ProductCart v4 - Patch #3 (Service Pack 3)

Overview

This patch was released on 12/05/09. It addresses all known issues found in ProductCart v4.0 between the initial release and 12/04/09. See the section below for details on which files were updated.

Security Issues

This update addresses a few security issues that were recently discovered. Therefore, we recommend that it is applied to your ProductCart-powered store as soon as possible.

Do you need it?

If your ProductCart version number contains “SP 3” (service pack #3), then you do not need this patch. Otherwise, you need to apply it to your store.

Do you also need Patch #1 and or Patch#2?

No, this is a cumulative “Service Pack”. To simplify things, we included all files that were updated since the release of ProductCart v4. So it includes Patch #1 and Patch #2. You do not need to worry about applying previously released patches. Just apply this patch and you will be using the latest files.

Downloading the Update File

You can download the update by using the “Check for Updates” feature in your ProductCart Control Panel, or you can download it by clicking on the file names in the table below.

Depending on the version of ProductCart that you are using (Standard vs. Build To Order) and on the add-on's installed on your store, the Update Management System will prompt you to download the correct file.

Double-checking the Downloaded File Name

You can double-check that you are indeed downloading the correct file by checking the file name against the following information.

You are running	v4 Upgrade File Name
ProductCart Standard	ProductCart_v4_SP3_120409
ProductCart Standard + Apparel Add-on	ProductCart_v4_SP3_APP_120409
ProductCart Build To Order	ProductCart_v4_SP3_BTO_120409
ProductCart Build To Order + Apparel Add-on	ProductCart_v4_SP3_BTO_APP_120409
ProductCart Build To Order + Conflict Management	ProductCart_v4_SP3_BTO_CM_120409
ProductCart Build To Order + Conflict Management + Apparel Add-on	ProductCart_v4_SP3_BTO_CM_APP_120409

If you believe that the ProductCart Update Management System is not providing you with the correct file set, please open a support ticket. If you do not see the v4 SP3 Update when you “Check for Updates”, even if it has officially been announced, then make sure that your license is eligible for Software Updates.

Unzipping the Downloaded Files

Unzip the files to a new directory on your desktop (e.g. “v4 SP3 Files”).
Do not copy the unzipped files onto an existing set of ProductCart files.
If you want to have a copy of the entire ProductCart folder on your desktop, including the latest files, download the store to your desktop after you have finished the update process.

Updated Files

In addition to the files that were updated with Patch #1 and Patch #2, the following files will be updated. This area is still being updated with file names and references.

includes/

languages.asp
We added a couple of text strings (e.g. there was a hardcoded text string in the file pc/inc_saveShoppingCart.asp which was replaced with a dynamic text string).
pcPayPalClass.asp
PayPal Express Checkout updates.
jquery\themes\redmond\jquery-ui-1.7.2.custom.css
Small interface change.

pc/

atc_viewprd.asp
Corrected styling issue (e.g. font size) on “Product Added To Cart” message window.
checkdate.asp
Date and time formatting issue.
checkout.asp
Incorrect (or no message) shown after password reminder is used in the storefront in some cases.
configurePrdCode.asp, configurePrd.asp, PrdAddChargesCode.asp
Added string validation to eliminate cross scripting vulnerability.
CustAddShipPop.asp (new), ggg_instGR.asp, ggg_EditGR.asp
Pop-up window to add new delivery address for a Gift Registry incorrectly loaded the header & footer, thus requiring some scrolling.
CustConsolidate.asp, CustViewPastD.asp, opc_inc_CustConsolidate.asp
Message to consolidate customer accounts was sometimes shown when not needed.
gwfast.asp
Fixed issue in FastTransact integration
gwpfp.asp
Edited integration with PayPal Payflow Pro as part of re-certification process.
inc_footer.asp
Updated style of message shown when a saved shopping cart is restored.
login.asp
Fixed interface issue and issues related to apostrophe in e-mail address (rare scenario).
OnePageCheckout.asp, onepagecheckoutJS.asp
Added message that lets customers know that the order is being saved (to avoid double-clicking).
opc_OrderVerify.asp
Fixed issue with discount code calculation when there are bundles or category discounts.
opc_updotherinfo.asp, opc_paymnta_customcard.asp
Fixed character encoding issue.
opc_checkpayment.asp, opc_OrderVerify.asp, gwPayPal.asp, SaveOrd.asp
PayPal Express Checkout update.
opc_updotherinfo.asp, opc_paymnta_customcard.asp, opc_paymnta_c.asp
Fixed character encoding issue (see how to fix character encoding issues on One Page Checkout.
opc_updshipaddr.asp
Fixed issues with delivery date not correctly enforced.
CustSavedCarts.asp, CustSavedCartsRename.asp (NEW), inc_SaveShoppingCart.asp
Added ability to nickname a previously saved shopping cart. Fixed a date formatting issue.
pcGatewayData.asp, pcModifyBillingInfo.asp, pcCheckReferer.asp (new file)
Fixed security issue that could have allowed a malicious user to view and edit another customer's personal information. We have no reports of the security issue having been exploited. The problem was discovered during a security review.
pcPay_GoogleCheckout_Discounts.asp
Google Checkout discount calculation issue with Apparel products.
pcReCalPricesLogin.asp
Fixed issue with special pricing (e.g. pricing category) ignored when using PayPal Express Checkout.
pcUPSTimeInTransit.asp
Added string validation to eliminate cross scripting vulnerability.
search.asp
Search issue related to AJAX search preview not updating when price “from” and “to” fields were updated.
screen.css
Made opacity of background layer consistent across modal windows.
pcSeoFunctions.asp
Improved handling of special characters in function that prepares keyword rich URL.
rmaIndex.asp
Fixed security issue that could have allowed a malicious user to submit a Return Merchandise Authorization request for an order not associated with his/her account. We have no reports of the security issue having been exploited. The problem was discovered during a security review.
search.asp
Fixed issue with AJAX preview not updating when changing price filters.
smallShoppingCart.asp
Link to checkout did not use SSL even if SSL was turned on.
useraddfeedback.asp, userviewfeedback.asp, rmaindex.asp, inc_PartShipEmail.asp
Date formatting issue.
images\highslide\geckodimmer.png
Small interface change (consistent modal window background color).

pcadmin/

AddPayPalPaymentOpt.asp, modPayPalPaymentOpt.asp, upddb-PayPal-AB.asp
PayPal Express Checkout update.
AdminFooter.asp
Fixed JavaScript errors occurring when right side panels are hidden.
AdmindHeader.asp, pcTSUtility.asp
Added Service Pack to version number.
adminviewallmsgs.asp
Removed incorrect sorting icon.
BackOrderReport.asp, Blackout_edit.asp, BrandSalesReport.asp, CatSalesReport.asp, DShipperSalesReport.asp, PrdsalesReport.asp, PricingCatReport.asp, RefsalesReport.asp, resultsTopSells.asp, salesReport.asp, salesReportPayment.asp, SupplierSalesReport.asp, viewCPLogs.asp
Fixed date/time formatting issues (incorrect formatting used or incorrect dates used in certain scenarios).
cmsAddEdit.asp
In some cases a Content Page's main content was not visible in the Control Panel due to the order in which fields were called in the SQL query and then assigned to variables.
modifyProduct.asp
Fixed issue with products deleted from the Control Panel that could still be accessed via the Modify Product page.
OrdDetails.asp
Customer's phone number being a required field was causing issues in some cases (e.g. when processing PayPal order). Removed validation.
pcAdminRetrieveSettings.asp
Code edit related to new Service Pack number added to version number.
resultsAdvanced.asp & resultsAdvancedAll.asp
Fixed issue with sorting arrows not properly loading the “Current Page” variable. This resulted in no orders shown (or incorrect page shown).

Performing the update

Other Add-on's

If you are also using…

MailUp: Upload whichever files apply to your store (see above), then download the latest MailUp integration files and upload them to the corresponding folders as per the Add-on instructions.
Synchronizer for QuickBooks: a separate file set is not needed
eBay Add-on: a separate file set is not needed

Parent Paths Enabled vs. Parent Paths Disabled

Please select the correct update files depending on the version of ProductCart that you are running. Specifically, if you are running ProductCart on a server that has Parent Paths Disabled, please use the files contained in the “Parent Paths Disabled” folder. Otherwise, use the files contained in the “Parent Path Enabled” folder, which is the most common scenario.

If you are unsure of which version you are running, look at the version number in the Control Panel start page (“menu.asp”). If it includes the letters “PPD”, then you are using the “Parent Path Disabled” version of ProductCart.

Synchronize overwritten files

The following files are often customized by ProductCart users and will be overwritten with this patch (see how to synchronize files):

includes/languages.asp
A few text strings were edited\added. Make sure to synchronize with your version.
pc/inc_footer.asp
This is the file that might contain things such as your Google Analytics code.

For users of the Keyword Rich URLs feature (or “SEO files”). The file 404b.asp is also overwritten by this patch. This should not affect any stores since this file does not need to be edited in version 4. However, if you manually edited the file to hardcode the location of your “404 - Page Not Found” page, go to Settings > Store Settings > Miscellaneous, turn on the Keyword Rich URLs feature (if not already on) and enter the path to the file (e.g. ”/my404page.html”). You do not need to manually edit 404b.asp in ProductCart v4 (unlike in v3). The location of the “Page Not Found” page will be retrieved from your store settings.

Step 1 - Back up your store

If you haven't already done so, back-up your store.

Step 2 - Turn off your store

Log into your Control Panel and select General Settings > Store Settings
Enter a descriptive message in the field Message displayed when store is off.
Select Turn store off, then click on the Update button. This ensures that customers do not browse the store while you are updating it.

Step 3 - FTP new files to your server

Upload the files to their respective folders, overwriting the existing files. For instance, you will update the contents of the pc subfolder on your Web server with the files contained in the pc subfolder that you have downloaded from the ProductCart Update Management System.

Please note that the pcadmin folder has likely been renamed on your store. We recommend that you rename the same folder in the update files locally on your computer so that when you FTP the files there is no chance that a new pcadmin folder is created, which would mean that some of your store files are not being updated.

DO NOT delete any of the files that are currently on your Web server.

Confirm successful transfer

FTP transfers sometimes fail. Make sure that once the process has finished, your FTP client reported a success message. Most FTP programs have a way to show you whether some files were not uploaded successfully. If that happens, make sure to upload them again until all files have been uploaded successfully. For example, Filezilla separately reports “Failed Transfers” and “Successful Transfers”. The “Failed Transfers” tab should be empty.

Step 4 - Update the Store Database

Log into the Control Panel
You will be automatically redirected to the database update page.
Troubleshooting:
1. If you are not automatically redirected, replace “menu.asp” with “upddb-PayPal-AB.asp” in the browser address field and press the ENTER key on your keyboard.
2. If you get a “Page Not Found” error, it means that the files were not uploaded to the correct folder or the FTP upload was not completed successfully.
Run the database update script.
Troubleshooting:
1. If you receive any errors or warnings (e.g. a table could not be updated), run the database update again. In some cases these errors disappear on the second execution of the update.
2. If the errors persist even after re-running the database update script a few times, leave the store OFF and open a Support Ticket.

Step 5 - TO DO List

A message will confirm that the store database and version number have been updated. If there are any “To Do” items, they will be mentioned here. One important To Do item is the following:

Update Shipping Settings
Log into your ProductCart Control Panel, select Shipping > Shipping Settings), review the settings on the page, and click on the Update button to update the store to the latest shipping settings. Otherwise “One Page Checkout” may malfunction. You do not need to make any changes. Just review the existing settings and click the Update button.
Update MailUp files (if applicable)
If you are a MailUp user, download the latest MailUp integration files and upload them to the corresponding folders as per the Add-on instructions.

Step 7 - Turn your store back on

When all To Do items have been completed, you can now turn your store back on and verify that the storefront is working properly. We recommend that you place at least one test order to go through the entire checkout process.

New version number (service pack)

Starting with this Patch, we will add an identifier to the version number of a ProductCart store that has applied a Patch. Since these patches can contain both files and database updates, we will call them “service packs”, just like other large software companies do :-)

Your ProductCart store version number after applying this patch with include “SP 3” to indicate that you applied this service pack.