Skip to content
Commits on Nov 13, 2010
  1. @markkevans @haraldpdl

    Fix single quoted words in advanced search

    markkevans committed with haraldpdl Nov 8, 2010
    Fix search queries which use quotes. Fixes issue #45
    
    Update advanced search results to remove a possible SQL injection vector
  2. @haraldpdl
  3. @markkevans @haraldpdl

    Fix a php notice for undefined index id when adding a product without…

    markkevans committed with haraldpdl Oct 24, 2010
    … attributes to the cart
  4. @markkevans @haraldpdl

    Remove length check on current password so that the length can be cha…

    markkevans committed with haraldpdl Oct 23, 2010
    …nged by the admin. Fixes issue #50
  5. @JanZ @haraldpdl

    Add support for phpass

    JanZ committed with haraldpdl Aug 11, 2010
    Update phpass implementation
    
    Rename PasswordHash.php to passwordhash.php
    
    rename phpass classs filename on the admin side
    
    Fix syntax error
  6. @haraldpdl
  7. @gburton @haraldpdl

    Amended php_self to stop spoofing

    gburton committed with haraldpdl Jul 17, 2010
    Base PHP_SELF on SCRIPT_NAME/SCRIPT_FILENAME
    
    check if cgi.fix_pathinfo is set
  8. @markkevans @haraldpdl
  9. @markkevans @haraldpdl

    Add a compatibility function for is_writable for Windows

    markkevans committed with haraldpdl Apr 26, 2010
    Add the function to administration tool
    
    rename tep_writeable() to tep_is_writable()
  10. @haraldpdl

    Move installation checks to new Security Check modules. These are now…

    haraldpdl committed Jan 29, 2010
    … displayed only on the Administration Tool and no longer within the Catalog frontend.
    
    avoid variable conflicts
    
    fix check
  11. @haraldpdl

    Fix language definitions

    haraldpdl committed Jan 15, 2010
  12. @haraldpdl

    Introduce new actionRecorder class to log customer actions. Based on …

    haraldpdl committed Jan 13, 2010
    …prototype by Jan Zonjee.
    
    Limit tell a friend emails to 1 email every 15 minutes (configurable) checking on customer ID or IP address.
    
    Add language definitions for module titles
    Add success database table field to show if an action was successful (1) or not (0)
    Add expireEntries() class method to remove old entries in the database
    
    New Contact Us action recorder module
    Verify processing of enquiry with session token ID
    
    New configuration parameter to control contact us emails
    
    New administration page to view recorded action entries
    
    New Administration Tool index summary module to display last admin login attempts
    
    Expire old action recorder entries as a manual process
    
    Update Action Recorder modules into real modules; each module can now have configuration parameters
    
    Apply the Action Recorder to Administration Tool login attempts
    Remove automatic logging of failed action recorder attempts
    
    Add the ability to filter action recorder entries via modules and the ability to search for identifiers
    
    Update language definitions
  13. @haraldpdl

    New Security Directory Permissions feature for the Administration Tool

    haraldpdl committed Jan 25, 2010
    Move whitelist directories to a database table. Add-Ons can utilize this feature by adding directories they require write access to.
    
    Enable PayPal Express by default (with Accelerated Boarding)
    Whitelist includes/work as a writable directory
Commits on Sep 12, 2010
  1. @haraldpdl

    Add new pre-populated list of common currencies to choose from

    haraldpdl committed Feb 8, 2010
    language update
    
    add new predefined currencies to choose from when adding a new currency
    change english charset to utf8
  2. @Shadow-Lord @haraldpdl

    Payment and Shipping Modules not updating for some users

    Shadow-Lord committed with haraldpdl May 12, 2010
    standards updates
  3. @haraldpdl
  4. @markkevans @haraldpdl
  5. @haraldpdl
  6. @markkevans @haraldpdl
  7. @haraldpdl
  8. @gburton @haraldpdl

    Fixed broken image functionality

    gburton committed with haraldpdl Apr 26, 2010
    standards updates
  9. @haraldpdl
  10. @haraldpdl
  11. @markkevans @haraldpdl

    Add some extra protection to the images folder. Based on the suggesti…

    markkevans committed with haraldpdl Jan 24, 2010
    …on by FWR Media
    
    Fix typo
    
    Update htaccess to remove the php engine setting since this seems to be redundant
  12. @haraldpdl

    Don't show empty menu boxes

    haraldpdl committed Jan 28, 2010
  13. @markkevans @haraldpdl

    Update IP address detection logic to properly deal with proxy servers

    markkevans committed with haraldpdl Jan 20, 2010
    update logic validating ip addresses
    
    Apply the Action Recorder to Administration Tool login attempts
    Remove automatic logging of failed action recorder attempts
  14. @haraldpdl

    Remove PHP3 compatibility code

    haraldpdl committed Jan 22, 2010
  15. @haraldpdl

    verify product attribute combinations when adding products to the sho…

    haraldpdl committed Jan 15, 2010
    …pping cart
    
    Do not add products to the shopping cart if it has attributes assigned and none are passed to the shopping cart
  16. @haraldpdl

    update define languages page

    haraldpdl committed Feb 17, 2010
  17. @haraldpdl

    Commit cleanup and fix some warnings in phplot and typo in banners_in…

    Mark Evans committed with haraldpdl Sep 6, 2009
    …fobox for OSC-999
    
    Fix typo in variable name
    
    Fix syntax
    
    Fix bug OSC-1094 - Incorrect spelling of database
    
    update email header
  18. @haraldpdl

    Verify length of email address

    haraldpdl committed Jan 7, 2010
    Update tld file
    
    Update the email validation routine to remove the reliance on the tld file
    
    Standards updates
  19. @haraldpdl

    Fix very rare instance of damaged sessions calling add_current_page()…

    haraldpdl committed Jan 10, 2010
    … from the navigation history class
  20. @haraldpdl
  21. @haraldpdl

    Try to perform an automatic login if a Basic HTTP Authentication mech…

    haraldpdl committed Mar 7, 2008
    …anism is already in place. For this to work, the administrator username and password must be the same as the HTTP Authentication login credentials.
    
    Enhance Administration Tool Administrators page to manage the htaccess/htpasswd security layer
    
    Generate htpasswd passwords using the Apache APR-MD5 algorithm. This allows the htaccess/htpasswd security layer to be used under Windows and Unix servers.
  22. @haraldpdl

    sanitize parameter

    haraldpdl committed Dec 30, 2009
    sanitize parameters
    
    sanitize parameters
    
    sanitize values
    
    sanitize parameters
    
    Commit cleanup and fix some warnings in phplot and typo in banners_infobox for OSC-999
    
    Escape shell arguments in the checkdnsrr() compatibility function.
    Fix OSC-762
    
    Escape the filename of the href link.
    Fix OSC-763
    
    Apply magic_quotes to the GET parameters when Search Engine Friendly URLs is enabled.
    Fix OSC-761
    
    Parse the date of birth values.
    Fix OSC-684
    
    Parse values in the query
    
    Verify selected payment method
Something went wrong with that request. Please try again.