…valid} when payment module returned an empty error message. This happens with PayPaypalExpress when using setrequest request and results in [if errors]...[/if] being true but [error all=1 show_error=1] displaying nothing.
Jon Jensen noticed that the last commit (b29f34f) introduced a new problem by relaxing the constraint a little too much and allowing empty strings. This patch by Mike Heins goes back to requiring at least one character, while still allowing 0.
This can happen if, for example, you have a first proxy at 10.10.10.1 which proxies to 10.10.10.2 which then hits your web server that passes control to Interchange. If you visit from 192.168.1.1, Interchange will see this HTTP header: X-Forwarded-For: 192.168.1.1, 10.10.10.1 and the request will have the source IP address 10.10.10.2. But if you set this in interchange.cfg: TrustProxy 10.10.10.1, 10.10.10.2 # order irrelevant then Interchange will see past the two trusted proxies and set its standard variable $CGI::remote_addr to 192.168.1.1, so that the customer's IP address gets used.
Can be used in a page like this: [tag pragma cache_control]max-age=600[/tag] That will send this response header: Cache-Control: max-age=600 Which will tell upstream proxies and browsers to cache the page for 10 minutes.
Interchange was checking the Content-Disposition name for perly truth rather than definedness, which caused it to incorrectly disallow the valid name of "0". I ran into one particular program in the wild that happens to generate requests with just such headers: https://github.com/valums/file-uploader/
This patch allows catalogs that are using the indirect_login feature to combine that with ignore_case to enable case-insensitive logins. A common use-case is to have email address be the indirect login field, so one thing to be aware of is that it's legal for two separate e-mail addresses to differ in capitalization only (e.g. user@domain is distinct from User@domain).
This patch makes ignore_case function correctly on unencrypted passwords even when mixed-case passwords exist in the UserDB table. Currently, ignore_case only works if the stored passwords are lower case. There are at least two ways for mixed-case passwords to make it into the UserDB table: * If some user records were created with UserDB before ignore_case was set. (In this case, newer accounts get the expected behavior while older ones don't -- a recipe for "fun".) * If the password column is populated by more than just UserDB, such as through custom IC code or integration with other software. Case-insensitivity is a nice convenience; both for users who tend not to notice when caps lock has been toggled, and for help desk workers who field their calls. The cost is that it reduces the effective number of ASCII password characters by about one quarter. While it's true that it makes it ever so slightly easier to crack passwords, other factors (e.g. password length, use of dictionary words) far outweigh its importance. One alternative to this patch would be to change all current and future passwords in the UserDB table to lower case, then the existing ignore_case would suffice to provide case-insensitive functionality. One downside of that approach would be that it's irreversible, whereas this patch allows switching back and forth by simply changing the ignore_case configuration. This feature is enabled under the following example configuration: UserDB default crypt 0 UserDB default ignore_case 1
The method body of md5_salted was long enough to justify its own named sub, and as soon as you do it for one of them, you know the rest are just going to whine until they get it too. I prefer named subs for style anyway.
The specific format used here is to store the password and salt in a single field, separated by a colon. I used it to convert a Zen Cart store to Interchange. To use this feature, set the following catalog configuration parameters: UserDB default md5_salted 1 UserDB default crypt 1
Basic changes added to admin file_upload page to allow passing of umask more easily. Users trying to upload files for web viewing needed better control Also modified slightly the uploadhelper widget to provide means to pass umask option, and subsequently altered process_filter where there were previously no means to pass umask through
See documentation at http://www.icdevgroup.org/doc/frames/ic_ecommerce_21.html for reference.