------------------------------------------------------------------------------ What's new in each version of Interchange (since the version 5.12 branch) See UPGRADE document for a list of incompatible changes. ------------------------------------------------------------------------------ Interchange 5.12 not released yet Interchange now requires Perl 5.14.1 or newer. Please note that the official Interchange project site has moved from icdevgroup.org to: https://www.interchangecommerce.org/ The canonical Git repository is now hosted on GitHub at: https://github.com/interchange/interchange Installation ------------ * Assume that if a source code control repository is present in the installation directory, we don't need to do the archaic .~* file copies. Core ---- * Updated RobotUA handling. * Improved UTF-8 handling and bugfixes. * Improve image uploading via the table editor. * Add support for [all-anchor] token in [more-list] template. * Improve [image] extension handling to search for lower/uppercase versions of file extensions. * Add date-change "common" filter parameter to output date+time without "T" separator. * Add bcrypt filter. * Allow a dash in the middle of a varname (and to end one). * Allow changable varname regex for profile checks via Limit profile_check_varname_regex \b\w[-+.\w]* * Fix bug where only one address was possible for DebugHost. Now accepts a range of IP addresses. * Disallow comma character within email addresses in email and email_only profile checks. * Add "default" option on CGI tag. Negligible impact on performance, as branch only followed on blank/zero value. * Fix bug whereby certain LARGE or HUGE tables could have large searches started by hitting return with the cursor in the entry box. * Fix bug in hash version of [item-tag-*]. * Reprioritize (later) little-used loop tag scratchd. * Refactor cookie-setting routine to avoid double ; and extra string copying and use canonical capitalization. * Teach pragma set_httponly to apply only to certain cookies. E.g. for the default session cookie only: Pragma set_httponly=MV_SESSION_ID Or for that plus another arbitrary cookie "cart": Pragma set_httponly=MV_SESSION_ID,cart The old behavior of setting HttpOnly for all cookies still works as before, e.g.: Pragma set_httponly * Add CounterDir configuration to allow counters to be defined by default in some place different than VendRoot. * Extend PerlAlwaysGlobal to encompass [loop-calc]. * Fixed a bug in the [area] tag when a full URL is passed as the href. * Pass through from [bounce] URL-generation options such as form, secure, match_secure, etc. * Add new AlwaysSecureGlob directive. It's not possible to enumerate all the admin URLs or ActionMaps that should be generated secure-only, so this new directive allows matching. * Fix month and year adjustment wrapping issue in Vend::Util::adjust_time(). * Add [adjust-href] tag. Reads HTML passed to it, finds links and adjusts ones that don't begin with an absolute path to Interchange URLs. Normally done by setting "Pragma adjust_href" in catalog.cfg (or [pragma adjust_href] at the top of the page). * Add code to Server.pm to adjust tags when "Pragma adjust_href" is in force. Uses above tag. * Cleanup of quite a few Perl module dependencies, removal of vestiges of old version control systems from source files. * Improved integration of CI tools for development. * Add ability to return after Preload and Autoload routines. Setting $Vend::PreloadReturn or $Vend::AutoloadReturn (i.e. they are defined) means Vend::Dispatch::dispatch() will return that status. This allows features like QueryCache and others that are hooked via Preload or Autoload. * Add skeleton module Vend::InDev, which does nothing but set a single global variable if the file _indev is present in $Global::VendRoot. This allows interchange.cfg bifurcation, useful when maintain a SCCS repository. * Multiple cleanups and bugfixes to handle more modern versions of Perl. * Add x_accel_expires pragma to set X-Accel-Expires header for nginx proxy caching. * Remove non-header from BounceReferrals HTTP response headers, which breaks output with newer Apache versions. * Support recipient addresses in CC and BCC when using Net::SMTP. * Fix Vend::Util::timecard_stamp() to support a passed timestamp. * Make Interchange reopen debug.log/STDERR when receiving HUP signal. * Fix race conditions in timed-build output. * Added support for CIDR notation (for both IPv4 & IPv6) in TrustProxy and RobotIP directives. * Normalize IPv6 addresses. * Fix bug with mixed plaintext/crypted passwords on promotion. * Quell error message for harmless empty JSON request body. * Allow custom headers in [get-url]. * Add more unit tests. * Make HTTP response codes more relevant. * Remove the option for session ids in URLs, so cookies are always required. * Improvements to [child-process] usertag. * Allow setting cookies, even if no session is created. * Add tools for viewing/manipulating existing Storage sessions. * Remove old mod_perl artifacts, unused variables, and support for ancient browsers. Payments -------- * Add BIN-2 MasterCard number support to Vend::Order, catalog templates, admin, and Vend::Payment modules which require it. * Include b_phone and phone in payment information. * Remove defunct payment services: Vend::Payment::ECHO and Vend::Payment::Skipjack. * Updated Vend::Payment::PayPal to latest available version. * New Braintree payment module. * Add Gateway Log feature for logging full details of payment gateway requests/ responses. (See extended section about the Gateway Log later in this document.) Database -------- * Support newer versions of MySQL. * Prevent key-only inserts for new rows in [import-fields] tag. * Allow admin user to export specific tables using [backup-database] despite current NoExportExternal setting. * Add ability to have a NO_UPDATE field in SQL tables, which field will not affect a TIMESTAMP field (in MySQL or Postgres, at least). Intended to allow mod_time in user logins to be updated without changing a timestamp field. May have other uses, but is only honored at this time in the set_field() method, so has limited applicability. Assuming one has a timestamp field in the userdb table called "update_date", this is effected by changing the configuration as: Database userdb TIMESTAMP_FIELD update_date Database userdb NO_UPDATE mod_time * Fix bugs with MySQL and PostgreSQL handling of QUOTE_IDENTIFIERS. * Update default field widths for userdb, transactions, and orderlines. * Improve error handling/messaging when no access to database in Safe. * Support MySQL's utf8mb4 character set encoding, to be able to store all UTF-8 characters. UserDB ------ * Add valref and scratchref options to UserDB, allowing the admin user to put their stuff in someplace besides $Values. This would allow you to easily set $Values to customer or affiliate settings, without impacting the admin user. If you do: UserDB ui valref user_record UserTag uvalue Alias data base=session key= you will then be able to reference the Admin "values" with [uvalue name] The [if-mm] tag probably needs to be adjusted for this to work in the admin in real life. * Check for admin status earlier so it's available to postlogin_action. * Add support for prelogout_action to UserDB logout. * Add "fallback_login" option, to be used with "indirect_login". If indirect fails, it will fallback to the primary key (by default, username). This could allow users to login with email (indirect_login = usernick), but still support login via username if they opted to use their username instead. * Add "promote_admin" option, to be used with "scratch". The option is set to the value of a field name, which also has to be a "scratch" value. If that is true, and the value of the field is true, the user will be promoted to $Vend::admin. They will not be $Vend::super. Note that this does not gain access to the classic Interchange UI without modification, since the login_table will not be admin (the test which is used in most cases). Admin ----- * Respect custom BACKUP_DIRECTORY in admin table downloads. This matches behavior expected by [export-database]. * Fix bug which blew away user's yes_tables and yes_functions setting when editing name/superuser status. ` * Fix table editor composite key problems, both creating new and editing existing rows. * Exclude canceled orders from reports. Strap Demo Catalog ------------------ * Updated the versions of jQuery, Google Analytics, and Bootstrap used. * Turn off UserDB ignore_case by default. * Prevent browser autocomplete problems. * Remove some legacy cart components. * Formatting fixes on checkout pages. * Fix broken random password number range; consistently make random instead of using zip or phone. * Lengthen ip_addr database fields to support IPv6. Other ----- * Updated te utility with several new features. * Quickbooks integration: Fix typos so that removing stray trailing whitespace works. Gateway Log ----------- Vend::Payment::GatewayLog - Basic package and methods for enabling full transaction logging in any of the gateways within the Vend::Payment::* namespace. Gateway logging is inactive by default. It can be explicitly enabled by triggering the "gwl_enabled" option in any of the usual ways: * As an option directly through the [charge] tag. E.g., [charge route=authorizenet gwl_enabled=1 ...] * As an option defined in a payment route. E.g., Route authorizenet id "__MV_PAYMENT_ID__" Route authorizenet gwl_enabled 1 ... * Globally for all payment modules where gateway logging support has been added to the module, via MV_PAYMENT_* mechanism. E.g., Variable MV_PAYMENT_GWL_ENABLED 1 Note at this time, only a few payment modules have been fitted with gateway logging support. It is assumed that the developer of each module, who is familiar with the request/response structure of the specific API, will be ideally suited to add gateway logging to the remaining modules. Those currently supporting it are: * AuthorizeNet * Braintree * CyberSource * PayflowPro * PaypalExpress (for dorequest API activity only) Developers responsible for other payment gateways are encouraged to follow the examples of the above payment modules and outfit remaining payment gateways with their own gateway-logging hooks. The format and fields of the gateway_log table as defined in the strap demo should be used for maximal interoperability. The table name can be any name you like, but because every payment module independently constructs the code to populate the table, changing the field data types or names, and/or adding/removing fields, will likely cause malfunction for the existing modules' logging configurations. There are 3 settings a catalog manager can control when enabling gateway logging: * Enabled (discussed above) Boolean to indicate that actual logging should be performed. Default is false; thus logging must be explicitly requested. Can be set with Route param or [charge] options "gwl_enabled", or globally with MV_PAYMENT_GWL_ENABLED in catalog.cfg. * LogTable Name of table to which logging should be directed. Default is gateway_log. Can be set with Route param or [charge] option "gwl_table", or globally with MV_PAYMENT_GWL_TABLE in catalog.cfg. * Source Maps to the request_source field in the log table. Value is most meaningful in a distributed environment, where multiple servers running the Interchange application may be handling requests behind a load balancer. Default value obtained from `hostname -s`. Can be set with Route param or [charge] option "gwl_source", or globally with MV_PAYMENT_GWL_SOURCE in catalog.cfg. (end)