![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Up to [Local Repository] / interchange / lib / Vend
Request diff between arbitrary revisions
Keyword substitution: kv
Default branch: MAIN
SpecialSub order_missing added (#221).
Fix vulnerability where a string passed in the mv_order_item CGI variable is displayed verbatim without any input sanitation if there is a valid sku in mv_sku. Thanks to Mat from Bibliopolis for discovering and reporting the vulnerability.
Fix vulnerability where a string passed in the mv_order_item CGI variable is displayed verbatim without any input sanitation if there is a valid sku in mv_sku. Thanks to Mat from Bibliopolis for discovering and reporting the vulnerability.
merged changes 2.100 vs 2.100.2.1 +++ 2.100.2.1 +++ Added Nunavut to the list of valid Canadian provinces (#231). Thanks to Mathew Jones for the report.
Added Nunavut to the list of valid Canadian provinces (#231). Thanks to Mathew Jones for the report.
relocate isbn order check to code/OrderCheck
Various minor UTF-8 changes.
Correct attribution of &Vend::CharSet::display_chars (which is from
perluniintro manpage).
Enable localization of an error string.
Match content type more tightly in 2 spots ("text" is only trustworthy
in the MIME major type, not minor, and even that may be a stretch).
Simplify request method matching in a few places for readability and a
(trivial) performance benefit.
Use conventional $c lexical instead of $g for catalog hashref.
Fix tab/space differences to match context.
Update copyrights of files changed in 2008.
* Reverted my earlier change as it will break any translations people
have put in place on their websites.
* Changed the "card is expired" text to "card has expired".
fixed missing colon
Recognize "cc" and "bcc" headers in Route settings for emails generated directly by the routes.
Log missing order reports.
* Updated copyright headers to 2007 (closes bug #102) * Added GPL and copyright headers to a few files that were missing them.
New Free Software Foundation Address in headers of various files
New Free Software Foundation Address in headers of various files
* Minor changes to credit card determination algorithms.
Wait until the *next* line of the profile before undefining $And. $And gets set if there is a &and or &or command with no further args (ie chaining the line above and below together, not chaining two or more tests together on the same line). Currently $And gets unset before it has a chance to affect the following line. This results in the &and or &or being ignored and the two lines treated as individual tests. This patch fixes that by skipping to the next iteration of the loop before $And is undefined.
This is a better comment.
Wait until the *next* line of the profile before undefining $And. $And gets set if there is a &and or &or command with no further args (ie chaining the line above and below together, not chaining two or more tests together on the same line). Currently $And gets unset before it has a chance to affect the following line. This results in the &and or &or being ignored and the two lines treated as individual tests. This patch fixes that by skipping to the next iteration of the loop before $And is undefined.
discard further checks if credit card number is missing, customer deserves a concise and appropriate answer
Make sure that we don't overwrite a pre-encrypted block.
Make sure that we don't overwrite a pre-encrypted block.
Fix masking of unencrypted credit card numbers to work with a custom MV_CREDIT_CARD_INFO_TEMPLATE that does not match the regexp. Fix the above mentioned regexp so it removes the CVV2 value from the unencrypted data as well.
Fix masking of unencrypted credit card numbers to work with a custom MV_CREDIT_CARD_INFO_TEMPLATE that does not match the regexp. Fix the above mentioned regexp so it removes the CVV2 value from the unencrypted data as well.
email addresses with more than one at sign are certainly invalid
breakout always_pass order check
* The last "digit" of an ISBN code can be a "X" (meaning 10), which wasn't allowed for in the previous version.
* The last "digit" of an ISBN code can be a "X" (meaning 10), which wasn't allowed for in the previous version.
split out filter and unique order checks
Add new CartTrigger functionality to the core, by Ethan Rowe. The CartTrigger functionality allows for specification of any number of subroutines (global or catalog subs, specified by name) to execute whenever the contents of a shopping cart are changed via the standard means available through CGI variable space (i.e. when changes are invoked via the 'process' system actionmap through mv_order_item and mv_order_quantity field submissions, or from a standard Interchange cart page). The subroutines will be executed per-change, such that any page process resulting in multiple alterations to the cart will potentially call these functions multiple times. Directives are used to turn this behavior on/off and to control some details of its behavior: CartTrigger: an array-type directive; list the different subroutine names to execute at cart-modification time here. CartTriggerQuantity: a boolean-type (i.e. yes/no) directive, defaulting to 'no'/'false'; when set to yes/true, changes to item quantity on an existing cart member will cause the cart trigger subs to fire. A value of 'no' (the default) means that quantity changes on existing cart lines do not call the trigger (though a quantity change to zero will result in a delete, which does fire the cart trigger). Each subroutine specified in CartTrigger will be passed the following arguments whenever they are called: 1. Reference to the cart 2. Scalar representing the action that fired the trigger; value will be one of: add, update, delete 3. Hashref pointing to the new row (except for the 'delete' action, in which case this will be undefined) 4. Hashref representing the old row (except for the 'add' action); for 'update' actions, this will be a *copy* of the row prior to the changes. The old row is no longer a member of the cart. 5. The cart's name The return value from each subroutine call is pushed onto an array; when the particular trigger firing is complete (i.e. all subroutines specified in CartTrigger have been called), the full array of results is returned. However, the initial version of this functionality does not use these return values in any meaningful way. It must be noted that the Interchange cart subsystem is based on arrayrefs of hashrefs; there is no object encapsulation for limiting/monitoring programmatic access to the contents of any cart. Consequently, direct manipulation of the cart from within Perl will *not* cause these triggers to fire. The triggers only fire when the cart contents are modified through the standard Interchange CGI-based variables/processing. Therefore, it is assumed for now that any programmer sufficiently comfortable/confident to manipulate cart contents directly can also be given the responsibility of deciding whether or not it is appropriate to invoke any cart triggers in response to such changes.
custom error messages for _ format routines were accidentally suppressed
* Add logic to have AutoModifier work for matrix items. Only works for the non-table, non-foreign key call version, i.e. AutoModifier modifier or AutoModifier modifier=field It will look in the mv_ib first, then the first then second products file, for both the code and the mv_sku. This might not be completely what would always be wanted, since it has the precedence: mv_ib->code mv_ib->mv_sku products->code products->mv_sku variants->code variants->mv_sku It is important in this case to make sure you have the table set in the item, as otherwise products->sku will shadow variants->code.
new order check natural for natural numbers split out future,length,regex order checks
split out exists order check, don't ditch message from OrderCheck routine
* Add dash-seperated number as possibliity for easy reading of credit
card info. Outputs a 4111-1111-1111-1111 number when you use
MV_CREDIT_CARD_QUADS in the encryption output template, i.e.
Variable MV_CREDIT_CARD_INFO_TEMPLATE <<EOV
{MV_CREDIT_CARD_TYPE} {MV_CREDIT_CARD_QUADS} {MV_CREDIT_CARD_EXP_MONTH}/{MV_CREDIT_CARD_EXP_YEAR}
EOV
split out email_only order check
Remove mention of nonexistent Vend::Mail ...
* Improve ability of AutoModifier, make consistent in both places where it can be set. * Current variations: AutoModifier category AutoModifier outboard:category AutoModifier outboard:category:foreign all stay the same -- only difference is that :: is now accepted same as :. * New variation: AutoModifier attribute=table:column AutoModifier attribute=table:column:foreign is accepted. This removes the requirement that the attribute be named the same thing as the table column. * Added regression test that checks all of the above. * Will look for existing documentation to update. * Your regression tests will require a "rm products/products2.sql" to update the data for that table.
* Add an order check which always passes -- used to update value of variables no matter what they are when &update=yes in force. * Updated xmldocs/glossary/profile to add.
* Add SpecialSub "guess_cc_type" to allow custom credit card types on a
per catalog basis.
* Calling parameters -- is passed the digits of the credit card number
as its only parameter (no spaces or non-word chars).
* If you know what type the number is, you return it and it is used as
the result. If not, return a false value to let the normal routine do
it's thing.
* To activate, do in catalog.cfg:
## Map a subroutine to guess custom credit card types
SpecialSub guess_cc_type special_cc
Sub special_cc <<EOS
sub {
my $num = shift;
return 'interchange_test' if $num =~ /^4111/;
return undef;
}
EOS
That will return "interchange_test" if the number begins with 4111
* Where I should document this I don't know. If someone suggests a home
and helps me find the actual document -- this is important -- I will
try. But I don't think finding the right file out of hundreds to do
the documentation in is not a really viable alternative.
* Try to recognize some more credit card types with help from Ivan's Business::CreditCard. * Allow setting of value returned by default with MV_PAYMENT_OTHER_CARD variable (defaults to "other" as before).
* Allow passing of the message to custom routines.
* We had been running without warnings so long, we had gotten a bit sloppy
in our code in some places.
Because we do lots of uninitialized hash member stuff with arrays
of fields and $opt, it is basically unreasonable for us to run with
the "use of uninitialized variable" warnings. Because we do a fair
amount of numerical comparisons on empty string values, it seemed
unreasonable to run with "string value in numeric gt" enabled.
Also, because Safe, HTML::Entities, and some other modules have
these checks enabled, page code is bound to have warnings issued
no matter what you do.
It seems better to run with some warnings enabled so that we can
catch bad code practice.
So I have made the code run without warnings prior to and after
interpolate_html(), and turned off warnings by default in the
page code.
If it is desirable to turn on warnings for pages, you can use
[pragma perl_warnings_in_page] and see warnings for that page
(or by default if you put in catalog.cfg).
* In general these changes are:
no warnings qw(uninitialized numeric);
in most pages.
* Add $::Pragma->{perl_warnings_in_page}.
* Remove defined checks when simple set tests will do.
* Streamline some code.
* Change get_cart routine so that it will not screw up item groups on a merge. Problem identified by Brian Kaney <brian@vermonster.com>. * Change assignment of mv_mi so that the value will be definitely unique for a single user session.
* Refuse to increment quantity of free items.
* Comment out debug statements.
* Allow AutoModifier to select common attributes for matrix items (or based on any item modifier)
* Add "exists" order check, which tests for pre-existance of a
database record.
Uses the same syntax as the "unique" check, in other word
table(::foreign)?
For example:
email=exists userdb:email
will fail if a particular email address does not exist in userdb.
username=exists userdb
will fail if $CGI->{username} doesn't exist as a record in userdb.
* Allow individual profile checks defined in metadata.
It is defined in the "Help and Check" section of meta_editor.
IMPORTANT: To enable these checks, the ui_profile part of the overall
table definition has to be non-blank. You can just put a comment like
# Enable individual form profile checks
To enforce a profile on a field, set it's check value to a valid
IC profile check. For example, to make sure the length of a field
is between 4 and 10 characters, do:
length 4-10
Or to ensure it looks like a US or Canada postal code
postcode
This results in the following being set in the extended field
of mv_metadata:
{ check => 'postcode' }
If the check has an "=" sign anywhere, the field name is not
prepended. So to do multiple checks, you need to do
SECURITY:
Since the filter or lookup check type can do data lookups and potentially
call routines, we need to have some security. The table-editor tag
sets the scratch value "mv_individual_profile" when a ui_profile
is defined.
WITHOUT TABLE EDITOR:
To use this without the table editor, just set an mv_profile as
normal. Then for each individual check, define in the form:
<input type=text name=foo value="">
<input type=hidden name=mv_individual_profile value="foo=length 1">
That would check the form variable "foo" for a length of 1.
This is automatically done by the [display ...] tag, so you can
do:
[display type=text name=foo check="length 1"]
to do the same thing.
You will need to set the scratch value mv_individual_profile yourself
to enable these.
POSITIONING WITHIN PROFILE:
The facility works by modifying the first mv_form_profile run and
inserts its values either just before the first &fatal=yes or
*after* the first &update=yes, whichever comes first. If neither
are in the profile, they are put first in the profile.
MULTIPLE CHECKS:
If you have multiple mv_form_profile settings, the individual checks
are only run as a part of the first one and are not repeated.
* Add blank_default metadata setting, which is the value a field should
be initialized to (on display) if the current value has a length of 0.
* Remove extended.js_check from meta editor, as that was never implemented.
* Add some labels and help to meta editor.
* Add the ability to create a transaction ID and later assign the order number.
To use, you need to set in the main route:
counter_tid etc/transaction.number
At that point, in the current foundation, you would add this code to
assign an order number *after* payment is taken.
Set order number in values: [value
name=mv_order_number
set="[counter
name=`$Session->{current_route}{counter_name}
|| 'etc/order.number'
`
sql=`$Session->{current_route}{sql_counter}`
start=`$Session->{current_route}{first_order_number}`
date=`$Session->{current_route}{date_counter}`
]"
]
Set order number in session: [calc]
$Session->{mv_order_number} = $Values->{mv_order_number};
[/calc]
This allows the order numbers to increment only after payment has been
received, while still allowing the all-in-one transaction logging
file located in a report file.
If you use counter_tid, you *must* set set the order number in your
logging file if you want it to be available.
You will want to call [charge ... order_id="[value mv_transaction_id]"]
to get full traceability of declined and failed charges.
* Add ability to use date-based order numbers with
date_counter 1
in the appropriate route.
* Allow setting a counter name without incrementing the counter itself, if
increment 0
is in the route. This is really how it should have been done in the
first place.
* All tested with current foundation, and should be completely transparent
and compatible.
* Make grouping of items work again. When did this go bye-bye?
Add support for Canadian provincial symbol NL.
Don't throw away UseModifier cart modifiers on every cart update. They can still be updated via CGI mv_item_option if it's set. This is actually a 2+ year old patch Mike did for Florist.com, which never made it into the main codebase, but IMO needed to.
* Remove insurance of trailing null fields being included in arrays. Any traversing of the arrays should be keyed on code/sku anyway, and that is the only one that needs to be fully populated. Fix provided by Brian Rogers of Groxis -- caused problems for one of his custom ordering routines.
The great copyright, email address, URL, and version update.
use log_file_violation
* Fix mv_form_profile to work with &and/&or checks. (Last fix did not work.)
* While vetting MySQL and transactions, I discovered that we weren't doing
them right on several levels anyway.
-- Added no-commit flag to [import ..] tag so that we don't automatically
commit after the order import.
-- If the Route "transactions" entry is specified in the main route,
the commit or rollback is done based on success/failure of all
of the routes (that don't have error_ok set).
* Added MYSQL_TRANSACTIONS variable to allow creation/use of MySQL
InnoDB type for order transactions. Will add additional_fields
support in separate commit.
* Back out previous change -- it is more complicated than that.
* Fix bug where reference was not passed in chained checks -- no chained checks would work with mv_form_profile.
* Add multizip routine. Works for the US and Canada as before with
zip=postcode, but ignores any countries not set in MV_ZIP_REQUIRED
and doesn't require a zip code.
In other words:
[set checkprofile]
country=required
zip=multizip
[/set]
With
Variable MV_ZIP_REQUIRED AL DZ
the only countries that will require a zip code besides the US and
Canada are Algeria and Albania.
When a zip code is required, the zip just needs to be 4 characters
or more. (Is this reasonable?)
To set a custom state routine, do:
$Vend::Order::zip_routine{AL} = sub { $_[0] =~ /^\s*\d\d\d\d^\s*$/; }
Called with $sub->($state_value_to_check);
To override the default error message, do
$Vend::Order::zip_error{AL} = "'%s' not an Albanian zip code!";
* Change multistate to match logic of multizip. Works for the US and
Canada as before with state=state_province, but ignores any countries
not set in MV_STATE_REQUIRED and doesn't require a state.
In other words:
[set checkprofile]
country=required
state=multistate
[/set]
With
Variable MV_ZIP_REQUIRED AL DZ
the only countries that will require a state besides the US and
Canada are Algeria and Albania.
* I am open to authoritative defaults for other countries.
* It might make sense to add a "datastate" and "datazip" to the
code/OrderCheck directory, ones that look for state info in
the database.
* Fix thread-safe/prefork-safe problem with setting state and
province templates from Variable values. In the process....
* Add new "multistate" check that allows setting of country state
templates, checks for state based on country (or b_country).
If country is US, does a "state" check. For CA, does "province"
check. If any other country, accepts any string longer than
1 character.
If you want to add to the states accepted, you can add something
in another OrderCheck. For instance, you might do for the
UK:
$Vend::Order::state_template{UK} = <<EOF;
| AVON BEDS BERKS BUCKS CAMBS CHESH CLEVE CORN CUMB DERBY DEVON |
| DORSET DURHAM ESSEX GLONDON GLOUS GMANCH HANTS HERTS HERWOR |
| HUMBER IOM IOW KENT LANCS LEICS LINCS MERSEY NHANTS NORF |
| NOTTS NTHUMB OXON SHROPS SOM STAFFS SUFF SURREY SUSS WARKS |
| WILTS WMID YORK |
EOF
$Vend::Order::state_error{UK} = "'%s' not a valid UK state abbreviation.";
Can set "country" to something else with MV_COUNTRY_FIELD.
Update pgp_encrypt to accept multiple encryption keys. Keys should be passed as a space or comma separated list.
* Created $Vend::File::errstr which is set to get the error message,
otherwise defaults to the standard one.
* Add both global- and catalog-level FileControl directive that allows
mapping subroutines (or named pre-existing subroutines) to a path.
Does a depth-first search starting with the file name.
* In either interchange.cfg (takes priority) or catalog.cfg put:
FileControl include/junk <<EOR
sub {
my ($fn, $write, @caller) = @_;
## Allow write to files containing "foo"
if($write) {
return $fn =~ /foo/;
}
## Allow read if file doesn't contain "bar"
return $fn !~ /bar/;
}
EOR
* In either interchange.cfg (takes priority) or catalog.cfg put:
FileControl include/junk some_sub
This uses either Sub or GlobalSub
* Only in interchange.cfg, you can put a mapped routine name:
FileControl include/junk Vend::SomeModule::file_control
* If no FileControl is not set, the checks are not done for performance
reasons.
* TODO: Add standard UserDB methods.
* Add new Vend::File module with minimal functions. * Relocate following routines (and their subsidiaries) from Vend::Util: canonpath catdir catfile exists_filename file_modification_time file_name_is_absolute get_filename lockfile path readfile readfile_db set_lock_type unlockfile writefile Added stubs so that package-based calls to those routines will not break software. * Added CatalogUser directive that allows setting in interchange.cfg of allowed username that is used for access to absolute-path names. CatalogUser foundation joe CatalogUser reports jane This sets the user for allowed_file() for further read/write checks based on username. * Created allowed_file() routine and replaced all current inline checks for NoAbsolute with call to that routine. It behaves as: NoAbsolute is No: all files are accessible, always Allowed for read/write: Path name is relative with no .. Path name is absolute but in the catalog directory Path name is absolute but in a TemplateDir Allowed for read: CatalogUser set to a valid username and file is readable by that user CatalogUser set to a valid username and file is readable by a group containing that user Allowed for write: CatalogUser set to a valid username and file is writable by that user CatalogUser set to a valid username and file is writable by a group containing that user * Changed display_special_page so that special page entries with ../ will not break things. * TODO: -- Code read for open() calls. -- Code read for chmod() calls. -- Code read for unlink() calls. * Passes all regression tests; takes an order on foundation; runs UI including file navigator.
* Allow $Session->{mv_order_number} to be set anywhere.
* Hook in custom item update routine to any options module enabled. This was a deficiency in the last commit.
* Add Australian BankCard contributed by Howard Lowndes.
* Major update to product options. * Options are now modular in much the same way as Vend::Payment is. You can add an unlimited number of option types simply by dropping a module into Vend::Options. * By default, the old 4.8 style options are in force, implemented with Vend::Options::Old48. If you add this to catalog.cfg (in etc/after.cfg in foundation): OptionsEnable option_type The "option_type" names a field in the products file which controls the option type. This enables new-style options. It can also be in a specific table and field, ala AutoModifier: OptionsEnable table:field Indeed, this is added to AutoModifer after catalog.cfg. * There are two new-style options included: Vend::Options::Matrix Vend::Options::Simple These are equivalent to the current matrix and simple options. * Options behavior is controlled in catalog.cfg by a locale-style multiple hash (ala UserDb or Route): Options Matrix sort o_sort,o_group Options Matrix variant_table my_variants * To find and add a new option type, simply set something in catalog.cfg: Options MyOptions table my_options That will cause a require of Vend::Options::MyOptions. * The matrix products have been moved to the "variants" table. * The options table contains options for both Matrix and Simple types, but only fields for building those simple-type options (which are used to generate variants for Matrix). The followign fields have been removed from options: differential mv_shipmode o_enable o_exclude o_footer o_header o_include o_master o_matrix o_modular phantom volume weight * The variants table is a subset of the fields in products. * The admin page for each option style is defined in its admin_page routine, usually an include from inclued/Options/OptionType. * size and color fields removed from products table, option_type added.
updated LINUXIA branch to 4.9 sources in order to use it as testbed again
Update copyright dates.
Merge from trunk: Be more tolerant with zip/postal codes -- don't remove hyphen from ZIP+4 (99686-2933) or space from Canadian postal code (T0L 0R0), and don't reject ZIP+4 without hyphen.
Merge from trunk: * Fix problem with PreFork mode where Interchange children kept order profile state between runs.
* Tolerate unset $Global::OrderCheck variable.
Fix problem with PreFork and mod_perl modes where Interchange children kept order profile state between runs.
* Removed the previous Vend::Util::readin() patch and now perform specific checks before the three calls that were cause for concern.
* Various patches to plug NoAbsolute-related security bugs when reading files. * If readfile()'s second parameter can be safely removed then this can be done in a later commit; I've left it alone for now.
Sweeping update of Akopia/Red Hat references, to prepare for 4.8 release with current Interchange URLs and contact information.
Be more tolerant with zip/postal codes -- don't remove hyphen from ZIP+4 (99686-2933) or space from Canadian postal code (T0L 0R0), and don't reject ZIP+4 without hyphen.
* Allow alternate values spaces with $CGI->{mv_values_space}. This allows
fill-in wizards, surveys, and such to not pollute the user's normal
values.
Use with caution -- if someone is in the practice of using $Values
to set catalog behavior (usually a poor idea) then it can cause
anomalies.
* Clean up a few references to $Vend::Session->{values} which should
never be done anymore -- we had handled almost all of this previously.
It should always reference $::Values.
* Remove support for old Minivend 3 cyber_charge call * Remove unused "report_field" routine, not needed now that Minivend 2 order report style is no longer supported
* Add check for no_increment so that mv_order_number can be set in a route. TODO: Add feedback of set order_number.
* Added an optional $min_digits parameter to the luhn() sub (default is 13, minimum is 2) so that any "LUHN-10"-encoded numbers can be checked. * Added a new "luhn" check routine, for use in a profile.
* Major update to order status functions in UI. Much of this is funded thanks to Gary Norton and Broadgap Technologies. * Created new update_order_status.tag usertag which does most of the functions done previously in admin/order_status.html * Order status funky page code replaced with [table-editor version]. * Now can "Shipped checked orders". If you check the ship_auto check box, it will: -- settle CC charge with payment processor if that is needed or wanted -- ship all lines on order -- update all status to shipped -- archive the order * Added following fields to transactions: auth_code -- contains authorization code needed for charge settlement tracking_number -- separate shipping tracking number from status Also updated log_transaction to insert auth_code if available. * Regularized database types for orderline and transactions * Removed unnecessary blank "reports" sampledata for orderline and transaction * Added much metadata for orderline, transactions, and payment settings * Fix auto-encryption of credit card number in Vend::Payment even if no EncryptKey or credit card number. * Modified Vend::Payment::TestPayment to allow testing of charge settlement. * Allow setting link-no-blank=1 in [table-editor] to prevent addition of rows in a linked table for a particular view. * To test out settlement and batch updates with Vend::Payment::TestPayment 1. Uncomment "Require" line in interchange.cfg. 2. Set following payment preferences in Administration->Preferences: MV_PAYMENT_MODE testpayment MV_PAYMENT_ID test SETTLE_TRANSACTION 1 3. Restart, place a new order, and use Order Manager to ship.
* Finally discovered what is going on with GPG and errors.
-- If PGP fails due to a system problem, like out of memory or
bad file permissions, it fails with a status that will cause
a real error which is in the lower 8 bits.
-- If PGP fails due to an internal problem like "key not found",
or no secret key ring, it will fail with system status set to
zero but the upper level status indicating its problem.
So a failed key will turn up as "File not found" in the
upper order bits, while a key *ring* not found will fail
with the same error in the lower status bits.
This patch is temporary, and at least tells you what $! is. I will
examine GPG's error messages and provide some simple ones like "key
not on keyring" and catch them to provide a better error.
* Move most all code out of bin/interchange. The only routines that remain are: dontwarn version usage catch_warnings parse_options main_loop Once the initial startup for Interchange is done, this code is completely out of the picture. * Create new Vend::Dispatch module which contains the bulk of the code removed from bin/interchange. * Move the important update_data() subroutine to Vend::Data. * Move the session-related routines to Vend::Session. * Move the order-related routines do_order() and update_quantity() to Vend::Order. * Change many ::uneval() calls to plain uneval() or Vend::Util::uneval(). * Remove various unused tags and routines....
* Enhance unique check to allow specification of a foreign key for uniqueness check.
* Add "future" comparator so that you can do: appointment_date=future 1 day "Sorry, we need some lead time." That allows you to check that a date value (ala the date widget) is in the future.
* Proper status codes from failed PGP runs.
* Allow setting of db write status in route. Minor, but will remove need for any setup in etc/log_transaction, preparatory for moving its operation into separate routes.
* A couple of minor changes making mv_order_number and payment order ID honor a sql_counter setting.
* Add [levy-list] TEMPLATE CODE [/levy-list] to display the levy-based tax/shipping stuff. * Add [levies ...] tag to access shipping, handling, and salestax charges via ITL. * Continuing improvement on levy system including cacheing, explicit recalcs, automatic recalc upon cart toss, labels, currency or cost display that uses Locale, etc. More to come. * Fix Profile stuff to properly read a real hash and array instead of always interpolating a string.
* Add ability to use SQL sequence as order number counter, defined with "sql_counter" key in route. * Add ability for Accounting modules to *not* assign a customer number if needed, by setting "Accounting tag assign_username 0" to settings. * Prevent incrementing counter for assign_username unless it will actually be used.
Update Andrew Wilcox's email address at his request.
Update Andrew Wilcox's email address at his request.
* Add &update=[yes|no] to automatically update a values variable upon checking good. Usually useful for mv_form_profile. Example: [set tprof] &fail=@@MV_PAGE@@ &update=yes &fatal=no name=required addr=required email=email [/set] <FONT color="red"> [error all=1 show_error=1 show_label=1 joiner="<br>"] </font> <form action="[area index]"> <input type=hidden name=mv_action value=back> <input type=hidden name=mv_failpage value="@@MV_PAGE@@"> Name <input name=name value="[value name]"><br> Addr <input name=addr value="[value addr]"><br> Email<input name=email value="[value email]"><br> <input type=submit> </form> As the variables check good, they will be updated.
Big copyright date update. This will be the last time that Red Hat copyright notices get updated en masse, since the bulk of new code will very likely come from non-Red Hat employees.
* Back out change in _email which prevents possibly-invalid email addresses at cost of compatibility with previous, which would accept a proper email address like "Some Guy"@email.com or some_guy@email.com (Some Guy). * Add new _email_only check_routine which does what the above change did -- if it is important to have only that for ID or reliability in mailing purposes, profile can be changed
reversed Jon's patch to check status of &calc and &return because it caused to many side effects, we keep it in devel
merged changes 2.6.2.7 vs 2.6.2.8 +++ 2.6.2.8 +++ fatal and final should never have an influence on the status of a order check, which has been introduced by Jon's mischievous patch a while ago