分页: 1 / 1

Zen Cart v1.5.3 简介

帖子发表于 : 2014-07-12 11:48
Jack
下载地址: http://sourceforge.net/projects/zencart/files/

PCI 标准
v1.5.0 通过 PA-DSS 认证。
v1.5.1 为可选更新,未重新提交正式认证。
v1.5.2 为测试版本,未重新提交正式认证。
v1.5.3 开始重新认证,但是过程比较久,在认证结束前就发布了。它包括了更强的密码处理和 blowfish 加密,以及其它许多安全、性能和兼容性方面的提升。

最终的 PCI 认证版过几个月会发布(使用新版本号)。本版本是为了让大家能尽快用上许多方面的改进,包括 PHP 5.4 和 PHP 5.5 的兼容,以适应许多主机公司正在进行的服务器升级计划。


最低需求
安装 Zen Cart® v1.5.3 最低要求如下:

PHP 5.3.7 到 PHP 5.6 (最低 PHP 5.2.10, 但较低安全保护)
MySQL 5.0 或以上
Apache 2.0 或以上
Apache 设置 AllowOverride 为 'All' 或者至少 'Limit' 和 'Indexes' 参数,最好也有 'Options' 参数。
PHP 支持 CURL 和 OpenSSL



虽然 Zen Cart® 可以在 Windows/IIS 服务器上运行, 但是最好使用 Linux/Apache 服务器,以获得更好的性能,让购物者有更好的体验。


版本 v1.5.3 的新功能:

CHANGE-511 - Change DB functions from mysql to mysqli
CHANGE-89 - Convert to bcrypt for password security hashing (requires PHP 5.3.7 or newer)
CHANGE-491 - Timezone patch for PHP 5.3/5.4/5.5 (this makes the "timezone offset" plugin obsolete)
CHANGE-566 - Add Admin switch to relax PA-DSS "strong" password requirements when in Demo mode
CHANGE-543 - Updates for PHP 5.5 Compatibility; Verified PHP 5.6-beta compatibility
CHANGE-432 - Numerous fixes for stricter PHP 5.4 compatibility
CHANGE-350 - Improvements to queryFactory to better support sql caching
CHANGE-359 - Add advanced developer tool for Notifier Trace and a global eventID
CHANGE-412 - Increase length of session key field due to changes in PHP defaults
CHANGE-421 - Update Authorize.net modules to support CAD and UK currencies
CHANGE-427 - Fix Memory Leak with PHP 5.3/5.4
CHANGE-434 - Add additional SSL detection checks to accommodate more poorly configured hosting companies
CHANGE-450 - Switch to SSL for contact-us form (when SSL is enabled)
CHANGE-452 - Add multiple-language and multiple-location support to the Store Pickup shipping module
CHANGE-454 - Made low-stock emails interceptable by notifier/observer
CHANGE-524 - Fix SaleMaker issues on Discount Quantity
ISSUE-54 - Session handling improvements
ISSUE-82 - Fix odd PHP 5.4 quirk which triggers fatal error "Allowed memory size of --- bytes exhausted" when accessing SID constant



修复的错误和更新的功能如下:

CHANGE-196 - Fix issue with Store-pickup module vs taxes
CHANGE-206 - Fix admin profiles code to also manage product types
CHANGE-225 - Handle use of comma as decimal point for Gift Voucher
CHANGE-235 - Fix for create_account_success doesn't honor session timeout
CHANGE-274 - Installer improvement - alert if new version available at install time
CHANGE-309 - Changes to avoid spam flags on Admin Emails about payment/shipping modules, and prevent autoresponder replies to newsletters and contact-us emails
CHANGE-311 - Data sanity check in customer login and admin customer mgmt to handle missing records resulting from bad imports or damaged data
CHANGE-315 - Performance tuning with .htaccess tweaks
CHANGE-323 - Fix rounding error with attributes and salemaker
CHANGE-332 - Update PayPal WPS to prevent mistakenly entering localized country domain for accessing PayPal services (per PayPal change Q3-2012)
CHANGE-341 - Updates to observer/notifier code to better support legacy procedural code
CHANGE-343 - Fix various language wording and dist-configure examples vis a vis the logs foldername
CHANGE-345 - Fix typo in whos_online legend
CHANGE-346 - Fix outdated language in configuration menu help texts, mainly around the name of the logs folder
CHANGE-347 - Fix TRY currency in paypal modules
CHANGE-348 - Fix Secunia advisory SA50574 - XSS in admin login.php
CHANGE-351 - Fix EZ-Pages Table of Contents links not displaying (if queryCache enabled, such as was added in v1.5.1)
CHANGE-352 - Fix attributes controller fatal error after upgrade
CHANGE-353 - Fix for password_forgotten generates log file
CHANGE-354 - Installer now bypasses APC and other caching mechanisms during zc_install, to prevent confusion caused by caching of files which require alteration.
CHANGE-355 - Fix redirect error when product is not General
CHANGE-361 - Fix blank page problem caused by clash with output_handler in hosting configuration
CHANGE-362 - Fix for template_filename not selecting for admin-initiated emails
CHANGE-363 - Trap for constant-not-found errors with badly-configured admin plugins
CHANGE-364 - Fix installer error: Failed to initialize storage module: memcache
CHANGE-365 - Fix missing noindex,nofollow missing on "forgotten" screen in admin
CHANGE-368 - Installer was allowing browser to remember old form data
CHANGE-371 - Fix for checkout_shipping creating debug logs when shipping method fails to generate methods
CHANGE-378 - Fix for Downloads of virtual products fail when site is Down For Maintenance
CHANGE-386 - Fix CURL/SSL Vulnerabilities
CHANGE-389 - Fix confusion about password reset message
CHANGE-392 - Fix coupon_admin.php contains double <p><p> tag
CHANGE-396 - Removed nde-basic.css because it is obsolete since v1.5.0
CHANGE-397 - Fix Developers Tool Kit where Line number values in results were off by one
CHANGE-398 - Store Manager log purge improvements
CHANGE-403 - Fix PayPal EC to prevent use of ImmediatePayment when AuthOnly is selected
CHANGE-411 - Increase size of fields in tables for admin profiles
CHANGE-413 - Change date/time display format in admin header to be consistent with configured preference
CHANGE-416 - Prevent unauthorized information disclosure with editor
CHANGE-417 - Fix for issue where email confirmation gets truncated on the < symbol in product names
CHANGE-422 - Fix overzealous regex for handling IPv6
CHANGE-424 - Fix PayPal Micropayments bug which was preventing non-micro payments from working if micropayments credentials were present
CHANGE-425 - Fix for: Deleted ez-pages didn't trigger a 404 not found. Disabled pages were still reachable. Now sends to home page and shows message.
CHANGE-429 - Suppress HTML-formatting in PHP error messages, to aid in eliminating accidental posting of private links when requesting help
CHANGE-432 - Fix several issues causing warnings in debug logs due to PHP 5.4 compatibility
CHANGE-435 - Set reply-to header in admin copy of order-confirmation email - to make for easier replying to customers
CHANGE-437 - Set proper exclusion metatags to prevent gv_faq pages from being spidered/indexed
CHANGE-442 - Fix HTML id=reviewsContent already defined error in reviews sidebox
CHANGE-444 - Fix missing 'echo' and centerboxes in tpl_product_info_noproduct.php
CHANGE-446 - Cleanup: Remove duplicate code in update_product.php
CHANGE-451 - Fix canonical link handling for cases where the site operates entirely in SSL
CHANGE-455 - Improve zen_get_all_get_params to accommodate plugin issues throwing PHP Warning: strlen() expects parameter 1 to be string
CHANGE-459 - Fix inconsistencies in some zc_install help text
CHANGE-463 - Add insulation to protect against inaccessible products caused by errors in custom-written product types (where mistakenly type=0)
CHANGE-464 - Fix PHP warning: Use of undefined constant SUPERUSER_PROFILE ...
CHANGE-470 - Fix missing closing table row in /admin/orders.php
CHANGE-471 - Fix a couple small logic bugs in table_block.php
CHANGE-472 - Improve caching for product-type settings
CHANGE-474 - Fix boolean typo on comparison in ot_cod_fee module
CHANGE-476 - Fix for zen_mail doesn't always use default template for non-english use
CHANGE-478 - Fix Incorrect base_href in admin-sent HTML emails in some configurations
CHANGE-484 - Quantities added to cart should adjust to stock rather than just a message
CHANGE-487 - a Simplify filesmatch rules in htaccess by adding case-insensitivity flag
CHANGE-487 - b Add webm permission to htaccess rules for media-playback and downloadable-files
CHANGE-489 - Added additional notifiers to order.php class
CHANGE-491 - Improvements to automated timezone detection
CHANGE-497 - Improvements to date/time display in admin header
CHANGE-498 - Fix proxy-detection support for EXCLUDE_ADMIN_IP_FOR_MAINTENANCE and zen_get_ip_address() vs $_SERVER['REMOTE_ADDR']
CHANGE-506 - Fix robots tag in admin pages
CHANGE-509 - Fix minor incorrect variable declaration in option_values_manager.php
CHANGE-514 - Improve Developers Tool Kit to allow the search of single and double quotes
CHANGE-519 - Add more error checking in check_page()
CHANGE-520 - Remove inline javascript and tags which may not be stripped correctly in product listings etc
CHANGE-521 - Fix error on Incorrect integer value: products_priced_by_attribute
CHANGE-526 - Additional notifier to allow additional validation in account_edit page
CHANGE-527 - Add configuration-settings-search to Developers Toolkit, credit B.Bellamy,torvista (makes the search_configuration_keys plugin obsolete)
CHANGE-528 - Updates to valid cart issues with attributes and changes prior to checkout
CHANGE-529 - Fix variable initialization in Shipping Estimator
CHANGE-532 - Init system - move navigation history to after init_sanitize
CHANGE-544 - phpMailer upgrade
CHANGE-545 - Allow countries to be flagged as available/unavailable for shipping (built from a combination of code backported from v2 and a contribution by lat9)
CHANGE-546 - Init system - Relocate version constants to the beginning of the autoloader process.
CHANGE-547 - Utilities updates - CURLtester update
CHANGE-548 - Fix PHP Notice: Only variable references should be returned by reference
CHANGE-549 - Fix for PHP Notice: Object of class queryFactoryResult could not be converted to int
CHANGE-550 - Fix PHP Notice: Constant ATTRIBUTES_PRICE_FACTOR_FROM_SPECIAL already defined
CHANGE-551 - PHP Notice: Undefined index: freeshipper
CHANGE-559 - Fix for Shipping Estimator which was causing shipping modules to request quotes twice
CHANGE-562 - ironlady github pull request - Add webfont files support to .htaccess whitelist
CHANGE-563 - Fix zone misspelling in latin1 encoding. Add translations in utf8 version.
CHANGE-564 - docs
CHANGE-565 - Incorporate the Fix_Cache_key utility code into ZC Admin core (thus the plugin by the same name is now obsolete)
CHANGE-568 - Add storeowner-definable session timeout limit
CHANGE-570 - Add notifier hook to provide ability for Admin Activity Logs be exportable to CLFS or other standard format (PA-DSS feature)
CHANGE-573 - Rename Email HTML switch setting text and description to be clearer
CHANGE-574 - Add strict check to some admin pages to protect against invalid variables created by plugins that don't clean up after themselves, like MagneticOne stuff
CHANGE-575 - update spiders.txt
CHANGE-580 - torvista pull request 11 - locale addition for Windows servers
CHANGE-591 - Fix Australia address format to remove comma
CHANGE-591 - Fix Australia address format to remove comma
CHANGE-593 - PayPal - Change to Pending Reason responses, required one table schema change
CHANGE-594 - PayPal API changes - July 2013 (A: deprecated some rarely-used parameters)
CHANGE-594 - PayPal API changes - July 2013 (B: Updated treatment of currencies which don't support decimal places)
CHANGE-595 - Expand locale support for PayPal to perform better matching and to include PayPal's latest updates
CHANGE-601 - Relax PA-DSS "strong" password requirements - sql upgrade changes
CHANGE-605 - Fix error in PayPal Standard - PHP Fatal error: Using $this when not in object context
CHANGE-609 - PR12 - Address formats for Belgium, Netherlands
CHANGE-610,614,617 - lat9 $param1 array output reduction in notifier trace
CHANGE-611 - Sanitize all known get parameters.
CHANGE-612 - Sanitize all known get parameters.
CHANGE-616 - For consistency and PHP 5.4 compatibility $_SESSION['shipping'] should always be treated as an array
CHANGE-619 - Improve speed of stores with over 10,000 products
CHANGE-621 - Set defaults on Developers Toolkit pulldowns to improve ease of use
CHANGE-622 - Fix issues with ot-coupon for ship/free combo
CHANGE-626 - Fix fresh install error if cache table is damaged or database has no tables
CHANGE-632 - Change paypal modules to use /logs/ directory for logging
CHANGE-638 - Fix review-text stripping html characters into wrong symbols
CHANGE-639 - Fix XSS display problem in back-end preview screen
CHANGE-666 - minor typo in option_name.php language file
CHANGE-667 - Constant OFFICE_IP_TO_HOST_ADDRESS already set
CHANGE-671 - Change default address-format layout for Sweden
CHANGE-673 - Remove obsolete ssl-unclean-shutdown hack from admin
CHANGE-675 - Update country names to reflect changes in the ISO standards thru end of 2013
CHANGE-677 - Adjust admin categories code to stop triggering false-positive on security scan
CHANGE-678 - Adjust admin banner code to stop triggering a false-positive alert on security scan
CHANGE-679 - Adjust admin categories code to stop triggering false-positive on security scan
CHANGE-681 - Fix admin scenario of mixed content embedded on a page
CHANGE-682 - Adjust admin product-music code to stop triggering false-positive on security scan
CHANGE-683 - Backport compatibility fix
CHANGE-685 - Fix stock reduction problem with checkbox/attribute combinations in cart
CHANGE-686 - Changes to ensure output is correctly sanitized even in places protected by authentication requirements
CHANGE-689 - zc_install updates
CHANGE-690 - Add function to do lookup of latest version of plugins
CHANGE-691 - Retire obsolete compatibility functions
CHANGE-692 - CURL-force SSL3 on Cardinal connections
CHANGE-694 - Stopped admin send-mail page from drawing a huge dropdown list even when a single customer is pre-selected from customers screen
CHANGE-696 - Display of Product Categories is unclear and needs better layout
CHANGE-697 - Change core config entries to not use config-group-id 0 since many sloppy plugin authors delete those core settings
CHANGE-698 - Fix bugs in calls to zenCssButton()
CHANGE-706 - Clean up display of "php disabled functions" list in zc_install inspect screen
CHANGE-707 - Fix admin url autodetection to accommodate :port suffix in admin urls for local dev setups, and better handle shared-ssl configurations
CHANGE-708 - EZ Page Title Tag incorrect (introduced by CHANGE-425)
CHANGE-713 - zc_install problem with correctly detecting working dir on shared-SSL servers
CHANGE-715 - Fix Attributes Controller not accounting for Tax classes
CHANGE-716 - General file formatting and syntax cleanups
ISSUE-9 - Fix minor issue with model number display on product_reviews page
ISSUE-19 - Fix coupon-admin date check since mktime() doesn't support is_dst param anymore
ISSUE-23 - Clean up add to cart when non-numeric value is used and display message
ISSUE-51 - Add ability to autoload observer classes without needing to also create auto_loaders scripts
ISSUE-52 - Change admin rules to allow pass"phrases" by permitting the use of spaces
ISSUE-81 - class.base.php: Initialize static observer
ISSUE-82 - Fix odd PHP 5.4 quirk which triggers fatal error "Allowed memory size of --- bytes exhausted" when accessing SID constant
ISSUE-83 - lat9 requested more notifiers for order-class
ISSUE-87 - Fix payment module problem admin-side preventing use of Refund option
ISSUE-88 - Fix var assignment operator in ot_gv.php for Calculate Tax
ISSUE-89 - Update zenCssButton function and stylesheet to use CSS3 (courtesy of lat9 contribution)
ISSUE-90 - Add gTLD support for email addresses (like .marketing or .international)
ISSUE-116 - Make admin configure.php "cognizant" of /local subdirectory
ISSUE-131 - Change password fields to specify autocomplete=off
ISSUE-132 - Clean up some debug logging activity with payment modules
ISSUE-133 - Change error messages on password-forgotten screen
ISSUE-134 - Fix outputs for locate_configuration in DTK added by recent incorporation of lookup plugin
ISSUE-135 - Fix a potential XSS issue on the countries screen
ISSUE-136 - Fix frequently-reported scenario where redirect links could be abused to redirect to unverified destinations
ISSUE-137 - Add PCI DSS warning to the DB query-logging switch
ISSUE-138 - Riddler spider causing performance issues; update spiders.txt list
ISSUE-142 - Record Company/Record Artist cannot update language dependant fields
ISSUE-143 - Remove (previously commented-out) SecFilter rules from zc_install/.htaccess so aggressive hosting company security systems don't quarantine