Differences

This shows you the differences between two versions of the page.

--- sunshop:change-log [2024/02/20 17:00] – twt-chris
+++ sunshop:change-log [2026/02/18 20:43] (current) – external edit 127.0.0.1
@@ Line 2: / Line 2: @@
 ====== SunShop Change Log ======
 **Important Note:** No matter which version you are upgrading from, you must run the upgrade script in addition to replacing files. You may review the upgrade steps for more information.
+===== v4.6.8 =====
+[+] Stripe Payment Elements: Replaced deprecated Stripe Charge API module with modern Payment Elements integration using PaymentIntents API. Supports 3D Secure authentication, manual capture for authorize-then-capture workflows, and PCI-compliant embedded payment form powered by Stripe.js.
+[+] SlimCD Payment Processor: New payment module for SlimCD with support for Sale and Auth transactions, Capture, Void, and Refund operations with configurable timeout and debug mode.
+[+] USPS Domestic v3.0 Upgrade: Migrated from legacy XML RateV4 API to new REST JSON API with OAuth 2.0 authentication. Added package type options for flat rate boxes, envelopes, and cubic. Supports Priority Mail, Priority Mail Express, and Ground Advantage services.
+[+] USPS International v3.0 Upgrade: Migrated from legacy XML IntlRateV2 API to new REST JSON API with OAuth 2.0 authentication. Added international flat rate package options with support for Global Express, Priority Mail Express International, and First-Class.
+[+] Admin Dashboard Performance: Major performance optimizations reducing dashboard load times by 70-85%. Consolidated database queries from 25+ down to 5-8 per page load. Graph generation reduced from 19 queries to 2 queries (89% improvement).
+[+] Reports System Performance: Optimized sales reporting with batch database lookups, memory-efficient CSV reading for large files, and improved vendor/manufacturer/category reporting.
+[+] Database Indexes: Added optimized indexes for orders (date, status, date+status compound) and products (stock check) to improve query performance on high-volume stores.
+[+] Search Improvements: Added case-insensitive matching for exact search across title, short description, and full description fields. Search results are now relevance-ranked prioritizing exact title matches, then title-starts-with, then title-contains, then description matches. Fixed full description search bug where results were incorrectly stored under the short_desc key. Added whitespace normalization to prevent empty search clauses.
+[-] Image Upload False Positives: Fixed bad_file() function falsely detecting PHP code in compressed binary image data (JPEG, PNG), which caused existing product images to be replaced with photo-not-available.jpg when editing products without uploading new images.
+[-] SQL Filtering Blocking Common Words: Fixed overly aggressive SQL sanitization that was removing common words like 'and', 'or', 'select', 'union' from product titles and descriptions. The sf() function now applies basic escaping only, with explicit desql() calls where injection filtering is needed.
+[-] Menu Manager JSON Loading: Fixed JSON loading issue for themes using single quotes in menu manager configuration.
+[-] FraudScore Plugin: Fixed variable typo in xml_service() where connection success/failure used different variable names ($connnect vs $connect). Added URL encoding to POST data values to prevent data corruption with city names, addresses, and other fields containing spaces or special characters. Fixed uninitialized variable warning in fraud results output.
+[-] Dashboard Graph Dates: Fixed "Wed 12/31" repeating dates in last 7 days graphs and corrected date calculation in multi-day statistics.
+[!] File Upload Security: Improved upload validation to properly handle temporary file paths while maintaining security checks against malicious files and path traversal.
+[!] .htaccess Security: Enhanced all .htaccess rules with case-insensitive matching, locked down docs/ and admin/editors/ directories, and applied deny-by-default principle to sensitive directories.
+For those of you looking to upgrade the easiest way from version 4.6.7 only. You will need to get the latest version of the following files:
+  * admin/adminindex.php
+  * admin/libsecure.php
+  * include/classes/class.reports.php
+  * include/classes/class.stats.php
+  * include/payment/stripe.php
+  * include/payment/slimcd.php (New)
+  * include/payment/slimcd/slimcd.php (New)
+  * include/plugins/plugin_fraudscore.php
+  * include/plugins/plugin_order_file_upload.php
+  * include/plugins/plugin_simple_blog.php
+  * include/shipping/usps.php
+  * include/shipping/usps_int.php
+  * include/vendors/fileman/php/upload.php
+  * install2/install.php
+  * install2/sql_data.php
+  * libsecure.php
+  * quick_checkout.php
+The following .htaccess files will need updating:
+  * admin/editors/.htaccess
+  * admin/images/.htaccess
+  * admin/themes/.htaccess
+  * catalog/.htaccess
+  * docs/.htaccess
+  * images/.htaccess
+===== v4.6.7 =====
+[+] Apple Pay Integration: Added full Apple Pay support to PayPal Standard payment method with configurable button styling, types, and modern checkout experience. Includes domain verification support and PayPal SDK confirmOrder() implementation.
+[+] Google Pay Integration: Added complete Google Pay support to PayPal Standard payment method with PayPal SDK integration. Includes configurable button colors (default, black, white) and types (buy, plain, donate, pay).
+[+] Enhanced PayPal Integration: Improved PayPal onboarding flow with race condition prevention, atomic auth code handling, and enhanced webhook management to prevent duplicate webhooks.
+[+] PayPal Onboarding Capabilities: Updated PayPal Partner Referral API v2 integration to request Apple Pay and Google Pay capabilities during merchant onboarding. Fixed compatibility issues between EXPRESS_CHECKOUT and PPCP product types.
+[+] Donation Plugin: New cart donation plugin allowing customers to add donations during checkout with configurable preset amounts and organization name.
+[+] PHP 8.3 Compatibility: Updated all classes with #[AllowDynamicProperties] attribute and replaced deprecated functions (utf8_encode, split, ereg, mcrypt, each) for full PHP 8.3 compatibility.
+[+] New CyberSource Module: Added CyberSource Unified Checkout payment method with form validation, tokenization, and robust error handling. Includes support for digital wallets through Unified Checkout integration.
+[+] QuickBooks Online Integration: Updated QuickBooks Online integration with modern OAuth2 authentication, replacing the legacy QuickBooks integration. Note: The legacy QuickBooks integration requires older PHP versions with mysql extension support.
+[-] PayPal Connection Issues: Fixed race conditions and "Authorization code not found in cache" errors during PayPal merchant onboarding.
+[-] Webhook Duplicates: Resolved issues with duplicate PayPal webhooks being created during setup.
+[-] Venmo Refund Handling: Fixed "PayPal Payments Error:" with empty message for Venmo refunds. Now properly handles PENDING status for ACH-based refunds that take 3-5 business days to complete.
+[-] Google Pay Button Styling: Added consistent styling to Google Pay button to match other payment buttons, respecting button shape (pill/rectangle) and max-width settings.
+[!] Critical Security Updates: Fixed IP authentication bypass vulnerability and enhanced overall security posture.
+[!] File Upload Security: Strengthened file upload validation with improved malicious file detection and path traversal prevention.
+[!] SQL Injection Protection: Enhanced SQL sanitization functions with expanded pattern detection while preserving HTML content.
+[!] Security Headers: Added modern security headers to admin area for clickjacking and XSS protection.
+[!] CSRF Protection: Implemented token-based CSRF protection for admin forms.
+[+] PayPal Webhook Cleanup: Added automatic webhook cleanup when unlinking PayPal accounts.
+For those of you looking to upgrade the easiest way from version 4.6.6 only. You will need to get the latest version of the following files:
+  * admin/adminindex.php
+  * admin/libsecure.php
+  * admin/login.php
+  * admin/adminglobal.php
+  * include/methods/paypal_standard.php
+  * include/methods/cybersource_unified.php (New)
+  * include/plugins/plugin_order_file_upload.php
+  * include/plugins/plugin_cart_donation.php (New)
+  * include/vendors/quickbooks-online/quickbooks-cron.php
+  * include/classes/class.ajax.php
+  * include/classes/class.cart.php
+  * include/classes/class.connect.php
+  * include/classes/class.erroralert.php
+  * include/classes/class.giftcerts.php
+  * include/classes/class.orderitem.php
+  * include/classes/class.paging.php
+  * include/classes/class.rewards.php
+  * include/classes/class.sessions.php
+  * include/classes/class.xmlfeeds.php
+  * include/payment/beanstream.php
+  * include/payment/cardia.php
+  * include/payment/hsbc/ (directory)
+  * checkout.php
+  * global.php
+  * index.php
+  * libsecure.php
+  * quick_checkout.php
+  * images/donate.png (New)
+The following themes / templates will need updating:
+*All Themes*
+  * cart_view.html
+  * plugin_cart_donation.html (New)
+*Admin Theme*
+  * admin/themes/default/login.html
+===== v4.6.6 =====
+[+] Additional PHP 8.1 Compatibility Fixes: Minor fixes for PHP 8.1+ compatibility.
+[+] hCaptcha Integration: Added a new plugin for hCaptcha and removed the captchas.net integration.
+[+] Failed Order Rate Checking: Added new rate limit checking for failed orders. This will block and eliminate repeated failed credit card orders that are usually used for carding.
+[+] Improved Security Checks: Added some improvements to the malicious file and SQL injection checks.
+[+] Export Improvements: Made some minor improvements to the product export features.
+[+] Authorize.net AcceptJS: New Authorize.net module that allows you to accept credit cards without directly collecting customers credit card information.
+[+] Clover Credit Card Module: New credit card processing module for Clover.
+[+] AddToAny Integration: New social media share buttons through AddToAny which replaces ShareThis which is no longer functioning. The new integration is now in the plugins.
+[+] UPS & USPS Updates: We have improved the weight conversions on both the UPS and USPS modules for more accurate rating.
+[+] jQuery Updates: We have updated jQuery in order to improve security across all themes. The latest version of jQuery is now used.
+[-] Processing Fee Bug: We corrected a bug with the processing fee setting that was causing the fee to not get applied to some orders.
+[-] User Group Bug: We corrected a bug that prevented some groups from seeing proper pricing and discounts.
+For those of you looking to upgrade the easiest way from version 4.6.5, only. You will need to get the latest version of the following files:
+  * admin/adminglobal.php
+  * admin/adminindex.php
+  * admin/libsecure.php
+  * include/classes/class.ajax.php
+  * include/classes/class.import-export.php
+  * include/classes/class.stats.php
+  * include/methods/gift_card_only.php
+  * include/methods/paypal_standard.php
+  * inckude/payment/authorizenet/ (New Directory))
+  * include/payment/authorizenet_acceptjs.php (New)
+  * include/payment/clover.php (New)
+  * include/payment/eprocessingnetwork.php
+  * include/payment/paypal_advanced.php
+  * include/payment/quickbooks_payments.php
+  * include/plugins/plugin_addtoany.php (New)
+  * include/plugins/plugin_facebook_open_graph.php
+  * include/plugins/plugin_group_payment_methods.php
+  * include/plugins/plugin_hcaptcha.php (New)
+  * include/plugins/plugin_sharethis.php (Removed)
+  * include/vendors/fileman/php/security.inc.php
+  * include/shipping/purolator_wsdl.php
+  * include/shipping/ups.php
+  * include/shipping/usps.php
+  * include/shipping/usps_int.php
+  * checkout.php
+  * global.php
+  * libsecure.php
+  * quick_checkout.php
+The following themes / templates will need updating:
+  * js/ (Replace Directory)
+  * account_customer_signup.html
+  * account_wishlist_send.html
+  * cart_view.html
+  * cart_view_item.html
+  * list_products_tile_item.html
+  * main_index.html
+  * order_overall_review.html
+  * order_quick_checkout.html
+  * order_quick_checkout_overall_review.html
+  * page_contact_us.html
+  * plugin_hcaptcha.html (New)
+  * plugin_quickview_display.html
+  * plugin_shipping_estimator.html
+  * product_detail.html
+  * product_detail_reviews.html
+  * product_detail_tell_friend.html
+===== v4.6.5 =====
+[+] Additional PHP 8.1 Compatibility Fixes: Minor fixes for PHP 8.1+ compatibility.
+[+] UPS Rest API Module: UPS has switched to OAuth and a new Rest API. This new module requires an upgrade to the latest SunShop as it requires changes to core code in SunShop.
+[+] PayPal Checkout Changes: We have made some adjustments to the PayPal Checkout integration. This includes fixes to the PayPal Standard and the PayPal Advanced methods.
+[-] Cononical URL Base URL: Fixed an issue with the canonical URL not being set for the root of the site.
+[-] XML Feeds: Fixed a minor issue with XML feeds and special characters.
+For those of you looking to upgrade the easiest way from version 4.6.4 only. You will need to get the latest version of the following files:
+  * admin/adminindex.php
+  * admin/libsecure.php
+  * include/classes/class.xmlfeeds.php
+  * include/methods/paypal_standard.php
+  * include/payment/paypal_advanced.php
+  * include/plugins/plugin_canonical_url.php
+  * include/plugins/plugin_paypal_express.php
+  * include/shipping/ups.php
+  * include/shipping/docs/ups.txt
+  * global.php
+  * libsecure.php
+The following themes / templates will need updating:
+  * No template changes required.
 ===== v4.6.4 =====