Skip to content


Subversion checkout URL

You can clone with
Download ZIP
Commits on Mar 12, 2014
  1. @machack666

    Update MANIFEST

    machack666 committed
  2. @machack666
  3. @machack666
Commits on Feb 24, 2014
  1. @melmothx

    Fixed lookup for transfer encoding with text/html

    melmothx committed
    When UTF-8 was active, the content part was not just text/html,
    so the hash lookup for the transfer encoding to use returned undef
    and defaults to 8-bit, which is not safe for mail.
  2. @melmothx

    Encode the text before passing it to MIME::Lite

    melmothx committed
    It looks like MIME::Lite wants octects. The documentation is not
    clear, expecially because we are asked to specify an encoding.
    Actually, the Encoding of the attachement is the *Transfer-Encoding*,
    not the actual encoding of the part.
    From the doc:
        Optional. The content transfer encoding that should be used to encode your data:
  3. @melmothx

    Patch [area] to accept decoded strings.

    melmothx committed
    is_utf8 is badly name. First, it's an internal function, but it's
    used all over the place in IC.
    From the doc:
        is_utf8(STRING [, CHECK])
          [INTERNAL] Tests whether the UTF8 flag is turned on in the STRING. If
          CHECK is true, also checks the data in STRING for being well-formed
          UTF-8. Returns true if successful, false otherwise.
    So, basically, is_utf8 returns true if the string is decoded, not when
    is encoded in utf8.
    use strict;
    use warnings;
    use utf8;
    diag "When we encode, the string is not \"utf8\" any more";
    ok(!is_utf8(encode(utf8 => 'à')));
Commits on Feb 20, 2014
  1. @jdigory

    Fix broken name in PayPal module when using pp_use_billing_address an…

    jdigory committed
    …d alternate address
    There is no such reference as {PayerName}{PayerName}; also needed to override b_fname/b_lname with b_name when it is present. Added b_phone fallback as well.
Commits on Feb 9, 2014
  1. Interchange since 5.0 has not allowed setting CookieName while retaining

    Mike Heins committed
    the standard CoOkIe: pattern. Also, PHP setcookie routine URLencodes
    cookie values, so the %3a that : is moved to defeats our patterns.
    So, this commit does three things.
    * Change cookie handling so that setting a CookieName doesn't affect the
      addition of host/username as long as the InternalCookie directive
      is set to Yes.
    * Add InternalCookie directive to indicate that a custom CookieName
      should have internal handling.  (A YesNo directive).
    * Treat %3a as equivlent to : for cookie matching when in
      InternalCookie mode.
    So, to change the CookieName for sessions from MV_SESSION_ID
    to MVID without changing external cookie behavior, do in
        CookieName      MVID
        InternalCookie  Yes
    If you don't set InternalCookie Yes, it will have the old ExternalCookie
    behavior where the session file is solely based on what is found
    in $Vend::Cfg->{CookiePattern}.
    If you don't change the CookieName from MV_SESSION_ID (assuming you
    don't explicitly set to that in catalog.cfg) then "InternalCookie Yes"
    is implied.
  2. * Fix non-working (in 5.8.x perl) is_ipv4() routine. (split '.' doesn't

    Mike Heins committed
      do what you might think it does.)
    * Have concerns about efficiency of this and wisdom of using
      this routine for a string which is not being used as an IP address,
      but not suggesting change. I guess CPUs are getting faster.
Commits on Feb 5, 2014
  1. @msjohns1

    Fix broken parsing on session cookie

    msjohns1 committed
    * Modifications to support IPv6 left it so it didn't work
      properly on either IPv4 or IPv6.
Commits on Jan 31, 2014
  1. * As of Jan 31, 2014 Authorize.Net stopped accepting a transaction ID

    Mike Heins committed
      on transaction types that don't need it. That should be AUTH_ONLY
      and AUTH_CAPTURE, though I am waiting on a definitive pronouncement
      from them.
Commits on Jan 19, 2014
  1. @msjohns1

    strip_path filter

    msjohns1 committed
    * Filter to strip any arbitrary path elements down to just
      the filename, Win or Unix.
Commits on Jan 16, 2014
  1. @jdigory

    Changed @@MV_PAGE@@ to [var MV_PAGE 1], so we can get it interpolated…

    jdigory committed
    … inside the Variable.
    Also scrap deprecated [page] tags.
  2. @melmothx @racke
Commits on Jan 8, 2014
  1. @msjohns1
Commits on Dec 24, 2013
  1. @jdigory

    Usertag Alias now only substitutes hyphens in first word, allowing for:

    jdigory committed
       UserTag edisplay Alias error auto=1 class="list-unstyled alert alert-danger"
    to work as expected.
Commits on Nov 24, 2013
  1. @racke

    Use su directive in Debian's logrotate file to avoid skipping.

    racke committed
    error: skipping "/var/log/interchange/error.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
Commits on Oct 31, 2013
  1. @jonjensen

    Bump version to 5.8.1

    jonjensen committed
  2. @jonjensen

    Update manifest

    jonjensen committed
  3. @jonjensen

    Add new full-page caching features

    jonjensen committed
    These features make it much easier to emit pages that are fully cacheable
    and can be served to any user, along with the HTTP Cache-Control response
    header to inform intermediate proxies and browser caches about the
    cacheability and cache lifetime.
    To start using the new features:
    Add to catalog.cfg:
    SuppressCachedCookies yes
    Add to pages or templates you'd like to cache (for 2 hours, in this
    example), maybe starting just with pages/index.html:
    [if-not-volatile][tag pragma cache_control]max-age=7200[/tag][/if-not-volatile]
    That's all you really need for a basic setup.
    If you'd like to have a cookie contain the current cart or login
    state, you can write a catalog Sub or a GlobalSub (named, say,
    cookie_state_update) and have it run after every relevant event. Add
    to catalog.cfg:
    OutputCookieHook cookie_state_update
    A detailed write-up of all these features is here:
    Mark Johnson's talk at the Ecommerce Innovation 2013 conference is
    reported here in slides and video:
    Documentation in the xmldocs system is still needed.
    Modified squashed commit of the following:
    commit ec7147fdc8126e59df482911c7d242221e8b7720
    Author: David Christensen <>
    Date:   Tue May 7 14:44:12 2013 -0500
        add if_not_volatile usertag to conditionally return data if the current request is not Volatile
    commit b02a76d058362f805585c811203572ddc3b75f07
    Author: David Christensen <>
    Date:   Fri Apr 26 16:12:22 2013 -0500
        Suppress cookies for 400-level errors
    commit a2e646528c5b6a1945229ed62bb77d67af24b10b
    Author: David Christensen <>
    Date:   Wed Jun 8 14:48:27 2011 -0500
        clear the cookie jar when suppressing cookies
    commit c54f02b2c4aa619821a9009e3922f7147d60d76f
    Author: David Christensen <>
    Date:   Fri Apr 26 16:09:59 2013 -0500
        Mark specific routines as always Volatile
    commit c0161345066a2f042f808037cf9391a1dbbfff89
    Author: David Christensen <>
    Date:   Thu Jun 2 00:00:02 2011 -0500
        suppress session write when cookies are suppressed
    commit 487511ce0627cd96e3469148603f82ce2a09d970
    Author: David Christensen <>
    Date:   Fri Apr 26 16:04:53 2013 -0500
        add an OutputCookieHook sub to be run when cookies are being created
    commit f0d10bd7b7f4d477c8d71c56277c13b65ced2e35
    Author: David Christensen <>
    Date:   Mon Apr 4 15:30:51 2011 -0500
        Do not set cookies on pages marked as cacheable
        This applies to all cookies currently, with particular attention placed on the MV_SESSION_ID.  This
        change is intended to alleviate the "first page hit" cache issue which leads to IC assigning a session
        id even for pages which would be fully cacheable and then never actually generating the cacheable
        content in question until a subsequent hit from a UA with the provided MV_SESSION_ID.
        This is of particular concern when considering the case of a DDoS in which a huge number of connections
        are made from unique instances.  Since the intent of the nginx cache is to prevent such traffic from
        ever reaching the backend, the existing behavior would result in a counter-intuitive effect of all bot
        traffic being passed directly to the "protected" backend when there was no document already in the nginx
        cache, with the result that each backend-handled request would be itself uncacheable, having a Set-Cookie
        header returned with the response.
        Currently this fix will affect all cookies being generated from interchange on a page which is marked
        cacheable (specifically one which has a Pragma cache_control value set to something other than no-cache).
        We consider this acceptable as we are also moving the setting of the existing cookies to client-side code
        where possible; if this ends up being untenable, we will see about changing this specific code to just
        affect the MV_SESSION_ID cookie.
Commits on Oct 30, 2013
  1. @jonjensen
Commits on Sep 18, 2013
  1. @pajamian

    Update checkout to recognise Internet Explorer 10

    pajamian committed
    The regexp in the checkout initialization would only recognize IE versions up
    to 9 before, this updates it to recognize any version over 5.
Commits on Aug 26, 2013
  1. @racke
Commits on Aug 14, 2013
  1. @jdigory

    "total weight" adder for weight.tag, by Greg Hanson. Documented in tag.

    jdigory committed
    Similar to 'adder' in shipping.asc, except that it allows you to add
    lbs vs dollars to the total weight. There are 3 ways to add
    1. Simply add X lbs per cart
    [weight tot_adder=1]
    Will add 1 lb to total_weight after all other weight calcs.
    2. Add X lbs depending on a range of weight
    [weight tot_adder.k0_25=2]
    Will add 2 lbs to total_weight if weight between 0 and including 25, after all other weight calcs.
    (The 'k' is simply a separator.)
    3. Add X lbs depending on multiple ranges of weight
    [weight tot_adder.k0_3=1
    Will add 1 lbs to total_weight if weight greater than 0 and including 3, after all other weight calcs.
    Will add 2 lbs to total_weight if weight greater than 3 and including 6, after all other weight calcs.
    Will add 3 lbs to total_weight if weight greater than 6 and including 10, after all other weight calcs.
    Will add 4 lbs to total_weight if weight greater than 10 and including 16, after all other weight calcs.
    Will add 5 lbs to total_weight if weight greater than 16 and including 25, after all other weight calcs.
Commits on Aug 3, 2013
  1. @racke

    Update Cardsave payment module to 0.9.8.

    Lyn St George committed with racke
Commits on Jul 31, 2013
  1. * Optimize lookup of order items for ship notice.

    Mike Heins committed
Commits on Jul 30, 2013
  1. * Re-connect session variables when doing an su. This bug would resul…

    Mike Heins committed
    …t in
      $Scratch and others not being correct for page where su occurs.
Commits on Jul 25, 2013
  1. @jdigory
Commits on Jul 17, 2013
  1. @jonjensen

    Minor tweaks to upgrade notes

    jonjensen committed
Commits on Jul 15, 2013
  1. @jonjensen

    Add emacs major mode for ITL

    jonjensen committed
Commits on Jul 12, 2013
  1. * Add short description of files needed to install for distribution

    Mike Heins committed
      perl use on RHEL and CentOS.
  2. @machack666
  3. @jonjensen
  4. * Remove redundant checks for SHA module.

    Mike Heins committed
Something went wrong with that request. Please try again.