[interchange-cvs] interchange - jon modified 4 files

interchange-cvs at icdevgroup.org interchange-cvs at icdevgroup.org
Fri Apr 9 17:19:25 EDT 2004

User:      jon
Date:      2004-04-09 21:19:24 GMT
Added:     .        WHATSNEW-4.5 WHATSNEW-4.7 WHATSNEW-4.9 WHATSNEW-5.1
Add separate files for each development stage of Interchange.

We may want to prune these out in the stable branches to keep release
files smaller, but I believe these are important to have in the
development trunk.

Revision  Changes    Path
1.1                  interchange/WHATSNEW-4.5

rev 1.1, prev_rev 1.0
Index: WHATSNEW-4.5

                  What's new in each version of Interchange
                (since the merger of Minivend 4 and Tallyman)


Interchange 4.6.5

* Fix two admin security holes, in do_view and page_save. Thanks to
  Merlyn J. Pease <peasemj at bellatlantic.net> for reporting in bug #167.

* Several minor database field definition improvements.

* Clean up cruft in sample pricing table.

* Prevent admin/genconfig.html error.log entry about not being able to
  display status file with NoAbsolute set.

* Backport from 4.7 the error report if page couldn't be saved by

* Fix a couple of bugs with AlwaysSecure not working in an order link.

* Fix rounding problem with Shipping.

* Fix problem with FullURL.

* Add stub for test_column in Table/InMemory.pm.
  Problem found by vasile_abo at wexim.com.

Interchange 4.6.4

* Added mod_interchange to the standard Interchange distribution.
  It is the direct descendant of mod_minivend, created by Francis
  J. Lacoste <francis.lacoste at iNsu.com> at iNsu Innovations Inc.
  in 1999. With Francis's blessing, we're taking over maintenance of
  the module. Thanks, Francis!

* Changed test.pl to use Errno.pm to derive socket test error messages.
  Thanks to Patxi Larrayoz Elcano <larrayoz at retemail.es> for finding this.
* Fix problem with MV_DEFAULT_SEARCH_FILE. Found by Joshua Scott
  <josh at bluebonnet.net>.

* Fixed bug with encrypted-password users not being logged in after
  new account creation. Reported by tamas.kohegyi at unforgettable.com.

* Add CGIWRAP workaround. Remove bogus PATH_INFO that is prepended to

* Add unusable password hash for group ':backup' in access.asc. It was
  possible to access the admin interface with this username and no password.

* Disallow login attempts with group names, usernames with invalid
  characters, and blank usernames or passwords.

* Fix index statement problem for order_returns in PostgreSQL, found by
  <lmorley at flexihost.com>.

Interchange 4.6.3

* Fixed a bad bug that kept product options from working right. A bugfix
  in 4.6.2 uncovered a worse bug due to swapped parameters in a subroutine
  call in Data.pm. Thanks to Marc Infield <marc at geronimo.com> for pointing
  this out quickly.

Interchange 4.6.2

* [loop list=`$Scratch->{ary}`] now accepts a prebuilt array reference to
  loop over. Must be in the form returned by $db->query(), i.e. the list
  array (of arrays), an optional field hash ref giving the field name to
  index pointers, and an optional array ref giving the field names in
  order. Thanks to Kaare Rasmussen for the suggestion.

* Fixed bad bug in History, saving mv_credit_card_number in session. Oops.
* Fixed bug in secure/non-secure host comparison, thanks to Murray Gibbins,
  Stefan Hornburg, and Hans-Joachim Leidinger.
* Add MV_USERPROFILE to the list of recognized cookies, allowing a
  cookie-based admin login. Providing the password is saved in a cookie
  (perhaps with no expiration time?) then this will allow multiple-order
  entry by running the login process again.
* Fixed up the DisplayErrors auto-response to be localized. Not many people
  use this, but trying to localize all error messages.

* Fixed bug in ui_date_widget, generated month name for "Feb 30" which turned
  into March.

* Patch supplied by Hans-Joachim Leidinger <jojo at buchonline.net> prevents
  blank credit card info from being encrypted.

* Fixed bug #106, hang at install time if specified Interchange user ID
  doesn't exist.

* Fixed problem in Search.pm where coordinated search of op=rm would not
  match on words only.

* Fixed recent bug that prevented cached DBI connections.

* Fixed a couple of hard-coded mv_metadata references in admin pages
  preventing renaming of __UI_META_TABLE__.

* Fix problem with ProductFiles resolution in loops. The Vend::OnlyProducts
  setting was confused after the on-the-fly update.

* Convert '[' characters to &#91; in [value-extended] to prevent reparsing
  of Interchange tags from user data.

* Fixed problem with fly-list not accepting base parameter as per docs.
  Found by Victor Nolton.

* Added Stefan Hornburg's patch for table image background paths.
  Set pragma substitute_table_image to enable this.

* Improved makecat error message when problems occur reading config file.

* Made NoAbsolute default to Yes in interchange.cfg, which gives better
  default security for newly-built catalogs.

* Various minor HTML corrections. Thanks to Paul <porl at namee.com.au> and

* Fixed in-stock notification problem on flypage.html and stock-alert.html.

* RPM only: Fixed logrotate.d file to prevent cascading log rotation like
  error.log.1.gz.1.gz etc. Thanks to Murray Gibbins for diagnosis & fix.

Interchange 4.6.1

* Added MS Excel import/export capability.

* Added new SessionType "NFS", which forces fcntl_lock/fcntl_unlock in
  SessionFile.pm (bug #76).

* Report missing DBDs at startup time by working around DBI bug that causes
  $@ to be eaten (bug #75).

* Miscellaneous bugfixes, thanks to Jean-Philippe Bouchard:
  - Fixed Data.pm bug that caused flypage problems (bug #60).
  - Fixed spreadsheet edit auto export bug (bug #59).

* Link program fixes, thanks to minivend at delionsweb.net:
  - Fixed tlink.pl LINK_PORT problem (bug #61).
  - Fixed compile_link 'nosuid' option failure (bug #66).

* Construct Something changes:
  - Fixed stock alert price problem (bug #57).
  - Fixed 'title' vs. 'description' field issues. Thanks to Steve Gertz.

* Fixed [selected] and [checked] tags to be more uniform and to support
  case-sensitive and $CGI comparisons. Documented in Tagref.pm. Also,
  "multiple" and "default" args can no longer be positional -- no big loss.

* Fixed bug that kept [item-subtotal noformat=1] from being recognized.

* [item-exec routine] now picks up $Values, etc. before a [calc] is run.

* Order.pm: routes now use a "from" parameter which sets the email From: 

* Fixes to Util.pm:
  - Prevent sprintf() from screwing up numbers in certain locales.
  - [include] now can interpret [L] if locale=1 parameter is added.

* Server.pm -- we can now accept ISINDEX queries (for what it is worth).

* Scan.pm -- fix non-interpolated tags in search profiles.

* Database tables can now reside in different directories with the 
  DIR option to the Database config parameter.

* Fixed typo ('error' vs. 'errors') in Order.pm preventing no-items
  error from being seen at checkout (bug #82). Thanks to Bas Bezemer.

* Removed some duplicated image files, reducing package size by ~ 200 KB.

* Fixed scoping problem with override from user image upload.

* Allow internationalization of error messages in UserDB.

* interchange.PL: Fixed bad call to Vend::Imagemap::action_map, must be
  just the action_map since autouse is in force. Thanks to Jeff Carnahan.

* Fixed bugs in or-ed searches in DbSearch, fixed mv_search_relate bugs.

* Fixed problem with nu parameter getting out of sync in mv_sql_query.

* Added 3 usertags: benchmark, sleep, and table_organize (in eg/).

* Filled in some missing timestamp fields in construct demo store data,
  which was causing PostgreSQL 7 data imports to fail.

Interchange 4.6.0

* Minor final changes

Interchange 4.5.8 beta release

* Documentation overhaul -- PDFs now available
* Various bugfixes
* Oracle support improved
* 'Construct' catalog improvements
* Authorize.net support

Interchange 4.5.7 beta release

Interchange 4.5.6 changes -- complete overhaul of UI

* Everything renamed to "interchange". interchange.cfg, interchange.pid,
  etc. If you keep minivend.cfg as the configuration file, the PID file
  will be minivend.pid. There should be a good level of backward

* "construct" is now the default demo -- a "foundation" demo will be
  added later.

	-- Improved graphics and layout over older demos.
	-- Split ship addresses for items
	-- Shipping notices integrated
	-- Recurring order facility (doesn't yet work).
	-- PO with credit limit
	-- Merchandising cross-sells by category or item.
	-- "Others who bought this"

  The HTML rendering is kind of slow on Netscape, any help with that
  would be appreciated.

* The user interface (UI) was reorganized to make it easier to understand
  and use.

  -- All functions should now be available via menu, quicklinks should
     not be necessary.
  -- Most database table lists are HTML lists with links instead of
     the button approach.
  -- Administration console with information helpful for debug.


* Orders 
  -- list-based
  -- shipping status notices
  -- automatic check of archive box when status=shipped
  -- list-based delete and archive operations
  -- lists are sortable on multiple fields
  -- status display for individual line items
  -- change size of list with Knar UI_SZ_LIST_ORDER

* Customers
  -- list-based
  -- list-based delete and deactivate operations
  -- lists are sortable on multiple fields
  -- status display for individual line items
  -- change size of list with Knar UI_SZ_LIST_CUSTOMER

* Item editor
  -- Select list of items to delete or edit in sequence
  -- Now have different "views" for merchandising, pricing, inventory, etc.
  -- checkbox-based deletes
  -- item fields to display set with UI_ITEM_FIELDS
  -- separator fields set with UI_ITEM_BREAK
  -- cross_category field added to merchandising table

* Content
  -- Templates easier to create
  -- Editor allows change of template

* Layout
  -- button builder does on-the-fly items
  -- fixed bugs in search builder

* Merchandising
  -- new menu, includes affiliate stuff

* Reporting
  -- Fixed cast problem with PostGres reports
  -- More consistent look/feel for reports

* Administration
  -- New information screen that should help with diagnosing trouble
  -- Table select/edit now consistent with other editors
  -- Selector rows can be sorted via column, forward and reverse
  -- Table display properties can be easily edited


* Database update forms (mv_todo=set) now can set fields in multiple
  tables when there is a common key.

* Changed SpecialPage defaults for "search", "order", and "checkout"
  to reflect longstanding defaults in demo catalogs.

* Fixed bug in fixed-field (PriceField) pricing, introduced sometime
  in Minivend 4.

* Added GUESS_NUMERIC parameter to databases, which operates by checking
  field types in SQL and by looking at the import data on DBM. You can
  see this in operation in the UPS tables "Ground", etc.

* Removed auto-index of key field if POSTCREATE statement exists.

* Added some more better auto-numbering support. Still not ready
  for the UI.

* Found bug in Vend::Table::DBI->inc_field that caused a quoted value
  when really was a number.

* CSV imports now are fully as functional as others, can do indexing, numeric
  guess, etc.

* Added "value" widget type for [accessories ...].

* Added [tmp var]scratch setting[/tmp] and [scratchd var] tags to
  purge Scratch when setting/accessing variables. This can improve
  session write speed if setting a large value which will only be
  used in the current page.

* Added "tabbed" filter, and some other Filters. Now you can add
  your own filters persistently with:

	Sub <<EOS
	sub somesub { 
		$Filter{foo_to_bar} = sub {
			my $value = shift;
			$value =~ s/foo/bar/g;
			return $value;
	or just in the current page

		$Filter{foo_to_bar_tmp} = sub {
			my $value = shift;
			$value =~ s/foo/bar/g;
			return $value;

  Thanks to Stefan Hornburg for suggestion.

* Fixed SpecialPage handling of salestax.asc, thanks to Jeff Carnahan.

* Fixed _postcode() routine in Order.pm, thanks to Brett Harrison.

* Fixed longstanding problem with demo catalog whereby the UserDB
  defined the username field as "user" but it was actually named
  "username" in the database. Changed UserDB default to "username", because
  "user" is a reserved word in some SQL databases (i.e. Postgres).

* UserDB: Removed mv_credit_card_info from B_FIELDS so that it would not
  be saved in UserDB.

* Added [counter ...] tag, with some additional capabilities over
  the old [fcounter ...] tag. Kept fcounter around in UserTag for
  compatibility with older catalogs.

* Added image copying for shared image directories (the admin).

Interchange 4.5.5 beta release

Interchange 4.5.3 beta release

Interchange 4.5.0 changes -- the start of the Tallyman merge.

* Many, many, changes and improvments to the user interface.
  Minimate is broken out again and made separate; the UI should
  have all of its functionality. See the UI online help for changes.
* LDAP support. You can now keep data in LDAP servers, with 
  normal Minivend Database connectivity. Searchable, too!
  Put in catalog.cfg:

	Database  variable variable.txt LDAP:some.servername.com
	Database  variable BIND_DN      cn=fragermk, o=catalogs, c=minivend
	Database  variable BASE_DN      o=catalogs, c=minivend
	Database  variable BIND_PW      secret

  Programmed by Mike Frager with a bit of help from Mike Heins.

* VariableDatabase now takes effect at the time of the call in catalog.cfg.
  This means you can edit your Variable settings in a database, reconfigure,
  and then use the values farther down in the configuration file.

* Order.pm: fixed multiple problems in precedence for order profiles.
  Thanks to Ton Verhagen. Also added "isbn" profile check written
  by Ton Verhagen.
* Interpolate.pm: Fixed bug in error message generation -- thanks to Dan
* Config.pm: Fixed default declaration of "HOT" for memory databases,
  now should work properly as default database.
* Other changes much too numerous to mention. This will be the last
  version of this changes document; there are too many.

1.1                  interchange/WHATSNEW-4.7

rev 1.1, prev_rev 1.0
Index: WHATSNEW-4.7

                  What's new in each version of Interchange
                       (since the version 4.6 branch)


Interchange 4.8.1 released 2001-08-13.

* Fix flypage typo preventing display of options.

* Fix stock-alert thumbnail display (based on image availability).

* Changed from and reply-to email address to __EMAIL_SERVICE__
  This brings it line with the name in the variable table.

* Fix to catalog.cfg that closes longstanding history-scan "expired" problem.

* Fix problem with PostgreSQL userdb table definition found by Brian Kosick
  <briank at nacs.net>.

* Add counties of Ireland to state.txt, correct two minor UK/EI mistakes.
  Thanks to Donal H. <donalh at online.ie> for submitting this update.

* Add DECREMENT_INVENTORY to the default variable.txt, fixing bug #292.

* Rename some images to get around long path problems when not using
  a reasonable tar program, e.g.:


* Remove GNUisms from Foundation configuration scripts.

Admin UI
* Allow setting UI_SECURE with environment variable MV_UISECURE.

* Set UI_HELP_URL to interchange.redhat.com by default, to enable access to
  most up-to-date online help in the UI.

* Add MV_DEMO_MODE variable and MVC_DEMOMODE makecat setting.

* Swedish UI locale (sv_SE) added by Tommi Labermo <tommi.labermo at surfnet.fi>.

* Many more i18n improvements from Stefan Hornburg.

* Do something reasonable if transactions or userdb is defined LARGE.

  - If LARGE and no search input comes to order page, bounce to
    flex_select with proper table selected and page title set to something

  - If a query by example is put in, use order.html (transactions)
    or customer.html (userdb) to actually display the item.

* Fix longstanding admin/admin/error bug when you hit a non-existent
  transactions or userdb table.

* Allow manual setting of order number from UI.

* Make new dbconfig stuff show up if UI_DBCONFIG is set.

* Carry destination forward on failed login attempt at login.html.

* Disable useless meta link in the wizard.

* Define new action-click parameter to put an mv_click in
  where it will only be executed on Next --> {next_text}.

* Make Cancel really work on order number setting, using above strategy.

* Fix page footer include on wizard/do_launch.html.

* Add link to documentation after initial preview build....

* Update wizard_profiles to use did_products=required instead
  of old products=defined

* In the wizard, the admin user was being created in both the Admin
  database, and the Customer database. This left the admin user password
  in plaintext in the customer database. Now the admin is created in the
  admin db, and the customer in the customer db.

* Modify all pages to use ui_wizard_fields instead of the
  table=variable and fake keys.

* Slightly refine default tax location so it is only presented for US.

* Make "Detect Settings" dependent on MV_DEMO_MODE.

* Don't die if ImageMagick not there. Give error saying bad thumbs.

* Fix Primitive.pm reference integrity problem

* Make secret not mandatory for AuthorizeNet setup in Wizard.

* Add missing file pages/include/order_delete_archive preventing order

* In display tag, add option for cases where we don't want a translation
  (e.g. mv_metadata may be written in another language).

* In image-collate tag:

  - Always push sku/image/thumb data onto stack. Before, image files
    didn't get copied from the upload directory if an 'image' field was
    already properly set up and the 'Generate thumbnails' option was
    not chosen.

  - Add support for plain tar archives.

  - Copy correct thumb filename (rarely caused trouble since we usually
    use the same filename for both).

* return-to tag: When mv_data_table was in ui_return_to, would get
  transformed to the name of the table variable set to a blank value.
  This tromped on any field named the same as the table. Resolves bug #288.

* In table-editor, allow disabling meta on a per-form basis with no-meta=1

* Fix problem where refresh or add of items would set cart back to "main".
  Now, once you set the cart to something besides main it should stick.

* Fix bug where -u or -i did not work because the Config.pm setting
  ignored the fact that the other option was defined. Resolves bug #286.

* Always set PriceDivide in operation if any Locale is set.

* Make PriceDivide work properly for shipping.

* Make documented "o PriceDivide = 1" work properly.

* Fix bug where if table was not imported prior to tag_perl tables call, it
  would be imported but the $Db{table} object would never be set. Resolves
  Bugzilla #289.

* Changes to support linkmode configuration in makecat.

* In Order.pm, put the real profile name into error log ('Unknown order
  check ...').

* In Util.pm: Fix bug where a merge hash would not properly set options
  if the base hash was a ref.

* Fix problems with AuthorizeNet module found by Pann McCuaig
  <pann at ourmanpann.com>.

  - changed zip reference to b_zip
  - Removed requirement for secret
  - added country and email to variables sent

* Makefile.PL --nocpaninstall option added, needed to fix the longstanding
  Debian bug #93669.

* Overhaul permission setting when making catalogs as root. Now makes image
  files group writable (never needed before UI image upload), as well as
  making files the correct group depending on M/G/U permission modes.

* Add automatic determination of MVC_CATGROUP based on permission
  mode and supplied UIDs.

* Only offer setting of default linkmode if one is root.

* Added script for use in cronjobs, reset_order_number. Provides
  date-based order numbers for Interchange. From an idea posted to the
  interchange-users at ic.redhat.com mail list by Leon Harris <leon at quoll.com>.

* Added new component 'news' to eg directory. Enables the shop owner to
  easily add news items to the foundation catalog. By Ton Verhagen.

* Much reworking of Debian packages. Stefan no longer considers them to be
  experimental status.

* Update RPM documentation to cover interchange-foundation-demo and
  interchange-doc, and some other missing things.


Interchange 4.8.0 released 2001-07-27.

* Minor bugfixes.


Interchange 4.7.7 released 2001-07-26.

Admin UI
* Change payment wizard to do a better job. Only alters one global parameter,
  MV_PAYMENT_MODE, to set up the route. The rest are done via Route.

  - Change payment stuff to use Payment routes.
  - Change CyberCash config to have them upload their merchant_conf.
  - Add some parameters to Skipjack and Signio.
  - Rename parameters to be gateway-specific.
  - Set up to use new ui_wizard_fields= and wizard support, reducing page

* More admin translations.

* Update admin order entry page to use [item-options]. Delete reference to
  old "related" field in products. Remove [item-accessories size] and color.

* Prevent double-escaping of [ characters in item.html.

* page_new.html: Prevent path name in template name from polluting
  template file spec. Prevent lack of current content from aborting page
  edit. Make "New Page" honor UI_TEMPLATE_DIR.

* ship_data.html: Read shipmode from either CGI or Values, which allows us
  to bounce to the ship_data page and retain the mode.

* table-editor:

  - Remove improperly-set default for widget type disabling metadata from
    the mv_metadata table.

  - Wizard mode no longer requires a table, it creates a transitory
    database object "mv_null" and uses that.

  - In wizard mode, you don't need to have a key field, and you can
    specify "ui_wizard_fields" instead of having to supply both
    ui_data_fields and ui_display_only.

  - Wizard no longer displays a Back button if no "mv_prevpage" is defined.

  - View now can be "none" to override table display info in mv_metadata.

  - Add start of some docs.

* Add "Require module DBI" to foundation catalog configuration to further
  isolate errors with SQL problems.

* Make address and fname field lengths match between userdb and transactions.

* On Stock-alert page, only display a thumbnail if it exists.

* Fixed bug #275, found by Barry Flanagan. Up-sell question was mislabeled
  as "cross-sell".

* Change results.html button style to text type for Macs, which can't handle
  onClick with type=image. Resolves Bugzilla #268.

* Remove CyberCash directive, but warn so old catalogs don't fail startup.
  Never use CyberCash directive or never-implemented mv_payment_mode
  for charges.

* Clean up some discount pricing routines.

* Encode HTML entities for accessories <textarea>s. (Keeps <img src="...">
  from being processed for the current image directory in UI page or
  template editing areas.)

* Move cart copy to before inline_profile is run.

* Put a structure in sesssion with the payment_id for each route, so that
  split charges can be tracked.

* Fix problem with payment_mode being run in check_only mode.

* Change Order.pm so that it handles failed routes properly, even subroutes.

* Get gateway from either Route or MV_PAYMENT_GATEWAY if not defined and
  there is no gateway.

* Unique check allows passing a custom message like "Username already
  exists" instead of the default somewhat cryptic message.

* Document --sharedir and --shareurl in makecat POD.

* Fix --DEBUG startup option docs, resolving Bugzilla #158.

* Several Debian packaging improvements.


Interchange 4.7.6 released 2001-07-18.

* Instituted VAT and extended taxing, including UI support.

  If the SalesTax directive is set to "multi", the type of tax is read from:

  [data table=country col=tax key="[value country]"].

  NOTE: Most everything is configurable for variable name and
        field name via Variable MV_*, but defaults are shown below.

  1. If no string is found, tax returns 0.

  2. If string "simple:(\w+)" is found, uses fly_tax() as with
     recent standard demos.

  3. If string "state" is found, does a re-lookup with

        select tax from state where country = country and state = state

     and value is applied below.

  4. If just digits are found, rate applied directly -- i.e. "0.05"

  5. If N.NN% is found, applied as percentage.

  6. If category = N.NN%, default = N.NN% is found, the tax_category
     field in the products database is used to determine tax basis.
     If no tax_category, "default" rate is used.

  This product data

    sku      price     tax_category
    os28003  10.00     tools
    os28004  20.00     food

  with this country and state data:

    code     name     tax
    US       U.S.A.   state
    JP       Japan    tools=10%, default=15%

    code   country   state   name      tax
    0001   US        IL      Illinois  6.5%
    0002   US        OH      Ohio      default = 5.5%, food = 1%
    0003   US        AZ      Arizona

  Will yield tax for one each of os28003 and os28004 of:

    Japan   $4.00
    US/IL   $1.95
    US/OH   $0.75
    US/AZ   $0.00

* Add PRELOAD_EMPTY_ONLY option for preloading files once at the beginning
  of time, which is what we really want for icmenu.txt and ichelp.txt.

* tlink.c: Implement patch from Tamas to make tlink.c compile with no
  complaint on all compilers. Resolves bugzilla #22.

* Add INDEX capability for SQL databases -- uses CREATE INDEX template.

* Change INDEX Database parameter to array type, adjusting routines
  in Vend::Table::Common to handle for ASCII indexing.

* Add report=1 option to [item-options ...] tag. This returns a comma-
  separated list of options, i.e.:

	blade: Steel, knob: Ebony

  Separator and joiner are ": " and ", " by default, but can be changed
  with [item-options report=1 joiner=";" separator="="] or somesuch.

* Add pragma safe_data, with same function as safe_data option available on
  some tags.

* Parse [pragma] tags on flypages before interpolating fly-list.

* Change fly-page and fly-list so variables don't get parsed twice, but
  still get parsed before flypage substitutions. Add opt variable to call
  for control; could be used in future for other purposes.

* Fix [fly-list] tag so that the options work; previously they never
  would have.

* Add pragma dynamic_variables_file_only to avoid opening databases
  when GDBM -- if needed.

* Order single-widget matrix options by o_sort, as suggested by Ton V.

* Fix new defined check type to actually work -- checks to see if
  $Values->{$var} is defined.

* Set default lock type to 'fcntl' for HP/UX, possibly resolving bug #267.

* Make UPDATE and INSERT work properly with DBM.

* Make mv_successpage set in a form work right when a profile check succeeds.

* Added first general-purpose functionality to [image] tag:

  Given sku os29000 in the Foundation demo, and assuming the products
  database specifies os29000.gif in the image field for os29000,
  the tag [image os29000] returns HTML code something like this:

  	<img src="/foundation/images/os29000.gif" width=120 height=150
  	alt="3' Step Ladder" title="3' Step Ladder">

  If file os29000.gif hadn't existed, or the products database image
  field were empty, the tag would check for files called "(sku).jpg",
  "(sku).gif", etc. and use the first one it found.

  Full documentation is in POD format in the usertag itself.

* Require catalog IDs be of pattern ^[-\w]+$, which makes sure that
  expireall and other utilities will find all catalogs. This was
  documented but not enforced by makecat. Resolves Bugzilla #209.

Admin UI
* Add da_DK (Danish) locale by Kim Lauritz Christensen <kim at hambrosalle.dk>.

* Add nl_NL (Dutch) locale by Ton Verhagen.

* Allow localization of month names, and other localization tune-ups.

* Allow Variable in imagehelper directory and path

* Fix Knar editor entry so returns to flex_select?mv_data_table=variable
  with appropriate page title.

* The affiliates submenu ("create new affiliates") in the UI, was set to
  exclude_on:affiliates, instead of depend_on:affiliates.

* Error message from flex_select added.

* Fix double-escaping of left brackets in flex_editor.

* Fix save profile so that it uses $Values (and automatically picks
  up new additions).

* Fix entry order problem found by Bob Jordan.

* Hide more customer delete buttons if user doesn't have permission, and
  prevent surreptitious passing in of delete command.

* Fixed problem where we leave secure mode at various places.

* Changed the font sizes on the Admin UI admin menu so that the different
  section names matched in size to their description.

* UI_STD_HEAD and UI_STD_INIT cleaned up.

* Display country in order view if not the same as SHIP_DEFAULT_COUNTRY.
  Resolves Bugzilla #212.

* ByAffiliate.html report: Add the bd (mv_base_directory) attribute to the
  search for non-absolute TrackFile values.

* Add warning if Spreadsheet::*Excel modules not installed, as that will
  cause a fatal error attempting to import XLS spreadsheets. Resoves
  Bugzilla #239 -- thanks to Tal Hart for reporting.

* Several item options patches by Mark Johnson:
  - Fix wholesale price overwriting regular price in variant edit.
  - Stop including "none, " in description of an empty option.
  - pages/include/item_option_simple:
    * Added separate 'opt_label_*' form var
    * Added js to set label to name (and reset to previous value)
    * Replaced '[sql-*]' with q{[sql-*]} for strings
    * Added sql/entities filter where appropriate

* Change setting of sku in table-editor to override as opposed to "default",
  preventing previous setting of "sku" to cause corruption of display.

* Wizard: Make "images" piece run after everything else, so that products
  uploaded will be in database. Other miscellaneous changes to the wizard.

* New usertags: [cp], [image-collate].

* Prevent Interchange tags in database fields from being parsed when
  displaying with [table-editor] tag.

* Fix Foundation indexing for PostgreSQL.

* Minor database table changes to support VAT and new multi taxing.
  - Add tax_category field to products.txt (including sampledata/tools)
  - Add tax field to country database
  - Set default type in pgsql/country.pgsql to varchar(255)
  - Set default type in oracle/country.ora to varchar2(128)

* Use new [item-options report=1] in mailed reports and log_transaction.

* Use [scratch mv_autocreate] to supply mv_username/mv_password for order
  status link, similar to what we do for anonymous downloadable products.
  Resolves Bugzilla #226.

* Added sale_price and image_large to the batch product upload template.xls.

* Changed the mv_nextpage from customerservice.html to @@MV_PAGE@@. If you
  selected a new country or shipping method for yourself, it'd kick you back
  to the customer service page and that was kind of annoying.

* Changed the "Buy it Now!" text button on the flypage to a graphic button.

* Fixed the Checkout page to use [button] tags for the bottom Place Order
  and Recalculate image buttons.

* Added some default admin Groups to the access database -- Content Manager,
  Merchandiser, Sales/Orders.

* Fix modular_create view so that o_master is tied to the SKU of what we are

* Adjust default widgets in metadata for modular_create view.

* Fix typo in SAMPLEHTML setting.

* Rename fullwidth template to noleft to match region.

* Make label for retrieving address be the nickname, not the city, as
  suggested by barryf-newprod at online.ie.

* Fix promo component to use [table-organize] for settable number of columns.
  Resolves Bugzilla #240.

* Add tax_category field to products database for tools type.

* Remove banner database that is not used and is just cluttering things up.

* Fix installsample so that it tolerates no images/ directory in sample
  data set.

* Do downloadable product authorization during log_transaction so that
  auto-created users are handled.

* Change deliver action so that auto-created users can log in and download.

* Remove EncryptProgram directive, no longer needed (found globally
  and by default).

* Add EncryptKey directive -- PGP now works out of the box with the wizard.

* Change catalog.cfg to use PGP_KEY instead of GPG_KEY Variable for pgp_key
  in routes.

* Add PGP_KEY to Preferences, and put it and ENCRYPTOR in "Encryption" area.

* Debian packages can produce a demo.
* Minor Foundation hostname problem in RPM install fixed.


Interchange 4.7.5 released 2001-07-03.

* Allow GlobalSub session autoloads.

* Introduce use of AutoVariable for global.

* Overhaul encryption just a bit. We now recognize natively three
  encryption programs, gpg, pgp, and pgpe. Each has argument strings
  automatically generated, and the catalog.cfg directive EncryptKey
  is used by default for encryption. If you pass a directive value
  which is only (/usr/local/bin/)?gpg, it uses these default argument
  values. The defaults:

    gpg      gpg --batch --always-trust -e -a -t -r '%s'
    pgp      pgp -fat - '%s'
    pgpe     pgpe -fat -r '%s'

  These have all been tested with the exception of pgpe, but that
  should be good.

* Route encrypt_program value may not be overridden by expansion from
  variables or by extended. This is for security -- otherwise a change
  in route or variable could allow an arbitrary program to be run.

* Add refinement to bar_link and the area.txt databases where you
  can specify the sort field (or other additional parameters) by entering
  in "search" column. Will make top-category stuff ordered in category
  order instead of random based on prod_group.

* Remove explicit setting of order routes in ValuesDefault, use
  the "cascade" setting of the master route instead.

* Refuse access for empty passwords or "anything" passwords (empty in DB).

* Make username and password minimum lengths customizable (defaults 2, 4).

* When creating UserDB object, use Vend::username instead of session
  username for better security.

* Allow AdminUser superuser access to all catalogs; no access DB required.

* Log attempts by anyone other than superusers to change another user's
  password (e.g. by munging form variable mv_username).

* Make reconfig tags reference RunDir vice ConfDir, resolving bug #207.

* Fix configuration parsing for simple 'Locale xx_XX' directives (for
  pulling locale info from system).

* Enable use of Net::SMTP for systems without sendmail. All are
  likely to have it, as Bundle::libnet is part of Bundle::Interchange.

* Change the Vend::Config::parse_executable check to allow use of a Perl
  module as an option, doing a require for it.

* Change sql_statement error handling to always die upon parse
  error. This will allow the calling routines to trap errors better.

* Order single-widget matrix options by o_sort, as suggested by Ton Verhagen.

* Add matrix option widget and handling so that you can select the
  variants based on individual widgets instead of one. Uses the
  methodology of taking multiple settins of mv_skuN, where N is the cart
  line. Each is joined with a - character, and
  $::Variable->{MV_VARIANT_FILLER}|| 0 is inserted if it is blank.

* Method to tell if the individual widget method is used is to have both
  o_matrix and o_modular set. This is less than ideal, and a better method
  is needed. Will not document this until the method is set.

* Change handling of option updates so that if an illegal variant
  is selected from the database the code and mv_ib refuse to change.

* Fix problem with quoting wrong entity setup in textarea.

* Change add_items() quantity handling to strip letters and fractionals
  (unless FractionalItems).

* Change default order routes so that it comes from $Values instead of
  $CGI. This allows the FormIgnore to block form-entered order routes.

* Change route code so that an empty route will never be emailed.

* change_url function needed with resolve_links() had bug in adding
  arguments. Discovered by Taylor Mitchell and Erik Wichern.

* Add random saying component and usertag [fortune], based on

* Make [reconfigure] tag use RunDir instead of ConfDir.

* Add run=1 option to file-info tag.

* Return nothing from tag [table-organize] if there are not <td> elements.

* Add [if pragma ...] conditional.

* Add [if global VARIABLE] for testing on globals.

* Added new core [msg] tag for doing parse-time locale substitutions.

* Change the [mail] routine in Vend::Interpolate to use
  Vend::Util::send_mail so that it can use Net::SMTP.

* Fix [options] so that SKU on multiple-widget will always be
  set even if not previously.

* Fix [record ...] tag to work with all DB types.

* Fix [catch] tag so that you can put ITL inside the error evals;
  all errors are now delimited by [/pattern/] [/(?pattern/)?]

* Add new [warnings] tag to eliminate the problem with overwriting
  and fragmentation of [data session failure], [data session error], [data
  session ui_failure], [data session ui_error], etc. Will add separate
  namespaces in next iteration so that we can use different ones for UI.

* Add ranges option to [loop list="A..Z" ranges=1] to allow alpha-numeric
  lists. Limit number of produced options to

* Add auto=1 option to [timed-build ...]. Makes an MD5 digest of the
  contained text, then auto-builds using that go generate a filename.
  Demonstrated in latest templates/components/category_vertical.

Admin UI
* Multi-locale UI (selectable at login time) improved.

* New admin context-sensitive help topics added.

* Fixed images/products combined upload problem (Bugzilla #251).

* Add re-routing map capability to wizard maps so that the
  same pages can be used when only the mv_nextpage/mv_prevpage
  stuff changes. We set up the map in pages/include/wizard_profiles.

* Go to password change page after new user is created, so admins won't
  forget to set a password for new users.

* Build categories even if sampleproducts not selected, give
  chance to turn off on preview page.

* Change so that the save will set the pref_group on the
  Variable, which allows it to be later edited logically under

* Fix uploadhelper mv_click so that preceding path will be stripped.

* Refine guess_info to work with either standard wizard or CommerceLauncher.

* Change shipping wizard a bit to allow the user to select their default
  country and shipmode in all cases.

* Add ability to pass form params in via the checklist menus.

* Sort item options when producing matrix options, so new matrix
  separate mode will work.

* Fix target page for login errors.

* Rework password changing in admin UI to always use UserDB functions
  instead of directly writing to database.

Foundation catalog
* Break out different order methods in different checkout profiles.
  Eliminate the fax_order variable. Retain old checkout_profile for

* Move default category_vertical component to second instead of
  third slot to prevent duplicate category lists on some of the
  default foundation pages.

* Finished the advanced search (searching by category now works, as well
  as searching by item field).

* Move default category_vertical component to second instead of
  third slot to prevent duplicate category lists on some of the default
  foundation pages.

* Add timed-build capability to category_vertical.

* Fixed merch components so that if an image doesn't exist, it will not
  display a broken one.

* Change item_option.html to use [record ...] tag instead of separate
  [data ...]. Add Matrix options with separate IDs, still need JS logic
  to insert -0- on empty option.

* Fix item_options in matrix form, removing silly overload of o_modular
  bit. o_matrix now can have two values, 1 (one widget) and 2 (separate
  widgets). The item-option tag can override the separate/single display type
  with a display-type=separate or display-type=one (default) option.

* Add o_enable to variant creation form, which enables the option for

* Default table/area/category to some reasonable defaults.

* Trailing blanks were causing problems in admin/order.html when displaying
  archived/pending orders. Made all definitions consistent at char(1).

* Fix "nullsellect" typo in mv_metadata.

* Added file UPGRADING, rudimentary help on updating Interchange, to
  complement icupgrade(8) docs.

* Support running Interchange under Cygwin for testing purposes.

* Fixed the small search box components - substring matching was not working,
  only whole word matching.

* Add companion page to qb_getord.pl (get_orders.html), which allows
  you to download orders and move the file to a new location so that
  future orders will start a new file.

* Add widget key selector for GnuPG keys.

* Added flat-file table editor utility (eg/te).

* Removing eg/make_gnumeric.sh tool, since Gnumeric dropped support for
  the flat-file table format.

* Silly workaround to make Perl 5.6.1 compatible with File::Copy under Safe.

* Fix host and port changes in makecat.PL when selecting INET mode.

* Place STDIN in binmode so tlink.pl will work with Cygwin/Apache.

* Added mv_session_id hidden form value in a few places it was missing to make
  cookie-free browsing work everywhere.

* Fix the intro script so it will build even if not run from Makefile.PL,
  given an Interchange Root. This will allow a "update_cvs_limited" script
  that updates bin / lib / selected_other_files.

* Minor HTML and CSS fixes.

* Removed unused images.


Interchange 4.7.4 released 2001-06-16.

* Fix bug #220, Interchange server crashing in Server.pm. Caused by
  inappropriate "next" upon select timeout after MaxServer > Num_servers

* Change default of [catch] to NOT interpolate. Impossible to conditionally
  execute code if that is the case.

* Fix [catch] to work with only the proper body, not with both THEN and ELSE.

* Add maxsize parameter to file write in tag_value_extended, fulfilling
  enhancement request #99 in Bugzilla.

* Add a filter for decode_entities, and make encode_entities an alias to

* Add ability to restrict tag execution in a region. If a restricted tag is
  encountered, it is simply output. Based on an idea from Jon Jensen.

  [restrict policy=deny*|accept enable="tag1 tag2" disable="tag1 tag2"]
      restricted area

  policy   "allow" or "deny". Default is deny.
  enable   space or comma-separated list of tag names, including
           UserTag names.
  disable  space or comma-separated list of tag names, including
           UserTag names.

  For instance, this:

  [restrict enable=page]
      [area something]
      [page aboutus]A link[/page]

  will output something like:

      [area something]
      <a href="http://sam.heins.net/cgi-bin/mfound/aboutus.html">A link</a>

  Defaults are important:


  It would defeat the purpose to set interpolate or reparse, but it can be

* Allow parameters for comment tag -- not parsed, but at least tolerated.

* Fix some Interpolate.pm bugs in option display to allow overriding for
  simple options too, and to select the widget type for matrix options.

* Add get=1 to setlocale tag. That is sort of counter-intuitive, so I added
  a [getlocale] alias for [setlocale get=1].

* Fix makecat instructions on how to set ShareURL if using ~yourname/
  style paths, and allow ShareURL to be empty if passed from command line.

Admin UI
* Added German UI images and other text translations.

* Automatically symlink to default en_US UI images for missing images in
  other locales.

* Fix problem with IMAGE_DIR variable being inadvertantly changed for store-
  front by UI. (Thanks to John Beima for finding this.)

* Fix area and cat reordering problem in layout.html of admin with a patch
  from Mark Johnson. Fixes bug #180.

* Finished help pages for the Wizard.

* Make UI_SECURE behave so that global policy can be enforced --
  i.e. if @@UI_SECURE@@ = 1 then the setting of __UI_SECURE__ does not matter.
  @@UI_SECURE@@ isn't set in the foundation demo, so this doesn't affect
  current defaults.

* Move @@UI_STD_HEAD@@ before item bounce checks, so that when the bounce
  occurs it will go to the right URL. Because we now use [table-editor],
  the positioning is no longer necessary. Should fix Bugzilla bug #217,
  though that was marked invalid because we don't support different
  SSL/non-SSL domains.

* Fixed missing mv_session_id variables in admin UI form posts, causing
  problems when cookies were not used.

* Add database-table based backup capability. Depends on a table "backup"
  being available. Looked at CVS, but the repository creation/management
  issues are too daunting at this point. Since it is likely that an entire
  catalog would want to be in CVS, this partial solution seems wiser.

* More improvements to page editor:

  - Policy for editing individual components/page/template can be set in
    template as well as globally. Soon we will have per-page and per-user

  - A PREAMBLE and POSTAMBLE area is defined, so that code can be run before/
    after template regions without being restricted to what you can do with
    the page settings.

  - preamble and postamble are editable on a per-template basis.

  - Preview works on latest version of Mozilla, Netscape 4, and MSIE 5.

* Usertag changes:

  - Update read_ui_page to support latest page edit.

  - Add diff tag in support of new backup capability.

* New, improved admin UI graphics make you healthy, wealthy, and wise.

* Minor [table-editor] fix affecting special Wizard profiles.

* Add supplant=1 to master route. Left in "main" so that it would be
  compatible with old checkout forms, shouldn't cause any harm.

* Turn off transactions by default in catalog.cfg -- not needed or wanted for
  MySQL and DBM, two most common dbs. Since we have had virtually zero
  complaint about transaction atomicity in general, it makes sense to disable
  this. If someone wants transactions, they merely need to enable the

* Add currency_locale field to transactions, resolving Bugzilla enhancement
  request #128. This is valuable because if there is an exchange rate
  situation, it needs to be known at time of purchase.

* Include options in the emailed receipt and report.

* Fix product description display in receipt.html.

* Add example for configurable spec sheets for products. Can be extended to
  track lists for albums, etc.

* Fix template settings for some lesser-used pages.

* Fixed a small typo in the 'cross' component. width_percent was set to 100,
  instead of 100%, causing an occasional cross item to look very skinny.

* RPM specfile reworked to build 3 RPMs: core, foundation skeleton, foundation
  live demo. Foundation demo made friendly for relocation by RPM build.

* Various cleanups: removal of unneeded variables, files, etc.


Interchange 4.7.3 released 2001-06-12.

* Add Skipjack and iTransact to list of gateways supported.

* Item options improvements and bugfixes.

  - Fix a bug that ignores name= in the display tag when using option_format,
    date, imagehelper, or uploadhelper types.

  - Fix a bug that prevented changing your selection once you had selected one
    (code was only updated if mv_sku was not already set).

* Increase limit of possible keys returned for lookup in DBM.

* Full pedantic HTML 4 compliance. (Ability to change URL data separator.)

* Allow attaching a version number to usertags, for later use in Require and
  Suggest directives.

* Fixed bug that caused Interchange to silently fail to start if -q(uiet)
  option was given on command line and a Suggest or Require directive was
  used in one of the config files.

* Improvements to [catch] and [try] tag pair.

  - Added 'clean' option to [try] tag, which suppresses output in case of
    error. The default tag output behavior is unchanged.

  - Modified original behavior of

       [error message]
          catch block
       [/error message]

    The original code requires an exact match, including the newline
    and line numbers from the Interchange core (i.e., it includes the

       " at (eval line nnn)...\n"

    message). The new code strips the 'at (eval ...' to leave an
    approximation of the original $@. Added 'exact' option to invoke
    original behavior.

  - Fixed [try] tag to watch $Session->{try}{$label} instead of $@ after
    the eval because $@ as originally written does not trap most errors
    (which occurred in earlier eval in the Interchange core).

  - [catch] interpolates by default.

* Fix bug where filter was not set to passed {name} parameter, always set to
  $column (which may not exist in non-DB widget).

* New [image] usertag, for getting the image directory (regular or secure),
  and eventually doing other handy things like getting pixel sizes, checking
  for image existence, etc.

* Updated button usertag to provide alternatives to the image input when
  using a JavaScript-challenged browser.

* Make [var ...] usertag honor dynamic variables.

* Fix a bug in the options tag that passed the wrong argument to
  tag_accessories (weight instead of o_widget, oops).  Also allow
  [item-options] to take a type argument, which is passed through so that
  you can override the type should you need to.

* Allow '*' suffix default mechanism to work for text-display accessories
  like it does for select widgets. Fixes weird display bug in
  admin/customer_view.html that caused an input textbox with '0' to appear
  instead of the text 'Credit Card'.

* With help of Dave Jenkins, isolated the problem that caused problems
  entering non-ISO-8859 data in table editor. Now should work properly for
  all locales.

* Make control-set tags tolerate - as well as _ in component attributes.

* Four new options to the [perl] tag that make it a bit easier to work
  with when debugging:

  Add line numbers to the source code displayed in the error.log, amazingly
  useful if some of the perl is being generated elsewhere and interpolated.

  Set to a string, will replace the (eval ###) in the error message with
  this label, handy to quickly track down bugs when you have more than
  one perl block in the page, especially if you are using short_errors.

  If set to a true value, syntax errors and the like in [perl] tags will
  log just the error, not the whole source code of the block in question,
  handy when you have the code open in an editor anyway and don't want
  the error itself to get scrolled away when running 'tail -f error.log'.

  Seemed to be the logical extension of short_errors, if set to a number,
  and the error produced includes a line number, then only that number
  of lines before and after the broken line itself will be displayed,
  instead of the whole block.

* Issue error message if filter is missing.

* Add zerofix option to [time]. Strips leading zeroes from numbers just
  like in [convert-date] usertag.

* Make embedded Perl values equal per-route values.

* Place $Tags_added in Vend:: package so it will be reset upon entry to
  a page/catalog. This should make it thread-safe. Symptom was catalog
  UserTag not being added at times.

* Fix a problem detecting if SQL::Statement is available.

* Fix bug introduced with new sf=:field1:field2 search syntax. Old method
  of sf=:3:4 was broken by new fieldname hash.

* Fix bad username error message found by Ed LaFrance.

* Get rid of language-dependent error message scan.

* Vend::Util::set_lock_type() allows setting global lock type at runtime.

* Fix a bug that suppressed error messages that Vend::Scan::sql_statement
  returned using 'die'.

* Better error trapping on DB calls.

Admin back-end
* Page editor and template system rewritten.

  - Retains the global settings for the page, things like page_title,
    members_only, etc.

  - Depends on ui_template_version being set in the template as to
    whether new editor is used, if not set defaults to the old type.

  - Add types to components, so we can determine which are to be presented for

  - Page preview improvements.

  - Allow control of which elements of a page get edited.
    By setting the variable UI_CONTENT_EDIT to contain a string with tags, you
    can disable/enable certain aspects of page edit:

      template    Allows changing the page template
      page        Allows changing page-wide settings (i.e. scratch)
      components  Allows changing page components
      content     Allows editing page content

* Components overhauled.
  - Add best and cross components that work both horizontally and vertically.
  - Removed old 4.6 components.

* Lots of internationalization work.

* Wizard improvements, including guessing of info.

* Admin images overhaul:
  - Global admin images moved from /akopia/ui to /interchange/$LOCALE.
  - Can now have images directory for each locale (for images with text).
  - All images in one directory, no more admin/ and navigation/.
  - Admin image paths rewritten by Interpolate.pm; no more @_UI_IMG_@ needed.

* Disallow admin UI access by default when there is no 'access' database.
  Thanks to Christopher VanOosterhout for finding this weakness.

* Fix so that $Tag->area() is used to call all links.

* Fix problem with GDBM database tables not being able to import
  a single table (due to no write flag).

* Enhance list-pages tag so that an array can be returned.

* Patch table-editor option parsing, fixing bug #190.

Foundation demo
* New Advanced Search page.

* Lots of artwork, HTML, and other little-detail changes.

* Do not set content-type and charset in doc META -- this may need to be
  different based on locale.

* Added a image_large to the products database for large image support.

* Changed most PostgreSQL fields from CHAR to VARCHAR to prevent space
  padding problems.

* Left menu bar items take text from banner_text if available to allow name to
  stay behind the scenes.

* Fixed errors in receipt found by Angelica Olin, <angel at loadup.com>.

* Add cachedir setting (e.g. /var/cache/interchange) to allow catalog session
  and tmp directories to be in separate location.

* Add rundir setting (e.g. /var/run/interchange) to keep temporary files like
  status.* separate from things in VENDROOT/etc. This takes advantage of the
  OS deleting everything in /var/run/interchange at OS boot time without
  losing files like *.before, etc.

* Have system logrotate daemon rotate catalog error.log files.

* Various other RPM and Debian package improvements.

* Remove a number of unused images.

* Remove Red Hat's Reston office addresses so we stop getting returned
  merchandise for companies who have work done by clueless developers who
  never change the contact info on their catalogs. HINT, HINT.


Interchange 4.7.2 released 2001-05-10.

* There is a pre-forked server mode enabled in interchange.cfg with:

    PreFork       Yes
    StartServers  5

  The number 5 can be set as high as 50 if you have enough
  memory. A number less than 2 makes little sense.

  THIS IS AN ALPHA FEATURE, and is not fully tested.
  But it gives big, big, performance gains.

* Server should now run safely in the Foreground -- when
  in foreground writes to $Vend::Cfg ($Config) are gated via
  Tie::ShadowHash, which is now required. (A copy comes with IC.)

* Server should now be nearly thread-safe when run in 5.6 NEW_THREADS
  mode, can probably be ported to Windows if anyone cares.

* Transactions now fully supported. Can open a transaction-capable
  database in transactions mode [flag type=transactions table="table"]
  and it will commit all changes not done in transaction mode and reopen
  under transaction constraints. [flag type=commit table=table] commits,
  [flag type=rollback table=table] rolls back.

* Can reference foreign keys with:

    [data table=foo column=bar key=baz foreign=buz]

  That does the roughly equivalent to:

    SELECT bar from foo where baz = 'buz' LIMIT 1

* Improve autonumbering support to automatically use sequences or
  autonumber field types. So now you can do:

  Database addr addr.txt dbi:Pg
  Database addr AUTO_SEQUENCE 1
  Database addr COLUMN_DEF    "code=int SERIAL PRIMARY KEY"
  Database addr COLUMN_DEF    "val=varchar(128)"

  and it will pick up the sequence at an insert. It makes calls to
  the known_capability, and does the last_value or last_sequence_id()
  call as appropriate to return the key value.

  Tested with Postgres and Mysql. Should work for Oracle when the
  template is set -- we should provide some examples for selecting
  from the "dual" table.

* Add $db->set_slice($key, \@fields, \@values) function that will
  update a slice of a row. Works for all DB types.

* All base-table database updates done by UserDB and UI are now done in
  one query via set_slice. Extra-table values still use set_field.

* All databases should now handle cached DBI handles properly, even
  when they can't be shared among processes. Will work toward a single
  handle for all processes on DBs that support that.

* Change all chained cost levels limit check to use new Limit directive

* Significant changes to Order.pm in the area of order routing, while
  still maintaining backward compatibility. (Able to submit and monitor
  order on old construct, simple, and basic with no changes.)

* Added "cascade" route capability, that allows you to specify
  one master order route that calls the rest of the routes.
  Perhaps an interface in payment mode to add some logging....??

* Routes can be dynamically read from database if master order
  route is set dynamic_routes=1.

* Routes always interpret __VARIABLE__ from database.

* Routes can interpret ITL from the database if master order
  route is set expandable=1.

* Keep value of current route name in Values->{mv_current_route}.

* If no order route is given from checkout form (always a
  security pitfall anyway) then the default route is read. If you
  want to run more routes from that master route, place in the
  cascade parameter. Can still be set in mv_order_route, but
  the demo now has "FormIgnore mv_order_route".

* Extended field allows you to stringify a hash and set many, many
  parameters. We were running out of column space, and payment routes
  add many settings. This concept will soon be used in mv_metadata.

* Add new tag "assign". It allows you to assign to four things,

  subtotal    preempts the cart subtotal derived from prices. NOT ROUNDED.
  shipping    if any  non-zero mv_shipmode is present at all, sets the total
              value of shipping. Rounded to fractional digits.
  handling    if any non-zero mv_handling is present at all, sets the
              total value of shipping. Rounded to fractional digits.
  salestax    preempts the salestax normally derived from the salestax.
              NOT ROUNDED.

  You cannot assign to total_cost -- it will always be the sum of the
  four above.

  If there is no assignment to one of the four, it will use the
  normal method. To make salestax zero, you must use [assign salestax=0].

  Called with [assign salestax=N.NN], etc. If the value has a length
  of zero, will delete the assigned value from the assignment hash
  and the normal method of calculation will kick back in.

  If you call [assign clear=1] it will clear all, and the normal method
  of calculation will kick back in.

  If a non-real-number value is passed, it logs an error and clears
  the assignment.

  It is persistent in the user's session and effects only that user,
  and should be used only when you know exactly what you are doing. Ha.

* Add support for new CVV2 credit card security field in
  mv_credit_card_cvv2, treated with same care as mv_credit_card_number.

* Add recognition for a few more credit card types based on number.

* Solve the great [if ] [othertag][else][/else][/othertag] [else]
  [/else] [/if] problem. The behavior should be much improved in [if ...]
  tags. Will not now snarf the [else] from another tag that uses that.

* Make the default a secure submit if we are on a secure page and
  have the user set secure=0 to disable.

* Eureka!!! All usertags can be used in embedded perl without
  "tables" or other Safe stuff. Boy was I stupid. As long as they
  don't do a "require" at runtime, you should be OK.

* Fix the long-untouched tag_column routine to handle preformatted
  text with align=none.

* Add "yesno" display filter so that you can [filter yesno]1[/filter]
  and get "Yes" back -- also translates for Locale.

* Extensively rework Payment routines. Decided to keep something like
  current framework, but you now can do:



  $Tag->charge($route, $opt); # If no runtime "require"


  [charge route=THE_ROUTE gateway=ccvs id=milton secret=pass]

* Add Payment.pm module to contain the base routines, and be a
  target for the routines added via the different Payment

* A pretty convenient mechanism to bring in modules:

      Require module Vend::Payment::Authorize

  Prevents errors and memory bloat(er) when Net::SSLeay or other
  needed companion modules are present/not present, and should
  give reasonable errors when the module is not working.

* Initial support for CyberCash, AuthorizeNet, Skipjack, iTransact,
  CCVS, and Signio/Verisign. All documented with in-module POD.

* There will be a Vend::Payment::Skeleton to show adding your own
  payment module.

* All modules needing Net::SSLeay or Crypt::SSLeay updated to
  support either with common calls.

* GlobalSub method still supported, current GlobalSub things
  should work fine (tested with Authorize.net and "custom
  authorizenet" mode).

* Beginnings of PayPal support will be there shortly, but thinking
  of how to generalize that send-offsite-then-return-post paradigm.

* Should be completely backward compatible.

* All payment stuff taken out of Vend::Order except _charge
  profile interface routine, a couple of stubs left for backward

* Parameters can be completely Route resident, no MV_PAYMENT_*
  variables needed.

* Changed mv_credit_card_info to delete all but mv_credit_card_reference
  digits when not encrypted. This is overdue....

* All options are pulled from the option call first, the Route matching
  the name second, then finally the global MV_PAYMENT_* variables.

* All routes should be transparent if the mode exists. For instance,
  you can define a route called "purchase_order" which will handle
  POs, "internet_check" which handles checks, etc.

* Add CCVS support via globalsub. Will do auth, sale at this point. Will
  soon add AVS support. Has extended information support.

* Message directive now accepts -n (no trailing newline or whitespace) and
  -i (screen info only, not logged) options before message.

* Add set="Message" option to error tag, allowing you to set an error via tag.

    [if value lname =~ /^mccoy$/i]
    <!-- [error  show_error
            set="No stinking McCoys allowed at hatfield.com!"
            name=lname ] -->

  Implies keep=1.

* Allow set-cookie tag to set domain and path.

* Added UI_SECURE variable which forces the use of the SecureURL instead
  of VendURL if set, each UI page should include either UI_STD_INIT
  or UI_STD_HEAD to ensure this works
  (supplied by Stefan Hornburg <racke at linuxia.de>).

* Added catalog configuration wizard, to move non-essential config from
  makecat and simplify it a bit.

* Added more links based on the leading letters of the results
  so the selection of the more link is much easier for the customer,
  especially with huge number of results. Short example:

  <input type=hidden name=mv_search_field value=description>
  <input type=hidden name=mv_sort_field value=description>
  <input type=hidden name=mv_more_alpha value=yes>
  <input type=hidden name=mv_return_fields value=code,description>

  (supplied by Stefan Hornburg <racke at linuxia.de>).

Bug fixes
* Fix bug in IMPORT_ONCE reported by vasile_abo at wexim.com.
* Fix no-zero-display bug in [cgi ...] tag, found by Mark Johnson.
* Fix a couple of bugs with AlwaysSecure not working in an order link.
* Fix rounding problem with Shipping.
* Fix failure to test record_exists in tag_data($table,undef,$key,{hash=>1})
* Quite a few unreachable code sections removed, largely thanks to Bill
* Fix textarea build to call routine, remove unused call to
  build_accessory_textarea, add proper call in /^text/ branch.
* Make sure tax is rounded to the proper number of frac_digits in
  variant salestax() routines.
* Delete $CGI::mv_order_item when ordering, don't want to order
  twice (could happen if update values called)
* Remove for good unsightly extra attributes qw/true false undef/ in every
  tag option hash.
* Fix some item options bugs.
* Many other small things.


Interchange 4.7.1 released 2001-03-28.

* Added ability to cascade mv_click statements, e.g.:

  [set delete]

  [page  href="@@MV_PAGE@@"
         "]Delete this</A>

* Added "clone item" to item pages. Allows you to clone an existing item
  for purposes of adding new ones.

* Re-instituted multiple-table deletes for deleting an item. It will look
  in __UI_ITEM_TABLES__ and delete records.

* Added clone_set and clone_row primitives in Data modules. Allows you to
  copy a record except for certain fields.

* Added [item-options] tag which automatically finds and presents options
  based on the options table. The table name is settable based on Variable
  MV_OPTION_TABLE. Fields can be remapped with MV_OPTION_TABLE_MAP.

* Now can use "variant" items which are based on a base SKU but set in an
  options table (same as the one for [item-options]). Changed behavior of
  [item-field ...] to look in the code first, then the base SKU, for the
  relevant product databases. [item-data ...] always works off of the
  relevant base SKU.

* Price looks at variant code first, then the base SKU if that is zero;
  or it can be made to do so with CommonAdjust.

* Fully modular options with cascade.

  A UI module allows editing and definition of the modular options,
  including "phantom" options that act to group additional items.

  When an item is defined as modular upon order, it can have accompanying
  it a series of other items in the same order group. The price of the
  options is not shown, but is added to the price of the master item.

* Added [item-sku] tag to get base SKU for a variant.

* Added fall-through for sku to [item-field].

* Rerouted [item-data ...] to always point to sku, not the code for the
  variant. (This will mean inventory has to be checked via a [data ...]
  tag when variants are in use.)

* Added new [control] and [control-set] tags to set series of Scratch-
  like option areas. Used for components in UI content editing.

* Added [mail ...]MESSAGE[/mail] tag to the core. Works with update_data
  routine to send emailed notifications of database changes. Otherwise
  works like combination of [email ...] and [email-raw] ... usertags.

* added [PREFIX-options] to get and parse options of all types.

* New [profile ...] tag allows you to set directives normally set in
  catalog.cfg with a tag in the session Autoload. This is really the
  same as the current Autoload, except it is automatic on login/logout,
  faster, and leaves Autoload for user user.

  [profile name=profile_name tag=tag set=1 run=1 restore=1]

  name      name of profile. Needed unless restore=1.
  tag       normally not set, defaults to "default". Matches what is
            the UserDB profile.
  run       run profile code only, don't save.
  set       set profile for future only, don't run.
  restore   remove the current profile

  [profile name] will run and set by default.

* UserDB now can set a price_level via the [profile ...]
  tag routine. Set this in catalog.cfg for dealer pricing:

  Profile dealer CommonAdjust <<EOR
  Profile dealer NonTaxableField nontaxable

  Quotes are needed (as in all locale-style directives) unless you want
  to do a full hash set like:

  Profile dealer <<EOR
      CommonAdjust => q(

      NonTaxableField => 'nontaxable',

  which is also supported.

* Added SDBM database option for those poor Solaris folks.

* Added MINIVEND_ALLDBM environment check to prevent using unneeded
  modules (takes more memory).

* Added [table-editor ...] tag which easily produces editable tables.

  * Can edit the hash address books in userdb.
  * Safe to place in user page with auto_secure=1. Generates a
    [scratch mv_data_enable] matching the table:col1,col2,col3:key
    you passed it.
  * Reads from CGI array or from parameters.
  * Automatically reads table info from mv_metadata if available.
  * The following can be overridden compared to mv_metadata:

    extra (JavaScript)

  * Can auto-check with order_profile definitions.
  * Can append or prepend your additional form information.
  * Can generate an email copy of the data submission for review. (TBA)

  Ready for a form widget? 8-)

* Added new mv_form_profile variable that sets profiles with any action.
  Designed for easy checking of variables in submits.

* Speeded import of DBI databases by placing numeric pointers in an
  array at initial config time.

* Added ability to set defaults for empty fields at import and record
  creation time, regardless of the underlying DB, with:

  Database  userdb  DEFAULT  password=please_change

  Operates exactly like COLUMN_DEF.

* Added database attributes


  and logic to allow fallback to a second database server.

  If you have ALTERNATE_DSN (and possibly ALTERNATE_USER and
  ALTERNATE_PASS) defined for a table, and Interchange is unable to get
  a database connection to the primary DSN, it will attempt to connect to
  and use the ALTERNATE_DSN.

  These are array values, so you can define any number of fallbacks. The
  same approach works for LDAP databases except ALTERNATE_LDAP_HOST and
  other appropriate parameters are set.

* Added interchange.cfg directive HotDBI, which takes a catalog name which
  should use persistant database connections. When a connection is
  persistent, it will be maintained and cached without reconnecting every
  page request.

* Added Inet_mode and Unix_mode directives to interchange.cfg, which allows
  you to guarantee the mode in which the server comes up.

* New filters:

  mime_type: returns mime type based on file extension
  compress_space: strip trailing/leading and s/\s+/ /g
  checkbox: set value to "" if not defined in CGI space

* Added <optgroup> support to tag_accessories select build. Allows grouping
  of options. When an option value is ^\s*~~something~~\*$, it is read as
  an <OPTGROUP LABEL="something">, and options can be grouped per HTML 4.0.

* Added "tz" option to time/tag time, allowing display of time for a
  particular time zone. Specified in the usual EST5EDT form.

* FileDatabase catalog.cfg directive now specifies a table:field which can
  be used to store pages and other files. Will allow a catalog without any
  system files stored on disk.

* Require directive now can require Perl modules, as in:

  Require module SQL::Statement

* New Suggest directive is a non-fatal form of Require, which generates a
  warning message but allows catalog to run.

  Suggest module Business::UPS WWW-based UPS routines will not work!

* Bugfix: chaining character in CommonAdjust wrongly appended to atom
  in some situations.

* ProductFiles was not resetting Vend::OnlyProducts when a locale change
  was done. Caused [PREFIX-field ...] to fail.

* Variable MV_DEFAULT_SEARCH_TABLE now works for st=db searches like
  Variable MV_DEFAULT_SEARCH_FILE works for text searches.

* Added [tree] tag to walk tree-based lists. It produces hash-based rows
  which are iterated ala item-list (the hash-based list iterator). Sets
  some information in the row. See the tag reference for behavior.

* Made tag_calc routine indirectly callable from within embedded Perl code
  by doing straight eval when already in Safe compartment.

* Made [if-PREFIX-(data|field|modifier|param|pos) ...] nestable by checking
  for nesting conditions in the run list and then generating integer
  additions to the tags.

* There is a "links" type for the [accessories ...] tag. Builds a series
  of clickable links based on an option list. Accepts the "form" and "href"
  parameters to allow setting of the initial form, otherwise just generates
  a link to the current page with the attribute passed as a CGI argument.

* Added "password" widget to [accessories ...].

* Added new [PREFIX-tag ...] which allows extending the tags that are
  interpreted as a part of a PREFIX-list. Example in tag_address, called
  with [PREFIX-tag-address]. Full attribute support and nesting.

* Added attr_list tag which allows tagging of attribute lists in hash-based
  templates. Allows you to generate complex templating without needing to
  have a complete search. Example of use is in tag_address_list.

* Added support for modular items, sets mv_mp parameter to *parent* item
  of the item ordered, and mv_mi to the item group of the main item.

* Made failure to pass all quantities to quantity update (refresh)
  non-fatal. Will update them if mv_update_quantity=1.

* Form profiles: added new format check routines, largely intended to
  work with new mv_form_profile capability:

  * variable=regex "EXPR" "Error message"

    Checks for compliance with regex EXPR. If you wanted
    to ensure two word-only characters were put in a "name"
    variable, it would be:

    variable=regex "^\w+\s+\w+$" "We need first/last name"

  * variable=length MIN-MAX "Error message"

    Checks for length between required MIN and optional MAX characters.

    username=length 4-10 "Username must be between 4 and 10 characters"

  * variable=unique TABLE

    Checks to see that a key in a table (presumably to be inserted) is
    unique. Errors out if key exists.

* Form profiles: Added new profile chaining capabiility. Can place &or or
  &and on a line between different check parameters and create simple

* Form profiles: Reference to check can now be passed to the routine, so
  you can check CGI stuff only for mv_form_profile.

* Form profiles: Fixed problem with second passing check on a variable
  overwriting the error message from a first failing routine.

* Can now use - and _ interchangeably in parameter names, i.e.

  [value-extended name=foo file-contents=1]

  is the same as

  [value-extended name=foo file_contents=1]

  where it would have caused an error before.

* Bug fixes to make mv_sql_query work properly. There was a
  push_spec('nu' ...) call which was in the wrong place, making numeric
  hash all out of sync.

* Remove last dependencies on $! =~ /Some English error/ and move
  to Errno settings, as in $!{EAGAIN}, etc.

* Add pragma to strip leading white space from HTML output. If you put
  [pragma strip_white] to page, there will be no leading white space.

* Added ability to have a PRELOAD file for database imports, where a
  table is parsed for field names and data before the normal file in
  ProductDir. This allows adding fields without user intervention when
  the database type is internal. Mostly useful for mv_metadata.

* Support for clone_row and clone_set, which clone a single row from an
  existing one or clone a set of rows based on a common key.

* Added support for autonumbering. For SQL, the ability will be given to
  override the autonumber routine with one set up by the capabilities.
  Figured out solution to nagging File::CounterFile problem by always
  initializing a counter object when database is opened in writable mode.

* Allow tables to have the same underlying name in their own database
  with $config->{REAL_NAME}. For example, if you have two MySQL databases
  each with a "products" table, you can set them up:

  Database  products  products.txt  dbi:mysql:construct1

  Database  prodstoo  prodstoo.txt  dbi:mysql:construct2
  Database  prodstoo  REAL_NAME     products

  This should work fine in almost all cases.

* Added DEFAULT parameter to allow database-independent setting of
  defaults. Particularly useful in avoiding NOT NULL errors from DBs that
  don't have a DEFAULT setting in create(). This also works when doing
  [data table=tab col=col key=key value=val] on a non-existent row.

* Improved speed of table open by reducing number of tests.

* Improved speed of import by pre-setting numeric array and no longer
  requiring tests for each field on each row.

* Debian packaging files added (supplied by Stefan Hornburg
  <racke at linuxia.de>).

* Usertag formel added which composes form elements and signals errors
  (supplied by Stefan Hornburg <racke at linuxia.de>).

* Rewrite image background paths in <table>, <tr>, <td>, and <th> tags
  according to ImageDir/ImageSecureDir by default. (Removed pragma
  substitute_table_image that was just added in 4.6.2.) Set pragma
  no_image_rewrite to disable all image path rewriting.

* Split RPM into two packages: base Interchange and foundation demo
  catalog skeleton. Should make RPM upgrading safer.

* Removed Tagref.pm. There's now a normal ictags document instead.

* Move UI menus into icmenu database.

* Add ItemAction to map a subroutine to alter items every time toss_cart
  is run, i.e. after an add or refresh.

  Calling syntax is $sub->($item_reference), return value is not used.

* Add a new directive "Limit". It is designed to hold limits for
  certain things. Implemented to begin with:

  Limit   chained_cost_levels       20
  Limit   cart_quantity_per_line    10000

* Rework server to allow preforking daemons, similar to Apache.
  New global directives:

  PreFork yes/no
  StartServers number (0: old way; 1 or more: exact number to allow)

* New SOAP protocol support allows two-way communication with all sorts
  of other web "objects". Features:

  - Catalog and session ID are embedded in proxy call. This avoids
    having to do fancy gyrations with the SOAP envelope.

  - Allows most any tag to be called, with nearly the same syntax
    as with embedded perl on IC.

  - Embedded Perl (and variants like [item-calc] and [item-exec]
    are not allowed by default, but can be enabled with SOAP_Enable.

  - Can specify the ID, or accept one from Interchange.

  - Can get and put entire Values, Scratch, and Session structures.

  Documentation for using SOAP is forthcoming.

* Add mv_like_field and mv_like_spec to search specifications, designed
  to filter SQL (only!) searches with

  mv_like_field like 'mv_like_spec'.

  This is a stackable field/spec set like mv_search_field and
  mv_searchspec, and will eliminate any fields with empty mv_like_spec

  Checks the known_capability to see if UPPER_COMPARE is set for that
  database, and uses (pseudo-code) "UPPER($col) like "\U$spec" if that
  is the case.

* Add known_capability UPPER_COMPARE (set for Pg and Oracle to begin
  with) to allow upper-case transforms for case-insensitive compares.

* Add ability to call custom UserTag or other ITL in Vend::Cfg->{SalesTax}.

* Allow passing of extra parameters to button usertag with $opt->{extra}.

* Add beginnings of transaction support. New [flag type=transaction table=x]
  allows you to open (write implied) a table for transactions. Will have no
  effect on tables that don't support it, but will open tables that do
  support it in non-AutoCommit mode. Sequence is:

  [flag type=transactions table="transactions orderline"]
  [import ...] or any other db update routines [/import]
  [flag type=commit table="transactions orderline"]

  Tested only on PostgreSQL at this point.

* Add ability to read files from a database instead of the filesystem.


Interchange 4.7.0 not publicly released.



1.1                  interchange/WHATSNEW-4.9

rev 1.1, prev_rev 1.0
Index: WHATSNEW-4.9

                  What's new in each version of Interchange
                       (since the version 4.8 branch)


Interchange 5.0.0 released 2003-12-15.


* Make grouping of items work again.

* Fixed Vend::Table::Common bug which prevented Database property HIDE_FIELD
  from working properly.

* On 2002-10-21 Canada Post changed symbol NF to NL to reflect the province of
  Newfoundland changing its name to "Newfoundland and Labrador". For details


  The "province" profile check will now accept both NF and NL, but NF is now
  deprecated and will be removed in a future release.

* Limit data part of Vend::File:writefile error message to 120 characters in
  order to avoid disk abuse, resolve scalar references.

* Add filter option to [scratch], the same as with [value] and [cgi].

* Tolerate empty CGI key/value pairs to avoid unfriendly 500 errors. We
  already tolerated one at the beginning and one or more at the end of the
  query parameters:


  Now these are handled gracefully too:


* Don't track admin pages.

* Allow multiline values for [scratch mv_data_enable].


* Force user to enter name of new page/template/component name to avoid
  server crashes.

* Fix content editor to actually use the selected template for new pages.

* inactive/HIDE_FIELD are always ignored for record display in UI.

* Add table= parameter to [query] calls if table is different from products.
  This fixes a rare problem that only occurs when using multiple external
  databases in one catalog.

* Improve [flex-select] so that key column can have formatting options
  via mv_metadata just like all other columns in a table. The value
  that is passed to the flex_editor is unadulterated in all cases.

* Make description and icon of menu item 'Tables' a bit more appropriate.

* Add "-" spacer between items in top menu.

* Remove "Accounting" from menus and replace with "Reports". Not active
  by default.

* Remove unused code in item select page.

* Add [traffic-report] tag and modified admin/reports/traffic/ByAffiliate
  page which calls it. Now reports on large files without crashing the
  system. Probably can handle up to 500 MB files with on any kind of a
  reasonable server.

Usertags and Filters

* New Usertag [report-table] generates an HTML table based on
  the results of a query, with bells and whistles. Can do horizontal
  (colspan) and vertical (rowspan) subheaders, apply any Interchange
  filter or widget to any column, add a CSS class to any column, link
  cell contents (and add parameters to the link based on any column in
  the query results), add virtual columns based on internal variables
  (such as the line number), and skip rows based on an array of toggles
  you specify.
  Good for making quick tables, sophisticated reports, and easy forms.
  Written by Christopher Wenham <cwenham at synesmedia.com>.

* [formel] fetches the label for the display type from the metadata 
  if not passed with the parameters.

* Removed unfinished [find] usertag.

* Allow customization of [warnings auto=1] with class, style, extra as in
  many IC tags.

* Added new "md5" filter that calls Digest::MD5::md5_hex.

* Let [image] handle maddening new ImageMagick behavior that won't operate on
  the file named.


* Error handling on account maintenance form works better.

* Fixed issue with checkout page payment forms and Mozilla which
  might cause Place Order button to be obscured in some cases.

* Separate shipping addresses now appear in customer email
  copy and are logged to the orderline table. Also appear
  in UI order view and on ship notice emails when appropriate.

* Fixed a few bugs with RMA demo and added line-item details.

* Change Newfoundland from NF to NL in "state" table.

* Added simple demo of contact form.

* Changes to search form(s) now that HIDE_FIELD works.

* Fix ordering of THEME_CSS so it will be set in high-traffic and
  PreFork mode.


* Add code which tells you which is the last row in the menu. Improves
  ability to add spacers and other HTML formatting.


* Add inventory function back in. Mysteriously removed during the
  Options rewrite.


* Add Linkpoint payment module.


* Remove update_locales job, as a consequence of the removal of the
  [find] usertag.


* Add stubs for commit and rollback methods, thanks to Thomas Weiss 
  <pater.noster at gmx.net> for report.

* Use $Vend::Cfg->{DefaultLocale} as fallback locale. The UI destroys
  the $Scratch->{mv_locale} setting and the catalog translation
  became inconsistent.


* Add and improve foundation and UI translations.

* localize script is now able to detect backtick quoting in [msg].

* Add Interchange variable MV_GETPPID_BROKEN to
  /etc/interchange/features.cfg in order to start Interchange 
  properly on systems with threaded Perl (Closes: #221939).

* Revive USE_FOUNDATION handling in interchange-ui postinst to
  keep 4.8.x interchange-cat-foundation catalogs running.


* Add filter to strip trailing slash on the CGI directory to makecat.


Interchange 4.9.9 released 2003-10-31.


* Remove long-deprecated %Safe hash. Use $CGI, $Carts, $Items, $Config,
  $Scratch, and $Values instead of $Safe{cgi} etc.

* Fix locking of NFS sessions.

* Make [bounce ...] more reliable with respect to terminating output
  and future parsing.

* Send Content-Size header with downloads.

* Add MD5 password support to UserDB. 
  To activate, use UserDB "md5" option, i.e.:

	UserDB   ui   md5   1

* Make $Tag object be rebuilt every time a new page is done.

* Fix bug in [PREFIX-discount-subtotal] where quantity was greater
  than one. We were overloading the discount_price() routine, which
  was dumb, so a new discount_subtotal() routine takes over.

* Add iso_time and null_time options for updating UserDB time_field:

	UserDB  default  null_time    1
	UserDB  default  iso_time     1

* Add stubs for log_error and errstr routines in the database

* Fix for broken getppid() on Linux systems with threads enabled.
  To implement, use

        Variable   MV_GETPPID_BROKEN   1

  in interchange.cfg. It substitutes a syscall(64) for the getppid

  This should only be necessary on systems with threads enabled,
  which is NOT recommended for IC.

* Allow overriding LENGTH_EXCEPTION_DEFAULT with individual LENGTH_EXCEPTION.
  This just makes LENGTH_EXCEPTION accept values like:

  	Database transactions LENGTH_EXCEPTION_DEFAULT  truncate_log
  	Database transactions LENGTH_EXCEPTION          update_date=ignore

* Don't run set_defaults at all for a subcatalog, as they should be set
  for the base catalog.

* Allow for SELECT statements in parentheses or other non-word characters.

* Enable [order] tag to specify a variant, not just a base product, when
  options are in use, e.g.:

  [order code="ABCD" variant="ABCD-XYZ"]Buy now</a>

* Fix a problem where the following worked:

		$Tag->price({ code => $sku });

  but the following failed:


  The problem was highlighted by Paul Vinciguerra, in IRC.

* Add date-based counter capability to Vend::CounterFile.

  -- In a database, you just add

	   Database tablename AUTO_NUMBER_DATE 1

     To have real autonumbering, you still must define AUTO_NUMBER.
     This of course does not work with AUTO_SEQUENCE.

     You must make sure your key field type is at least 12 chars.

  -- In a counter tag, you do:

	   [counter file=filename.ctr date=local]


  	   $Tag->counter({ file => $fn, date => 'local'});

     To define GMT as being used for the numbering, you do:

	   [counter file=filename.ctr date=gmt]

* Fix problems that GDBM and some other types would not honor HIDE_AUTO_FILES.

* Allow an ActionMap, Autoload, or profile to generate a completely
  virtual page and avoid readin() of anything.

* Fix bug that prevented [loop-change foo] from working when the range of
  conditions was only 0 and 1.

* Add no_set boolean option to [userdb], which prevents userdb row from
  being set with values.

* Don't throw away UseModifier cart modifiers on every cart update.
  They can still be updated via CGI mv_item_option if it's set.

* Remove insurance of trailing null fields being included in arrays.
  Any traversing of the arrays should be keyed on code/sku anyway,
  and that is the only one that needs to be fully populated.

  Fix provided by Brian Rogers of Groxis -- caused problems for one
  of his custom ordering routines.

* Allow return of page from readin (or readfile in locale mode) without
  the locale language substitutions done. This allows proper edits of

* Allow set of status header even when not doing redirect.

* Fix double-setting of Content-Type header, use proper header
  setting routine.

* Never set a cookie when mv_tmp_session in effect.

* Add DeliverImage directive that enables fast IC delivery of
  images requested from it.

  To enable, do in catalog.cfg:

  	DeliverImage  Yes

  If the file extension is present and the MimeType for that extension
  begins with "image/", the path will be adjusted to add ImageDir
  or ImageDirSecure, and a 302 issued.

  This happens before database or session opens, and is quite fast.

  Sets $Vend::tmp_session so no cookie is issued.

* Make frequently-used HTML::Entities encode_entities routine available
  to embedded Perl.

* Allow timed_build to autocreate directory path when filename with path
  component is specified. This makes it easier to do dynamic directories
  based on CGI parameters etc. when there are thousands of timed build
  files. E.g.:

  [timed-build file="timed/@@MV_PAGE@@/[item-code]" minutes=86400] ...

* Avoid cluttering of global logs with 
  'Attempt to call perl from within Safe'.

* Fix prefork problem that might be biting someone, could cause missing

* Add ability to access and test the $opt hash for any search

  [loop prefix=top list="a b c"]
	[loop list="1 2 3" foo-opt="[top-code]"]
		[if-loop-header-param foo_opt]
			Foo is there! It is: [loop-header-param foo_opt]

		[if-loop-header-param !foo_opt]
			Foo is NOT there! It is: [loop-header-param foo_opt]

		[if-loop-header-param foo_opt eq a]
			Foo is equal to a.
			Foo is NOT equal to a.

* Add module-version intrinsic test:

	<input	name=mv_column_op
			value="[if module-version Text::Query]aq[else]rm[/else][/if]"

* Enhance [PREFIX-alternate] to support

	[PREFIX-alternate]              Defaults to [value mv_item_alternate] or 2 (same)
	[PREFIX-alternate N]            Alternate every N items (same)
	[PREFIX-alternate except_last]  Every time except last in list
	[PREFIX-alternate except_first] Every time except last in list
	[PREFIX-alternate first_only]   Only on the first item
	[PREFIX-alternate last_only]    Only on the last item
	[PREFIX-alternate 0]            Alias for first_only
	[PREFIX-alternate -1]           Alias for except_last

* Move handling of anchor option from tag_area to vendURL.

* Add new facility for storing address books in outboard address table,
  instead of an in-record hash, and start framework for adding different
  personalities to UserDB.

* Move UserDB's "logout" function to a subroutine so that it can be inherited.

* Add RedirectCache directive which allows redirected page requests to
  be set to mv_tmp_session then written to the target from which it was
  redirected. This allows a complete web site to be mirrored to static
  HTML as it is requested, accompanied with the proper setting of
  AcceptRedirect in Interchange and ErrorDocument in the Apache server.

  To use:

  	   * Set ErrorDocument 404 to the Interchange URL in Apache.

	   * Set "AcceptRedirect Yes" in interchange.cfg.

	   * Set "RedirectCache /var/www/html" in interchange.cfg (use
	     your document root in place of /var/www/html).

  When a page http://yourdomain.tld/subdir/page.html is not found,
  Interchange gets a redirect which causes it to set mv_tmp_session=1.
  If Interchange doesn't find the page, then it returns "missing" and
  no writing is done. If IC does find the page, it is written to
  /var/www/html/subdir/page.html and the page will be found on next

  Exclude on HTTP server side can be done with permissions -- don't set
  it writable by IC daemon if you don't want it written.

* Fix problem where defining blank GlobalSub would kill *all* globalsubs.

* Never issue a session ID on timed-build URL.

* Remove conditional for caching history on Pragma: no-cache -- this is
  all wrong. The directive is to this page transaction of Interchange,
  i.e. timed-build and such. It should not be used to prevent building
  of history, partly because browsers may send it for their own reason.

* Prevent autovivification of $CGI::values{mv_username}, and make CookieLogin
  slightly more efficient when already logged in.

* Allow custom increment and decrement routines with inc-routine and
  dec-routine options. They can be an inline code reference:

		inc-routine=`sub { shift(@_) + 2 }`
		dec-routine=`sub { shift(@_) - 2 }`

  or a Sub or GlobalSub:

  	Sub three_steps_forward <<EOR
	sub {
		my $val = shift; $val += 3; return $val;

  	Sub two_steps_back <<EOR
	sub {
		my $val = shift; $val -= 2; return $val;

	[counter file=testcount inc-routine=three_steps_forward]
	[counter file=testcount dec-routine=two_steps_back decrement=1]

* Add [error auto=1] similar to [warnings auto=1].

* Fix nested [elsif] problem.

* Fix problem with alphabetic sorting of more lists where search results
  appeared in the wrong group.

* Add delimiter option to checked/selected tags. Patch provided by
  Mat Jones <mat at thinkopensource.com>.

* Implement Paul Vinciguerra's suggestion to not save mv_password in
  the History hash.

  You can also set up a different NoHistory set via

  	@Vend::Dispatch::NoHistory = qw/ foo bar mv_credit_card_number /;


* Set up error reporting to be able to catch database errors
  and display in session, catalog error.log, or global error.log

    1. Logging levels are on a per-table basis, with
       defaults that can be set with DatabaseDefault:

        DatabaseDefault  LOG_ERROR_CATALOG  1
        DatabaseDefault  LOG_ERROR_SESSION  1
        DatabaseDefault  LOG_ERROR_GLOBAL   0
        DatabaseDefault  DIE_ERROR          0

    2. Log errors to the catalog error.log by default.

        Database  inventory LOG_ERROR_CATALOG  0|1*

    3. Log errors to the session always if an admin, and
       controlled by configuration if not.

        Database  inventory LOG_ERROR_SESSION  0|1*

       This has the effect of giving a big red error message when such
       an event as failing to create a record occured. In most cases,
       you would be able to use the <-Back button and fix the error
       and resubmit.

       The error tag is "table foo", where foo is the table.

    4. Die at the page level (500 error) only if that is explicit
       request in config for that table:

        Database  inventory  DIE_ERROR  0*|1

    5. Log errors globally only on explicit request:

        Database  inventory LOG_ERROR_GLOBAL   0*|1

    6. LENGTH_EXCEPTION errors go into warnings if they are handled
       with truncate.

      * default

* Fix numeric sorting in SQL statements if a field is NUMERIC.

* Allow limits from SQL statement to flow through even if ml="" is set
  and let direct_sql.html admin page honor them.

* Fix table names so that we don't have the funky .txt problems
  where a SQL query would not work on a DBM database unless
  the file name base matched the table name.

* Attempt to regularize error messages so that they can be
  more easily translated. Now should have about 50% less

* Prevent internal server error when $db->row($key) fetches no results
  within DBI module.

* Fix bug in DBI module that caused arbitrary column to get set 
  to primary key instead of to the intended new value.

* Add internal Interchange locking routines and support for GDBM. (Should
  work on others as well but is not tested.)

  To set internal locking, just put in the config:

  	Database access IC_LOCKING 1

  On GDBM, employs the GDBM_NOLOCK parameter.

  It should prevent the errors in access.gdbm when multiple admins are
  logged in. It might also serve to make userdb in GDBM somewhat usable.


* Add Altavista-style search operator with Text::Query (CPAN) module.
  Calls Text::Query::*AdvancedString with op=aq, calls
  Text::Query::*SimpleString with op=tq.


    [loop search="
                se=hammer -framing
    [loop-code] [loop-param description]<br>

    [loop search="
                se=hammer NEAR framing
    [loop-code] [loop-param description]<br>

  Honors mv_case (-case option), mv_all_chars (-regexp option),
  mv_substring_match (-whole option) and mv_exact_match
  (-litspace option).

* Add ability to map in custom search routines. In interchange.cfg:

    CodeDef find_hammer SearchOp find_hammer
    CodeDef find_hammer Routine <<EOR
    sub {
        my($self, $i, $string, $opname);
    #::logDebug("Calling fake SearchOp");
        return sub {
    #::logDebug("testing with fake SearchOp");
            my $string = shift;
            $string =~ /hammer/i;

   Now you can do:

    [loop search="
                se=hammer NOT framing
    [loop-code] [loop-param description]<br>

   The passed parameters are:

        - The search object ($self)
        - The index into coordinated search array ($i)
        - The pattern to match
        - The name of the op (find_hammer in this case)

    Must return a sub which receives the data to match and returns
    1 if it matches. DOES NOT HONOR mv_negate UNLESS you tell it to.

    See Vend::Search::create_text_query for an example of how to
    return a proper routine and look in search object for the
    associated params.


* CCVS payment module removed.

* Add support for Canadian PSiGate gateway. Thanks to Gary Benson for his
  work and testing.

* Fix potential PreFork problems in AuthorizeNet module.

* Add a "x_ADC_Delim_Character" (set to \037, which is ASCII US)
  to replace the default field separator (,). A comma isn't a
  very useful default, as people tend to use them in their address.
  Problem reported, and fix tested, by John Young in IRC.


* Don't cache zero UPS shipping cost.

* UPS no longer accepts UK as a country code for shipments to
  Great Britain.

   -- did an exception remap for UK --> GB

   -- Added UPS_COUNTRY_REMAP code so that this type of thing
      can be done elsewhere.

        # Remap Monaco to France for UPS
        Variable  UPS_COUNTRY_REMAP   MC=FR

* Add ability to build weight adjustments based on Simple options
  settings. Requires a "weight" field in the options table.

* Add hide_error option to suppress error message when no shipping methods
  are found.

* Allow comment lines in shipping.asc, with leading # mark.


* Add missing user and password to SQL DUMP COMMAND in xfer_catalog

* Remove the Term modules from checks -- they have nothing to do with
  IC operation and Term::ReadKey can cause core dumps.

* Remove extra <html> from templates.

* Force name to text variable, so numerical-only names will not cause
  crash when a string function is done.

* Minor improvements in backup setup.

	-- Let backup tables be explicitly specified in

    -- If no UI_BACKUP_TABLES, honor first "backup" then
       "!display_filter" in table metadata.

    -- Display size of downloadable file.

	-- Prevent spurious .html extension on download link.

* Add meta_editor support for MAXLENGTH and JavaScript checks.

* Made default metadata (for merge) match foundation.

* Fix inability to set and retain multiple user groups with fix
  provided by Sonny Cook.

* Prevent display of meta database when relocated from meta editor.

* Write the selected PGP/GPG key to the Variable table setting.

* Missing session id added to form in various admin pages
  (thanks to Paul Vinciguerra <pvinci at vinciguerra.com> for the patch).

* Add check to disallow invalid option names.

* Old-style simple option updates were ineffective because the
  "Commit Changes" button's mv_nextpage was set to "admin/item"
  instead of @@MV_PAGE@@.

* Allow tracking number to be updated on ship. 
  Fix contributed by Sebastian Braun.

* Get rid of strange extra loop for billing information in customer_view
  pages that just caused extra queries for [bill-data userdb ...] calls.

* Check whether userdb is LARGE instead of transactions on customer page.

* Ensure that secure mode is forced before we bounce to login.

* Fix the long-standing problem that sorts and groupings would not
  work on query-by-example search returns.

* Fix problem with creating new option when no prior options exist.
  Fix found by Reid Sutherland (reid-ic at thirddimension.net).

* Add ability to edit pages using Mozilla composer, or any HTML editor
  that can publish with an HTTP put. Includes ability to upload images
  with the files, create new files, and more.

* ONLY operates on the area between <!-- BEGIN CONTENT --> and
  <!-- END CONTENT -->.

* Pulls the page title from the <title></title> of the PUT page.

* If a new page is PUT, it is wrapped with the template used in
  the nearest DirectoryIndex ("index" by default). If a new file
  "trucks/chevy/mom.html" is created and does not exist, the following
  files will be used as the template in this order if they exist:


* Update [if-mm ...] to have a "pagematch" and "filematch" function
  that allows security checks based on the files and pages fields
  in the access table. This allows certain users to have publish
  permission only on certain image and page directories. For
  instance, if the user "bubba" is only to edit files in the
  "trucks" hierarchy, you would want in access:


* Add action "admin_publish" that handles the PUT process. Requires
  user be logged in as an admin, and requires

* Automatic RCS versioning if PUBLISH_DO_RCS variable is set. Can
  stop publish if RCS error when PUBLISH_QUIT_ON_RCS_ERROR Variable
  is set.

* Adding "ui_mozilla_edit=1" to the URL keeps ITL tags from being
  interpolated within the BEGIN CONTENT/END CONTENT area. This

* Automatically adjusts image paths in the uploaded file to be
  relative to the directory the page is in. This allows individual
  directories to use different sets of images and Mozilla won't
  willy-nilly overwrite things in other directories.

* Can prevent any publishing to the pages root if PUBLISH_NO_PAGE_ROOT
  is set.

* Allow component modification via Mozilla editor.

  If you follow the "show tags" link (i.e. add ui_mozilla_edit=1 to
  the param list), it will output the current component set
  in meta headers:

  <meta name="component" content="1;component;search_box_small">
  <meta name="component" content="2;component;cart_tiny">
  <meta name="component" content="3;component;product_tree">
  <meta name="component" content="4;component;">
  <meta name="component" content="5;component;cross">
  <meta name="component" content="5;banner;Specials">
  <meta name="component" content="5;cols;2">
  <meta name="component" content="5;size;2">
  <meta name="component" content="6;component;random">
  <meta name="component" content="6;banner;See also...">
  <meta name="component" content="6;cols;1">
  <meta name="component" content="6;size;3">
  <meta name="component" content="7;component;">
  <meta name="component" content="8;component;">

  For instance, component 5 above is exactly equivalent to:


* Also turn on no_locale_parse in ui_mozilla_edit mode, so that
  locale-based information won't be lost.

* Add ability to manipulate any [set setting]value[/set] (tmpn?, seti also)
  via meta header edit on Mozilla.

  Same procedure, just add a meta_header:

  	<meta name=setting content="tmpn;setting_name;The setting value">

  and that setting will be modified accordingly.

  Does not remove settings, only sets the ones found in headers.

* Prevent linked forms et al from coming in from table metadata.

* Add [flex-select] tag, complete replacement for and enhancement to
  the admin/flex_select.html page in the UI.

* Each colunn can have individual sort settings, and can individually
  be specified to use alphabetic more lists when it is the sorting
  column. (ui_more_alpha, ui_sort_option)

* Group "magnifying glass" can be turned off in metadata. (fs_no_group)

* Filters can be specified in metadata instead of just ui_data_fields.

* Links to other pages specifying the field value can be done
  easily. For example, to add a per-sku link on the products
  table to the item_options page, put in ui_data_fields


  In the metadata for products::sku-options, do:

		'extended.fs_link_page' => 'admin/item_options',
		'extended.fs_link_parm' => 'item_id',
		'extended.fs_link_anchor' => 'Edit Options',

  That will produce:

   <a href="__CGI_URL__/admin/item_options?item_id=SKU">Edit Options</a>

  Can be shorthand-set in ui_data_fields with:

	sku-admin/item_options:item_id:Edit Options

* Columns can be calculated values by putting embedded perl code in
  fs_data_calc. The current row hash (with all values in the select colums)
  is put in $Vend::Interpolate::item. You can set tables to be pre-opened
  in fs_data_tables.

  This code in products::prod_group::extended.fs_data_calc:

	if($item->{prod_group} eq $prev) {
		return "''";
	else {
		return $prev = $item->{prod_group};

  will produce ditto marks if a prod_group is duplicated.

* An explicit "edit record" link can be enabled. (explicit_edit)

* The edit link on the key column can be disabled. (no_code_link)

* Checkboxes can be disabled. (no_checkbox)

* Check All/Uncheck All JavaScript links can be automatically inserted.

* The lines can be numbered. (number_list)

* Header cell and data cell CSS is completely settable in metadata on a
  per-column basis.

		'extended.header_link_class' => 'Header row link CSS class',
		'extended.header_cell_class' => 'Header cell CSS class',
		'extended.header_cell_style' => 'Header cell CSS style',
		'extended.data_cell_class' => 'Data cell CSS class',
		'extended.data_cell_style' => 'Data cell CSS style',

  While no metadata edit is provided for data_cell_width, data_cell_height,
  data_cell_align, they would be honored if set.

  The header rows and data rows can be set in the table metadata:

		'extended.header_row_class' => 'Header row CSS class',
		'extended.header_row_style' => 'Header row CSS style',
		'extended.data_row_class_odd' => 'Data row CSS class, odd numbers',
		'extended.data_row_class_even' => 'Data row CSS class, even numbers',

* No longer check for Term::Readline and Term::ReadKey.

* Explicitly set filters to avoid mangling of promotions

* Don't allow user to change order number through order status page.

* Ensure that you don't leave secure server through metaconfig link.

* Remove obsolete wizard pages.


* Honor flag telling we already have data.

* Honor "db" passed parameter in lookup_query.

* Add display type "labels" that is like "options" except it displays the
  labels instead of their codes.

* option_format widget now uses passed filter.


* Add cheesy auto_format page/URL detection facility to try and
  tolerate user-built menus a bit better. In particular, this will
  recognize a non http: anchored absolute URL and will tolerate
  anchors in the page name.

  Called with auto-format=1 as a param.

* Remove IE-specific bounding box code in flyout menus. Turns out that
  caused absolute positioning problems when the page was scrolled, and
  that the DOM standard code I developed for Mozilla works just fine
  on MSIE 6.

Table Editor

* Fix sequential edit.

* Modified passing of {table} parameter in display for table editor,
  setting flag to prevent getting table data twice.

* Make lookup_query honor {db} parameter for selecting base table
  for lookup

* Lookup should now work internally to the table if no {db} spec'd

* Mozilla screwed up their CSS size passing like MSIE, so
  remove special things that made item editor/table editor automatically
  look better on Mozilla (without setting *_height and *_width explicitly).

* Added MAXLENGTH to things you can set in meta_editor

* Added MAXLENGTH to parameters honored by [display ...]/Vend::Form,
  without having to manipulate extra=" maxlength=22" stuff.

* Put hooks in for auto-JS checks in table editor / [display]

* Allow default opening of a particular tab by adding * to the end of the
  tab label.

	Overridden by explicit "start_at" option given in options/args.

* Further allow focus of editor to start at a particular field if
  it is marked with a *.

   ui_data_fields => q{





	The "Specific" tab will be presented open when the record is edited.
	The form focus will be at the "baz" field.

* Substitute placeholders in lookup_query (just like with prepend and append):


  This allows foreign table lookup queries to be tailored for the record
  currently being edited in the table editor.

* Allow hidden fields to come from all_opts again (was disrupting

* Add new link_blank_auto setting for table linking. This has the
  effect of:

  -- Automatically using auto-numbering
  -- setting the foreign key column to match the key of the
     edited record (as you would have to do to return the row
     once entered)
  -- Making both those fields hidden and non-changeable.

* Make tabbed-display relative now that Mozilla supports this. Should make
  setting html-width and table-width in metadata moot.

* Don't focus on meta links when tabbing through form.

* Allow cancel_text to be set when in database edit mode.


* Add missing table variable in db lookup for pref_group to metadata.

* Remove test data from inventory::stock_message metadata.

* Update Oracle configuration files for new options.
  Supplied by Jason <ic at santabarbara.org>.

* Add HIDE_FIELD to products database definition, so products marked
  inactive will not be found in search.

* Add --[L]select state[/L]-- blank option to shipping address form.

* Add support for all IC-recognized credit card types.

* Removed obsolete log_entry route and etc/log_entry file.

* Remove inadvertent filter for variants::weight from
  metadata, resolving bug #534.

* Bring MV_DEFAULT_SEARCH_{TABLE,FILE} into catalog.cfg so it is easier
  to hunt down. We can't unset it in catalog_before.cfg because it will
  break just about every catalog out there.

* Add handling to mail receipt if applicable.

* Remove the "view_from" parameter undoubtedly messing up many product edits
  and add ui_more_alpha definition to metadata.


* New Usertag [debug].

* Add new makesize=NNxNN parameter to image Usertag which uses ImageMagick 
  mogrify command to build custom thumbnails on the fly.

  Used mogrify executable because of constant difficulty building and
  installing Image::Magick perl modules.

  Example on the foundation demo:

     [image src="items/os28004.gif" makesize=50x50]

  This will create __IMAGE_DIR__/items/50x50/os28004.gif and return:

     <img src="items/50x50/os28004.gif" height=50 width=50>

  The size is still determined by Image::Size.

* New Usertag [capture-page] to interpolate pages and dump to disk,
  usually called from Interchange jobs. Examples:

  [capture-page page=index file=static/index.html umask=022]

  [loop list="Levels,Rulers,Squares"]
  [capture-page page="[loop-code]" file="static/cats/[loop-code].html"

* Allow database text files in subsidiary directories of products
  for [xfer-catalog] Usertag.

* Add form parameter to [history-scan] Usertag to avoid invalid
  and error-prone constructs like [history-scan]&collapseall=1.

* Add "no-computer" option to [fortune] Usertag in order to make the 
  fortune more palatable to non-geek sites.

  This is highly dependent on the fortune setup; this will work with
  fortune on RHL 7.x and 8.x.

* Add [css VARNAME] tag that automatically generates a varname.css file
  for use by <link rel=stylesheet href="/foundation/images/theme_css.css">.

* [history-scan] -- there should never be a leading / on page names sent
  to $Tag->area(), and they are removed all the time now.

* Add src_only option to [image] tag  to return just the image location 
  that normally goes in the src="..." attribute of the <img> tag.


* new alpha filter to keep only alphabetics A-Z and a-z

* new filter pgbool which munges any value into a valid PostgreSQL boolean 
  to be used in a quotable string environment, with a hybrid of 
  Perl/Interchange/PostgreSQL truth rules:

	undef, '', F, f, false, 0 -> f
	everything else -> t

* new filter pgbooln which is the same as pgbool, except assume that undefs 
  will pass through as NULLs to whatever does the query:

	undef -> NULL
	'', F, f, false, 0 -> f
	everything else -> t


* Set $CGI->{mv_tmp_session} to signal that a "robot" is in charge.

* filter option added for Job output

* Jobs are now listed and queued in $Global::RunDir/jobs instead
  of $Global::RunDir/reconfig

* Add global Jobs configuration directive:
  Jobs MaxLifetime 3600
  Jobs MaxServers  3

  After a job has been running for MaxLifetime seconds, it will be
  removed by next housekeeping run. The default MaxLifetime is 10
  minutes. This setting is only available if PIDcheck has been set.

  MaxServers is the number of jobs allowed to be run simulatenously,
  which should be significantly smaller than the value in the
  MaxServers directive to avoid unaccessibility of Interchange for
  users. The default for MaxServers is 1.

* Add job to automatically calculate topsellers.

SQL Parsing

* Add Vend::SQL_Parser module, eliminating need for SQL::Statement.

* Improved tolerance for re-routing queries with table-only option.

* Parses more SQL -- now can use IN and BETWEEN and translate those
  to IC search specs.

* Handles complex parenthesized queries properly.

* Reads LIMIT N and translates to mv_matchlimit.

* Tests added to regression tests to check parser.

* Fix several deficiencies in SQL parsing.

  -- Recognize IS [NOT] NULL and map to a search for the
     empty string.

  -- Allow verbatim passing of field names for GDBM types, allowing
     "select Variable from variable where Variable = ''" which
	 would not work before.

  -- Add VERBATIM_FIELDS definition to database types which need it.

  -- Add support for "select sometable as foo, othertable bar where ..."
     so that queries using it can be rerouted properly.

  -- Always set mv_min_string = 0, so we don't have to do anything
     special for "where column = ''" and such.


* Update Italian UI translation.


* Fix tree option in soap_entity tag.

* Enable calling of catalog usertags in SOAP actions.


* Drop Build-Depends on libdb2-dev to allow builds on woody and sid,
  apache-dev already has the proper dependency (Closes: #198136)

* Fix hang of build process caused by non-existant user interchange
  (Closes: #202063, thanks to Adrian Bunk <bunk at fs.tum.de> for his
  bugreport and help to trace down the problem) 

* Install manual pages in the correct location.
* Avoid lintian warning in interchange-ui package.

* Mark update_locales job as conffile.

* Fix bashisms in interchange-cat-foundation's config script.

* Don't throw an error if removal of the file 
  /usr/lib/interchange/auto/Interchange/.packlist fails
  (Closes: #215003, thanks to Daniel Schepler
  <schepler at math.berkeley.edu> for the bug report)

* Add versioned dependency on debconf to interchange-cat-foundation
  (Closes: #215633).


* Allow wildchar(*) in Swish search.

* Various minor cleanup, prevents warnings on startup.

* Call tracking functions only if Vend::Track object exists.

* Label first section of the POD documentations in the modules
  as NAME, this is common, looks nicer in man and helps to
  fix Debian Bug #203926.

* Add POD documentation to findtags.PL.

* Search for literal strings in bar_link, rather than treating them as
  regexes. Fix from Paul Vinciguerra. 

* Use instead of localhost for default INET host values to avoid
  DNS lookup, as per bug #516.

* Remove abandoned "newcat" script from distribution.

* Convert nonstandard != to standard SQL <> (which also avoids a parse
  error in the new Vend::SQL_Parser) within options stuff.

* Add option to RPM spec file for /usr/local/bin/perl to work around threaded 
  vendor perls.


* Quickbooks updates:

  - Updated documentation.
  - Installation fixes.
  - Rewrite of the IIF generation query page:
    - Can query by order number range, date range, or "since last generation"
    - Allow specification of QuickBooks invoice number to be used 
      and incremented during IIF generation.
    - Filters out deleted orders.
  - IIF Generation changes:
    - Use the country name instead of the country code.
    - Some filter updates (the period is not as dangerous as it looks).


Interchange 4.9.8 released 2003-06-19.


* Allow [PREFIX-more-list] ... [/PREFIX-more-list] for nested loops.

* Support sparsely-populated quantity pricing tables.

* Fix bug in field name ranges in CommonAdjust where q99..q101 was handled
  as a Perl alphanumeric range q99, r00, r01, r02, etc. instead of
  q99, q100, q101.

* Remove wrong default for DatabaseDefault, could cause error when a
  DatabaseDefault value had not been previously set.

* Renamed Cron configuration directive to Jobs because that is a more
  appropriate. Commandline options --job and --cron renamed as well
  to --jobgroup and --runjobs.

* Have NonTaxableField check all ProductFiles tables for the field if
  needed, instead of just the one in mv_ib or the first ProductFiles
  table. This allows NonTaxableField to work with options when the base
  product has a nontaxable field, but the options table has no nontaxable
  field (as in Foundation). This should have no effect on people using
  NonTaxableField the standard way.

* Add option to product_common and item_common that allows an empty
  field to be returned. In effect this option means "give me the value
  of this field from the first ProductFiles table that has the field
  at all" instead of "give me the first non-empty value from a ProductFiles
  table that has the field".

* Optimize item_common a bit by looking at each table only once.

* Allow systems with broken locks to not destroy the pidfile lock
  by reading the file. Alleviates inability to use "interchange -stop".
  Requires setting

	Variable MV_BAD_LOCK 1

  in interchange.cfg.

  Thanks to Daniel Hutchinson for finding the problem!

* Add no_requery option to Vend::Table::DBI::query method to ensure that
  SQL::Statement will not be called. Use it when you are sure your table is
  in the database referenced....avoids errors on multiple key inserts that
  might return undef.

* Fixed the row_count (0E0) problem in Vend::Table::DBI.

* Compile errors on ActionMap/FormAction are passed through now.

* Use fix base directory for global jobs.

* Let Vend::Util::unhexify mangle only representations of hex chars instead
  of any three-letter-string starting with the percent sign.

* Add database filename in question to the fatal error in the
  Vend::Table::Common::column_index method.

* Fix auto_create_dir option in Vend::Util:writefile which didn't work.

* Fix round_to_frac_digits() so it handles numbers that don't have a
  pre-existing decimal point.

* Prevent internal server error if quantity pricing row cannot be found
  for whatever reason.

* Add Australian BankCard to Vend::Order::guess_cc_type 
  (contributed by Howard Lowndes).

* Make aliased UserTag respect EndTag setting.

* Vend::Util::string_to_ref no longer looks at $Vend::Cfg->{ExtraSecure},
  which really contradicts the documentation.

* Allow $Session->{mv_order_number} to be set anywhere.

* Allow multiple start points for a tree query.

* Prevent NOT NULL errors for data that is actually supposed to be defined
  during a data update.

* Add container values for config files.

	<Variable FOOBAR>
		Something in the FOOBAR variable.

  This is exactly equivalent to:

  	Variable FOOBAR <<EOV
		Something in the FOOBAR variable.

   except that the end marker can have leading/trailing whitespace
   and capitalization is not important.

* Allows trigger response to end container; currently only "yesno"
  directives are defined. The "yesno" behavior allows:

  <ParseVariables Yes>
  	Static __CATALOG_STATIC__
  	StaticLogged __LOGGED_STATIC__

  This will set ParseVariables to Yes

* Directives of the same type cannot be nested (though I might do that
  shortly). Directives of different types can be nested, so you can

  	<ParseVariables Yes>
		<Route log>
			foo   __BAR__

  (Note that capitalization doesn't matter.)

* You can add triggers for directives by setting the ContainerSpecial
  variable in package Vend::Config. This would allow:

  	 <DirectiveUniverse foo>
	 	Foobar   yes

  	 <DirectiveUniverse bar>
	 	Foobar   yes

  Perhaps more importantly, it might allow:

  <Catalog found /var/lib/interchange/found /c/found>
  	  Variable  INITTED   This catalog has an initted value already.

  Note that this is not yet implemented!

* Update pgp_encrypt to accept multiple encryption keys.  Keys should be
  passed as a space or comma separated list.

* Change behavior of UserDB _check_acl routine so that undefined value
  is returned if location is not present at all. This allows a check
  both on the file location and the parent directory location without
  affecting true/false status.

* Fix LENGTH_EXCEPTION_DEFAULT logging, which did not work and clean up
  the code a bit in DBI module.

* Remove attempt to unimport Config (to save a small amount of memory)
  because it causes Perl 5.6.0 to die.

* Allow setting of table type in MySQL (or others if HAS_TABLE_TYPE
  is put in capabilities). This allows setting the table type to
  something besides the default -- in particular allows InnoDB type
  setting for userdb/transactions/orderline.

* Patch slight security hole where user password can be saved in session.

* Keep copy of CGI values at time of history save, not reference to them
  (which can be changed in subsequent code).

* Make mv_return_fields available to iterate_array_list.

* Change processing of [PREFIX-line] to use that value instead of
  rebuilding from scratch.

* Make multi-output play nice with download via [deliver ...].


* Add new Vend::File module with minimal functions, changed UserTags
  to support it.

* Relocate following routines (and their subsidiaries) from Vend::Util:


  Added stubs so that package-based calls to those routines will not
  break software.

* Added CatalogUser directive that allows setting in interchange.cfg
  of allowed username that is used for access to absolute-path names.

  	CatalogUser  foundation  joe
  	CatalogUser  reports     jane

  This sets the user for allowed_file() for further read/write checks
  based on username.

* Created allowed_file() routine and replaced all current inline checks
  for NoAbsolute with call to that routine. It behaves as:

  NoAbsolute is No: all files are accessible, always

  Allowed for read/write:
  	Path name is relative with no ..
  	Path name is absolute but in the catalog directory
  	Path name is absolute but in a TemplateDir

  Allowed for read:
	CatalogUser set to a valid username and file is readable by that user
	CatalogUser set to a valid username and file is readable by a group
	 containing that user

  Allowed for write:
	CatalogUser set to a valid username and file is writable by that user
	CatalogUser set to a valid username and file is writable by a group
	 containing that user

* Changed display_special_page so that special page entries with ../
  will not break things.

* Created $Vend::File::errstr which is set to get the error message,
  otherwise defaults to the standard one.

* Add both global- and catalog-level FileControl directive that allows
  mapping subroutines (or named pre-existing subroutines) to a path.
  Does a depth-first search starting with the file name.

* In either interchange.cfg (takes priority) or catalog.cfg put:

	FileControl include/junk  <<EOR
	sub {
		my ($fn, $checkpath, $write, @caller) = @_;

		## Allow write to files containing "foo"
		if($write) {
			return $fn =~ /foo/;

		## Allow read if file doesn't contain "bar"
		return $fn !~ /bar/;

* In either interchange.cfg (takes priority) or catalog.cfg put:

	FileControl  include/junk  some_sub

  This uses either Sub or GlobalSub

* Only in interchange.cfg, you can put a mapped routine name:

	FileControl  include/junk  Vend::SomeModule::file_control

* Intrinsic FileControl checks.

	# Is a catalog superuser
    FileControl foo/bar ic_super

	# Is a catalog admin
	FileControl foo/bar ic_admin

	# Is logged in at all
	FileControl foo/bar ic_logged

	# Is logged in at userdb table of "userdb"
	FileControl foo/bar ic_logged:userdb

	# Is logged in at userdb table of "affiliate"
	FileControl foo/bar ic_logged:affiliate

	# Run check on userdb file_acl
	FileControl foo/bar ic_userdb

	# Run check on userdb file_acl
	FileControl foo/bar ic_userdb:file_acl

	# Run check on userdb db_acl
	FileControl foo/bar ic_userdb:db_acl

	# Check for $Scratch->{dealer} set
    FileControl foo/bar ic_scratch:dealer

	# Check for $Scratch->{dealer} NOT set
    FileControl foo/bar ic_scratch_deny:dealer

	# Check for $Session->{secure} set
    FileControl foo/bar ic_session:secure

	# Check for $Session->{secure} NOT set
    FileControl foo/bar ic_session_deny:secure

  These don't override the NoAbsolute checks.

* If no FileControl is not set, the checks are not done for performance


* Major update to product options.

* Options are now modular in much the same way as Vend::Payment is.
  You can add an unlimited number of option types simply by dropping
  a module into Vend::Options.

* By default, the old 4.8 style options are in force, implemented
  with Vend::Options::Old48.

  If you add this to catalog.cfg (in etc/after.cfg in foundation):

  	OptionsEnable   option_type

  The "option_type" names a field in the products file which controls
  the option type. This enables new-style options.

  It can also be in a specific table and field, ala AutoModifier:

  	OptionsEnable   table:field

  Indeed, this is added to AutoModifer after catalog.cfg.

* There are two new-style options included:


  These are equivalent to the current matrix and simple options.

* Options behavior is controlled in catalog.cfg by a locale-style
  multiple hash (ala UserDb or Route):

  	Options   Matrix   sort            o_sort,o_group
  	Options   Matrix   variant_table   my_variants

* To find and add a new option type, simply set something in

  	Options  MyOptions  table  my_options

  That will cause a require of Vend::Options::MyOptions.

* The matrix products have been moved to the "variants" table.

* The options table contains options for both Matrix and Simple types,
  but only fields for building those simple-type options (which are
  used to generate variants for Matrix). The following fields
  have been removed from options:


* The variants table is a subset of the fields in products.

* The admin page for each option style is defined in its
  admin_page routine, usually an include from inclued/Options/OptionType.

* Size and color fields removed from products table, option_type added.


* Add category-specific image links and toggles for the tree menu.

  To enable this for toggles, do:


  Where N is the level (1 == 0) to which you wish to do this.

  The image for a non-toggled category comes from the tree database field
  img_up, for a toggled category from img_dn.

  You can set the base URL for the images with:


  A trailing / is added if not already present.

  If you wish to allow image anchors for links as well, put the image
  name in the img_up field and add the parameter:


  If the image name is not present, the normal "name" field is used.

  To enable all of this for the example product_tree component, you would
  have a call of:

	[menu tree-selector="[control tree_selector Products]"
			link-class="[control link_class barlink]"
			link-style="[control link_style]"
			link-class-open="[control link_class_open]"
			link-style-open="[control link_style_open font-size: larger;]"
			link-class-closed="[control link_class_closed]"
			link-style-closed="[control link_style_closed font-size: larger;]"
			no-image="[control no_image]"

* Add ability to load tree-based menus where items inhabit more than
  one category. To wit:

    code    sku       prod_group        category
    1       os28003   Tools             Brushes
    2       os28003   Painting Supplies Brushes

  The tree will allow search and find of these items in more than
  one category.

* Add "items" check to menu to allow showing an entry only if items are
  in the cart. Works for current cart ($Vend::Items) only.

* Optimization for tree-based menus, allow reliable build with
  [timed-build]. Example:

	[timed-build file=tmp/the_tree minutes=10 force=1]
	[menu	name=the_tree
	[menu open-script=1 js-prefix="the_tree_"/]

  This allows the tree to retain its opened status without having to
  build a different timed-build file for every combination.

  Now tree and flyout menus should be easily usable in a catalog without
  worrying about processor power.

* Add configurability for the open/collapse/explode variable. Before this,
  you could only have one tree per page and have it keep the open status. Now:

  	[menu name=foo menu-type=tree js_prefix=foo open_variable=foo_open][/menu]

  	[menu name=bar menu-type=tree js_prefix=bar open_variable=bar_open][/menu]

  will work for the appropriate menu. (The other will collapse.)

* Don't add .html extension if file already has extension.


* Fix "double March" bug in date widget.

* Allow templated options in select, radio, checkbox, etc. Enabled
  by passing option_template="ATTR Template".

  Uses same attr_list methodology as in most IC secondary templating.

  Active keys:

  	  LABEL           The normal label value
  	  VALUE           The normal value
	  PRICE           The formatted price, converted for locale
	  PRICE_NOFORMAT  The raw price data
	  ABSOLUTE        The formatted price, absolute (no negative)
	  NEGATIVE        Set true if price data is negative

  The default is equivalent to (though it doesn't use formatting):


  This example:


	Would turn:

		Ebony handle ($20.00)
		Wood handle
		Plastic handle ($-5.00)


		Ebony handle (add $20.00)
		Wood handle
		Plastic handle (subtract $5.00)

* Add widget "filetext" to allow direct upload of a file to a database
  field. Useful for content/article bodies that you want to edit in a
  file but that are inconvenient to clip-past into a textarea.

  The "filetext" widget is an <input type=file> followed
  by a textarea. It shows the contents of the field in the textarea
  and you can edit it. If you want to replace it with a file upload,
  you just Browse to the file and upload it; it negates what is in
  the textarea. If no file is uploaded, the textarea pertains (I guess
  that statement is redundant).

  The type=filetext widget should always be used in combination with two
  filters, "nullselect upload".

* Remove extra closing HTML tag '>' character from password widget.

* Allow table conglomerations of checkboxes and radio boxes with more
  than 9 columns (i.e. radio_right_10). Thanks to Bill Carr for finding.

* Allow multiple semi-colon-separated queries to populate options via

* Added a =None to the file list of the imagedir widget so one has
  the opportunity to choose an 'empty' value if no input is required.


* Allow override of checking for incomplete forms.

* Get rid of excess space which causes "unparsed and temporary" page
  controls to fail.


* Fix dependency of page editor on certain [if ...] conditions in page code.

* Add "send help edit to ICDEVGROUP" function in the online help editor.

* Change name of "Bottom" menu (which was on top) to "Fixed". 

* Check for SQL::Statement version (with hooks for testing any version,
  lower or higher) at admin index load time, and provide warning that
  things won't work properly.

* Allow multiple help window destinations.

* Remove preferred payment method from customer view and change primitive
  used to display username.

* Fix "admin/bg.gif not found" error.

* Allow pass of nodelete and mv_auto_export options in URL.

* Add "Decrypt Credit Card" back in order view.

* Add mv_more_alpha and mv_more_decade options to flex_selector. Make
  locale and country tables use them by default.

* Fix link_rows_blank setting in table editor for form linking.

* Restore capability to show only part of session.

* Solve annoying problem where you edit a view-specific field display
  and have to re-enter custom view information that is already
  present in a modified base meta display.

* Add check for existence of the extended/default columns
  and display of merge errors to merge_meta page.

* Add Levies to the 'show only' list of the show_session page.

* Use sane default while merging metadata to avoid breakage of perl code 
  if no ui-version record exists.

* Allow the "Next order" button in the admin order_view to jump over a few
  (20, by default) missing order numbers in the order sequence so that
  deleted order numbers here and there don't throw the user back to the
  order list view. Maximum number to skip settable by variable
  UI_ORDER_VIEWNEXT_MAX_SKIP, now in Foundation "Admin control" section.

* Add option to replace all occurences to Search & Replace page.

* Make spreadsheet search not word-boundary dependent.

* Allow exclusion of fields for database imports.

* Fixed typo in file_navigator tag.

* Fix extra parameter passing in wizard.

* Display size, color and options on "Order view" page again.

* Fix Query-By-Example forms for LARGE tables.

* Remove hard-coded "Pending" status and put real info on "Order view" page.

* More metadata tools. New tag [meta-info table=foo col=bar key=label] returns
  "label" metadata item. Can access any key in meta record including extended.
  Has localize=1 flag to localize returned labels.

  Small example of how to use this in pages/admin/customer.html -- allows
  you to change "Company" to "Affilation" or "Organization" and have a hope
  of having it show up everywhere.

* Continued preparation for translation.

* Fix HTML problem in order entry page found by 
  Nicholas Cook <ncook at foxmillpets.com>.

* Add "Download slice" functionality to table export page. Allows you to
  select arbitrary columns to directly download.

* Add ability to download TAB-delimited results of an arbitrary SQL
  query. You can do:

		SELECT   sku, count(code) as times_ordered, sum(quantity) as qty
		FROM     orderline
		GROUP BY sku

  and get downloaded to a file:

			sku                 times_ordered       total
			0738417912          1                   2
			0972355901          1                   1
			0972355936          1                   4
			V4081300077         1                   1
			V4081300116         1                   1
			V4081300218         4                   5
			V4081300218cd       3                   3
			V4081300222cd       1                   1
			V4081300233         11                  17
			V4081300376         3                   3
			V4081300469         1                   1
			V4081300493         1                   1
			V4081300498         1                   1

* Add shipmethod to display in order_view page, make some display 
  fields conditional.

* Fix bug in address display in customer_view page.

* Message for free shipping added to entry page.


* Add support for Verisign's PFProAPI.pm Perl module, which implements
  Payflow Pro gateway communication without needing any external binary,
  and thus no forking or temporary files for communication. Use PFProAPI
  automatically if it is found at IC startup time, but fall back to pfpro
  or pfpro-file if not. Upgrades should be transparent.

* Add COMMENT1 and COMMENT2 to Verisign queries. These map to values
  comment1 and comment2 by default in Payment.pm, but can be remapped.

  Also put SHIPTOZIP in the varmap for simplicity, but same function.

* Minor data filtering modifications to BoA module.

* Map company and b_company for payment use.

* Authorize.Net:
  - Send to Authorize.Net customer shipping address information and company
    where available.

  - Add Card Security Code (AKA CVV2, CVC2, CSC, CID) verification support
    (uses Authorize.Net protocol version 3.1). (Chaim Klar <c_klar at c-cs.com>).

  - Added the whole list of response codes (Chaim Klar <c_klar at c-cs.com>).

* Add new Verisign route parameter, "check_sub", which allows a Sub or
  GlobalSub to be called after a successful charge for a check of some


* Allow redirection of shipping modes.

  Basically, you can do:

  upsg_or_free	UPS Ground	[subtotal noformat=1]	0	99.99	>>upsg
  upsg_or_free	UPS Ground	price	100	99999	0		{ free => 'Free!' }

  upsg	UPS Ground	weight	0	150	u Ground

  The first mode redirects to the second one if the order total is
  less that $100; if it is more, it gives free shipping.

  Add [shipping widget="Vend::Form widget" mode="mode1 mode2"] to
  automatically build widget with Vend::Form. Works just like
  [shipping label=1 ...] but produces a complete widget.

* Support Canadian and 2003 US UPS Zone files.

* Add mv_ship_residential with automatic lookup of residential charge in
  properly formatted rate tables.

  Requires residential => 1 option in shipping definition.

* Add EAS surcharge via different means than EAS capability. Allows lookup
  of exception zip codes in surcharge_table => 'tablename' option.
  surcharge_field => 'fieldname' defaults to "surcharge".

* Allow aggregation of weights over a number of pounds.

  If aggregate => 1, that is 150 pounds. Breaks it up into 150-pound
  packages and then a final package at the remainder.

  If aggregate > 10, breaks it up into that many pound packages.

* Break out shipping stuff from Vend::Interpolate. Add stubs so
  custom code doesn't break.

* Add ability to put custom shipping modules in, called with
  "cost" field of "s Module".

* Improve [ups-query ...] to aggregate shipments and cache prior

* Document [ups-query].

* Add some tweezy scripts that help make US Postal zone charts and
  tables. Use at your own risk.


* Fix bugs preventing the usage of the customer defined routine and
  calling it with the wrong parameters.

* New Levy add_to key allows consolidation of levies under one

	Levies  salestax  foo

	Levy    salestax    description    "Sales Tax (%s)"
	Levy    salestax    keep_if_zero   1
	Levy    salestax    type           salestax
	Levy    salestax    sort           002
	Levy    salestax    label_value    state

	Levy    foo    keep_if_zero   0
	Levy    foo    add_to         salestax
	Levy    foo    type           shipping
	Levy    foo    mode           PERD

  This will calculate the foo levy, but add its cost to the salestax
  levy for display purposes.

* Remove sprintf() function and replace with round_to_frac_digits,
  prevent worries about rounding errors.

* Allow label_value for all levy types, means you can do
  something like:

	Levy    shipping    description       Shipping (%s)
	Levy    shipping    keep_if_zero      0
	Levy    shipping    type              shipping
	Levy    shipping    mode_from_values  mv_shipmode
	Levy    shipping    label_value       zip

  which will display

    Shipping (45056)


* Add alias [L] => [loc] in order to resolve [L] tags in variables
  independent of the configuration.

* Localize script now groks new menu database files.

* Add Italian UI translation from Marco Mescoli <m.mescoli at omnibit.nu>.


* Support for SQLite added.

* Make metadata correspond to current UI version.

* Fix orderline import deficiency in etc/log_entry found by Karen Gold
  (KarenG at LOADUP.com). 

* Change [discount-price] to [item-discount-price] to make it compatible
  with editor components.

* Preparation of pages for translation.

* Typo in state database fixed (Bugzilla #499).

* Modified include_form code on General Tab of item_edit page
  in such a way that item images and thumb images with
  extensions other that .gif can be displayed as well.

  Replaced <img ...> by:
	[image 	src="[var IMAGE_DIR]/items/[cgi item_id]" extra="border=0 id=item_img"]

* Remove straggling Red Hat/IC logo and URLs, update foundation logos to match
  Interchange 4.8's latest.

* Added ALT attribute to Home links.

* All of the order profiles had common information. Made a
  Variable called COMMON_ORDER_PROFILE to hold that info
  to remove duplication.

* Add proper autonumber initialization to affiliate database so
  it will generate affiliate codes that are valid. Thanks to
  Kevin Old for reporting.

* Use LENGTH_EXCEPTION_DEFAULT for Postgres userdb, transactions,
  orderline tables in foundation.

* Remove unused ship address pages and unused large gift certificate image.

* Use the common placeholder for the email address in survey database.

* Set more reasonable default types for each SQL DB.

* Use mv_form_profile instead of mv_order_profile on account page in
  order to check user's input.


* Default traffic setting is low now.

* Allow selection of traffic setting with debconf and interchangeconfig.

* Specify unix and inet modes explicitly if user selects both. 

* Check if /etc/init.d/interchange and /usr/sbin/interchangeconfig are 
  executable in interchange-ui maintainer scripts.

* UPGRADE and README.cvs added to interchange.docs
* avoid installation error by checking installation state before
  invoking interchange --add/--remove from interchange-cat-foundation
  postinst script (thanks to Doug Alcorn <doug at lathi.net> for reporting
  the problem)

* remove configuration files handled by interchangeconfig on purge

* protect against scripts ending up in /usr/lib/interchange

* get_url UserTag forces dependency on libwww-perl


* history-scan - Added new option called 'pageonly' that causes history-scan 
  to return only the name of the previous page rather than a full "area" link.
  Can be used to set mv_successpage for a form.

* Removed some code that caused table-organize to write the td.x attributes

* find - New usertag in spirit of the Unix command with the same name.

* Add [button wait-text="-- Please Wait --" text="Place Order" ...] so
  button has indication of press beyond normal browser indication.

  Allow direct setting of id, class, and style HTML characteristics without
  having to shoehorn them in extra=" style='...'" etc.

* Fix typo in auto-wizard UserTag so it works with ITL conditionals.

* weight  - New usertag to set and determine shipping weight easily.


* Add "upload" filter. Checks to see if the submitted variable
  is a file upload, if it is it reads the file and places it in
  $CGI->{$varname}. Otherwise uses the value of the variable.

* Add "line" filter which rips off the first line of a longer text.

* Change "date_change" field in order to handle MySQL DATE resp.
  DATETIME fields.


* update_locales job added.

* Remove bogus session created by logging function.


* Ensure that SOAP server adds a blank line between HTTP header
  and HTTP body.

* Log errors in soap tag to catalog log file instead of the global one.

* SOAP_Action introduced, which is intended to used as a
  way to provide webservices from an Interchange catalog.

* Allow tracing in SOAP calls in order to get a handle on SOAP request
  resp. response.

* Error handling revised.

* Add SOAP_Control configuration directive and soap_gate access
  check routine to control requests to the SOAP server.

* Change to the catalog directory so that log messages end up
  in the correct file etc.

Shadow Database

* Add stub for sort_each method.

* column_exists method calls now method of underlying class instead of a
  lookup in the database structure which didn't work properly

* each_nokey is now properly replacing the shadowed fields.

* Moved configuration code to the module itself.

* Add name method.

* Map autonumber method to Vend::Table::Common.

* Introduce mv_shadowpass scratch variable which instructs
  the Shadow database code to return the original database record.

* Add stub for inc_field method.

* Add stub for delete_record method.

* Non-select queries are passed to underlying database immediately.

* Fix queries with list type.

* Fix errmsg calls.

Static Page Generation

* Remove this feature completely from Interchange:

  -- remove configuration directives ClearCache (not in use),
     StaticIndex, StaticSessionDefault, StaticTrack (introduced in 4.9.x)
  -- deprecate configuration directives NoCache, Static, StaticAll,
     StaticDBM, StaticDepth, StaticFly, StaticLogged, StaticPage,
     StaticPath, StaticPattern, StaticSuffix
  -- remove UI tag regenerate
  -- remove InvalidateCache attribute from distributed usertags
  -- remove build flag from [tag] usertag
  -- remove UI pages (regen and regenerate)
  -- remove support from foundation and test catalog
  -- remove path_adjust Pragma which is only useful in conjunction with
     StaticPath configuration directive
  -- remove Vend::Interpolate::cache_html, Vend::Interpolate::resolve_static, 
     Vend::Interpolate::static_url and Vend::Session::tie_static_dbm routines
  -- remove variables $Vend::AccumulatingLinks, @Vend::Links, 
     %Vend::LinkFound, $Vend::ForceBuild, $Vend::CachePage.

* Fix a bug that prevented the cgi-bin link program from being associated 
  with the chosen owner and group. The patch was created and tested by Carl

* Quickbooks updates:

  - Documentation built from updated Interchange + Quickbooks HOWTO.

  - Major change to IIF generation routine:
    - IIF files are generated on-demand via the Admin UI
	- In-route method still available
	- New "Generate new IIF files" and "download IIF files"
  - New "qb_safe" filter, to cater to Quickbooks sensative side.
  - New default values (like defaulting to cash receipt instead of invoice)
  - Payment and Shipping methods are recorded in corresponding Quickbooks fields.
  - Allow customization of the transaction account (new default is "Checking")
  - Optionally set the transaction class (e.g., to track online sales in a
    separate class from walk-in sales, and report on them differently). 
  - Optional Item Prefixes (e.g. if all items are accounting in Quickbooks under
    a given category.
  - Optionally get the tax agency from the "state" table, falling back to the
    configured default tax agency.
  - Bug fixes


Interchange 4.9.7 released only via nightly builds.


Interchange 4.9.6 released 2003-01-08.


* Perl version 5.6.0 or newer is now a requirement to run Interchange.

* Add new global directive TrustProxy, which allows the administrator to
  designate certain IP addresses or hostnames as trusted proxies, whose
  claims (via the HTTP_X_FORWARDED_FOR environment variable) about the
  original requesting host will be believed.

  When using a front-end proxy for Interchange, all requests appear to come
  from that proxy, say if on the same machine, which is effectively
  the same as running WideOpen because sessions can be easily hijacked. This
  offers a way to bring back a little discernment about what host we're
  really dealing with.

  Usage is identical to the RobotIP directive's, for example:

  TrustProxy, 10.0.0.*

  I'm not sure why anyone would want to do this, but it could also be used
  with external HTTP proxies in general (which hopefully aren't lying), with
  a simple 'TrustProxy *'.

* Fix whitespace transform and tolerate leading whitespace on HTTP
  header lines.

* Avoid persistent storage to make [summary] safe in prefork mode.

* Allow a database to spring into existence without a .txt file. TO
  do this, you define the field names in the NAME paramter.

      Database will_be_there  will_be_there.txt  __SQLDSN__
      Database will_be_there  NAME   code  field1 field2
      Database will_be_there  CREATE_EMPTY_TXT  1

  All it does is create the .txt file (or whatever the name is) from
  the value of NAME array. It does take delimiters into account.

  You must be just a bit careful, since if you then remove the .txt
  file it will of course recreate the table. Of course you should
  take that into account when setting this non-default parameter.

  This will allow some one-file configurations to be added to the

* Allow autonumber for the linked-table behavior of update_data. Before,
  you couldn't autonumber because the determination of whether the data
  would be set was whether the key value is present. This allows
  you to set mv_data_qual=fieldname and have a non-empty value in
  that field determine whether to insert or not.

* Minor cleanup in Data.pm, including ensuring $obj->{DELIMITER} 
  and $obj->{delimiter} match.

* Avoid infinite loops in catalog configuration caused by includes.

* Compile warnings in catalog usertags now show up in the logs instead
  of "UserTag 'ugly_hack' code is not a subroutine reference".

* Add new database configuration option PREFER_NULL. It accepts a list of
  field names which should be set to NULL instead of an empty string
  whenever possible:

  Database  people  PREFER_NULL  age height

  Probably most useful with numeric or date fields that are nullable, to
  prevent import errors when trying to store '' into a numeric field. Also
  for character fields that you'd rather have contain a NULL than '' to
  comply with a CHECK or foreign key constraint.


* Obsolete usertags dbinfo, e, if-key-exists, if_sql, reconfig_wait, 
  rotate_file, with and write_page removed.


* Allow % in filter arguments. This could conceivably be a problem for
  someone who had a filter ".%s" or something.

Content Management

* Get restrict_allow settings right -- the default was not allowing the "var"
  to be expanded in the image preview path. Should probably look at this
  concept on a per-field basis, and set the default to "".


* Patch to display errors from payment modules in credit card header
  on checkout page.


* Multi-language support, configured by the LOCALES and DEFAULTLOCALE

* Updated region templates.

* New PayflowPro control variables MV_PAYMENT_PARTNER and MV_PAYMENT_VENDOR.

* Payment routes use now generic MV_PAYMENT_* variables.

* Test order page added.

Shadow Database

* lookup_table option added

* foreign method implemented

* test_record calls underlying database now


* Debian packages support the selection of the GnuPG home directory 
  during installation now.


* Fixed a weird bug where empty HTTP variables were being passed
  under certain circumstances.

* Fixed a bug reported by Jeff Dafoe.  The request information
  enabled Interchange to show the correct page but prevented it
  from storing the request in the session's history.  The problem
  only showed itself when Interchange's [history-scan] tag was used.
  As almost no page history was saved, [history-scan] sent the user
  to the default page (usually index) most of the time. 


Interchange 4.9.5 released 2002-12-13 (minor bugfix release).


* Add component files for new selectable results-list done by Ton.

* Make proper patches to history-scan and barlink() to work with Randy
  Moore's category_vert_toggle component.

* Minor updates to category_vert_toggle component for HTML cleanup and 
  performance improvement.


* Fixed problem with PreFork and mod_perl modes where Interchange children
  kept order profile state between runs.

* Make sure STDERR is selected in mod_perl mode in case some other mod_perl 
  code uses select. 

* Change default for MaxServers in "rpc" profile to zero. This is probably
  best for the vast majority of servers running in PreFork mode.

* Tolerate missing configdb database, issue warning only.

* Tolerate people forgetting and putting , on the end of a parameter
  when using line2options. A comma should never be the last character, I
  would think, but you can choose to not use the filter if by some
  bizarre chance it is needed.

* A number of refinements and fixes to Menu module.

	- Passing timed=1 to [menu ...] tag prevents putting session ID and
	  count in URL, allowing timed-build to work well.

	- first_line and last_line transforms allow you to specify a field
	  to set to trigger the first line or the last line of the menu.
	  This allows the current IC menu structures to work well with
	  menus separated by space.

	- logical_page feature allows a tab "up" indication in another
	  menu, based on the page of the entry. This allows multi-level
	  tabs to have an "up" indication on different menus.

	- expand_values_form allows setting of ITL tag values even
	  on multiple form values.  Honors [cgi ..], [value ..], and [var ..].

    - Fix ordering of open parameter for trees -- it was broken by the new
	  Vend::Util::vendUrl routine.

* Simplify field_settor subroutines with prepared query and placeholders.
  Prevents infamous DBD::Pg::do errors.

* Form module -- add intrinsic "file" type, and allow setting of a
  widget class directly without using "extra".

* Other minor bugfixes too insignificant to mention.


* min-rows option added to table-organize tag. Allows building small
  result sets in one column (or however many columns needed to reach

* Reworked [tree ...] tag to use DBI placeholders if supported.
  While this doesn't seem to save too much CPU on a machine that
  has the database and IC on the same machine, it should relieve
  some network bandwidth on distributed setups.


* Various debian build patches.


Interchange 4.9.4 released 2002-12-02.

* Fix problem with PreFork and mod_perl modes where Interchange children
  kept order profile state between runs.

* Tolerate people forgetting and putting , on the end of a parameter
  when using line2options.


* The interchange script is now only used for configuration and
  options. All code that previously resided there (notably the
  dispatch(), respond(), update_data(), and do_order() routines)
  has been relocated. Code that calls ::update_data, etc. should
  NOT break, because we still use the modules in the script.
  This caused the addition of Vend::Dispatch to hold many of
  the routines.

* Added new [deliver ....] tag that allows you to deliver some content
  without worrying about [tag op=header] and page spacing issues. Adds 
  new global variable $Vend::Sent which is authoritative notification
  that all content is sent and that all further parsing of ITL
  should stop.

* Add mv_source parameter which sets an affiliate program source
  and can be carried around in URLs when $Scratch->{mv_add_source}
  is set. This solves the problem of AOL caching the page with
  the source embedded, then forwarding the next request sans source.

  From a suggestion by Dan <ic at concolor.org>.

* Add new [menu ...] tag which can build simple, tree, and flyout
  menus from a menu specification. See the UI.

* Add robot tolerance facility, where mv_tmp_session is set when either
  a RobotUA, RobotIP or RobotHost wildcard matches.

  In interchange.cfg:

      RobotUA   Inktomi, Scooter, Site*Sucker
      RobotIP   209.135.65, 64.172.5.*
      RobotHost *.googlebot.com

  After that, it is all automatic. mv_tmp_session gets set to one, the
  Scratch values mv_no_session_id and mv_no_count are set to one, and
  normal pages don't get IDs put out by area.

  What this will do for the user:

        1. Allow those UAs to follow a URL.
        2. Prevent useless session files from cluttering disk
        3. Prevent session writes from inhibiting disk performance.

* Added a (global) HostnameLookups directive to specify whether Interchange
  should perform a DNS lookup to resolve the remote user's hostname from
  their IP address.  The default is 'No'.  Hostnames are required for
  facilities such as the RobotHost check to work.  If the web server is
  configured to perform hostname resolution then this directive should remain
  set to 'No'.

* Add the oft-requested DirectoryIndex feature. 

* Add new content management features. This allows Interchange to:

    -- Accept Apache error redirects, i.e. handle 404 errors
    -- Initially process page, process page after variables, and
       process page before image substitution with configurable subroutines
    -- Take puts for DAV-style publishing

*   New "AcceptRedirect" directive. If "Yes", will look for REDIRECT_URL,
    REDIRECT_QUERY_STRING, etc. and use those to provide the request.

    This allows:

        ErrorDocument 404 /cgi-bin/foundation

    At that point, a request for /index.html that is not found will
    be equivalent to /cgi-bin/foundation/index.html and will be
    indistinguishable from the real page by the client.

*   New Pragmas init_page, pre_page, post_page, which specify
    Sub/GlobalSub routines to run at various points in page build.

    init_page     Run before Variable substitution
    pre_page      Run after Variable substitution, before interpolation
    post_page     Run before Image substitution

* Allow PUT operations. Add

    [value-extended test=isput]       Check for a PUT
    [value-extended put_contents=1]   Return PUT string
    [value-extended put_ref=1]        Return ref to PUT string (scalar)

  Some more DAV-type features can be done, I think, but they are not yet

* Remove min_string test from Search.pm, where it never really was used
  or called due to mv_min_string default being 0.

* Place mv_min_string check back in Glimpse where it was intended in the first

* Convert Mac line endings to Unix (as well as DOS).

* Finally discovered what is going on with GPG and errors.

  -- If PGP fails due to a system problem, like out of memory or
     bad file permissions, it fails with a status that will cause
     a real error which is in the lower 8 bits.

  -- If PGP fails due to an internal problem like "key not found",
     or no secret key ring, it will fail with system status set to
     zero but the upper level status indicating its problem.

     So a failed key will turn up as "File not found" in the
     upper order bits, while a key *ring* not found will fail
     with the same error in the lower status bits.

  This patch is temporary, and at least tells you what $! is. I will
  examine GPG's error messages and provide some simple ones like "key
  not on keyring" and catch them to provide a better error.

* Add general multiple-table update feature to Vend::Data::update_data.

* Allow authoritative table name for constructed queries. Usage:

    my $db = database_exists_ref($table);
    my $tname = $db->name();

    my $query = "select * from $tname";

  This should allow REAL_NAME many more places.

* New mv_cleanup operates like mv_click and mv_check, but operates
  after a form processing action is done.

* Added debug type to [log].

* [userdb function=logout clear=1] will now restore the appropriate
  ScratchDefault and ValuesDefault values instead of simply
  deleting the scratches and values under its control.

* Added check for no_increment so that mv_order_number can be set in
  a route.

* Fix bug where bad [nitems compare=...] could cause server error. Now
  just silently causes bad compare.

* Allow alternate values spaces with $CGI->{mv_values_space}. This allows
  fill-in wizards, surveys, and such to not pollute the user's normal

  Use with caution -- if someone is in the practice of using $Values
  to set catalog behavior (usually a poor idea) then it can cause

* Clean up a few references to $Vend::Session->{values} which should
  never be done anymore -- we had handled almost all of this previously.
  It should always reference $::Values.


* "you are now ready to run makecat" is no longer displayed on upgrades.

* Prevent test from failing on upgrades.


* Patch from Mark Johnson to Vend::Payment::Signio module whose explanation
  we quote: 
  If you send a garbage ORIGID, as IC does by default, it will attempt to
  use that as the key for the transaction, without falling back on the data
  you sent with it. Thus, it must explicitly not be used unless you have a
  valid one which you want to use. This was why no credits were succeeding;
  even though we were sending explicit new data, it ignored it and cried 
  with the ever useful error "Not signed up for this tender type".

* Added a Vend::Payment::TestPayment module to allow developers to test
  their site's interaction with the Interchange Payment system, without
  actually being connected to a real Payment Services Provider. 

* Change AuthorizeNet.pm to more easily enable settlement of orders
  done via AUTH_ONLY.

* Prevent automatic try at credit card encryption if no EncryptKey
  is present.


* Add new filter, "next_sequential". Allows selection of a next-sequential
  value based on a field (and qualified by a field).   

  [filter op="next_sequential.survey_q.sort"][cgi sort][/filter]


    1. Return the existing value if present.
    2. If existing value is blank, return max + 1 in the sort field,
       i.e. equivalent to: 

           SELECT sort FROM survey_q
       ORDER BY sort DESC
       LIMIT 1   

  If another argument of a field name is passed, i.e. 

    filter => 'next_sequential.survey_q.sort.sel',   

  then you get: 

       SELECT sort FROM survey_q
       WHERE sel = '[cgi sel]'
       ORDER BY sort DESC
       LIMIT 1   

  This allows a next-sequential numbering for things that need it.
  Developed to support general-purpose survey UI for Ton's excellent
  product rating system.

* Fix bugs in option_format filter. It would turn commas into new options;
  and alternate delimiters had no hope of working.

* Add options2line and line2options filters, allowing you to specify
  options in a textarea without comma separators and instead with one
  option per line.


* Add "future" profile comparator so that you can do:

    appointment_date=future 1 day "Sorry, we need some lead time."

  That allows you to check that a date value (ala the date widget) is
  in the future.

* Added "luhn" profile check for "LUHN-10"-encoded numbers.

* Enhance unique profile check to allow specification of a foreign key
  for uniqueness check.


* Add several different color schemes instead of only the Foundation Red.
  "blueyellow" is the new default.

* Change logos and such to reflect ICDEVGROUP instead of Red Hat.

* Add product_tree and product_flyout components to work with new
  menu editor.

* Change checkout display to work easier for DHTML browsers, old
  browsers should see much the same thing.

* Change order profiles and etc/log_transaction to do a more reliable
  job of order checking. If your database has transactions (i.e. Postgres),
  a failure in the log_transaction can cause a failure of the order.

* Added auth_code and tracking_number to transactions table to support
  charge settlement and shipping_tracking in the UI.

* category_vert_toggle component reworked by Randy Moore.

* new category_vertical_tree component by Rene Hertell.


* Fixed problem in [button] tag to make sure that the current button being 
  pressed is the only one whose mv_click_map_* variable gets set.

  This works around the problem of a user clicking one button, using the
  browser's Back button, then clicking on a different button, and both
  mv_clicks execute instead of just the most recent one.

* [history-scan ...] now escapes form parameters properly.

* Extended stripping of line endings by [import-fields] to 
  help people who import using files generated on non-Unix
  operating systems.

* Add [jsq] [/jsq] .. and [jsqn] [/jsqn] tags that build properly
  JavaScript strings (jsq with variable substitution, jsqn without).

* Add [tabbed-display] tag that shows DHTML tabbed panels.

        [tabbed-display OPTIONS]
            [tabbed-panel The title of one]
            The contents of one
            [tabbed-panel The titel of two]
            The contents of two

  It is pretty much that simple. It is documented, and an example is
  on the pages/admin/genconfig.html page.

* [table-editor ...] tag updated extensively. Added tabbed displays,
  full templating of the display, user-includeable forms, almost all
  features supported with metadata.

* Many minor changes in metadata and preferences. Changed default
  in some tables to tabbed display.

* [update-order-status] tag added for shipping products. Also does
  charge settlement if needed.

* [xml-generator] removed.


* Extensive update to look and feel of the admin UI. The HTML design was
  done by David and Hamish, core members from Zeald, Ltd. in New Zealand.
  There are no more BGCOLOR references, and only a couple of <font ..>
  tags. All has been switched to CSS.

* Remove icmenu database. That work now done by lib/UI/pages/include/menus/*.

* Major update to [table-editor ...] which so much of the UI is based

    -- Tabbed displays
    -- Insert spreadsheet linked via foreign key
    -- Insert custom form widgets for form processing use,
           a "recompute transaction" included for an example
    -- Control over styles and classes for table columns
        -- Completely templateable

* Add the suggested feature from Dan Browning -- a great idea --
  a spreadsheet of a linked table within the table editor.

  Adds the options:

    link_table               Table to link in

    link_key                 Key field to link to

    link_fields              Columns to display

    link_sort                How to order the linked rows
                             (probably should add link_query here)

    link_view                The view for spreasheet meta

    link_label               How to label the thing (default
                             is something like "Settings in
                             link_table linked by link_key"

    link_before              Where to plop the thing, input
                             a column name in the main table to
                             put it before

    link_extra               Class, style, or other data for
                             the table cells in the spreadsheet

   To make it even better, multiple link tables are allowed,
   so you could do:


   To test, try this little test-snippet in a default foundation
   from the latest CVS.

        link-fields="sku price description"
        link-sort="price desc"

* Complete rework of content editor. Improvements too many to name.

    - "Edit page", "Edit menu", even "edit component" links are inserted when
      you are logged in as admin.

    - Complete cleanup of page/template/component parsing code, now perhaps
      someone besides Mike could understand it. 8-)

    - File navigator only now used for pages, not for templates/components,
      retains context.

    - Hooks are there for doing an entire edit session then pushing new content all
      at once. Theoreticially, you could create an entire new site, browse it
      and test it without the public seeing it, and then push one button to
      publish it all. I say theoretically because I haven't done it yet, but
      it should be there soon.

    - Preview now holds true for browsing catalog.

    - Now can create and edit pages that have no template wrapper.

    - Add page to clone (push) sets of components to like sets of pages, i.e.
      edit one to get the components like you want them and then select the
      pages that that setup should be copied to.

    - Closed all Bugzillas relating to it.
       -- New pages not creating properly
       -- Unable to edit in subdirectories
       -- Templates not written properly

    - TODO:

        -- Allow alternate DSN for staging database tables.
        -- Document this puppy, finally.
        -- Change templates so that left-side/right-side components interchange,
           and so that most class=content components can go vertical.
        -- Vet the new [menu][/menu] component so that left-hand side
           menu can be directory/location sensitive.
        -- Build in the "use the index.html page in the current directory
           as the template" functionality.
* Improve spreadsheet.

    -- Any meta widget can be used.
    -- No possiblity of data crossover with embedded nulls.
    -- Remove need for "Change display" with improved meta edit (will
       add temporary view selector soon).
    -- Better display (I think).
    -- Better consistency of display for data and new record, etc.
    -- Fields can use meta, go to textarea, have text field all selectable
       from spreadsheet meta control.

* Add cheesy mail list manager, a common thing to ask. Supported by unsubscribe
  function and a batch download mode for large mailings....probably should
  create some online help.

* Ability to employ database entries in filters supported by profile 
  "process_filter" now.

* Major update to order status update program. Now can batch ship by
  checking boxes, sequence ship, settle transactions previously done
  via auth_only with realtime payment gateway, and more.

* Many, many, minor bug fixes and improvements.

Swish Search

* Added module to search indexes with Swish.

* To use, you must add to interchange.cfg:

        Require module Vend::Swish
        AddDirective Swish hash
        Variable swish Vend::Swish

* The search is called with st=swish (same as mv_searchtype=swish).

* The fields to return are configurable, and default to;

        rf=code score title url mod_date filesize
        fn=code score title url mod_date filesize

  These correspond to:

                        code            swishreccount
                        score           swishrank
                        url                     swishdocpath
                        title           swishtitle
                        filesize        swishdocsize
                        mod_date        swishlastmodified


* Implemented a proper (automatic) URILevels mechanism and removed
  the URILevels configuration directive.  This also fixes a bug,
  reported by Philip Hempel in the interchange-users mail list,
  where [PT] redirects were not being handled correctly.


* Add "forum" feature to foundation. Allows commenting on products and
  also as a byproduct arbitrary blog-style forums.

  This is a complete forum display:

        [forum top=THREAD_ID /]

  You can get more complex than that. There is an illustration of the
  templated version in the pages/forum/display.html page.

  Disabled by default for DBM and Oracle. No database def is
  supplied for Oracle.

  With Postgres and MySQL, the forum is displayed in the flypage
  automatically by default. The thread doesn't exist until the
  first comment is made, at which time we create a top-level thread
  named for the SKU.

  An email notification goes out with new comments if that is

  There is some scoring logic for display, but no way to assign
  scores yet (except by editing the database directly).

  The reply and submit pages use include files from include/forum.

  Arbitrary forums need to be enabled by setting the artid equal
  to the code. If the artid is 0, as is the default on a random
  submit, no display will be done. (The enabling is done automatically
  for products by passing the product=1 parameter in the URL and
  finding the product in the database.)


Interchange 4.9.3 released only as nightly builds.


Interchange 4.9.2 released 2002-08-12.


* New ability to run Interchange entirely inside Apache and mod_perl.
  See POD documentation inside scripts/ic_mod_perl.PL for details.

* Add new Jobs and Cron facility:

  - While we don't keep the time, and a scheduler will have to set the
    execution time, it allows ITL to be run without the hassles of having
    to deal with HTTP.
  - Use $Vend::Cfg->{Cron} for setup.
  - Emails either to command line address or $Vend::Cfg->{Cron}{email}
    (only if the cron job supplies output). Uses the $Vend::Cfg->{Cron}
    variables subject, from, reply_to and extra_headers.
  - Logs to $Vend::Cfg->{Cron}{log}
    (only if the cron job supplies output).
  - Can add session dump when $Vend::Cfg->{Cron}{add_session}.
  - Base directory set by $Vend::Cfg->{Cron}{base_directory}, defaults
    to etc/cron. If $Vend::Cfg->{Cron}{use_global} is set, 
    the same directory in $Global::ConfDir is scanned too.
  - The macros $Vend::Cfg->{initialize} and $Vend::Cfg->{autoload} are
    executed once resp. before each job.
* Add First and Last links to more-list, with ability to customize via
  [first-anchor] and [last-anchor] containers.

* Bye bye Wizard. Suggest anyone who wants it resurrect it and
  make it work properly...

* Add new menu editor and menu system. It is based around Vend::Menu
  and the new tag [menu ...], which builds various types of DHTMl and
  standard HTML menus based on browser type.

  The menu editor can edit simple menus or tree-based menus.
  All UI menus use this. A simple menu component (i.e. a link list)
  and a tree-based list are provided for Foundation.

* New support for database-native sequences for MySQL, PostgreSQL, and Oracle:

  - To do a minimal sequenced table, all you need to do is:

    Database  sequenced sequenced.txt __DBIDSN__
    Database  sequenced AUTO_SEQUENCE sequenced_seq

  - The parameter passed to AUTO_SEQUENCE (in the above, "sequenced") will
    be used as the sequence name for Postgres and Oracle (and presumably
    others that emulate them).

    For MySQL, the same technique that Stefan introduced is used, with an
    AUTO_INCREMENT field. The value in AUTO_SEQUENCE is just a non-false
    value. The behavior depends on the definition of

    If MySQL is the DB in use,

    $key = $s->autonumber();

    returns nothing and the key will be later found with

    $key = $s->last_sequence_value($key);

    and returned in $db->set_slice, etc. ($db->set_row also uses this, but
    the key value is never returned. You can get it with
    $db->last_sequence_value if you need it.)

    If PostgreSQL/Oracle is used, the key is returned with

    $key = $s->autonumber();

    and is just parroted back with

    $key = $s->last_sequence_value($key);

    If the table is being created, the sequence will be created as well. If
    it exists, it will not be dropped. If the "code" or key field is not
    set with a COLUMN_DEF, the field type to be used will be found in

    Capablility entries used:

    SEQUENCE_CREATE         Query to create a sequence on table creation.
    SEQUENCE_QUERY          Query to get next value in sequence.
    SEQUENCE_KEY            Type definition for key field when AUTO_SEQUENCE
                            table is created.
    SEQUENCE_VALUE_FUNCTION Query to get current value of sequence.
    SEQUENCE_LAST_FUNCTION  Query to get key when MySQL behavior is wanted.

  - Can automatically drop existing sequence if:

    Database sometable AUTO_SEQUENCE_DROP 1

* Add BASE_CAPABILITY configuration parameter to allow testing of a new
  SQL database type with settings based on one of the known types. If
  behavior is different in particulars, that capability can be modified
  in the config file.

* In Vend::Config, fix incompatibility in Perl 5.005-style regex that
  causes rejection of certain Locale settings.

* Remove unnecessary CGI variable mappings at end of Vend::Config.

* Fix call to [item-tag object name].

* Add Filter alias e = encode_entites.


* Various Quickbooks updates:

  - Fixed: When an auto-created user orders from the same company as an
    existing Quickbooks customer, it overwrites the customer.

  - Save the auto-created user id (e.g. U00001) and use it in the Customer
    Name as a unique identifier, just as logged-in users.

  - New variables for easy customization of export features via Admin UI,
    documented via item-specific meta referenced in the documentation.

  - Fixed: "INTL" showing up without country (now matches US or USA).

  - Put the company name on a separate line in Ship-to and Bill-to
    addresses. Now utilizing all 5 lines.

  - Item name updates:
    - Length filter now customizable via QB_ITEM_LENGTH
    - Default is 30 (backwards compatible)
    - Item name taken from 'title' first, if any, then 'description' second.

  - Optionally cause Quickbooks invoice number to be blank, to keep
    Quickbook's invoice number progression unmodified.
  - Accompanying documentation.


* eg/te -- jon's great tabbed file editor.

    Add some new options:

    -f to handle files without field names on first line of file.
    -n to number rows in comments.

    -s for starting value support (really only vi).

        te -s os28004 <file>

        Jumps to first occurrence of "os28004" in <file>. Option -i ignores case
        in the search.

    Allow setting of persistent options in environment variable TE_OPTIONS.

    Handle -i and -s with mixed-case search term (lowercase it first).

    Don't escape " in search term, as it doesn't seem special.


* Support for TrustCommerce added. Written, tested, and donated by
  Dan Helfman of TrustCommerce <dan at trustcommerce.com>. Thanks, Dan!

* Support for the Mainstreet Credit Verification Engine (MCVE) added.
  Written, tested, and donated by Tom Friedel <tom at readyink.com>.
  Thanks, Tom!
* Support for ECHO added. Written, tested, and donated by
  Michael Lehmkuhl <michael at electricpulp.com>.  Ported from globalsub to 
  Vend::Payment by Dan Browning <db at kavod.com>.  Thanks Michael!


* [import_fields]: Performance enhancement: use set_slice() to update all 
  fields in a record at once when importing files.


Interchange 4.9.1 released 2002-07-22


* The great tag breakout!

    - Almost all tags are now UserTag definitions. The exceptions are:

        and bounce goto if label or unless

    - New TagDir directive (default is VENDROOT/code) sets the
      directory (or directories) which are searched for code definitions
      set by UserTag and CodeDef.

    - New TagGroup directive establishes groups of ITL tags which can
      be included.

        TagGroup :crufty "banner default ecml html_table onfly sql"

      The default groups include :core, which contains all of the
      ITL tags defined in 4.8/early 4.9. The groups are defined
      in $Vend::Cfg::StdTags and can be undefined if desired
      with "TagGroup :group".

    - New TagInclude directive allows inclusion of tags (or groups
      of tags). If a tag is defined as a core tag (with a .coretag
      or .tag or .ct extension) and is not included, it will not
      be compiled and placed in the tag map. This is for all catalogs,
      so if *any* catalog uses a tag it must be included.


        # Include the base tags
        TagInclude :core

        # Not the commerce tags
        TagInclude !:commerce

        # But make sure item-list is included even though
        # it is in :commerce
        TagInclude item-list

        ## Double negatives are honored
        TagGroup    :foo "bar !baz buz"
        ## With the group above, the below is equivalent
        ## to TagInclude !bar baz !buz
        TagInclude !:foo

    - New CodeDef directive allows the setting of filters, order checks,
      FormAction, ActionMap, ItemAction, and LocaleChange.

            ## filters
            CodeDef  mixedcase Filter
            CodeDef  mixedcase Routine <<EOR
            sub {
                my $val = shift;
                ## [filter mixedcase]mixed case[/filter]
                ## outputs "MiXeD CaSe"
                $val =~ s/(.)(.)/\u$1\l$2/g;
                return $val;

            ## order checks
            CodeDef  mixedcase OrderCheck
            CodeDef  foo  Routine <<EOR
            sub {
                my ($ref, $var, $val) = @_;
                return (1,$var) if $val eq 'bar';
                return (0,$var, "foo must be bar");

       All work in catalog.cfg; LocaleChange and ItemAction are not
       global. FormAction, ActionMap, and ItemAction directives
       are equivalent to their CodeDef equivalents.

* New Vend::Form module implements display tag and widget creation.
  Passes all known tests, and runs accessories/widgets (apparently)
  flawlessly in foundation, barry, simple, and the UI.

* Add new HIDE_FIELD capability to DbSearch. It provides automatic
  hiding of records accessed via search (and NOT query).

 -When the following configuration is added:

    Database products HIDE_FIELD inactive

 -It adds automatically the qualification to every search:

    WHERE inactive != 1

 -To use, you should have a field of char(1) or int type.

    Database products COLUMN_DEF "inactive=int default 0"

 -This has the side-effect of hiding fields with NULL in the
  field, so be careful. You should probably set "default 0"
  as shown above.

 -Works for DBM types too.

 -Does NOT work for TextSearch.

 -If you want to show all records, you can pass mv_no_hide=1
  in the search parameters. Obviously, this makes this not a
  security feature.

* Clear the following intermittent error:

    CGI mapping error: multipart/form-data sent incorrectly

  Some browsers, like Opera, use non-word characters like '+' in
  form-data MIME boundaries, causing the regex matches to fail.

* New function Vend::Util::logOnce which ignores repeated identical
  log messages (works only in the scope of the current Interchange

* Remove last remnants of mv_raw_searchspec.

* Remove HTML-embedded tag syntax

* Remove Vend::ECML, move to extensions/ directory.

* Allow customization of links in more-list, like this:
  [link-template]<a href="$URL$" target="_top">$ANCHOR$</a>[/link-template]

* Add utility functions Vend::Data::product_row and product_row_hash,
  which do the same thing as product_field, but return the whole row
  instead of just one field.


* Major changes to the content editing scheme.

    - Requires a CSS/Javascript 1.3 compliant browser. Tested on
      Mozilla 0.9.8, MSIE 5.51, Opera 6.0tp2. All work pretty well;
      Mozilla is a bit slow, Opera doesn't have CSS widths down.

    - Page editor has a quasi-visual layout that should be much more
      intuitive. Support for a "PAGE_PICTURE" file in the templates
      allows visual links to the editor page.

    - Components, templates, and pages are now all editable.
      Template and component editors need to be brought up to speed
      with the page editor, but work fairly well.

    - Added new lib/UI/ContentEditor.pm module which implements
      this stuff in conjunction with lib/UI/pages/include/*_editor.
      A bit of a JavaScript dependency nightmare on the generated
      attribute editors, but I may get this more canned as time goes on.

    - Let's get this on record -- this content editiing WILL NOT
      though I know the people who monitor this stuff won't.

* Added Mike's cool new "auto_wizard" which builds a wizard from a
  file like in the example. It will be the method to provide scripted
  content addition.

* More table-editor updates -- added notable option, and
  all_opts option which allows building the options in
  Perl and then doing:

        [table-editor all-opts=`\%opts`]

* Look for major updates on the table editor to make it
  completely templateable.

* Fix problem with $Tag->display() called with null table, affecting
  "wizard" mode.

* Add a "admin/test_code.html" page for testing short snippets
  of ITL without having to create a test page.

* Make the table populator JavaScript honor the db tables the
  particular admin user is supposed to see.

* [import-fields replace=1] -- added option to replace items in the database

* Add su facility for catalog superuser to switch users to another
  user id, using new UI_Tag su as follows:

    [su username=miltonbear]

    1. Stringifies current session after checking that su user is valid
    2. Writes a random string to "$Global::ConfDir/tmp/$Session->{id}"
    3. Issues a cookie hashing the above two
    4. Inits a new session, putting in the login info
    5. Writes $Session->{su} with session string

    [su exit=1]

    1. Reads random string from "$Global::ConfDir/tmp/$Session->{id}"
    2. Hashes that with session and verifies with cookie
    3. Safe evals session string
    4. Retrieves session username/admin info

    [su create_user=1 username=bobby password=howdy verify=howdy]

    Allows combined creation of new user and switching to that user. 
    Any options you would pass to userdb tag can be given to su usertag, 
    to tweak account creation. If user already exists, it's silently switched to.

  MMsu profile is called on admin/customer.html to run the switch.

  When you "log out", you are reverting to the previous user, and you
  can go no further back. So if you go from superuser->adminuser, then
  adminuser->regular user, there is no way back to superuser without
  logging in again.

* Continuing work on meta_display and Vend::Form.

    - Relocated date and option widgets
    - Prepared for breaking out image widgets to code/Widget
    - Fixed various bugs in widgets
    - Code simplification in Primitive.pm
    - Fix widget.coretag to not call UI::Primitive routine
    - Redo option_format filtering

* Display server hostname on the information page (genconfig).

* Unused usertags component, set-alias and set-click removed.


* Support for Wells Fargo added


* Vend::Accounting module added, along with example module for SQL_Ledger.
  This is the basis for a start of a defined accounting system interface.

  Some intended functions:
    NOTE: AS = Accounting Software, i.e. SQL-Ledger, IC = Interchange

    1. Assign customer number
    2. Change customer information based on input, limit to fields customer
       should have control over
    3. Add sales transaction (IC)
    4. Feed back sales transaction from AS side for account status
    5. Enter payments (IC --> AS), with credit-cards used to pay invoices
    6. Reconcile AS account status with IC, i.e. ship status
    7. Cancel order (IC)
    8. Ship portion or all of order (IC)
    9. Mark order complete

    Input on other functions needed is appreciated.


* Set of modules selectable by route handle:

    Vend::Account::SQL_Ledger (exists)
    Vend::Account::QuickBooks (proposed)
    Vend::Account::Compiere (proposed)

* Use a usertag [account] (a la [charge]) to interface functions.

* Use a profile primitive, "&account=label function" ala "&charge="
  to do some accounting functions in profiles, notably getting an
  order number or customer number

* Allow either COMMIT or no-COMMIT operation, with tradeoffs

* Define accounting system parameters via Route, and build
  in accounting functions into Route so that they can be
  a predicate for order success.

* Define two transitional state tables for handshaking:

    orderstatus -- status of orders, i.e.

    accountstatus -- record of payments and orders for account statement

Foundation demo

* use [if variable MV_DEMO_MODE] instead of the more cumbersome
  [if type=explicit compare="__MV_DEMO_MODE__"].

* add global INTERCHANGE_URL and INTERCHANGE_EMAIL variables to be used
  for the Interchange developer website & email contact points, instead
  of hard-coded stuff

* standardize on the short form "Interchange" for the application name.

* update a few URLs, etc.

* Remove history-scan tag from catalog.cfg; it is now in code/UserTag.

* Remove no_html_parse pragma, for which code has already been deleted.

* Moved payment routes to the top of the Route stack. Technically they
  should not be below the default route, and though it works in the
  standard foundation setup, it caused lots of failures when people
  tried to customize their order routing.

* (Oracle) Add missing Database xxx UPPERCASE 1 settings. Thanks to
  Jonathan Lee <jonalee740304 at yahoo.com> for reporting.

* Get rid of weird tax rate popup notice when updating account
  info, which is especially strange when you've never had anything
  in your cart ...

* Change catalog.cfg to highlight etc/after.cfg.


* [fedex-query] -- Stop dying if there's a problem with FedEx express
  lookups, which kept even ground rate lookups from being done during
  the first request when the Business::Fedex object is first created.

  Instead, just log the error but continue on with possible ground lookup.

  (This situation resulted in the oddity of the shipping rate displaying
  as $0.00 on the checkout page, but still getting added into the total cost
  and displaying in the shipping rate pulldown select box just fine.)
* interchange.cfg: Remove now-redundant include of usertag/*.tag.

* [db-columns] -- Add ability to get back an array instead of a joined string
  to $Tag->list_databases,$Tag->list_keys,$Tag->db_columns,

* [email] -- Add enhancement made by Jurgen Botz to use send_mail program
  so that Net::SMTP can send the email tag. Thanks Jurgen!

* [history_scan] -- Count option added, which guarantees that the
  returned link is at least count # of clicks back in the page history.

* [image] -- descriptionsfields and exists_only options added.


* Removed stale POD documentation from main interchange repository; for
  some time now, docs source has been in SDF format in docs repository
  and available in separate docs package.

* Keep test from giving warning about not being able to stat
  "code" directory.

* Big changes to RPM specfile:

  - Allow non-root RPM builds.
  - Don't add interch user on build machine.
  - Don't automatically start Interchange after installing RPM.
  - Remove unneeded .empty files used in CVS to avoid pruning
    important but empty directories.
  - Make admin UI images owned by root.
  - Don't allow Interchange RPMs to own /usr/share/man/man[18] system
  - Start using RPM dependencies for Perl CPAN modules. Users who
    install directly from CPAN will have to use --nodeps.
  - Start daemon in UNIX mode only by default.
  - Build foundation-demo RPM with MV_DEMO_MODE set.
  - On uninstall, remove autogenerated /usr/lib/interchange/etc/varnames
  - Start using Red Hat standard /sbin/service instead of directly
    running /etc/rc.d/init.d/interchange.
  - Add standard 'reload' function as alias for restart.
  - Quell /sbin/service stop errors.
  - Let user see if we turn off old IC server before install/upgrade.
  - Make packages architecture-dependent, to save lots of hassles.
  - Stop checking for /home/httpd, but use a define for webdir
    that can easily be changed if needed.


Interchange 4.9.0 "released" only via CVS



1.1                  interchange/WHATSNEW-5.1

rev 1.1, prev_rev 1.0
Index: WHATSNEW-5.1

                  What's new in each version of Interchange
                       (since the version 5.0 branch)

                     See WHATSNEW-5.3 for later changes.


Interchange 5.1.0 released 2004-04-08.


* Plug a security hole which allows an attacker to expose arbitrary variable 
  contents by using an URL like 

  All Interchange applications using the standard "missing" special page
  from the demo catalog or a similar one are vulnerable to this attack.
  The attacker may learn the SQL access information for your Interchange
  application and use this information to read and manipulate sensitive

* Disallow [ and < in page names when setting MV_PAGE and MV_PREV_PAGE

* Prevent login information from getting re-saved on a session cancel.

* Define a set of CGI keys that we don't want to save to disk, as

* Don't show sensitive (i.e. @Global::HideCGI) CGI variables in a dump.
  This allows saving a session to disk for diagnositic purposes in case
  of order failure.


* mime subroutine handles email attachments better now: filename for
  attachments is set correctly from description parameter; 
  attachment vs. inline is now controlled by attach_only attribute
  for [tag mime ...]. Demo'd with encrypted credit card attachment
  in etc/report.

* Move mv_nextpage fallback before security check.

* Add the ability to create a transaction ID and later assign the order number.
  To use, you need to set in the main route:

	  counter_tid    etc/transaction.number

  At that point, in the current foundation, you would add this code to
  assign an order number *after* payment is taken.

	Set order number in values: [value
										|| 'etc/order.number'
	Set order number in session: [calc]
                        $Session->{mv_order_number} = $Values->{mv_order_number};

  This allows the order numbers to increment only after payment has been
  received, while still allowing the all-in-one transaction logging
  file located in a report file.

  If you use counter_tid, you *must* set set the order number in your
  logging file if you want it to be available.

  You will want to call [charge ... order_id="[value mv_transaction_id]"]
  to get full traceability of declined and failed charges.

* Add ability to use date-based order numbers with

		date_counter   1

  in the appropriate route.

* Allow setting a counter name without incrementing the counter itself, if

		increment   0

  is in the route. This is really how it should have been done in the
  first place.

* Remove Vend::Server::http_log_msg which is only called for SOAP accesses.

* Create way to specify that local override of a global tag should not cause
  an error message.

  		Limit  override_tag   tag1 tag2 tag3

* Define a set of CGI keys that we don't want to save to disk, as

* Allow [dump no-cgi=1 no-session=1 no-env=1] to finetune dump.

* Don't show sensitive (i.e. @Global::HideCGI) CGI variables in a dump.
  This allows saving a session to disk for diagnositic purposes in case
  of order failure.

* Fix problem with invalid cookie if FullUrl is enabled and there is no path.

* Allow standard handler for PUT operations. To enable, do:

	SpecialPage  put_handler  some_action

  The some_action action (could be a page) will be prepended to
  any path sent with the PUT.

* Add 'reverse' attribute to [item-list], to walk the cart lines in reverse

* Add ability to export only portions of tables based on a where= parameter.
  Only works for DBI tables at the current time.

  If the where parameter is a scalar, just passed as a "WHERE" clause,

  	  [export table=products where="prod_group='Ladders'"]

  You can pass anything that won't cause a syntax error, even including
  an "order by" or "limit".

  If you want to pass multiple things, or not worry about quoting,
  you can do:

  	[export table=products where.prod_group=Ladders]

  The normal caveats for hash parameters apply, i.e. you cannot

  	where.prod_group="[cgi foo]"

  You *can* do:




  Normal DBI quoting is always done, so you don't include quotes.

* Allow (sensible) relative paths for DebugFile directive and
  change default debug file to $VENDROOT/debug.log.

* Remove obsolete and unused DifferentSecure directive.

* Fix rare but nasty bug that causes chained ITL conditional tests to fail
  in no-op mode:

	[if scratch something][or value something]...[/if]
	[if scratch something][and value something]...[/if]

  The problem happens when the first [if] contains a string that doesn't
  convert nicely to a number, and gets passed to an XOR test directly instead
  of being converted to a 1 or 0 first. That causes a string XOR to be done,
  which gives the wrong answer.

* Optimize no-op [if] checks when test is false.

* Add ability to control directory creation and umask of uploaded files.

  Automatic creation of directory:

   [set mv_auto_create_dir]1[/set]

  The umask for creation operation:

   [set mv_create_umask]02[/set]

* SpecialSub -- directive to specify subroutines (catalog or global)
  upon certain conditions, i.e. "missing".

  When the routine is called, it should perform whatever action is
  required. If it wants the catalog to continue with the default
  action, i.e. the "missing" special page, it should return false.
  If it returns true, and there is no second parameter of a page name
  returned, it will be assumed all required action has
  been taken and the default action will not be performed.

  If it returns true, and a second parameter is returned, it
  is the name of a page to display in lieu of the original one.

  This allows

    SpecialSub  missing  check_category

    Sub check_category <<EOS
    sub {
        my ($name) = @_;
        return unless $name =~ m{^[A-Z]};
        $name =~ s,_, ,g;
        my ($prod_group, $category) = split m{/}, $name;

        $CGI->{co} = 1;
        $CGI->{fi} = 'products';
        $CGI->{st} = 'db';
        $CGI->{sf} = join "\0", 'prod_group', 'category';
        $CGI->{op} = join "\0", 'eq', 'eq';
        $CGI->{se} = join "\0", $prod_group, $category;
        $CGI->{sp} = 'results';
        $CGI->{mv_todo} = 'search';
        return (1, 'results');

  You can also use a GlobalSub to perform actions not allowed in a catalog

* The Vend::Page module is modified to call a "missing" SpecialSub if
  it exists. No other actions are currently handled.

* Vend::Table::DBI::set_slice handles passed list correctly and doesn't 
  mangle arrays passed by reference

* Prevent Storable from dying when encountering a code object in


* Added new usps_query usertag for real-time rate quotes from U.S. Postal
  Service's webtools API. Documentation in tag.

* Add new UserTag option "attrDefault", which allows default attributes to
  be set globally or catalog-wide for a given usertag. Two examples:
  UserTag area attrDefault href index
  UserTag calc attrDefault filter entities

  Any user-specified attributes will take precedence, even if 0 or blank.

  This is designed to allow changing the default behavior of a tag without 
  changing its code, especially for built-in tags one would rather not
  customize. Note that when using this directive on global usertags,
  it must be done in interchange.cfg, and for catalog usertags in catalog.cfg.

* Add option to specify useragent to get_url tag.

* Add locale option to [convert-date] following a suggestion from 
  Rene Hertell <rene at hertell.com>.

* The [convert-date] global UserTag now has an "adjust" parameter which
  allows date adjustments such as "2 hours" or "3 weeks" etc. to be made.
  Valid qualifiers are seconds, hours, days, minutes and weeks.  If no
  qualifier is specified the the numeric value is assumed to be a number
  of days.  The old "days" parameter still works, but has been depreciated.

* Add filter attribute to var tag, similar to value, cgi, and scratch,
  except that filtered value will never be saved back into the variable.

* Add matrix option to [weight] UserTag for automatically
  falling back to the base SKU weight if not filled in for the variant.

* [import-fields]: sanity check on key name to avoid imports in wrong 
  file format

* Make pageonly=1 option in [history-scan] UserTag work correctly 
  when there's no history saved in the user's session.

* [row-edit]: display columns in the same order as in the columns 


* customer_mailing: Add full path for sendmail in batch, 
  using $Config->{SendMailProgram}, weed duplicate email addresses, 
  sort by email instead of last name 

* let [row_edit] honor spread_width meta setting

* display an error message if for whatever reason the regions directory is

* fix item_price.html in order to keep secure mode

* add names to templates/components list page

* fix menu loader bug with combined category field type reported by Michael Streubel
  <Michael.Streubel at palmwaregroup.com>

* give focus to username box on login page load to allow immediate 
  username typing


* Added entries to shipping.asc for USPS rate queries, and two new vars to

* Remove "default" column from mv_metadata.asc, as it is not used anywhere.
  This allows the addition of mv_metadata to MySQL, as otherwise the
  column name "default" prevents the creation of the table.

* Add missing [timed-build] to category_vertical_tree component.

* Improve layout of order tracking page, use [convert-date] for date

* Supply framework for making use of the modulo feature
  for UPS shipments. Two new catalog variables enable/disable the feature
  and set the modulus, respectively. We still maintain the 'one big box'
  assumption that has been there all along, but now alternatives are somewhat
  easier to implement.

* On special_pages/missing.html set correct scratch variable so admin
  missing page error displays correctly.


* Apply Paul Vinciguerra's patch to number of rows thing, which gets multiple row
  tabs working on the tabbed display if not in ui_style mode.

* Make containing form name (i.e. <form name=foo ...>) available
  to the widget.

* Allow setting of a disabled.param=1 entry so that you can show
  widgets in a table editor yet not accept data from them. The DISABLED=1
  flag will be set in the widget (which normally grays it out) and
  it will be set to be display_only.

* Pass the form and form_name parameters to Vend::Form for use in

* Add option "top-buttons-rows" to set the number of rows where
  top buttons will be triggered. Use said options in appropriate
  UI pages.


* Enhance flyout menus to have a lined-up image indicating a submenu.
  The parameter is an image name (if not beginning with <) or
  arbitrary HTML (if first character is <).

  Use by passing the parameter:

  	  submenu_image_right="[var IMAGE_DIR]/right.gif"


  	  submenu_image_left="[image src=asterisk.gif]"

  or to fake it out with some text:

			<span style="font-size: smaller !important"> &nbsp; (more)</span>


* Allow date_widget to display/store empty value if called as date_blank
  or datetime_blank.


* Add blank_label="--select--" option to [item-options], allows development
  of code to enforce option selection.

* Add missing space to SQL query in Interchange 4.8 options.


* Always pass the customer's IP address through to PSiGate as part 
  of the payment request.  
  This patch was supplied by Gary Benson - thanks!

* Pass credit card security code through to Verisign if provided in
  CGI parameter mv_credit_card_cvv2.


* "make localefiles" ignores CVS conflict files now

* Japanese UI translation update from Murahashi <murahashi at ayayu.com>.

* Improve translation of UI and foundation store.

* [LC] uses DefaultLocale setting if $Scratch->{mv_locale} isn't available


* no DNS lookups unless HostnameLookups is set


* Add libhtml-parser-perl to Build-Depends to keep HTML::Entities
  module out of the package (Closes: #224435, thanks to Henrik Holmboe
  <elements at hack.se> for the bug report)

* Check for existence of expireall binary in cron script.


* Fixed a weird bug where null HTTP variables were being passed
  under certain circumstances.

* Added a SUN_LEN() macro for those operating systems that don't
  have one already.  I think this was done for Solaris.  I can't
  remember now. :-)

* Fixed a bunch of potential buffer overflows.  Each of them would
  have a very remote possibility of being tripped, unless intentionally.

* Added a "OrdinaryFileList" directive to DECLINE requests where the
  path starts with one of the values in the list.  If this module
  DECLINEs a request then Apache will attempt to serve the request
  instead.  This is useful for creating excptions to <Location />,
  for image files etc.

* Added a "InterchangeScript" directive.  The new directive can be used
  to specify a SCRIPT_NAME to pass to Interchange.  The value will override
  the SCRIPT_NAME=/foo that would default from <Location /foo>.

* Lots of minor cleanups.



More information about the interchange-cvs mailing list