Skip to content
Find file
Fetching contributors…
Cannot retrieve contributors at this time
312 lines (199 sloc) 9.25 KB
What's new in each version of Interchange
(since the version 5.4 branch)
Interchange 5.4.3 released on 2008-11-13.
* Correct Interchange's handling of incoming requests where a form element
has a space in the name. Before the fix, when it gets to values space
it still has the plus. However true '+' characters will have also been
decoded, so you can't distinguish the two. This change switches pluses
to spaces before %2B gets switched to '+'.
* Missing display_options routine added to Old48 module.
* Fixed deficiency in Levies, where multiple handling modes separated by null
would not work as in the old subtotal calculation model.
* Fixed bug in regex for auto_format anchor handling.
* Fixed a SearchOp bug reported by Tim Good.
* Add support for MSIE 7.
* Added Portuguese debconf template translation, updated Russian one.
* Remove debconf dependency from interchange-ui postrm script.
* Removed mod_interchange from Debian package.
Standard demo
* Fixed a security bug where an attacker could craft a URI that tricks
Interchange into executing arbitrary Perl code. The Perl code would be
subject to the Safe constraints of course, but could still be devastating
to the security of the target website.
* Disabled product comment to prevent spam showing up on default
* Fixed problem with shipping notice caused by bareword.
* Updated Free Software Foundation address in file headers.
* Updated LICENSE to correspond to the latest version of the GPLv2 license
from the Free Software Foundation.
* Fixed License inconsistencies so that all headers now specify GPL version
2 or later.
Interchange 5.4.2 released on 2007-02-06.
* Fixed a DoS exploit. A carefully crafted HTTP POST request could cause
an Interchange page processor to hang until it's killed by Interchange's
periodic housekeeping routine. If several of these requests are received
in quick succession then it could be possible to disable all of the page
processors, rendering Interchange unresponsive for a while. Fixed by
Kevin Walsh; pointed out by Donald Alexander.
* Worked around apparent Perl bug that allowed code called by DispatchRoutines
to overwrite the routines arrays themselves. Found and fixed by Frederic
Steinfels <>.
* Fixed [sql-quote] sub-tag (in the [query] tag), which didn't work properly
if the column data spanned multiple lines, as it may do with an INSERT or
* Fixed masking of unencrypted credit card numbers to work with a custom
MV_CREDIT_CARD_INFO_TEMPLATE that does not match the regexp. Also fixed the
regexp so it removes the CVV2 value from the unencrypted data.
* Fixed shipping problem: The temporary mv_shipping cart was left undefined
instead of being removed in some cases, which caused problems in later cart
* Fixed a problem where get_option_hash would return the reference itself
when passed one, instead of a copy. Thanks to Bruno Cantieni.
* Fixed bug which prevented &and and &or profile commands from working
on a line by itself when used to join the previous and next profile
checks. The following now works:
username=required You must enter a username.
username=unique mytable Sorry, that username is already taken.
* Fixed spurious hidden form element output for matrix options with separate
widgets and report option set.
* When using Linkpoint, only run check_sub (usually AVS) on SALE and PREAUTH,
* Use <pre> instead of the obsolete <xmp> element in the "Test code"
page when using source mode for display. Don't filter entities when
using HTML mode for display.
* Use a path relative to the catroot instead of an absolute path to the
catalog error.log file when displaying in the UI Administration/Info tab.
* Fixed broken admin 404 error page (which comes from Standard demo).
* Remove registration link to defunct page.
Standard demo
* Updated Discover Card logo. Provided by Steve Graham.
* Various special_pages/missing.html fixes:
- Removed duplicate, sometimes-bogus MV_PREV_PAGE display.
- Eliminated double-interpolation of page comparison.
- Return missing special_page if there's no prod_group and catalog match.
- Return results special_page if there is a match instead of results.html.
* If we don't match a prod_group and category in a missing page return the
missing SpecialPage, not results.html. If we do have a match, display it in
the results SpecialPage instead of hard coding it to results.html.
* Fixed bug in order returns for more than one return.
* Increased compatibility with XHTML and fixed some CSS.
* Cleaned up splash page and fixed broken links.
* Updated Czech and Swedish debconf template translation.
* Debian package requires Perl 5.8.8 and DBI 1.53 (etch versions).
* Fixed stupid typo in postinst script of interchange Debian package which
caused creation of a directory named 775
* Removed Business::UPS manual page on installation to avoid conflicts with
libbusiness-ups-perl Debian package
Interchange 5.4.1 released on 2006-05-27.
* Fixed regression in htmlarea widget which kept it from working with MSIE or
browsers claiming to be compatible.
* add-gpg-key: Made parsing of results message more tolerant.
Patch by Gert van der Spoel <>.
* pay-cert-redeem: Fixed rounding error that could make total comparisons
* Check for "GoogleBot", rather than just "Google", in the RobotUA list, to
prevent confusion with other UA values such as "GoogleToolbar" etc.
* Removed never-used SOAP_Host directive.
* Fixed a profile parsing bug:
When reading an OrderProfile from an external config file, for instance,
etc/profiles.login or similar if there is a comment line immediately
preceding the __NAME__ identifier then the first line of the profile is
commented out. Actually any line preceding the __NAME__ line will silently
be prepended to the first line of the profile; it just so happens a comment
would be the likely offender.
For example:
# following profile confirms user input
__NAME__ Login
username=required Username had better be filled in.
password=required Password is required.
Will result in a profile structure that looks like:
# following profile confirms user input username=required ...
And the username check will never execute.
Fixed by Brian Miller <>.
* Fixed bug in parser that can cause an infinite loop when malformed ITL
opening tags are encountered. Bug found and original patch supplied by
Dan Collis-Puro <>.
* In Vend::Ship:
- Fixed thread-safety problem with shipping adder (and potentially other
- Made log message manageable with ErrorDestination.
- Allow a "quiet" shipmode that won't log missing areas.
* Made timeout for menu blank in Vend::Menu settable. Patch by Greg Hanson
* Allow numerals in all but first position in unpack output areas.
* Improved Linkpoint payment module based on work provided by Josh Lavin.
- Add ability to do POSTAUTH (settle_prior) in Interchange admin,
including partial captures.
- Add check_sub capability ala Vend::Payment::Signio.
* Fixed bug introduced in previous change to cert_path logic attempting
to allow relative paths. If the certs/ directory was not directly
in VENDROOT and no cert_path was defined, no search for a certs/
directory would happen.
* Fixed typo in logging subroutine call in Vend::Data.
* Merged Interchange::Link changes from development branch, to add support for
mod_perl 2.
* In order_view page, display proper state and zip.
* Fixed non-interpolating [process] and [form-session-id] tags, remove stray
double-quote from HTML tag, correct nonexistent cellmargin table attribute.
Thanks to Steve Graham <> for reporting problem.
Standard demo
* Updated UPS Postal rates.
* In etc/mail_receipt, don't expose admin's session ID when they enter an
order for a user.
* In checkout new_browser_payment* fragments, fix unmatched [msg] tags.
Found by Steve Graham.
* Fixed bad SKU in cart links. Thanks to Steve Graham.
* Added closing font tag in search_box_small component. Thanks to Steve
* Made some minor corrections to the UPGRADING document.
* Fixed bug in interchange Debian package which caused
initial install to fail.
* Added Swedish debconf template translation, updated Russian and French one.
* A number of other minor Debian package improvements.
Interchange 5.4.0 released on 2005-12-23.
Jump to Line
Something went wrong with that request. Please try again.