Skip to content
Fetching contributors…
Cannot retrieve contributors at this time
739 lines (514 sloc) 25 KB
osCommerce Online Merchant Changelog
Copyright (c) 2010 osCommerce
11/15/2010 osCommerce Online Merchant v2.3.1
* Confirm new Product Reviews to the customer.
* Fix a PHP notice in Phpass.
* Fix Reviews Box language definition.
* Fix pre-defined Australian Dollar currency code.
* Label the HTML Content field for large product images.
* XHTML fixes for pop-up pages.
11/13/2010 osCommerce Online Merchant v2.3
* Payment module updates:
- 2Checkout
- PayPal Website Payments Pro - Direct Payments
- PayPal Website Payments Pro (Payflow Edition) - Direct Payments
- PayPal Website Payments Pro - Express Checkout
- PayPal Website Payments Pro (Payflow Edition) - Express Checkout
- Sage Pay Form, Server, and Direct
- iPayment
- RBS WorldPay Hosted
- Moneybookers
- InPay
- SECPay
* Shipping module updates:
* Allow new template group modules to be created to inject HTML content into
the page layout.
* Update boxes to modules which can be installed, configured, and sorted.
* Show only installed modules on the Administration Tool Modules page, and
link to a listing showing new and available modules.
* Moderate product reviews.
* Load either includes/local/configure.php or includes/configure.php, not
* Modularize Administration Tool Modules page.
* Allow multiple large product images and HTML content (eg, Flash video) for
* Replace usage of SpiffyCal with jQuery UI DatePicker widgets.
* Update layout to XHTML Transitional.
* Integrate 960 Grid System CSS Framework into the layout.
* Update buttons with jQuery UI Buttons.
* Add jQuery, jQuery UI, Flot, bxGallery, Fancybox javascript libraries.
* Introduce Administration Tool Dashboard modules.
* Migrate customer and administrator passwords to phpass.
* Introduce Social Bookmark modules for products.
- Facebook and Facebook Like
- Twitter and Twitter Button
- Google Buzz
- Digg
* Introduce Store Logo for the Administration Tool.
* Allow anonymous server statics to be sent from the Administration Tool
Server Information page.
* Add a is_writable() compatibility function for Windows.
* Introduce Header Tags modules.
- Google Analytics and E-Commerce Tracking
- MailChimp E-Commerce 360
- OpenSearch
* Move HTML layout to template_top.php/template_bottom.php files.
* Add new tep_get_version() function to retrieve the installed version.
* Introduce Version Checker for the Administration Tool.
* Set session.use_only_cookies to match SESSION_FORCE_COOKIE_USE.
* Show list of pre-defined currencies when adding new currencies.
* Example Credit Card payment module removed.
* German and Spanish language definitions removed from the core. (To be
maintained as add-ons)
* Remove File Manager from the Administration Tool.
* Don't show languages or currencies box if only one language or currency is
* Add API tag to modules.
* Introduce Security Check modules for the Administration Tool.
* Introduce Security Directory Permissions feature for the Administration
* PHP v3 compatibility code removed.
* Recreate session IDs by default when customers login or create an account.
* Introduce Action Recorder to log and limit actions.
* Strengthen Administration Tool login routine.
* Replace ereg functions with preg functions for PHP v5.3.
* Fix timezone warning messages on PHP v5.3 servers.
* Protect forms with a token ID that is assigned to the customers session.
* Generate a new $cartID value when restoring shopping cart contents.
* Calculate shipping fees only for shippable products and not virtual/download
* Parse Date of Birth values.
* Escape the filename and parameters in tep_href_link().
* Escape shell arguments in the checkdnsrr() compatibility function.
* Apply magic_quotes to GET parameters when Search Engine Friendly URLs is
* Support automatic HTTP Authentication logins for the Administration Tool.
01/30/2008 osCommerce Online Merchant 2.2 RC2a
Due to two bugs that were introduced with 2.2 RC2, it has been repackaged as
2.2 RC2a with the following changes:
* The Administration Tool -> Backup Manager -> Restoration routine failed on
PHP <5 servers due to the use of stripos(). A compatibility function has
been added to fix this.
* The reference of $_SESSION in the tep_session_is_registered() function
produces a PHP warning when the session has not been started (ie, for search
engine spiders). This has been fixed by checking if $_SESSION is set.
01/16/2008 osCommerce Online Merchant 2.2 RC2
* Payment module changes:
- module replaced with newer AIM and SIM modules.
- New PayPal Express Checkout, PayPal Express Checkout (UK), PayPal Direct,
PayPal Direct (UK), and PayPal Website Payments Standard modules.
- Removed paypal.php and paypal_ipn.php modules.
- Removed PayQuake module (the gateway now uses
* Shipping module changes:
- USPS updated to match new shipping methods. The test/production server
parameter has been removed as the test server only works with specific
* Retrieve product names in one query for the new products module.
* When restoring a database, only drop tables that are being restored.
[r1804, r1805]
* Display module version on the Administration Tool if it contains a version
signature string.
* Add a .htaccess file to the admin/includes/ directory to prevent direct HTTP
requests to PHP files.
* Fix the pagination links on the Administration Tool -> Products Attributes
[r1774, r1776]
* Verify the customers primary address when it is being updated.
Verify the number of address book entries before inserting a new one.
* Avoid removal of products when deleting a category in a search result
* Make the database session storage handler return an empty string for
variables that don't exist in the session instead of returning a boolean
false value.
* Fix a variable name being checked against in the
Administration Tool -> Tools -> Newsletter Manager section.
* Improve the product nofitication logic on the checkout success page.
* Fix http_build_query() compatibility function in the Administration Tool.
* Increase the orders.payment_method database table field length to 255
* MySQL 5.0 Strict Mode compatibility fixes.
[r1746, 1755, 1810]
* Fix logic with nested tables in the Administration Tool tableBlock class.
* Add checks when creating files and directories on the
Administration Tool -> Tools -> File Manager section.
* Remove HTML formatting from credit card processing error messages.
* Move the logic of storing the credit card number from the order class to
the payment module level.
* Use the free shipping language definition for the shipping title when free
shipping is active.
* Add indexes to database tables.
* Introduce an active download flag and a public status flag to the order
status levels.
[r1724, r1725, r1728] (r1724 was reverted in r1725)
* Fix the shipping address when a virtual product was added to the cart and
replaced with a physical product.
* Improve register_globals compatibility layer when registering session
[r1704, r1705, r1723, r1741] (r1704, r1705, and r1723 were all reverted in r1741)
* Correctly parse the products to remove from the product notifications list.
* Introduce the ability to show additional checkout buttons on the shopping
cart page for certain payment methods (eg, PayPal Express Checkout).
Introduce the ability to define foreign shipping and billing addresses
during the checkout procedure (eg, the shipping address provided by PayPal
Express Checkout).
Add further checks to the checkout process page to prevent fraud orders.
[r1699, r1750]
* Calling $order_total_modules->process() multiple times would duplicate the
output data due to the order total modules already being instantiated.
* Make sure $parameters is an array in the navigation history class.
* Remove secondary pre-euro currencies from display.
* Fix downloads when "Download by redirect" and "SEFU" are both enabled.
Fallback to readfile() download delivery mechanism if direct download files.
[r1681, r1720]
* Add toggleDivBlock() Javascript function to admin/includes/general.js.
07/03/2007 osCommerce Online Merchant 2.2 RC1
* Remove additional slashes when editing a file in the Administration Tool ->
Tools -> File Manager section.
* Update Administration Tool pages. Introduce index summary modules
(backported from v3.0).
[r1633, r1634, r1635]
* Increase configuration_title and configuration_key field sizes
* Update project version. Update osCommerce logo. Use standard store_logo.png
image to easily allow the store logo to be changed.
* New administrators page to create, edit, and delete administrators
* Filter the parameters to not include any containing '_nh_dns' in the name so
they do not get stored in the navigation history session file.
[r1619, r1620]
* Add a public_title variable to the payment modules so the payment method can
display "Credit Card" instead of the name of the payment service provider.
[r1617, r1621]
* When editing reviews, strip additional slashes in the reviews text before
storing it in the database.
* PHP < 4.1 compatibility update.
* Backport v3.0 installation procedure.
[r1611, r1613, r1629]
* Add a simple administrator login routine to the Administrator Tool.
[r1610, r1632]
* Process the order total modules earlier on the checkout confirmation page.
* Fix typo in the products new page.
* Add the session ID to the GET based forms as a hidden field value.
[r1606, r1607]
* Updating category settings without selecting a category image was removing
the previous category image.
* Check the selected payment module radio field.
* Load the payment modules after the order total modules to get the proper
final order total value. This will break some payment modules duplicating
the checkout_process.php logic (ie, PayPal IPN contribution).
* Improve the logic of accepting state names.
* Add a new configuration parameter to control the maximum quantity a product
can be added to the shopping cart (99 by default).
* The quantity is added to the database as an integer so the quantity in the
shopping cart session should also be treated as an integer.
* Fix the display of the country name on the order history page.
* Don't calculate prices with tax by rounding the net value, as this brings
down the default precision of 4 to the decimal places the selected currency
[r1592, r1593]
* Fix sql injection vulnerability when sorting product listings.
* Pass the connection identifier link to the mysql_insert_id() function.
* Reset the array index counter after working through its elements.
* Respect the Configuration -> Minimum Values settings.
[r1587, r1588]
* Correct the display of the billing address on the invoice and packing slip
* Fix currency case-sensitivity bug.
* Add a register_globals compatibility layer for PHP 4.3+ servers.
[r1583, r1584, r1597, r1599, r1647]
* Allow payment modules to display input fields on the checkout confirmation
* Add fulltext support into the database backup dumps.
Don't backup the data from the sessions table nor the who's online table.
Delete the contents of the sessions table and who's online table after a
restoration has been performed.
* Fix manufacturers caching block.
08/17/2006 osCommerce 2.2 Milestone 2 Update 060817
Please review the update-20060817.txt file for the important changes made.
11/13/2005 osCommerce 2.2 Milestone 2 Update 051113
* Fixed bug 1662; update of customers address through the My Account page
resulted in the country value not being stored properly and affected tax
rate values.
11/12/2005 osCommerce 2.2 Milestone 2 Update 051112
Please review the update-20060817.txt file for the important changes made.
* Index language definition: updated the Wiki link to point to the Knowledge
Base site
* Reviews Box: Renamed the following variables due to naming conflicts:
$review_query -> $rand_review_query
$review -> $rand_review
$review -> $rand_review_text
* Wrapped all input parameters with tep_output_string() in the tep_image()
function on the administration tool
* UPS shipping module removed due to it violating the UPS terms of service.
An alternative module can be found here:,1323
* Updated codebase for PHP 5.0 compatibility
* Updated database structure for MySQL 5.0 compatibility
12/07/2003 osCommerce 2.2 Milestone 2
* Shared SSL servers are now properly supported with cookie parameters
existing for both normal and secure servers.
* The installation/upgrade procedure was simplified with a new layout.
* Internally set PHPs error reporting to E_ALL to remove all notice messages
on the Catalog module.
* Renamed default.php to index.php.
* Sanitize all user input on the Catalog module before inserting it into the
* Updated the layout of the shopping cart page.
* Fixed linefeed issues with emails.
* Modules are now installed at the Administration Tool via Install/Remove
buttons located in the infobox; no longer through clicking on the status
icons. This is to be consistent with other areas of the Administration
* Updated the layout of the product listing page.
* Updated the splitPageResults class to use the benefits a class provides.
* Realized the My Account Proposal as discussed on the developers forum
* Introduced the message stack class used on the Administration Tool to the
Catalog module. It has been extended to store messages in groups allowing
to display the messages in groups at separate sections of the page.
* Removed old European currencies (Deutsche Mark and Spanish Peseta)
* Update the default configuration parameters to meet the needs of USA (it
was previously meeting a mix of USA and European regulations)
* IP Address and Client Browser User Agent validations implemented for the
Security And Privacy Proposal.
* Session ID Regeneration feature implemented as part of the Security And
Privacy Proposal.
* New file upload class implemented.
* Search Engine Spider Session Prevention feature implemented as part of the
Security And Privacy Proposal.
* Manually round numbers in the tep_round() function, bypassing PHPs round()
and number_format() functions.
The PHP round() and number_format() functions return different results when
strings or floats are being processed.
* Added data validation to the Customers section on the Administration Tool.
* Tax Compounding logic corrected.
* Cross site scripting vulnerabilities fixed.
* Moved filename and database table definitions from application_top.php to
their own files.
* The Tax Priority can now be inserted when creating new tax rates in the
Administration Tool.
* Implement the force cookie usage and ssl_session_id validations features
from the Security and Privacy Proposal.
* Virtual products tax update (virtual products were not being updated as no
shipping address is in use. Instead, the billing address is used to base
the taxes on.
02/17/2003 osCommerce 2.2 Milestone 1
*** The changelog entry for the 2.2 Milestone releases will be updated ***
*** throughout the Milestone release path. The information here is ***
*** currently old. ***
* Manufacturer now saved when adding products. (bug fix)
* Added .htaccess file in the 'includes' directory for some security (blocks
direct http requests to .php files).
ie, http://server/catalog/includes/application_top.php
* New cache class added for the categoies box (only for PHP4)
- Note, this is disabled by default due to our run out-of-the-box approach.
Can also be used in other areas of the catalog.
* New Who's Online section in the administration tool.
* Updated payment and shipping modules structure - no longer has multiple
include statements - and are now classes.
* Administration Tool sections now with opened/closed box approach (the list
of functions was getting too long!).
* New login and create account option page (ala Amazon style)
* Click on the products image (in products details) and a new browser window
will open and resize itself to the image shown - used to display larger
pictures of the product.
* All font styles are now in stylesheets.
* Full locaization support (ie, categories title, products descriptions,
image buttons, etc)
* Table names now as constants (variables)
* Banner support functionality
* Products expected now as normal products (with descriptions)
* Stock control functionality
* Products with different attributes can now be added to the shopping cart.
(feature fix)
* support added
* Sessions can now be stored in the database
* Tell-A-Friend function for products
* Information box, with all informations about shipping & returns, privacy
notice and conditions of use
* Newsletter function in the administration tool.
* New zones for germany, swiss and austria.
* Prices can now be handled with/without tax. The tax would be correct
* Prices in all countries which joined the euro currency, displays the prices
in euro and national currency. This is a european guideline which is now
support by TEP.
* All address information is now stored in the address_book table only. This
change was made to reduce redundancy and allow more feautures in the
checkout part (e.g. selection of different BillTo and SendTo addresses)
03/06/2001 The Exchange Project Preview Release 2.1
* Payment methods are now modules, makes it easier to implement other payment
methods. Supported methods COD, Credit Card, Paypal. CC also supports
storing only part of the CC# in the DB with the other digits being emailled
to a specific email address.
* Shipping Modules - Modular shipping methods with support for UPS, USPS,
FEDEX(Ground), Per Item and Flat rate shipping.
* Db query clean up a few AS clauses were added for earlier MySQL versions.
Error checking added for when no records exist.
* Added languages box - customers can now choose their language anywhere
except during the checkout procedure (due to POST variables in forms)
* Added currencies box - customers can now choose their currency independent
from the language chosen
* Currencies can be added/deleted/modified through the administration tool -
no longer through individual language files in the include directory
* Added a 'Contact Us' Page.
* Added COMMENTS field to Orders table - an order history
Need to ALTER TABLE orders ADD comments TEXT not null;
* Selectable columns in 'Product Listings'.
* Added a delete button to the orders in the admin tool.
* Solved a problem with the session id not being passed to the secure server.
* Countries added to the admin tool.
* The 'Add a Quickie' box now uses the model number instead of the product
* The 'Search' box and the 'Advanced Search' now use the same engine.
* Backup in the admin tool.
* Numerous bugs fixed.
* Categories box has been updated to display path taken in bold, and display
the parent categories (tree navigation)
* Font styles implemented
* tep_image now optionally calculates image size if omitted
* products_to_manufacturers table removed. Manufacturers are now directly
link to products, via manufacturers_id record in the products table
* tep_href_link now removes extra & and ? characters in the URL
* Products with no manufacturers are now listed in the catalog module
* New DIR_* definitions for easier understanding ->
FS = Filesystem (physical)
WS = Webserver (virtual)
12/13/2000 The Exchange Project Preview Release 2.0a
* Added FedEx shipping module
* Bugfixes
12/02/2000 The Exchange Project Preview Release 2.0
* Manufacturers pull-down select box
* Number of products in each category displayed
* Bestsellers box
* See what other customers have brought (linked to current product displayed)
* Administration Tool now user-friendlier via new layout
* Categories-to-Categories structure
* Spanish added to the official languages supported
* Dynamic product attributes
* Tax zones, classes, and rates
* Now PHP3/PHP4 compatible
* Some configuration parameters now in database
* Manufacturers now directly linked to products
* Status of orders can now be modified
* New advanced search page
* Order confirmation emails can now be sent to multiple addresses
* Address formating function implemented
* PayPal payments implemented
* Currencies are now formated to the selected locale
05/14/2000 The Exchange Project Preview Release 1.1
* Customization variables and constants
* English and German localization
* New products and upcoming products modularized
* Added custom tep_db_* database functions
* Added custom tep_session_* session functions
* Added tep_href_link function
* Added tep_image function
* Added tep_image_submit function
* Added tep_black_line function
* Added tep_break_string function
* Added tep_products_in_cart function
* Added tep_exit function
* Added tep_number_format function
* Reviews-Box now displays a random review
* account_edit_process.php updated
* Review-Box: text now broken to avoid exceeding box width
* address_book_add.php updated, also combined with
* login.php updated, also combined with login_process.php
* login_forgotten.php and login_forgotten_process.php now combined to
* Added products image to reviews info
* products_reviews_write.php and products_reviews_write_process.php combined
* shopping_cart.php updates
* shopping_cart.php now displays proper price on special for nonsess cart
* Fixed misalignment of checkout information
* New directory structure for includes
* application_top.php and application_bottom.php implemented for application
wide parameters
* column_left.php and column_right.php structure implemented
* Display parse time of pages
* SQL queries optimized
* tep_number_format function implemented, but not in use
* Fixed add a quickie bug - when product did not exist in catalog, it
inserted a null entry in the cart
03/12/2000 The Exchange Project Preview Release 1.0
* Initial Release
Something went wrong with that request. Please try again.