Zen Cart v1.5.1 — Released!

Download available here: http://sourceforge.net/projects/zencart/files/

PCI Compliance
v1.5.0 is PA-DSS certified.
v1.5.1 is an optional update, and will not be submitted for formal recertification.
If you are involved with a PCI Compliance situation, you will need to self-certify the changes in 1.5.1 if you intend to use it.

Minimum Requirements
Zen Cart® v1.5.1 requires a minimum of the following:

  • PHP 5.2.14 or higher
  • MySQL 4.1.3 or higher
  • Apache 2.0 or higher.
  • Apache configured with AllowOverride set to either ‘All’ or at least both ‘Limit’ and ‘Indexes’ parameters, and preferably the ‘Options’ parameter as well.
  • PHP configured to support CURL with OpenSSL

While Zen Cart® can run on Windows/IIS servers, Linux/Apache servers are recommended for best results, superior performance, and easier use by shopowners.

What’s New In v1.5.1:
Improvements include:

  • CHANGE-207 – Add bypass to bandage the performance/caching problem with products_viewed counter on busy sites, inspired by an idea from data-diggers. This step simply splits the logic out into an observer class, and adds a switch to turn it on or off. Doesn’t change any schema or any reports. But of course if the switch is set to something other than ‘on’, then the reports will be useless too unless alternate custom data tracking code is added to the observer class.
  • CHANGE-208 – Implement data-diggers querycache
  • CHANGE-220 – Add optional constant ‘DOWNLOADS_SKIP_DOT_PREFIX_ON_REDIRECT’ to overcome rare problem on some servers which won’t allow use of dot-prefixed temporary files. Usage: define(‘DOWNLOADS_SKIP_DOT_PREFIX_ON_REDIRECT’, TRUE); in /includes/extra_configures/ folder.
  • CHANGE-238 – php 5.4 Updates, mainly for htmlentities() calls
  • CHANGE-240 – Add form auto-focus on advanced-search results and admin category lookups
  • CHANGE-265 – Add children support to category-specific stylesheet overrides — ie: c_XX_XX_children.css
  • CHANGE-273 – Add css-driven antispam support to contact-us, create-account, and product reviews
  • CHANGE-282 – Add improved notifier support for the shipping calculate_boxes_weight_and_tare() function to allow for easier intercept by plugins
  • CHANGE-283 – Add coders the ability to allow for a custom count query in split page results class
  • CHANGE-284 – Update db schema and various code bits to handle longer lengths for IP addresses, to accommodate IPv6
  • CHANGE-287 – Add hooks for encryption tools needed by modules such as PPA
  • CHANGE-297 – Add improvements to notifier support for Downloads script (add all order data to observer resources)
  • CHANGE-298 – Move debug logging to separate /logs/ folder, as a performance improvement measure, and be more semantically meaningful

Bugfixes include:

  • CHANGE-201 – Fix JS_STATE typo in /admin/includes/languages/english.php
  • CHANGE-202 – Fix compounding or multiple tax problems
  • CHANGE-204 – Fix problem with unescaped error messages in zc_install
  • CHANGE-205 – Fix error on Windows hosts: ‘gzpost’ can’t have default value
  • CHANGE-206 – Fix admin profiles code to also manage product types
  • CHANGE-209 – Prevent the “apple double” effect in auto-loading folders … ie: skip all files starting with “.” or “_”
  • CHANGE-211 – Fix for bug where renaming an Admin Profile name allowed a blank entry.
  • CHANGE-213 – Fix missing check for EMAIL_DISCLAIMER constant, to help prevent problems caused by people who incorrectly delete the define from the language files.
  • CHANGE-214 – Fix various documentation errors
  • CHANGE-215 – Fix BOC currency exchange rate lookup to use newer source. Fix bug which could return 0.00 mistakenly in some cases.
  • CHANGE-216 – Fix handler for HTML Editor plugins – was missing trailing slash in lookup path
  • CHANGE-218 – Fix Admin alert email text (HTML content missing) on change of user details
  • CHANGE-219 – Fix multiple-content-length headers when downloading by redirect
  • CHANGE-221 – Fix cause of error message: PHP Warning: strlen() expects parameter 1 to be string, when triggered by customer notification preferences submission at checkout
  • CHANGE-222 – Fix the .htaccess restriction which was preventing the .cur image files from working with spiffyCal
  • CHANGE-223 – Fix Authorize.net SIM/echeck module “currency code invalid” error when customer is shopping in non-USD currency
  • CHANGE-230 – Fix password reset vulnerability (random seed/entropy issue)
  • CHANGE-231 – Fix page_not_found on session timeout to time_out instead
  • CHANGE-233 – Fix HTML error in admin/profiles.php page – /head should have been /thead
  • CHANGE-236 – Fix: Customer authorization e-mail not sent out on pressing “the red button”.
  • CHANGE-239 – Fix virtual cart problem causing error: “PayPal has unexpectedly returned a blank address” only on carts with all virtual products
  • CHANGE-241 – Fix Improper handling of ‘0’ as search keyword
  • CHANGE-242 – Fix output/display errors in admin user/profile tools.
  • CHANGE-244 – Fix name of form field for javascript character count which could break in non-english translations
  • CHANGE-246 – Improve exceptions for testing Authnet in Test Mode
  • CHANGE-249 – Fix to allow more than one onetime fee in the shopping basket
  • CHANGE-255 – Fix missing [close] from popup_search_help template file
  • CHANGE-256 – Fix validation errors in manufacturers sidebox if manufacturer_name contains ampersands
  • CHANGE-259 – Fix Admin menu problem occurring only in Opera 12 on Windows
  • CHANGE-261 – Fix outdated error message text about PHP 5.4 and configure.php file problems
  • CHANGE-262 – Fix PHP Error when no Record Company ID with Typefilter
  • CHANGE-263 – Clarify password-expiry language to minimize alarmist reactions for those who don’t understand the common use of expiring passwords
  • CHANGE-264 – Fix PHP Fatal error: 1062: Duplicate entry ‘1-1’ for key 1 when adding option values
  • CHANGE-268 – Fix Hardcoded text in Reports/Customer Referrals
  • CHANGE-269 – Fix misspelled Germany state (zones table)
  • CHANGE-275 – Fix json_encode error on non-UTF8 sites
  • CHANGE-277 – Rebrand PayPal products (for USA merchants only) according to changes implemented by PayPal in Q2 2012
  • CHANGE-279 – Fix PayPal Processor Decline Fails to Show Error Message when debug logging disabled
  • CHANGE-280 – Fix inconsistency in dist-configure.php example files
  • CHANGE-281 – Fix incorrect database constant used in tpl_account_default.php
  • CHANGE-294 – Fix issue where a customer who is banned after login could still checkout
  • CHANGE-296 – Update outdated Admin error message text for secure usernames
  • CHANGE-299 – update to change-230
  • CHANGE-199 – Fix various vulnerabilities in zc_install
  • CHANGE-325 – Admin Configuration does not correctly encode html entities in text boxes
  • CHANGE-327 – Update PayPal sandbox endpoints
  • CHANGE-334 – PHP Warning: strip_tags() expects at most 2 parameters, 4 given, in coupon_admin.php

To upgrade from v1.5.0 to v1.5.1
Simple: if you are using v1.5.0 already and have not customized any of the files listed in the changed_files-v1-5-1.html document, then simply replace those files with the new versions contained herein.
If you HAVE customized or altered certain files, simply re-do your customizations in the new version of those particular files by making the same changes needed.
If you are using Addons/Plugins that have made alterations to those files, it is best to compare those changed files against the original v1.5.0 files, and see what changes were there … and then re-build those changes in the v1.5.1 file.

To upgrade v1.5.1 from v1.3.9h or older
If you are upgrading from a version OLDER than v1.5.0, then please do a standard complete site upgrade: http://www.zen-cart.com/upgrades


Many people have asked about the “missing ?> at the end of some PHP files”.
This is INTENTIONAL, and explained here: http://tutorials.zen-cart.com/index.php?article=313
It is NOT an error in the files or the download.

Comments are closed.