Commits on Oct 20, 2010
Commits on Mar 24, 2010
  1. Update WHATSNEW for release

    machack666 committed Mar 24, 2010
  2. Bump version number

    machack666 committed Mar 24, 2010
  3. Fix css.tag to properly output the css when using the inline <style> …

    machack666 committed Mar 24, 2010
    css.tag attempts to write a file out to the filesystem after reading
    in the css via either variable or literal.  If the file path it
    attempts to write to is not writable, for whatever reason, instead of
    creating a <link> tag to the written file, it attempts to create a
    <style> tag containing the css.
    Currently, if it ever creates the style tag, it will never contain the
    css.  When the location is not writable, it skips the portion of code
    that reads in the actual css, either from the literal option or the
    contents of the variable.
    This patch moves the reading of the css up to a point where it can't
    be skipped, allowing both the link and style tags to be created
    Report and patch by Justin Otten <>
Commits on Mar 22, 2010
  1. Fix "HTTP Response Splitting" security exploit

    machack666 committed Mar 22, 2010
    Discovery and patch from Justin Otten <>:
    Added new method to for scrubbing newlines from header data.
    Updated all discovered instances of the use of the "Location" header
    ran the URL through the routine.
Commits on Mar 20, 2010
  1. Sync manifest

    jonjensen committed Mar 20, 2010
Commits on Mar 18, 2010
  1. Update jEdit syntax highlighting mode

    jonjensen committed Mar 18, 2010
    By Justin Otten <>:
    It now handles perly tags much better and properly delegates html tags.
    It also can now recognize custom tags as well.
    I've also updated the list of known SystemTags and Pragmas.
    There is a also a small bug fix with the [comment] tag not being able
    to have attributes.
Commits on Mar 12, 2010
  1. Add 'id' to override of METAMAKE in Table/

    Josh Lavin committed with jonjensen Mar 11, 2010
    This allows id's to be added to form widgets built from mv_metadata. This change should have been submitted with similar changes to (commit a31302b, from 27 Oct 2009).
Commits on Mar 11, 2010
  1. running in PreFork mode requires Tie::ShadowHash module, dependency

    racke committed Mar 11, 2010
    added to interchange package (Closes: #571694)
Commits on Mar 7, 2010
  1. allow for bounces from Autoload routines

    racke committed Mar 7, 2010
    added new autoload_inspect SpecialSub to signal skipping of further Autoload processing
Commits on Mar 6, 2010
  1. always use default encryption method for global AdminUser (problem fo…

    racke committed Mar 6, 2010
    …und by Rok Ružič)
Commits on Mar 3, 2010
  1. Correct Tommi Labermo's name

    jonjensen committed Mar 3, 2010
  2. Fix SpecialPages directive for violation.html

    Josh Lavin committed with jonjensen Feb 25, 2010
Commits on Feb 24, 2010
  1. Update WHATSNEW

    pajamian committed Feb 24, 2010
  2. Correct RobotLimit comments in catalog.cfg.

    pajamian committed Feb 24, 2010
    Correct comments in catalog.cfg for Limit robot_expire.
    Add comments for Limit ip_session_expire.
Commits on Feb 23, 2010
  1. Properly initialize BOP supplemental parameters.

    machack666 committed Feb 23, 2010
    This fixes a bug where supplemental parameters passed to the payment
    module to initialize the Business::OnlinePayment gateway object get a
    value of 1 instead of what's in your catalog.cfg or
    Patch by Richard Siddall, with minor bugfixes by David Christensen
Commits on Feb 19, 2010
  1. Make log output for AllowRemoteSearch violations much more useful

    Greg Sabino Mullane committed with jonjensen Feb 18, 2010
Commits on Feb 10, 2010
  1. fix failures of fresh Interchange installs due to postinst script try…

    racke committed Feb 10, 2010
    …ing to change
    ownership on non-existant /var/run/interchange directory (#569116)
Commits on Feb 8, 2010
  1. CyberSource SOAP toolkit payment module

    msjohns1 committed Feb 8, 2010
    Provides full clientless (as in no Simple or SCMP
    API) support for the following CyberSource services:
    * Standard credit card
    * Bill Me Later
    * Paypal Express Checkout
    * Electronic check
    Squashed commit of the following:
    commit eb6e31d62115670cc2a0abe063cc3ff73831f986
    Author: Mark Johnson <>
    Date:   Mon Feb 8 10:13:03 2010 -0500
        Complete CyberSource documentation
        Fill in documentation missing for the newer Paypal and Electronic
        Check features.
    commit d5623a7287254d6df1f563221936ff4e287aa2b9
    Author: Mark Johnson <>
    Date:   Tue Oct 20 21:53:06 2009 -0400
        Fixed glitch on return_ec_set handling.
        * paypal_token was being wiped out since CYBS wasn't echoing the
          token in its reply.
    commit 1b6902c04914b784f6ad920c8c46068083148374
    Author: Mark Johnson <>
    Date:   Mon Aug 17 12:49:54 2009 -0400
        Converted check_num -> check_number
        The former was in standard, but the latter in map_actual(), which I
        took to be authoritative.
    commit 79f0292a912d6a95a66413b0c43aa085508b85fe
    Author: Mark Johnson <>
    Date:   Mon Aug 17 10:56:36 2009 -0400
        Adding electronic-check support.
    commit 27a0f38fb5c00aa8b698e506905e38577a31ab69
    Author: Mark Johnson <>
    Date:   Wed Aug 12 10:31:00 2009 -0400
        Adjustments from testing implementation
        * Added support for passing in generalized transaction_id, distinct
          from CYBS's transaction ID, that Paypal requires for follow-on
          transactions. So, CYBS tid = origid, PP tid = transaction_id.
        * Added documentation for transaction_id param, noting the relationship
          of the various PP services for its use.
        * Converted from using $Session to $::Session.
        * CYBS will enforce a conditional set of required features on the shipTo_*
          fields if any of them are present, despite them being technically optional.
          Since actual() tends to suck in anything floating around in $Values, added
          an address_ok requirement for using any address data at all.
        * Added conversion in request for the typically used UK to instead use GB
          for any UK address.
        * Restricted resetting $Session->{paypal_token} to only EC set transactions.
          Failures on dopayment attempts were (at least sometimes) coming back
          without echoing the token, which was killing the paypal session.
    commit fe2029d6869813962863d286c6a327806c089f46
    Author: Mark Johnson <>
    Date:   Tue Aug 4 11:52:18 2009 -0400
        Paypal documentation added.
    commit 694e1d7dcefd6d027810471ac7e56cd04fc74333
    Author: Mark Johnson <>
    Date:   Tue Aug 4 10:28:35 2009 -0400
        Paypal Support in Vend::Payment::CyberSource
    commit a6a7169bd3107506d88087b2c9221594c14185de
    Author: Mark Johnson <>
    Date:   Mon Jul 20 10:07:05 2009 -0400
        Initial load of Vend::Payment::CyberSource
  2. Vend::Payment::PaypalExpress v1.0.7 from

    racke committed Feb 8, 2010
    Fix for yet another variation in the way that Paypal handle Canadian province names.
    So we have 'British Columbia', 'BC', and now 'B.C.' formats.
    Also, a patch to allow use of the [assign] tag in shipping;
    a patch to allow 'use_billing_override' to send billing addresses;
    and a patch to display Long rather than Short PayPal error message to customers
    (last three contributed by Josh Lavin).
Commits on Jan 5, 2010
Commits on Jan 1, 2010