After much waiting, Zen Cart has released version 1.5.3. While this version is NOT PCI certified, the need for the ton of bug and security fixes and enhancements included, along with cPanel discontinuing support for PHP 5.2.X was and is a real need.

When, this version finally finishes the PCI certification process it will be released as certified with a new version number.

We have spent a great deal of time thinking about the best move to advise our clients and having weighed the options, potentials costs and issues we have decided to advise all clients to upgrade to Zen Cart 1.5.3 as soon as possible.

The most weighing reasons for this are the countless fixes in this version as well as the needed support for PHP 5.3, 5.4, 5.5 and 5.6. cPanel as well as several other platforms have fully discontinued support for PHP 5.2x. This means that going forward cPanel, Easy Apache and such cannot update without bringing PHP to a minimum of 5.3.

Cost effectiveness is not a huge issue as we fell that very little work and thus cost will be required to bring 1.5.3 carts to the newly certified version most likely 1.5.4.

Upgrade Pricing

What’s New In v1.5.3:
Improvements include:

  • CHANGE-511 – Change DB functions from mysql to mysqli
  • CHANGE-89 – Convert to bcrypt for password security hashing (requires PHP 5.3.7 or newer)
  • CHANGE-491 – Timezone patch for PHP 5.3/5.4/5.5 (this makes the “timezone offset” plugin obsolete)
  • CHANGE-566 – Add Admin switch to relax PA-DSS “strong” password requirements when in Demo mode
  • CHANGE-543 – Updates for PHP 5.5 Compatibility; Verified PHP 5.6-beta compatibility
  • CHANGE-432 – Numerous fixes for stricter PHP 5.4 compatibility
  • CHANGE-350 – Improvements to queryFactory to better support sql caching
  • CHANGE-359 – Add advanced developer tool for Notifier Trace and a global eventID
  • CHANGE-412 – Increase length of session key field due to changes in PHP defaults
  • CHANGE-421 – Update Authorize.net modules to support CAD and UK currencies
  • CHANGE-427 – Fix Memory Leak with PHP 5.3/5.4
  • CHANGE-434 – Add additional SSL detection checks to accommodate more poorly configured hosting companies
  • CHANGE-450 – Switch to SSL for contact-us form (when SSL is enabled)
  • CHANGE-452 – Add multiple-language and multiple-location support to the Store Pickup shipping module
  • CHANGE-454 – Made low-stock emails interceptable by notifier/observer
  • CHANGE-524 – Fix SaleMaker issues on Discount Quantity
  • ISSUE-54 – Session handling improvements
  • ISSUE-82 – Fix odd PHP 5.4 quirk which triggers fatal error “Allowed memory size of — bytes exhausted” when accessing SID constant

Bugfixes and feature updates include:

  • CHANGE-196 – Fix issue with Store-pickup module vs taxes
  • CHANGE-206 – Fix admin profiles code to also manage product types
  • CHANGE-225 – Handle use of comma as decimal point for Gift Voucher
  • CHANGE-235 – Fix for create_account_success doesn’t honor session timeout
  • CHANGE-274 – Installer improvement – alert if new version available at install time
  • CHANGE-309 – Changes to avoid spam flags on Admin Emails about payment/shipping modules, and prevent autoresponder replies to newsletters and contact-us emails
  • CHANGE-311 – Data sanity check in customer login and admin customer mgmt to handle missing records resulting from bad imports or damaged data
  • CHANGE-315 – Performance tuning with .htaccess tweaks
  • CHANGE-323 – Fix rounding error with attributes and salemaker
  • CHANGE-332 – Update PayPal WPS to prevent mistakenly entering localized country domain for accessing PayPal services (per PayPal change Q3-2012)
  • CHANGE-341 – Updates to observer/notifier code to better support legacy procedural code
  • CHANGE-343 – Fix various language wording and dist-configure examples vis a vis the logs foldername
  • CHANGE-345 – Fix typo in whos_online legend
  • CHANGE-346 – Fix outdated language in configuration menu help texts, mainly around the name of the logs folder
  • CHANGE-347 – Fix TRY currency in paypal modules
  • CHANGE-348 – Fix Secunia advisory SA50574 – XSS in admin login.php
  • CHANGE-351 – Fix EZ-Pages Table of Contents links not displaying (if queryCache enabled, such as was added in v1.5.1)
  • CHANGE-352 – Fix attributes controller fatal error after upgrade
  • CHANGE-353 – Fix for password_forgotten generates log file
  • CHANGE-354 – Installer now bypasses APC and other caching mechanisms during zc_install, to prevent confusion caused by caching of files which require alteration.
  • CHANGE-355 – Fix redirect error when product is not General
  • CHANGE-361 – Fix blank page problem caused by clash with output_handler in hosting configuration
  • CHANGE-362 – Fix for template_filename not selecting for admin-initiated emails
  • CHANGE-363 – Trap for constant-not-found errors with badly-configured admin plugins
  • CHANGE-364 – Fix installer error: Failed to initialize storage module: memcache
  • CHANGE-365 – Fix missing noindex,nofollow missing on “forgotten” screen in admin
  • CHANGE-368 – Installer was allowing browser to remember old form data
  • CHANGE-371 – Fix for checkout_shipping creating debug logs when shipping method fails to generate methods
  • CHANGE-378 – Fix for Downloads of virtual products fail when site is Down For Maintenance
  • CHANGE-386 – Fix CURL/SSL Vulnerabilities
  • CHANGE-389 – Fix confusion about password reset message
  • CHANGE-392 – Fix coupon_admin.php contains double <p><p> tag
  • CHANGE-396 – Removed nde-basic.css because it is obsolete since v1.5.0
  • CHANGE-397 – Fix Developers Tool Kit where Line number values in results were off by one
  • CHANGE-398 – Store Manager log purge improvements
  • CHANGE-403 – Fix PayPal EC to prevent use of ImmediatePayment when AuthOnly is selected
  • CHANGE-411 – Increase size of fields in tables for admin profiles
  • CHANGE-413 – Change date/time display format in admin header to be consistent with configured preference
  • CHANGE-416 – Prevent unauthorized information disclosure with editor
  • CHANGE-417 – Fix for issue where email confirmation gets truncated on the < symbol in product names
  • CHANGE-422 – Fix overzealous regex for handling IPv6
  • CHANGE-424 – Fix PayPal Micropayments bug which was preventing non-micro payments from working if micropayments credentials were present
  • CHANGE-425 – Fix for: Deleted ez-pages didn’t trigger a 404 not found. Disabled pages were still reachable. Now sends to home page and shows message.
  • CHANGE-429 – Suppress HTML-formatting in PHP error messages, to aid in eliminating accidental posting of private links when requesting help
  • CHANGE-432 – Fix several issues causing warnings in debug logs due to PHP 5.4 compatibility
  • CHANGE-435 – Set reply-to header in admin copy of order-confirmation email – to make for easier replying to customers
  • CHANGE-437 – Set proper exclusion metatags to prevent gv_faq pages from being spidered/indexed
  • CHANGE-442 – Fix HTML id=reviewsContent already defined error in reviews sidebox
  • CHANGE-444 – Fix missing ‘echo’ and centerboxes in tpl_product_info_noproduct.php
  • CHANGE-446 – Cleanup: Remove duplicate code in update_product.php
  • CHANGE-451 – Fix canonical link handling for cases where the site operates entirely in SSL
  • CHANGE-455 – Improve zen_get_all_get_params to accommodate plugin issues throwing PHP Warning: strlen() expects parameter 1 to be string
  • CHANGE-459 – Fix inconsistencies in some zc_install help text
  • CHANGE-463 – Add insulation to protect against inaccessible products caused by errors in custom-written product types (where mistakenly type=0)
  • CHANGE-464 – Fix PHP warning: Use of undefined constant SUPERUSER_PROFILE …
  • CHANGE-470 – Fix missing closing table row in /admin/orders.php
  • CHANGE-471 – Fix a couple small logic bugs in table_block.php
  • CHANGE-472 – Improve caching for product-type settings
  • CHANGE-474 – Fix boolean typo on comparison in ot_cod_fee module
  • CHANGE-476 – Fix for zen_mail doesn’t always use default template for non-english use
  • CHANGE-478 – Fix Incorrect base_href in admin-sent HTML emails in some configurations
  • CHANGE-484 – Quantities added to cart should adjust to stock rather than just a message
  • CHANGE-487 – a Simplify filesmatch rules in htaccess by adding case-insensitivity flag
  • CHANGE-487 – b Add webm permission to htaccess rules for media-playback and downloadable-files
  • CHANGE-489 – Added additional notifiers to order.php class
  • CHANGE-491 – Improvements to automated timezone detection
  • CHANGE-497 – Improvements to date/time display in admin header
  • CHANGE-498 – Fix proxy-detection support for EXCLUDE_ADMIN_IP_FOR_MAINTENANCE and zen_get_ip_address() vs $_SERVER[‘REMOTE_ADDR’]
  • CHANGE-506 – Fix robots tag in admin pages
  • CHANGE-509 – Fix minor incorrect variable declaration in option_values_manager.php
  • CHANGE-514 – Improve Developers Tool Kit to allow the search of single and double quotes
  • CHANGE-519 – Add more error checking in check_page()
  • CHANGE-520 – Remove inline javascript and tags which may not be stripped correctly in product listings etc
  • CHANGE-521 – Fix error on Incorrect integer value: products_priced_by_attribute
  • CHANGE-526 – Additional notifier to allow additional validation in account_edit page
  • CHANGE-527 – Add configuration-settings-search to Developers Toolkit, credit B.Bellamy,torvista (makes the search_configuration_keys plugin obsolete)
  • CHANGE-528 – Updates to valid cart issues with attributes and changes prior to checkout
  • CHANGE-529 – Fix variable initialization in Shipping Estimator
  • CHANGE-532 – Init system – move navigation history to after init_sanitize
  • CHANGE-544 – phpMailer upgrade
  • CHANGE-545 – Allow countries to be flagged as available/unavailable for shipping (built from a combination of code backported from v2 and a contribution by lat9)
  • CHANGE-546 – Init system – Relocate version constants to the beginning of the autoloader process.
  • CHANGE-547 – Utilities updates – CURLtester update
  • CHANGE-548 – Fix PHP Notice: Only variable references should be returned by reference
  • CHANGE-549 – Fix for PHP Notice: Object