Skip to content
Commits on Apr 20, 2004
  1. @jonjensen
  2. @jonjensen
  3. @jonjensen
  4. @jonjensen

    Remove META.yml.

    jonjensen committed
  5. @jonjensen
  6. @racke

    EFSNet payment module added

    racke committed
  7. @racke
Commits on Apr 19, 2004
  1. @racke

    merged changes 2.1 vs 2.2

    racke committed
    +++ 2.2 +++
    avoid distribution of automatically generated META.yml
  2. @racke
  3. @jonjensen
  4. @racke

    new upstream revision

    racke committed
  5. @jonjensen
  6. @perusionmike
Commits on Apr 18, 2004
  1. * Commented out the :logDebug() calls.

    Kevin Walsh committed
Commits on Apr 16, 2004
  1. * Vend::Payment::EFSNet module, written and donated by Chris

    Kevin Walsh committed
    	  Wenham of Synesmedia with the following text:
    
    	  -----------------------------------------------------------------
    	  The following module interfaces to Concord EFSNet's credit card
    	  gateway (http://www.concordefsnet.com/) and is being donated to
    	  the community under the GPL.  I built it by copying the
    	  Authorize.Net module and modifying it to EFSNet's spec, but it
    	  supports sale, auth, settle, capture, void, return and credit.
    
    	  This module has been certified by EFSNet as version 1.1.0, so if
    	  you make any non-trivial changes you'll need to go through their
    	  certification process again. I can provide the certification
    	  letters I received, upon request, if you need them.
    	  -----------------------------------------------------------------
    
    	  Thanks Chris!
  2. This commit was manufactured by cvs2svn to create branch

    cvs2svn committed
    'STABLE_5_2-branch'.
  3. * Vend::Payment::EFSNet module, written and donated by Chris

    Kevin Walsh committed
    	  Wenham of Synesmedia with the following text:
    
    	  -----------------------------------------------------------------
    	  The following module interfaces to Concord EFSNet's credit card
    	  gateway (http://www.concordefsnet.com/) and is being donated to
    	  the community under the GPL.  I built it by copying the
    	  Authorize.Net module and modifying it to EFSNet's spec, but it
    	  supports sale, auth, settle, capture, void, return and credit.
    
    	  This module has been certified by EFSNet as version 1.1.0, so if
    	  you make any non-trivial changes you'll need to go through their
    	  certification process again. I can provide the certification
    	  letters I received, upon request, if you need them.
    	  -----------------------------------------------------------------
    
    	  Thanks Chris!
  4. @perusionmike

    * Remove security hole where by a non-admin user with write permission

    perusionmike committed
      to files for ITL could elevate their login status to admin.
    
    	logout=[userdb logout]
    	[calc]
    		$Config->{AdminUserDB}{default} = 1;
    	[/calc]
    
    	login=[userdb function=login username=mike password=pass]
    
      This would cause setting of $Vend::admin.
    
    * Create a new %Global::ReadOnlyCfg hash with the pristine
      values from the initial configuration. At catalog configuration
      time, the values from AdminUserDB and UserDB_repository are
      copied over.
    
    * The UserDB login function now references the read-only config
      to determine admin status.
    
    * TODO: Make all UserDB.pm functions reference this read-only config.
    
    * Not from an exploit, from a code read.
    
    * TODO: Determine if 5.0 and/or 5.2 should be patched.
  5. @perusionmike
  6. @perusionmike

    * Fix security hole. A user, should they be able to execute embedded …

    perusionmike committed
    …Perl,
    
      could do
    
      		delete $Config->{AdminUserDB};
    
      and then log in as an admin.
    
      No known exploits, just from a code read. There is still a hole, as
      we need to set some of these values read-only, but this will help.
Commits on Apr 15, 2004
  1. @racke
  2. @perusionmike
  3. @perusionmike

    * Merge changes from head.

    perusionmike committed
    * Make old-style Matrix options work with arbitrary part numbers.
  4. @perusionmike
  5. @perusionmike

    * Update UPGRADE document for 5.2.

    perusionmike committed
       NOTE: All core group members please scan and edit for problems.
  6. @perusionmike
  7. @racke

    conditionally displays handling now (instead of shipping once or twice),

    racke committed
    as it was originally intended
    thanks to Christopher Wenham <cwenham@synesmedia.com>
Commits on Apr 14, 2004
  1. @perusionmike
  2. @perusionmike

    * Remove unused file/page.

    perusionmike committed
  3. @jonjensen

    Update RPM specfile:

    jonjensen committed
    * Relocate global error.log to /var/log/interchange.
    * Install te into /usr/bin.
    * Minor logrotate tweaks.
  4. @perusionmike
Commits on Apr 13, 2004
  1. @perusionmike

    * Update ship status stuff to send a message "Your order has been CAN…

    perusionmike committed
    …CELED"
    
      (instead of "partially shipped") when an order is canceled.
  2. @jonjensen

    Flesh out alternate values spaces functionality Mike added on 2002-11…

    jonjensen committed
    …-18.
    
    In addition to his mv_values_space CGI setting, there is now a
    [values-space] tag for setting the values space for the lifetime of the
    current page (its various options are documented in the tag itself), and
    [value] and [value-extended] both accept the values_space option to pull
    a value out of an alternate space without changing the current one. The
    name of the current values space is now stored in $Vend::ValuesSpace,
    which is used when optionally copying values from the old to the new
    values space in [values-space].
    
    Tests included.
    
    Also added enable_itl option to [value] to make it feature compatible with
    [value-extended].
Commits on Apr 12, 2004
  1. @perusionmike

    * Have table-editor pre-populate the appropriate fields of a COMPOSIT…

    perusionmike committed
    …E_KEY
    
      record when an item_id is requested and the item does not exist.
Something went wrong with that request. Please try again.