====== ProductCart v4 - Patch #3 (Service Pack 3) ====== ===== Overview ===== This patch was released on **12/05/09**. It addresses all known issues found in ProductCart v4.0 between the initial release and 12/04/09. See the section below for details on which files were updated. ==== Security Issues ==== This update addresses a few security issues that were recently discovered. Therefore, we recommend that it is applied to your ProductCart-powered store as soon as possible. ===== Do you need it? ===== If your ProductCart version number contains "SP 3" (service pack #3), then you do not need this patch. Otherwise, you need to apply it to your store. ===== Do you also need Patch #1 and or Patch#2? ===== No, this is a cumulative "Service Pack". To simplify things, we included all files that were updated since the release of ProductCart v4. So it includes Patch #1 and Patch #2. You do not need to worry about applying previously released patches. Just apply this patch and you will be using the latest files. ===== Downloading the Update File ===== You can download the update by using the "Check for Updates" feature in your ProductCart Control Panel, or you can download it by clicking on the file names in the table below. Depending on the version of ProductCart that you are using (Standard vs. Build To Order) and on the add-on's installed on your store, the Update Management System will prompt you to download the correct file. ==== Double-checking the Downloaded File Name ==== You can double-check that you are indeed downloading the correct file by checking the file name against the following information. ^ You are running ^ v4 Upgrade File Name ^ | ProductCart Standard | {{:updates:productcart_v4_sp3_120409.zip|ProductCart_v4_SP3_120409}} | | ProductCart Standard + Apparel Add-on | {{:updates:productcart_v4_sp3_app_120409.zip|ProductCart_v4_SP3_APP_120409}} | | ProductCart Build To Order | {{:updates:productcart_v4_sp3_bto_120409.zip|ProductCart_v4_SP3_BTO_120409}} | | ProductCart Build To Order + Apparel Add-on | {{:updates:productcart_v4_sp3_bto_app_120409.zip|ProductCart_v4_SP3_BTO_APP_120409}} | | ProductCart Build To Order + Conflict Management | {{:updates:productcart_v4_sp3_bto_cm_120409.zip|ProductCart_v4_SP3_BTO_CM_120409}} | | ProductCart Build To Order + Conflict Management + Apparel Add-on | {{:updates:productcart_v4_sp3_bto_cm_app_120409.zip|ProductCart_v4_SP3_BTO_CM_APP_120409}} | If you believe that the ProductCart Update Management System is not providing you with the correct file set, please [[http://www.earlyimpact.com/eistore/productcart/pc/custpref.asp|open a support ticket]]. If you do not see the v4 SP3 Update when you "Check for Updates", even if it has officially been announced, then make sure that your license is [[http://www.earlyimpact.com/eistore/productcart/pc/ProductCart-Technical-Support-Updates-Plan-124p463.htm|eligible for Software Updates]]. ==== Unzipping the Downloaded Files ==== * Unzip the files to a new directory on your desktop (e.g. "v4 SP3 Files"). * Do not copy the unzipped files onto an existing set of ProductCart files. * If you want to have a copy of the entire ProductCart folder on your desktop, including the latest files, download the store to your desktop __after__ you have finished the update process. ===== Updated Files ===== In addition to the files that were updated with [[v4_patch1|Patch #1]] and [[v4_patch2|Patch #2]], the following files will be updated. This area is still being updated with file names and references. ==== includes/ ==== * languages.asp \\ We added a couple of text strings (e.g. there was a hardcoded text string in the file pc/inc_saveShoppingCart.asp which was replaced with a dynamic text string). * pcPayPalClass.asp \\ PayPal Express Checkout updates. * jquery\themes\redmond\jquery-ui-1.7.2.custom.css \\ Small interface change. ==== pc/ ==== * atc_viewprd.asp \\ Corrected styling issue (e.g. font size) on "Product Added To Cart" message window. * checkdate.asp \\ Date and time formatting issue. * checkout.asp \\ Incorrect (or no message) shown after password reminder is used in the storefront in some cases. * configurePrdCode.asp, configurePrd.asp, PrdAddChargesCode.asp \\ Added string validation to eliminate cross scripting vulnerability. * CustAddShipPop.asp (new), ggg_instGR.asp, ggg_EditGR.asp \\ Pop-up window to add new delivery address for a Gift Registry incorrectly loaded the header & footer, thus requiring some scrolling. * CustConsolidate.asp, CustViewPastD.asp, opc_inc_CustConsolidate.asp \\ Message to consolidate customer accounts was sometimes shown when not needed. * gwfast.asp \\ Fixed issue in FastTransact integration * gwpfp.asp \\ Edited integration with PayPal Payflow Pro as part of re-certification process. * inc_footer.asp \\ Updated style of message shown when a saved shopping cart is restored. * login.asp \\ Fixed interface issue and issues related to apostrophe in e-mail address (rare scenario). * OnePageCheckout.asp, onepagecheckoutJS.asp \\ Added message that lets customers know that the order is being saved (to avoid double-clicking). * opc_OrderVerify.asp \\ Fixed issue with discount code calculation when there are bundles or category discounts. * opc_updotherinfo.asp, opc_paymnta_customcard.asp \\ Fixed character encoding issue. * opc_checkpayment.asp, opc_OrderVerify.asp, gwPayPal.asp, SaveOrd.asp \\ PayPal Express Checkout update. * opc_updotherinfo.asp, opc_paymnta_customcard.asp, opc_paymnta_c.asp \\ Fixed character encoding issue (see how to fix [[:how_to:adjust_charset|character encoding issues on One Page Checkout]]. * opc_updshipaddr.asp \\ Fixed issues with delivery date not correctly enforced. * CustSavedCarts.asp, CustSavedCartsRename.asp (NEW), inc_SaveShoppingCart.asp \\ Added ability to nickname a previously saved shopping cart. Fixed a date formatting issue. * pcGatewayData.asp, pcModifyBillingInfo.asp, pcCheckReferer.asp (new file) \\ Fixed security issue that could have allowed a malicious user to view and edit another customer's personal information. We have no reports of the security issue having been exploited. The problem was discovered during a security review. * pcPay_GoogleCheckout_Discounts.asp \\ Google Checkout discount calculation issue with Apparel products. * pcReCalPricesLogin.asp \\ Fixed issue with special pricing (e.g. pricing category) ignored when using PayPal Express Checkout. * pcUPSTimeInTransit.asp \\ Added string validation to eliminate cross scripting vulnerability. * search.asp \\ Search issue related to AJAX search preview not updating when price "from" and "to" fields were updated. * screen.css \\ Made opacity of background layer consistent across modal windows. * pcSeoFunctions.asp \\ Improved handling of special characters in function that prepares keyword rich URL. * rmaIndex.asp \\ Fixed security issue that could have allowed a malicious user to submit a Return Merchandise Authorization request for an order not associated with his/her account. We have no reports of the security issue having been exploited. The problem was discovered during a security review. * search.asp \\ Fixed issue with AJAX preview not updating when changing price filters. * smallShoppingCart.asp \\ Link to checkout did not use SSL even if SSL was turned on. * useraddfeedback.asp, userviewfeedback.asp, rmaindex.asp, inc_PartShipEmail.asp \\ Date formatting issue. * images\highslide\geckodimmer.png \\ Small interface change (consistent modal window background color). ==== pcadmin/ ==== * AddPayPalPaymentOpt.asp, modPayPalPaymentOpt.asp, upddb-PayPal-AB.asp \\ PayPal Express Checkout update. * AdminFooter.asp \\ Fixed JavaScript errors occurring when right side panels are hidden. * AdmindHeader.asp, pcTSUtility.asp \\ Added Service Pack to version number. * adminviewallmsgs.asp \\ Removed incorrect sorting icon. * BackOrderReport.asp, Blackout_edit.asp, BrandSalesReport.asp, CatSalesReport.asp, DShipperSalesReport.asp, PrdsalesReport.asp, PricingCatReport.asp, RefsalesReport.asp, resultsTopSells.asp, salesReport.asp, salesReportPayment.asp, SupplierSalesReport.asp, viewCPLogs.asp \\ Fixed date/time formatting issues (incorrect formatting used or incorrect dates used in certain scenarios). * cmsAddEdit.asp \\ In some cases a Content Page's main content was not visible in the Control Panel due to the order in which fields were called in the SQL query and then assigned to variables. * modifyProduct.asp \\ Fixed issue with products deleted from the Control Panel that could still be accessed via the Modify Product page. * OrdDetails.asp \\ Customer's phone number being a required field was causing issues in some cases (e.g. when processing PayPal order). Removed validation. * pcAdminRetrieveSettings.asp \\ Code edit related to new Service Pack number added to version number. * resultsAdvanced.asp & resultsAdvancedAll.asp \\ Fixed issue with sorting arrows not properly loading the "Current Page" variable. This resulted in no orders shown (or incorrect page shown). ===== Performing the update ===== ==== Other Add-on's ==== If you are also using... * **MailUp**: Upload whichever files apply to your store (see above), then [[:widgets:integrations:mailup:mailup#what_you_need|download the latest MailUp integration files]] and upload them to the corresponding folders as per the Add-on instructions. * Synchronizer for QuickBooks: a separate file set is __not__ needed * eBay Add-on: a separate file set is __not__ needed === Parent Paths Enabled vs. Parent Paths Disabled === Please select the correct update files depending on the version of ProductCart that you are running. Specifically, if you are running ProductCart on a server that has Parent Paths Disabled, please use the files contained in the "Parent Paths Disabled" folder. Otherwise, use the files contained in the "Parent Path Enabled" folder, which is the most common scenario. If you are unsure of which version you are running, look at the version number in the Control Panel start page ("menu.asp"). If it includes the letters "PPD", then you are using the "Parent Path Disabled" version of ProductCart. === Synchronize overwritten files === The following files are often customized by ProductCart users and will be overwritten with this patch (see [[:developers:editcode#file_comparisons_and_synchronizations|how to synchronize files]]): * includes/languages.asp \\ A few text strings were edited\added. Make sure to synchronize with your version. * pc/inc_footer.asp \\ This is the file that might contain things such as your Google Analytics code. For users of the Keyword Rich URLs feature (or "SEO files"). The file **404b.asp** is also overwritten by this patch. __This should not affect any stores__ since this file does not need to be edited in version 4. However, if you manually edited the file to hardcode the location of your "404 - Page Not Found" page, go to //Settings > Store Settings > Miscellaneous//, turn on the //Keyword Rich URLs// feature (if not already on) and enter the path to the file (e.g. "/my404page.html"). You do not need to manually edit //404b.asp// in ProductCart v4 (unlike in v3). The location of the "Page Not Found" page will be retrieved from your store settings. ==== Step 1 - Back up your store ==== If you haven't already done so, [[:updates:how_to_backup|back-up your store]]. ==== Step 2 - Turn off your store ==== - Log into your Control Panel and select //General Settings > Store Settings// - Enter a descriptive message in the field //Message displayed when store is off//. - Select //Turn store off//, then click on the //Update// button. This ensures that customers do not browse the store while you are updating it. ==== Step 3 - FTP new files to your server ==== Upload the files to their respective folders, overwriting the existing files. For instance, you will update the contents of the //pc// subfolder on your Web server with the files contained in the //pc// subfolder that you have downloaded from the ProductCart Update Management System. Please note that the //pcadmin// folder has likely been renamed on your store. We recommend that you rename the same folder in the update files locally on your computer so that when you FTP the files there is no chance that a new //pcadmin// folder is created, which would mean that some of your store files are not being updated. DO NOT delete any of the files that are currently on your Web server. === Confirm successful transfer === FTP transfers sometimes fail. Make sure that once the process has finished, your FTP client reported a success message. Most FTP programs have a way to show you whether some files were not uploaded successfully. If that happens, make sure to upload them again __until all files have been uploaded successfully__. For example, [[http://filezilla-project.org/|Filezilla]] separately reports "Failed Transfers" and "Successful Transfers". The "Failed Transfers" tab should be empty. ==== Step 4 - Update the Store Database ==== - Log into the Control Panel - You will be automatically redirected to the database update page. \\ __Troubleshooting__: - If you are not automatically redirected, replace "menu.asp" with "upddb-PayPal-AB.asp" in the browser address field and press the ENTER key on your keyboard. - If you get a "Page Not Found" error, it means that the files were not uploaded to the correct folder or the FTP upload was not completed successfully. - Run the database update script. \\ __Troubleshooting__: - If you receive any errors or warnings (e.g. a table could not be updated), run the database update again. In some cases these errors disappear on the second execution of the update. - If the errors persist even after re-running the database update script a few times, leave the store OFF and [[https://www.earlyimpact.com/productcart/support/|open a Support Ticket]]. ==== Step 5 - TO DO List ==== A message will confirm that the store database and version number have been updated. If there are any "To Do" items, they will be mentioned here. One important To Do item is the following: * **Update Shipping Settings** \\ Log into your ProductCart Control Panel, select //Shipping > Shipping Settings//), review the settings on the page, and click on the //Update// button to update the store to the latest shipping settings. Otherwise "One Page Checkout" may malfunction. You do not need to make any changes. Just review the existing settings and click the //Update// button. * **Update MailUp files** (if applicable) \\ If you are a MailUp user, [[:widgets:integrations:mailup:mailup#what_you_need|download the latest MailUp integration files]] and upload them to the corresponding folders as per the Add-on instructions. ==== Step 7 - Turn your store back on ==== When all To Do items have been completed, you can now turn your store back on and verify that the storefront is working properly. We recommend that you place at least one test order to go through the entire checkout process. ===== New version number (service pack) ===== Starting with this Patch, we will add an identifier to the version number of a ProductCart store that has applied a Patch. Since these patches can contain both files and database updates, we will call them "service packs", just like other large software companies do :-) Your ProductCart store version number after applying this patch with include "SP 3" to indicate that you applied this service pack.