osCommerce Online Merchant v3.0.2

osCommerce Online Merchant v3.0.2 is a minor release focusing on bug fixes, framework improvements, and introduction of new Applications.

New Installations - Quick Start

Copy the oscommerce directory to your web server htdocs directory and open the location with your browser. Setup will automatically launch and guide you through the installation and configuration of your new online store.

After installation is complete and the configuration settings have been saved, the Shop frontend and Administration Dashboard can be opened with:

Site URL
Shop http://www.your-server.com/oscommerce/index.php?Shop
Admin http://www.your-server.com/oscommerce/index.php?Admin
Although the Setup site is locked after a new installation, it is recommended to delete the site after installation has completed to prevent outside access to it. This can be done by removing the following directory:

/path to/oscommerce/osCommerce/OM/Core/Site/Setup

Upgrading from v3.0.1

Old configuration settings have been removed in this release that must be manually deleted in existing installations.

CoreUpdate - Automatic Upgrade

Upgrades can be easily performed through CoreUpdate, located in the Administration Dashboard -> Applications -> Tools -> Core Update menu. Here, a list of available update packages are shown with the ability to read release announcements and to browse the contents of the packages. New update packages may take up to 6 hours to become available.

A log file is saved as osCommerce/OM/Work/Logs/update-*.txt during the process of applying a CoreUpdate update package, which describes the file and directory changes that were made.

If a problem occurs during a CoreUpdate update, file and directory changes made to the point of failure are reverted and returns the installation back to its original state.

After applying a CoreUpdate update package, log out and back into the Admin Site to have access to new Applications introduced in the update. This step will be performed automatically with the next CoreUpdate update.

ZIP Package - Manual Upgrade

A manual upgrade can be performed by extracting the update package contents and copying and overwriting the files to the osCommerce/OM and public/ directories. This can be performed directly on the server or via FTP.

Removal of Old Configuration Settings

Old configuration settings have been removed in this release and must be manually deleted from osCommerce/OM/Config/settings.ini.

Please remove the entire [RPC] group:

[RPC]
enable_ssl = "false"
http_server = ""
dir_ws_http_server = ""
http_cookie_domain = ""
http_cookie_path = ""

This will leave OSCOM, Admin, and Shop as the remaining groups in the settings file.

Changelog

Security

Level Description
High Fix XSS vulnerability in OSCOM::getLink() and OSCOM::getPublicSiteLink().
High Deny access to osCommerce/OM with a .htaccess file when the directory is left in the public html directory.

General

  • New Admin Applications:
    • Categories
    • Customers
    • Services
  • Verify Session IDs - if requested Session ID does not exist, create and use a new Session ID.
  • Only call for Administration Dashboard Shortcut Notifications when shortcuts exist.
  • Support sub-domain URLs for Sites.
  • ErrorHandler messages now formated in UTF-8.
  • Allow configuration parameters to be retrieved by their key.
  • New Administration Dashboard Customers module.
  • New jQuery Plugins:
    • Buttonset Tabs - UI widget
    • BlockUI - to use on modal forms
    • SafetyNet - to warn when leaving a form with unsaved modifications.
    • Image Selector - to show images to choose from.
  • Update jQuery to 1.6.1
  • Update jQuery UI to 1.8.13
  • Replace Admin ErrorLog delete page with a modal dialog.
  • Update DataTable to support draggable rows.
  • New public/upload directory where files and images can be manually copied to.
  • New Javascript File Uploader script to handle single and multiple file uploads.
  • New Upload class supports PUT and POST file uploads.
  • After a CoreUpdate update package has been applied, refresh the administrator's session access list to show new Applications.
  • Allow CoreUpdate to run code after an update package has been applied (incl. SQL queries).
  • Show CoreUpdate logs.
  • Also seek new Applications and Languages in the Custom directory.
  • Remove case-sensitivity when filtering extensions in DirectoryListing.
  • Allow PDO_MySQL to connect to sockets.
  • Lock the Setup Site after a new installation has been performed.

Applications

Status Site Application
New Admin Categories
Customers
Services

Bug Fixes

The following bug fixes have been applied:

Title Description Bug
Language Translations Translate hardcoded text. 231
Product Availability Fix javascript that displays product variants. 233
Fix Site\Shop\ShoppingCart::isInStock() Pass a check in isInStock() correctly.
Bug Reports Link Change the Bug Reports link to point to the v3.x bug reports section. 265
France, Metropolitan Flag Add missing France, Metropolitan (FX) flag. 253
exec() Check Check if exec() is available before calling it. 257
HttpRequest::setRawPostData() Deprecated Replace usage of the deprecated HttpRequest::setRawPostData() method. 256
CURLOPT_FOLLOWLOCATION safe_mode Replacement Replace usage of CURLOPT_FOLLOWLOCATION for safe_mode environments. 272
Escape Special Characters During Setup Escape database server and store configuration parameters during installation. 275
Fix HTML::selectionField() Label Correct HTML::selectionField() labels.
Prevent XSS Prevent XSS in OSCOM::getLink(). 310
Fix Customer Address Warnings Fix warnings when editing or entering new customer addresses. 267 285
Fix Zone Groups Fix Foreign Key constraint when editing Zone Groups. 293
Fix Curl HttpRequest Namespace Collision Fix Curl HttpRequest namespace collision. 292

Improvements

The following improvements have been applied:

Class Description
SessionAbstract Check if session ID exists otherwise generate a new ID.
Check for session ID in GET/POST/COOKIE separately so POST and COOKIE are not skipped.
OSCOM Support Site subdomains (eg, http://shop.your-server.com can load the Shop Site).
ErrorHandler Set php.ini html_errors to false.
HttpRequest\HttpRequest Replace deprecated usage of \HttpRequest::setRawPostData() with \HttpRequest::setPostFields().
ErrorHandler
Language 		Force ErrorHandler messages to UTF-8.

API Changes

New Session\Database::exists()
Session\Database\SQL\MySQL\Standard\Check
Session\File::exists()
New Language::toUTF8()
Language::isUTF8()
New Site\Shop\Address::hasZones()
New HTML::fileField()
New Site\Admin\CategoryTree
Changed Site\Shop\CategoryTree::getData() added $key parameter
New Site\Shop\CategoryTree::getParentID()
New Upload
Changed Site\Shop\AddressBook::getEntry() now returns an array (previously a database query result set)
Changed HTML::selectMenu() now accepts "params" parameter in $values entries array
New PDOStatement::getQuery()
New Site\Admin\Application\Services\Services
New Site\Admin\Application\Customers\Customers
New Site\Admin\Application\Categories\Categories

Language Definitions

New Site/Admin/languages/en_US.php button_add
button_upload_new_file
button_reset
icon_progress_ani
icon_undo
ms_error_upload_directory_non_existant
ms_error_upload_directory_not_writable
ms_error_work_directories_not_writable
placeholder_search
New Site/Admin/languages/en_US/Categories.php app_title
heading_title
table_heading_categories
table_heading_action
action_heading_new_category
action_heading_batch_move_categories
field_parent_category
field_name
field_image
field_image_browser
top_category
dialog_delete_category_title
dialog_delete_category_desc
dialog_batch_delete_category_title
dialog_batch_delete_category_desc
introduction_batch_move_categories
ms_error_image_directory_not_writable
ms_error_image_directory_non_existant
New Site/Admin/languages/en_US/modules/access/groups/products.php access_group_products_title
New Site/Admin/languages/en_US/CoreUpdate.php table_heading_log_date
table_heading_log_message
select_log_to_view
ms_error_log_file_does_not_exist
New Site/Admin/languages/en_US/Customers.php app_title
heading_title
table_heading_customers
table_heading_date_created
table_heading_action
action_heading_new_customer
section_personal
section_password
section_address_book
section_newsletters
section_map
section_social
field_gender
field_first_name
field_last_name
field_date_of_birth
field_email_address
field_newsletter_subscription
field_new_password
field_new_password_confirmation
field_status
field_company
field_street_address
field_suburb
field_post_code
field_city
field_state
field_country
field_telephone_number
field_fax_number
field_set_as_primary
primary_address
dialog_delete_customer_title
dialog_delete_customer_desc
dialog_batch_delete_customer_title
dialog_batch_delete_customer_desc
dialog_delete_address_title
dialog_delete_address_desc
dialog_delete_new_address_title
dialog_delete_new_address_desc
dialog_delete_default_address_title
dialog_delete_default_address_desc
ms_error_gender
ms_error_first_name
ms_error_last_name
ms_error_date_of_birth
ms_error_email_address
ms_error_email_address_invalid
ms_error_email_address_exists
ms_error_password
ms_error_password_confirmation_invalid
ms_error_company
ms_error_street_address
ms_error_suburb
ms_error_post_code
ms_error_city
ms_error_state
ms_error_country
ms_error_telephone_number
ms_error_fax_number
Deleted Site/Admin/languages/en_US/ErrorLog.php title_delete_error_log
introduction_delete_error_log
number_of_error_log_file_entries
New Site/Admin/languages/en_US/ErrorLog.php dialog_delete_error_log_title
dialog_delete_error_log_desc
New Site/Admin/languages/en_US/Services.php app_title
heading_title
table_heading_service_modules
table_heading_action
introduction_edit_service_module
dialog_uninstall_module_title
dialog_uninstall_module_desc
New Site/Admin/languages/en_US/modules/Service/Banner.php services_banner_title
services_banner_description
New Site/Admin/languages/en_US/modules/Service/Breadcrumb.php services_breadcrumb_title
services_breadcrumb_description
New Site/Admin/languages/en_US/modules/Service/CategoryPath.php services_category_path_title
services_category_path_description
New Site/Admin/languages/en_US/modules/Service/Core.php services_core_title
services_core_description
New Site/Admin/languages/en_US/modules/Service/Currencies.php services_currencies_title
services_currencies_description
New Site/Admin/languages/en_US/modules/Service/Debug.php services_debug_title
services_debug_description
New Site/Admin/languages/en_US/modules/Service/Language.php services_language_title
services_language_description
New Site/Admin/languages/en_US/modules/Service/OutputCompression.php services_output_compression_title
services_output_compression_description
New Site/Admin/languages/en_US/modules/Service/RecentlyVisited.php services_recently_visited_title
services_recently_visited_description
New Site/Admin/languages/en_US/modules/Service/Reviews.php services_reviews_title
services_reviews_description
New Site/Admin/languages/en_US/modules/Service/SEFU.php services_sefu_title
services_sefu_description
New Site/Admin/languages/en_US/modules/Service/Session.php services_session_title
services_session_description
New Site/Admin/languages/en_US/modules/Service/SimpleCounter.php services_simple_counter_title
services_simple_counter_description
New Site/Admin/languages/en_US/modules/Service/Specials.php services_specials_title
services_specials_description
New Site/Admin/languages/en_US/modules/Service/WhosOnline.php services_whos_online_title
services_whos_online_description
Deleted Site/Setup/Languages/en_US/Index.php box_server_magic_quotes
New Site/Setup/Languages/en_US/Index.php box_server_magic_quotes_gpc
New Site/Setup/Languages/en_US/Install.php rpc_database_store_configuration
rpc_database_store_configuration_error
New Site/Setup/Languages/en_US/Offline.php page_title_authorization_required
page_heading_access_disabled
title_language
text_access_disabled
button_continue

Dependencies

New HTML5 Placeholder jQuery Plugin v1.8.2.
New jQuery blockUI Plugin v2.39
New jQuery.safetynet v0.9.4
jQuery.netchanger v0.9.2
New Buttonset Tabs jQuery Plugin
New Equal Resize jQuery Plugin
Changed Updated jQuery UI 1.8.11 to 1.8.13
New jQuery MD5 Plugin 1.2.1
Changed Updated jQuery 1.5.1 to 1.6.1
New File Uploader Javascript
New Image Selector jQuery Plugin (based on Image JSON Pagination v1.0)

Thank You!

We'd like to thank the community for their feedback on our releases. In addition, we thank the following people who participated in the development of this release.

Code Contributors
dannyhenderson (dannyhenderson)
foxp2 (foxp2)
Gergely (tgely)
Bug Reporters
bodistanciu
capte
foxp2
Gergely
Mystefyer
nopslider
obnoxious_easiness

Reference

A full list of source code changes can be seen at:

https://github.com/osCommerce/oscommerce/compare/v3.0.1...v3.0.2