Zen Cart 1.3.9 – What’s Inside?


Well I have waited a good long time to write this. I really wanted to get a detailed “take” on the new version before I ran my mouth =-). Never the less, now I am ready to give you a 360 tour on the new Zen Cart 1.3.9!

Expectations for Zen Cart 2.0 are quite high and impatient. Originally, and still in documentation, 1.3.9 is a security or rollup release. While this is true, it’s not the whole story….

As we sift through the changes and play around with the new software, security is definitely a high priority. Some added features include htaccess files to limit access, filetype and other previous vulnerabilities we have been fixing by hand. Some things remain the same, you must still rename your admin folder by hand. This is a very frustrating process for less experienced shop owners, and I hope that 2.0 will allow this function to be accomplished in setup.

The offline credit card processing module has been removed for PCI/DSS compliance standards. You can steal code from 1.3.8 to reinstall this, but consider the risk and look at a proper gateway for processing. The cost of a breech can be in the thousands of dollars, vs a few bucks a month for a proper gateway account such as Authorize.net.

Quite a few changes in payment modules, as they were upgraded for new security protocols, API and integration changes and overall updates that have been previously gimping along or required manual updating. The only downside here is when you upgrade you will need to uninstall these modules in your Zen Cart admin and then reinstall once the upgrade is complete.

All order total and shipping modules were updated with bug fixes and such from 1.3.8.  Nothing new here, just added the bug fixes we have been completing by hand. Again, when upgrading, uninstall these modules and then reinstall them after the upgrade.

Templating is not a big upgrade issue, as the only file touched is tpl_reviews_random.php, which is a bug fix. So your templates for the most part will upgrade without issue.

Modules are a huge issue. Many Most are untested and not compatible with Zen Cart 1.3.9. Forum users have been maintaining a makeshift list of working modules here, but your own testing is an absolute necessity. The truth of the matter is that you will likely want to wait a few months to upgrade if you have customized and modded your cart.

There has already been a patched release of 1.3.9 which is only less than a month old. While this was only a file update, there is no guarantee that other updates will not occur and be more complicated. This small file update took me 45 minutes to accomplish with only one module to re-merge files for…. I also had issues with the new .htaccess files in the admin section and replaced them with the working ones from 1.3.9a. About 18 new bugs were fixed in the 1.3.9 second release (B).

Zen Cart 1.3.9
Zen Cart 1.3.9

So what’s new?

Actually quite a bit is new, and that is why the release is not really just a security update. Some additional functionality and compatibility was added….

  • Zen Cart 1.3.9 is PHP 5.3 ready, without patching
  • PCI issues have been dramatically reduced
  • SSL handling and renegotiation, session handling and detection are fixed for most server configurations
  • Canonical url tags were added
  • Developers toolkit has most robust filtering and search ability
  • New PayPal support added for UK – 3D-Secure and micropayments
  • Fixes for the handling of failed PayPal IPNs to be processed with cURL
  • Integrated split tax lines without previous customization needed
  • Easy Pages can now have their own individual stylesheets
  • ISO countries update
  • Updated spiders.txt including Yandex
  • configure files now attempt to automatically set their own permissions to 444
  • Normal operations are significantly less query intensive and run faster
  • On page PHP errors removed for PCI and logging enabled automatically
  • PCI compliance for auto complete on credit card forms is resolved
  • The “Tell a Friend” feature, which should still be set to require a login, now throttles the spam that can be sent through the form
  • Brute force protection added to the admin login
  • Improved attribute selector
  • Audience selector crashes have been fixed
  • Who’s online is updated and works significantly smoother and lighter
  • Example robots.txt was added
  • Customer and product search was improved in your admin
  • Catalog search is significantly better
  • Downloadable product bugs are fixed for “most” server configurations

So I still suggest that if your Zen Cart is very customized or heavily modded that you wait a bit to upgrade… Fact is you might just consider a rebuild to get a clean start with the new software.