Wiki

User Tools

Site Tools

Trace:
sunshop:change-log

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
sunshop:change-log [2025/10/05 15:21] – Fixed formmating twt-chrissunshop:change-log [2026/02/18 20:43] (current) – external edit 127.0.0.1
Line 2: Line 2:
 ====== SunShop Change Log ====== ====== SunShop Change Log ======
 **Important Note:** No matter which version you are upgrading from, you must run the upgrade script in addition to replacing files. You may review the upgrade steps for more information. **Important Note:** No matter which version you are upgrading from, you must run the upgrade script in addition to replacing files. You may review the upgrade steps for more information.
 +
 +===== v4.6.8 =====
 +
 +[+] Stripe Payment Elements: Replaced deprecated Stripe Charge API module with modern Payment Elements integration using PaymentIntents API. Supports 3D Secure authentication, manual capture for authorize-then-capture workflows, and PCI-compliant embedded payment form powered by Stripe.js.
 +
 +[+] SlimCD Payment Processor: New payment module for SlimCD with support for Sale and Auth transactions, Capture, Void, and Refund operations with configurable timeout and debug mode.
 +
 +[+] USPS Domestic v3.0 Upgrade: Migrated from legacy XML RateV4 API to new REST JSON API with OAuth 2.0 authentication. Added package type options for flat rate boxes, envelopes, and cubic. Supports Priority Mail, Priority Mail Express, and Ground Advantage services.
 +
 +[+] USPS International v3.0 Upgrade: Migrated from legacy XML IntlRateV2 API to new REST JSON API with OAuth 2.0 authentication. Added international flat rate package options with support for Global Express, Priority Mail Express International, and First-Class.
 +
 +[+] Admin Dashboard Performance: Major performance optimizations reducing dashboard load times by 70-85%. Consolidated database queries from 25+ down to 5-8 per page load. Graph generation reduced from 19 queries to 2 queries (89% improvement).
 +
 +[+] Reports System Performance: Optimized sales reporting with batch database lookups, memory-efficient CSV reading for large files, and improved vendor/manufacturer/category reporting.
 +
 +[+] Database Indexes: Added optimized indexes for orders (date, status, date+status compound) and products (stock check) to improve query performance on high-volume stores.
 +
 +[+] Search Improvements: Added case-insensitive matching for exact search across title, short description, and full description fields. Search results are now relevance-ranked prioritizing exact title matches, then title-starts-with, then title-contains, then description matches. Fixed full description search bug where results were incorrectly stored under the short_desc key. Added whitespace normalization to prevent empty search clauses.
 +
 +[-] Image Upload False Positives: Fixed bad_file() function falsely detecting PHP code in compressed binary image data (JPEG, PNG), which caused existing product images to be replaced with photo-not-available.jpg when editing products without uploading new images.
 +
 +[-] SQL Filtering Blocking Common Words: Fixed overly aggressive SQL sanitization that was removing common words like 'and', 'or', 'select', 'union' from product titles and descriptions. The sf() function now applies basic escaping only, with explicit desql() calls where injection filtering is needed.
 +
 +[-] Menu Manager JSON Loading: Fixed JSON loading issue for themes using single quotes in menu manager configuration.
 +
 +[-] FraudScore Plugin: Fixed variable typo in xml_service() where connection success/failure used different variable names ($connnect vs $connect). Added URL encoding to POST data values to prevent data corruption with city names, addresses, and other fields containing spaces or special characters. Fixed uninitialized variable warning in fraud results output.
 +
 +[-] Dashboard Graph Dates: Fixed "Wed 12/31" repeating dates in last 7 days graphs and corrected date calculation in multi-day statistics.
 +
 +[!] File Upload Security: Improved upload validation to properly handle temporary file paths while maintaining security checks against malicious files and path traversal.
 +
 +[!] .htaccess Security: Enhanced all .htaccess rules with case-insensitive matching, locked down docs/ and admin/editors/ directories, and applied deny-by-default principle to sensitive directories.
 +
 +For those of you looking to upgrade the easiest way from version 4.6.7 only. You will need to get the latest version of the following files:
 +
 +  * admin/adminindex.php
 +  * admin/libsecure.php
 +  * include/classes/class.reports.php
 +  * include/classes/class.stats.php
 +  * include/payment/stripe.php
 +  * include/payment/slimcd.php (New)
 +  * include/payment/slimcd/slimcd.php (New)
 +  * include/plugins/plugin_fraudscore.php
 +  * include/plugins/plugin_order_file_upload.php
 +  * include/plugins/plugin_simple_blog.php
 +  * include/shipping/usps.php
 +  * include/shipping/usps_int.php
 +  * include/vendors/fileman/php/upload.php
 +  * install2/install.php
 +  * install2/sql_data.php
 +  * libsecure.php
 +  * quick_checkout.php
 +
 +The following .htaccess files will need updating:
 +
 +  * admin/editors/.htaccess
 +  * admin/images/.htaccess
 +  * admin/themes/.htaccess
 +  * catalog/.htaccess
 +  * docs/.htaccess
 +  * images/.htaccess
  
 ===== v4.6.7 ===== ===== v4.6.7 =====
sunshop/change-log.txt · Last modified: by 127.0.0.1
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki