Fix Chrome browser javascript incompatibility
Several fixes to the Admin Sanitizer rules, to stop translating special characters to html entities unexpectedly
Fixes from Known bugs and fixes with v1.5.5
Fix some HTML markup “strict” errors, and CSS alignments in various admin pages
Relocate shipping-calculation logic in checkout page, to be consistent with other checkout calculations and prevent some shipping rate errors
Template fix to Responsive Classic to change postal-code to no longer be numeric-only
Change authorize.net module to use Akamai servers
Fix Payeezy payment module tokenization problem, and fix sandbox mode problem
Fix some javascript on checkout pages related to form submission
Fix out-of-stock alert inconsistency
Trigger E_USER_ERROR when wrong bindVars rule set
Update gv_faq language file with community contributions
Change use of PHP_SELF to SCRIPT_NAME for consistency and to avoid legacy-related problems
Fix false-positives in error-reporting logic
Fix leftover indirection variables for PHP7 compatibility
Fixes to AJAX handlers: reject fake requests; persist session data more effectively
Change CKEditor trigger to use jQuery CDN instead of Google CDN, for broader global access
Upgrade PHPMailer to accommodate broader TLS compatibility
Accommodate MasterCard’s recent BIN 2 addition
Include responsive-classic template layout-boxes in upgrades, even if not using it, for sake of cloning simplicity
Template fix: fax field was showing even if disabled
Template fix: fix “back” button on address-book edit screens during checkout
Multilanguage: make hreflang tag appear for all languages, instead of only for “other than current” language
Fix admin link to whois resource
Fix checkout_shipping: No method chosen after cart goes from virtual to mixed
Handle mysql strict typing issue with legacy PayPal IPN insert
Fix Free Shipping tax calculation with ot_coupon
Added several helper functions to shopping_cart class for calculating in-cart properties related to categories
Several fixes to the Admin Sanitizer rules, to stop translating special characters to html entities unexpectedly
Fixes from Known bugs and fixes with v1.5.5
Fix some HTML markup “strict” errors, and CSS alignments in various admin pages
Relocate shipping-calculation logic in checkout page, to be consistent with other checkout calculations and prevent some shipping rate errors
Template fix to Responsive Classic to change postal-code to no longer be numeric-only
Change authorize.net module to use Akamai servers
Fix Payeezy payment module tokenization problem, and fix sandbox mode problem
Fix some javascript on checkout pages related to form submission
Fix out-of-stock alert inconsistency
Trigger E_USER_ERROR when wrong bindVars rule set
Update gv_faq language file with community contributions
Change use of PHP_SELF to SCRIPT_NAME for consistency and to avoid legacy-related problems
Fix false-positives in error-reporting logic
Fix leftover indirection variables for PHP7 compatibility
Fixes to AJAX handlers: reject fake requests; persist session data more effectively
Change CKEditor trigger to use jQuery CDN instead of Google CDN, for broader global access
Upgrade PHPMailer to accommodate broader TLS compatibility
Accommodate MasterCard’s recent BIN 2 addition
Include responsive-classic template layout-boxes in upgrades, even if not using it, for sake of cloning simplicity
Template fix: fax field was showing even if disabled
Template fix: fix “back” button on address-book edit screens during checkout
Multilanguage: make hreflang tag appear for all languages, instead of only for “other than current” language
Fix admin link to whois resource
Fix checkout_shipping: No method chosen after cart goes from virtual to mixed
Handle mysql strict typing issue with legacy PayPal IPN insert
Fix Free Shipping tax calculation with ot_coupon
Added several helper functions to shopping_cart class for calculating in-cart properties related to categories
早前因PHPMailer爆出高危漏洞,Zen Cart 官方计划将在 1.5.5c 中或更高版本中添加修复补丁,现在在 ZenCart 1.5.5d 版本中已修复PHPMailer漏洞。
对应其他Zen Cart版本的PHPMailer漏洞修复方法为更新PHPMailer版本为PHPMailer 5.2.21,具体更新方法,官方给出的教程如下:
Patch instructions to update PHPMailer for various Zen Cart versions:
(I do recommend you make a complete backup of all your PHP files before you do the following patching. You should be making regular backups anyway!)
v1.5.5a, v155b, v155c: (simple update: just replace the PHPMailer files using the following zip) (“replace” means “remove old, replace with new”)
– unzip and upload the “PHPMailer” folder to /includes/classes/vendors/PHPMailer … replacing the existing folder there.
– Here’s the zip for v155/v155a/v155b/v155c: PHPMailer-5-2-21-for-includes-classes-vendors.zip
v1.3.9 to v1.5.4: (numerous additional files to replace in main “includes” folder, using the following zip)
– unzip the following file: New-PHPMailer-5-2-21-and-support-files-to-update-in-main-includes-folder.zip
– this will create numerous folders and files, which need to be uploaded to your server, replacing the existing files by the same name:
– /includes/classes/vendors/PHPMailer/ (this will probably be a new folder for you)
– /includes/classes/class.phpmailer.php (replace the old one)
– /includes/classes/class.smtp.php (replace the old one)
– /includes/functions/functions_email.php (replace the old one)
– you can delete the now-obsolete /includes/classes/support/ folder.
(NOTE: for a few hours this zip file had an extra /includes/functions_email.php file (not inside the “functions” folder) which should not have been present. The extra file can be deleted. The zip above is updated.)
v1.3.8 and older: (upgrade path unknown)
– It “may” be possible to use the zip for v139-v154 above, but this has NOT been tested on v138. You REALLY should be upgrading to a MODERN version of Zen Cart IMMEDIATELY!!!!
… or just upgrade to v1.5.5d https://www.zen-cart.com/getit
(I do recommend you make a complete backup of all your PHP files before you do the following patching. You should be making regular backups anyway!)
v1.5.5a, v155b, v155c: (simple update: just replace the PHPMailer files using the following zip) (“replace” means “remove old, replace with new”)
– unzip and upload the “PHPMailer” folder to /includes/classes/vendors/PHPMailer … replacing the existing folder there.
– Here’s the zip for v155/v155a/v155b/v155c: PHPMailer-5-2-21-for-includes-classes-vendors.zip
v1.3.9 to v1.5.4: (numerous additional files to replace in main “includes” folder, using the following zip)
– unzip the following file: New-PHPMailer-5-2-21-and-support-files-to-update-in-main-includes-folder.zip
– this will create numerous folders and files, which need to be uploaded to your server, replacing the existing files by the same name:
– /includes/classes/vendors/PHPMailer/ (this will probably be a new folder for you)
– /includes/classes/class.phpmailer.php (replace the old one)
– /includes/classes/class.smtp.php (replace the old one)
– /includes/functions/functions_email.php (replace the old one)
– you can delete the now-obsolete /includes/classes/support/ folder.
(NOTE: for a few hours this zip file had an extra /includes/functions_email.php file (not inside the “functions” folder) which should not have been present. The extra file can be deleted. The zip above is updated.)
v1.3.8 and older: (upgrade path unknown)
– It “may” be possible to use the zip for v139-v154 above, but this has NOT been tested on v138. You REALLY should be upgrading to a MODERN version of Zen Cart IMMEDIATELY!!!!
… or just upgrade to v1.5.5d https://www.zen-cart.com/getit
2017年1月9日 上午11:59 沙发
Zen-Cart.Wang 欢迎大家前来围观!