Welcome to Zen Cart™ ...


The Zen Cart™ software is made available to you for use, additions, changes, modifications, etc. without charge, under the GNU General Public License.

While we do not charge for this software, donations are greatly appreciated each time you download a new version, to help cover the expenses of maintenance, upgrades, updates, the free support forum and the continued development of this software for your online e-commerce store.

Donations can be made at: The Zen Cart™ Team Page

We appreciate your support.
The Zen Cart™ Team

Zen Cart™ is derived from: Copyright 2003 osCommerce
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE
and is redistributable under the GNU General Public License



This software is OSI Certified Open Source Software.
OSI Certified is a certification mark of the Open Source Initiative.

Upgrade Instructions from v1.3.6 to 1.3.7

If you are upgrading from Zen Cart v1.3.6, the process is simple:
- compare all the changed files with the files on your own site... and re-apply your customizations to the new files
- upload the new files (with your customizations added) to your site
- upload the zc_install folder to your server, and run zc_install/index.php
... select Database Upgrade from the System Inspection screen. Apply the required updates.

If you are upgrading from a version prior to v1.3.6, please follow the instructions in the "how to upgrade" documentation in the /docs folder.

IMPORTANT NOTES

  • SECURITY: Please be sure to review and apply the Site Security Recommendations to your site prior to taking your shop "live". If you are uncertain about how site security applies to you, talk to your web host to ensure that you have proper measures in place.


  • NEW PayPal Express Checkout module added. This allows you to use the PayPal Express Checkout option for your customers' shopping convenience.
    You do NOT need a Website Payments Pro account in order to use this module.
    Support for Website Payments Pro features (such as DirectPayment) will be added in a future release.
    All you need in order to use this module is your API credentials from your PayPal "business" or "premier" account, which are available under your PayPal "Profile" tab on the PayPal website.
    See further module details below.



  • PayPal IPN Users: If you are using the PayPal IPN payment module, you will need to Remove and re-Install the PayPal module in Admin->Modules->Payment->PayPal in order to take advantage of the bugfixes in the module. (Write down your settings first, for easier re-configuration!)

  • Authorizenet AIM Users: A change was made to this module to allow easier logging of problems via a debug mode. If you are using the Authorizenet AIM payment module, you will need to Remove and re-Install the module in Admin->Modules->Payment in order to make this work properly. (Write down your settings first, for easier re-configuration!)
    If you don't remove+reinstall it, you will have some blank spaces in your configuration settings when you attempt to edit it next.

UPGRADING YOUR TEMPLATES

Since version 1.2, Zen Cart™ has had a major overhaul of the templating system for v1.3. As such, you have two options:
  • upgrade your existing template by applying the new stylesheet and moving a few lines of code around; or
  • the best way to have almost-tableless and much tidier template code, is to make a new template (based on template_default or the new "green" classic introduced in v1.3.5) and carefully re-apply your own customizations to the new template system.

For further information on template upgrading, see the support-forum discussion on this topic.

CHANGELOG - List of Changed Files

For a list of files that have been changed since v1.3.6, see the changelog-v1-3-7.html

Whats New ...

The following Improvements and bugfixes are included in v1.3.7:

  • SECURITY UPDATES. There are two important security updates related to XSS vulnerabilities included in this release. YOU SHOULD PREPARE TO UPGRADE ASAP

  • Zen Cart v1.3.7 is officially PayPal-Certified
    for Express Checkout
    (for US merchant accounts)

  • PayPal Express Checkout payment module added

    NOTE: This module does NOT require or use Website Payments Pro. WPP will come in a future release.

    Some of the features include:
    • NO LONGER RELIES ON IPN POST-BACKS TO RELEASE ORDERS
    • Requires CURL for operation, and supports CURL by Proxy if required by hosting server
    • Customers can initiate Express Checkout directly from the Shopping-Cart page or from the Login page (if they have something in their shopping cart already)
    • Depending on configuration settings, checkout could be done in two clicks at your site (apart from processing login and address selection on the PayPal site).
      - can auto-select "cheapest"-available shipping method for the customer
      - can skip the payment-selection page if no coupons or gift certificates are active
      - customer can jump directly from PayPal page to confirmation page to complete an order
    • PayPal can still be selected from the regular payments page as a regular option instead of Express Checkout if the customer prefers or requires such an approach.
    • PayPal invoices can now include detailed line-item transaction information (as long as no discounts were applied to the order)
    • Merchant can now "require" that the customer supply a PayPal-"confirmed" address
    • If an account doesn't already exist for the customer using express-checkout, it is auto-created for them. If the customer purchases downloads or gift certificates, their password is emailed to them along with the create-account welcome message. This can be always-on by default if the module's settings are configured as such.
    • Supports all 17 currencies supported by PayPal
    • Refund all or part of an order directly from Admin
    • PayPal page-style support built-in
    • Still uses IPN functionality to update orders when status is changed in PayPal account, but orders will not be held
    • Older PayPal IPN payment module can still be used, or can be turned off in lieu of this one
    Configuration instructions can be found here: PayPal Express Checkout Setup Instructions
    (NEEDS a PayPal API Username, Password, and Signature key, from your PayPal profile screens)

    Future enhancements will include Website Payments Pro support.

  • Added: Split login page -- is auto-activated if using PayPal Express Checkout with an active cart

  • Added: Logoff button added to Checkout_Success page

  • Added: Stylesheet: Added #indexHomeBody to identify the "home" page. This also means that a css file named "home.css" can now optionally be used to override just the home page.
  • Added: Templates: Added switch to Admin->Configuration->Layout Settings for breadcrumb to show on home page or not
  • Added: security-sensitive configuration keys (such as passwords) can now be set to be displayed obfuscated. New functions added: zen_cfg_password_input() & zen_cfg_password_display() allow this.
  • Added: admin orders page can now hook into an order-refund method if a given payment module has support for such built-in.

  • Enhanced: Credit Card fields on built-in payment modules will now auto-select that payment module if the customer clicks in one of the fields for the module. This prevents the need for them to click on a certain radio-button to choose their desired module.
  • Enhanced: Shipping Estimator now has dynamically-updated pulldowns similar to create-account
  • Enhanced: Copyright auto-updates to current year for both template and email footers


  • Change: CSS -- Some template ID tags changed to classes because rendered from inside a loop
  • Change: Updated some payment modules to display "not configured" alerts if appropriate
  • Change: free-shipping-icon switch at product-type level now affects both product listing and template
  • Change: when a customer creates an account during the checkout flow, they do not see the create_account_success page; instead, they go back to the checkout page they came from

  • PayPal IPN: Important bugfix related to properly processing data via SSL
  • PayPal IPN: Added override to prevent PayPal from adding tax to orders

  • Bugfix: installer no longer requires "admin" folder be named "admin" just to upgrade database
  • Bugfix: ez-pages name set for HEADING_TITLE constant for consistency and tracking
  • Bugfix: ez-pages problem fixed with header -- was preventing prev/next navigation since 1.3.6
  • Bugfix: removed stray </a> tag from gv-send template
  • Bugfix: search was returning error if only a space was entered for search criteria
  • Bugfix: removed vulgar comments embedded in htmlarea code by its original authors
  • Bugfix: MySQL5 error on admin copy-to-confirm script and on coupon_admin values
  • Bugfix: MySQL5 syntax changes to install script for BLOB and TEXT fields
  • Bugfix: improved warnings on USPS shipping module for those who don't read instructions
  • Bugfix: media-manager was crashing if the media folder was not writable
  • Bugfix: fixed uninitialized array in create_account_success related to displaying address info
  • Bugfix: fixed gv_redeem page logic to verify whether a given code is a GV vs a coupon
  • Bugfix: added missing javascript for coupon popupwindow link on account-history-info pages
  • Bugfix: down-for-maintenance was not properly listening to alternate redirection logic
  • Bugfix: relocated <form> element in admin product-preview page so that forms in product descriptions wouldn't break the preview page
  • Bugfix: GV redeem amounts weren't converting currencies correctly
  • Bugfix: REMOTE_ADDR is now restricted to a single and sanitized value
  • Bugfix: button_sold_out_sm.gif image file rebuilt
  • Bugfix: button_delete_small.gif implemented
  • Bugfix: added "small" search button
  • Bugfix: PHP 5.2.0 quirk now accounted for
  • Bugfix: fix HTML email line-breaks for attributes and comments in order emails
  • Bugfix: turn off alpha filter on categories with subcats and no immediate products
  • Bugfix: email options for sendmail-f were inconsistently working
  • Bugfix: email error messages were not displaying the actual errors
  • Bugfix: html-formatted emails weren't displaying CC type if CC used for payment
  • Bugfix: fixed misnamed button on address book page
  • Bugfix: Fixed popup windows to regain focus if accidentally pushed behind current window
  • Bugfix: rare JS validator script problem fixed on payment page
  • Bugfix: some programming changes implementing require_once/include_once to prevent duplicate loading of components if calling from modular points
  • Bugfix: on fresh installs, if GV module wasn't removed and re-installed, the order-status key wasn't made available. Thus, orders paid-in-full via GV were set to the store's default order status upon completion. (In most cases this was still okay.)
  • Bugfix: techsupp.php utility wasn't register-globals friendly. Changed+enhanced+sanitized.

  • Other: example zip files in the /download folder fixed -- now are working zip's


Zen Cart™ Copyright 2006