Permalink
Commits on Sep 16, 2009
  1. bumped up version number and date

    racke committed Sep 16, 2009
  2. Fix UTF-8 handling with implicit content type of text/html (RT #317)

    Found & fixed by Stefan Hornburg.
    jonjensen committed Sep 16, 2009
Commits on Sep 15, 2009
  1. Sync manifest

    jonjensen committed Sep 15, 2009
  2. Fix remote disclosure security vulnerability

    Add new configuration option AllowRemoteSearch to selectively re-enable
    remote searches on "safe" tables. Defaults to products, variants and
    options.
    
    Please see UPGRADE for important information on upgrading your catalogs
    to prevent any problems.
    Mark Lipscombe committed with jonjensen Jul 8, 2009
  3. Turn off bogus execute bit

    jonjensen committed Sep 15, 2009
  4. Allow passing custom JavaScript to country_select.widget

    Add country_js and state_js options. It will rewrite "this.form" with the
    correct form name at runtime. By Josh Lavin <josh@perusion.com>.
    
    Squashed commit of the following:
    
    commit bf765f1
    Author: Josh Lavin <josh@perusion.com>
    Date:   Mon Sep 14 16:31:27 2009 -0500
    
        Added javascript option for country in country_select.widget
    
        Now country select box can have javascript passed for onChange event.
    
    commit 24630e9
    Author: Josh Lavin <josh@perusion.com>
    Date:   Mon Sep 14 14:51:11 2009 -0500
    
        Changed country_select to enable ID; minor tweaks
    
        Now a state or a country select box can have an id. Other minor tweaks made to last commit.
    
    commit 76eda3c
    Author: Josh Lavin <josh@perusion.com>
    Date:   Mon Sep 14 11:39:46 2009 -0500
    
        Allow passing of Javascript for onChange event
    
        Adds state_js option, so Javascript can be passed to the onChange event. Rewrites "this.form" with "$v_formv" so it will work when passed. Useful for calling check_tax like so: state_js="check_tax(this.form)".
    jonjensen committed Sep 15, 2009
  5. Fix typo.

    pajamian committed Sep 15, 2009
  6. flypage SpecialSub changes.

    * Revert behavior in the case where the return value is a hashref.
    
    * A return value of undef explicitly states that we should not process a
      flypage.
    
    On 08/31/2009 01:54 PM, Mike Heins wrote:
    > Quoting Peter (peter@pajamian.dhs.org):
    >> On 08/31/2009 12:01 PM, Mike Heins wrote:
    >>> Quoting Jon Jensen (jon@endpoint.com):
    >>>> It looks more reasonable to me than the old code, but the behavior doesn't
    >>>> quite look compatible. Before, $base could be assigned an arbitrary result
    >>>> hashref and thus could be used for a different kind of on-the-fly product,
    >>>> but now it seems the product code has to actually exist in a real
    >>>> database.
    >>> Good point.
    >>>
    >>>> I am not using that feature and don't object to the change, but I thought
    >>>> I'd point out the different behavior.
    >>> Now that I think about it, it was designed to handle OnFly products so the
    >>> change doesn't make sense.
    >> Ok, well that's why I asked.  How about we keep the old code if the
    >> return is a hashref, but if it's just a text scalar which contains a sku
    >> then get $base from product_code_exists_ref()?
    >
    > I think that works.
    >
    >> Also just to give an explicit way to say, "don't display a flypage for
    >> this" a return of undef could result in the flypage being skipped as
    >> if the sku doesn't exist?
    >
    > Yes.
    pajamian committed Sep 15, 2009
Commits on Sep 14, 2009
  1. documented David's fix for #258

    racke committed Sep 14, 2009
  2. fixed permissions

    racke committed Sep 14, 2009
Commits on Sep 13, 2009
  1. Merge branch 'master' of git://github.com/interchange/interchange

    Conflicts:
    	WHATSNEW-5.7 ... MANUALLY RESOLVED
    pajamian committed Sep 13, 2009
  2. Remove bloat that duplicates %z functionality.

    On 09/12/2009 09:26 PM, Mike Heins wrote:
    > Quoting Peter (peter@pajamian.dhs.org):
    >> Incidentally why the mess of code in Util.pm to get the same result that
    >> %z would give anyways?
    >
    > Probably because I was stupid when I wrote it, and didn't understand what
    > %z did. Or I did it before %z became standard.
    >
    > It should be changed.
    pajamian committed Sep 13, 2009
Commits on Sep 11, 2009
  1. Added new contributor Justin Otten

    Gert van der Spoel committed Sep 11, 2009
Commits on Sep 10, 2009
  1. Sync manifest

    jonjensen committed Sep 10, 2009
  2. Remove extraneous whitespace

    jonjensen committed Sep 10, 2009
  3. Note latest commits

    jonjensen committed Sep 10, 2009
  4. Add jEdit mode files for Interchange

    Thanks to Justin Otten.
    jonjensen committed Sep 10, 2009
  5. fixed typos

    racke committed Sep 10, 2009
Commits on Sep 8, 2009
  1. Revert "Add CatRoot to AllowedFileRegex"

    This reverts commit 14656b0.
    machack666 committed Sep 8, 2009
  2. Disallow abuse of writes via ErrorFile when NoAbsolute is set

    Exploit reported by Peter Ajamian.
    jonjensen committed Sep 8, 2009