Issue #13: November 4, 2002
4th November 2002 by Harald Ponce de Leon

By Harald Ponce de Leon

November 4, 2002

New Checkout Procedure Proposal Realized
New cartID Protection Against False Orders
New Zone Concept For Payment And Shipping Modules
Company Field Now Attached To The Address
Credit Card Validation Logic Replaced
New Copyright Announcement For The Administration Tool
Removal Of The FedEx Shipping Module
New Security Layer For The HTTP Output Functions
Images Assigned To Multiple Categories Or Products No Longer Removed

New Checkout Procedure Proposal Realized

The new checkout procedure that was proposed two months ago was just commited in the CVS repository over the weekend, which brings in a great user interface to the procedure with optimizations made in the php logic.

Shipping modules are now able to return and display multiple rates, which can be best seen with the provided UPS and USPS shipping modules.

The optimizations to the shipping and payment modules unfortunately make contributed modules incompatible to use - contributed modules need to be updated to the optimized structure of the payment and shipping modules if they are to be used with the new checkout procedure.

It is now possible for the customer to select different shipping and billing addresses to use for the order, where entries are shown from their address book.

Some minor changes to the new checkout procedure are still being worked on, the major change being when no shipping or payment modules are enabled, that part of the checkout procedure will not be shown to the customer. This is most useful for virtual, or downloadable, products that do not need a shipping address.

New cartID Protection Against False Orders

Everytime a product is added, updated, or removed from the customers shopping cart, a cart ID is generated and saved in the session. This ID is checked upon throughout the checkout procedure to minimize the occurance of customers adding products to their cart while keeping the same shipping fees assigned to the order.

New Zone Concept For Payment And Shipping Modules

A new concept currently under review by the development team is the assignment of Zones to payment and shipping modules which, when used, enable the modules only when the destination zones match the assigned Zone to the module.

An example of use is the Cash on Delivery payment module. By assigning it a Zone with just the country of the store, this payment method will only be enabled when the order is being sent to that country. International and oversears customers would then not see this method of payment as it would be disabled real-time.

The Zones structure it utilitizes is already in the codebase which is being used for the Tax Zones.

Company Field Now Attached To The Address

The company field is now attached to the address, and is only displayed when the value is not empty.

The company field parameter in application_top.php (soon to be moved to the database so it can be set via the Administration Tool -> Configuration section) is now enabled by default.

Credit Card Validation Logic Replaced

The credit card validation script used was not compatible with the GPL license, and has been replaced with a php class that now takes care of the validation routines.

Permission was requested to the authors but a definite answer was not provided. Instead of playing the waiting game, the logic was simply replaced.

New Copyright Announcement For The Administration Tool

The copyright announcement shown on the Administration Tool frontend was updated to be in compliance with section 2c of the GPL license.

This means the copyright announcement shown on the Administration Tool can not be removed, or can only be appropriately modified.

This decision was taken after discussing the issue both internally and publicly in the forums, and is for the best interest of the project for the future.

A frequently asked questions entry has been provided which better explains the issue:

http://www.oscommerce.com/community.php/faq,26/q,50

Removal Of The FedEx Shipping Module

FedEx updated their RateFinder service which broke the FedEx shipping module used in the project. The updated service requires two requests to be made in order to return shipping rates for an order - this is unacceptable for an e-commerce solution which led to the removal of the modules in the standard package.

A representative from FedEx has informed a team developer that a new XML based service will be offered early next year.

New Security Layer For The HTTP Output Functions

A new security layer was added to the http output functions, specifically the functions that take care of the form field elements.

Due to the double-quotes used in the tags which the http output functions return, the string values passed as parameters are being parsed where double-quotes are returned as special characters.

This means for the following example tag, which would otherwise be broken due to the double-quote existing inside the tag:

<input type="text" name="parameter" value="my"value">

would be replaced with:

<input type="text" name="parameter" value="my"e;value">

We decided to parse only the double-quote character which is considered to be safe, and not use the php function htmlspecialchars() as htmlspecialchars() also parses the ampersand (&) character, which would break html special characters passed as parameters to the html output functions. For example, the value "my&nbsp;value" would be parsed as "my&amp;nbsp;value" breaking the &nbsp; (space) character.

Images Assigned To Multiple Categories or Products No Longer Removed

The Administration Tool now checks to see if images assigned to categories or products being deleted are used elsewhere to prevent the removal of the images which would otherwise leave the categories or products using the same image with a broken image display.

Back to listing