySQL 5.0.27
www.goose.fr
Reply With Quote
  #9  
Old 09-04-2008, 05:48 AM
 
carpeperdiem carpeperdiem is offline
 

X-Guru
  
Join Date: Jul 2006
Location: New York City, USA
Posts: 5,399
 

Default Re: X-Cart v4.1.11 released

Quote:
Originally Posted by intel352
Just a note, applied the 4.1.11 patch against 4.1.10, now logins don't work.

Troubleshooting, but just an early FYI. Hopefully this is specific to my own install and won't happen for everyone.

EDIT: interesting, I had to clear browser cookies to get it to work properly. Just FYI in case that happens to anyone else.

Jon,

Thanks for sharing. A good habit after an upgrade is to clear everything, recompile templates, cookies, cache, etc. (on both your server and local browsers). This SHOULD be in the X-cart docs...
__________________
xcart 4.5.4 gold+ w/x-payments 1.0.6; xcart gold 4.4.4
Reply With Quote
  #10  
Old 09-04-2008, 07:58 AM
 
EN4U EN4U is offline
 

eXpert
  
Join Date: Feb 2008
Location: AZ
Posts: 379
 

Default Re: X-Cart v4.1.11 released

Question....

As states here...

!] 24 Jun 2008, Joy - Bug (0045169): The Linkpoint payment script did not correctly define the AVS response. Fixed.

We use linkpoint. Wondering what exactly does this mean and how does the current broken code in my build effect my sales or lack there of?
__________________
Regards, Dan
X-Cart Gold Version 4.1.10

1 - One page checkout
2 - Image Generator
3 - CSDEO Pro
4 - Shop By Price
5 - Next - Previous
6 - On Sale
7 - Shop By Price

8 - Froogle & Google Base Feed
9 - Buy Together
10 - Customer Loyalty Points
11 - Customer Reward Points
Customer Reward Points Referral Add-on
12 - Product Reviews
13 - Other Custom Modifications
----------------------
http://www.townsqjewelry.com/
http://www.eroticnights4u.com/ <---- Adult Oriented - Toys
Reply With Quote
Reply
   X-Cart forums > News and Announcements



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -8. The time now is 03:09 PM.

   

 
X-Cart forums © 2001-2020