Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Fetching contributors…

Cannot retrieve contributors at this time

245 lines (156 sloc) 7.87 kb
------------------------------------------------------------------------------
What's new in each version of Interchange
(since the version 5.4 branch)
------------------------------------------------------------------------------
Interchange 5.5.1 released on 2007-08-21.
See UPGRADE document for incompatible changes not listed here.
Core
----
* Removed odd formatting from --add entry in interchange manual page.
* Fixed a DoS exploit. A carefully crafted HTTP POST request could cause
an Interchange page processor to hang until it's killed by Interchange's
periodic housekeeping routine. If several of these requests are received
in quick succession then it could be possible to disable all of the page
processors, rendering Interchange unresponsive for a while. Fixed by
Kevin Walsh; pointed out by Donald Alexander.
* Removed unused AdminHost global configuration directive.
* In &Vend::Table::DBI::set_row, avoid unwanted expansion of array when we
have PREFER_NULL fields and number of fields passed is one.
* Added Vend::Swish2 module provided by Brian Miller <brian@endpoint.com>.
This is superior to Vend::Swish, because instead of the awkward way to
interface with Swish-e by running the binary it uses the Swish Perl API.
Note: This module will replace Vend::Swish after we ensure as much backward
compatibility as possible.
* Allow specification of one additional include directory for specific
modules, specified like this:
Require module Vend::Swish /usr/lib/swish-e/perl
* Terminate search if mv_min_string condition isn't met.
* Make [sql-quote] list tag to work properly with multiple lines.
* Fixed case-insensitive searches for different locales.
* Fix the [error] tag so it does not attempt to replace format specifiers other
than %s in the text or std_label attributes.
* Vend::SQL_Parser required LIMIT clause to be lowercase when it should be
case-insensitive.
* Issue error message if subroutine for PREFIX-exec is missing.
* Fix [on-match]/[no-match] for loop lists without matchlimit generated from
embedded Perl objects
* Fixed problem where both set_row() and set_slice() would try to get the key
from last_sequence_value() for returning even if we already know the key and
even on an UPDATE which can cause problems.
* New "timecard" round-robin style counters added with the timecard_stamp and
timecard_read subs in Util.pm. These are now used for better control of the
session per IP lockouts (when RobotLimit is set). See CVS log for more
details (#2).
* lockout specialsubs will now override session per IP lockouts properly (#3).
* Fixed error where the wrong tag name can sometimes appear in [calc] error
messages (#7).
* Superfluous Vend::Interpolate::sort_cart function removed (#70).
* set_slice now skips updates on existing records when we have only key
columns (#98).
* Change [shipping-desc] to allow access to arbitrary keys in the shipping
configuration.
* Fixed problem where only the last shipping policy will get stored if the
multi-line format is used in shipping.asc.
* Fixed problem where options are not converted and stored properly on all
shipping policies.
* Moved more code into the new process_new_beginning sub and cleaned up other
code in Ship.pm.
* Added "file" (readable file) and "executable" (executable file) as extra
Require directive tests.
* Added a new TABLE_COMMENT modifier to the Database directive to allow
a short comment to be attached to MySQL and PostgreSQL tables.
* Delay "Server started" message as long as possible.
* Disable SOAP and display error when Vend::SOAP fails to load (#46).
* Remove catalog status files when removing catalog. Also call remove_catalog at
server stop -- would be nice for cleanup anyway (#95).
* Fixed problem where RPC mode would fork too many processes at startup due to
race condition (#107).
* Set $0 throughout the server and dispatch process to reflect current
conditions (#107).
* Set up more aggressive management in response to INT or TERM to propagate the
request down to the children. Prior to this arrangement, a restart or kill
would leave many of the children running. This cleaned up Interchange stops
to remove all preforked daemons (#107).
* Adjusted housekeeping to cull out old pids so that PIDcheck was enforced in
PreFork (#107).
* Pass $opt to labeled_list fixing behaviour of fly-list to be matching other
x-list tags (#89).
* Pass applylocale option into Vend::Form::options_to_array in order to
localize option labels (#80).
* New set_process_name sub which is used to change the status in the process
name indicator.
* Fixed problem where form values do not always default to the $Values hash
values for corresponding form fields when defaults=1 and wizard=1 are both
set in the table editor.
* Fixed a bug where the [data session host] was not being set on a session's
first page access. The "host" key was only being set for subsequent pages.
* Removed MV_DOLLAR_ZERO workaround for a bug fixed 5 years ago.
* Added a new "scratchd" test type. This is the same as "scratch" except
that it deletes the variable from the scratchpad after testing.
UserDB
------
* Fixed UserDB login issues within embedded Perl by using
Vend::Util::string_to_ref for deserialization of carts and other
hashes.
* New validchars option to customize valid characters for usernames, e.g.
adding the + character to the list of valid characters:
UserDB default validchars "-A-Za-z0-9_@.+"
UserTag
-------
* Make [save-cart] keep cart if userdb returns with an error.
* Make [formel] call [display] on unknown types.
* Fixed cleanse option of [import-fields] for composite keys (#98).
Filter
------
* Added "round" filter to round in floating-point-safe way, using the
Vend::Util routine.
* Avoid ambiguity between two time formats in date_change filter.
* Added "lspace2nbsp" filter. Translates leading spaces to nbsp
Checks
------
* Added "match" check to match another CGI variable, e.g. for password
verification.
Payment
-------
* New NetBilling module.
Jobs
----
* Added new job group db with export job to export databases offline for
backup and version control purposes.
* Added process ID to "Run jobs" and "Finished jobs" log messages for better
troubleshooting.
* Avoid cluttering global log file with job run messages.
* Allow parameters passed to jobs, acknowledges --email commandline option
now (#103).
UI
--
* Fix page banner in menu editor.
* Tidied up some code in customer_mailing.html
* Fixed test to see if sku exists on creation of new item
in quick_question.html (#17)
* Avoid crashes on table export if data contains Interchange tags (#100).
Standard demo
-------------
* Fixed minor security hole of admin's session ID being exposed when placing
an order in the admin. Found by Mark Lipscombe <markl@gasupnow.com>.
* Various special_pages/missing.html fixes:
- Fixed broken admin 404 error page (which came from Standard).
- Removed duplicate, sometimes-bogus MV_PREV_PAGE display.
- Eliminated double-interpolation of page comparison.
* Updated Discover Card logo. Provided by Steve Graham.
* Increased compatibility with XHTML.
* Cleaned up splash page and fixed broken links.
* Add CVV2 support to checkout pages, images thanks to Jure Kodzoman.
* Fix problem with permanently setting members_only, bug and fix found
by Jo-Ellen Matthews.
SOAP
----
* Return proper SOAP error to the client instead of disclosing our faults.
Packaging
---------
* Switched from dh_movefiles to dh_install for Debian packaging.
* Added --oknodo option to start-stop-daemon for restart action in the
Debian init script (#28).
Other
-----
* Updated copyright in headers to 2007 (#102).
Jump to Line
Something went wrong with that request. Please try again.