osCommerce Online Merchant v2.3.0 Upgrade Guide
This upgrade guide is based on the osCommerce Online Merchant v2.2 Release Candidate 2a release. If you have not yet updated to v2.2RC2a, please review its upgrade guide in the extras directory (upgrade-22rc2a.html) before applying these changes.
 | This upgrade guide only provides the minimum required changes in the form of security updates and bug fixes. These changes will not upgrade your store to a complete v2.3 version. Please continue to use v2.2 add-ons and do not install v2.3 optimized add-ons as the may not function with your installation. If you wish to upgrade to a full v2.3 version, perform only (SQL) Database Changes and use the database with a new v2.3 installation. |
 | The following changes should be performed in the following order. |
Legend: (SQL) Database Changes (A) Administration Tool (C) Catalog
Types: (SEC) Security Update (BUG) Bug Fix (COMPAT) Compatibility Update (UP) General Update (NEW) New Feature
- (A) (SEC) Administration Tool Log-In Update — Importance: High | Difficulty: Easy
- (SQL) (UP) Update Database Field Lengths — Importance: High | Difficulty: Easy
- (AC) (COMPAT) Fix Timezone Warning Messages for PHP v5.3 — Importance: Medium | Difficulty: Easy
- (AC) (COMPAT) Use Perl-Compatible Regular Expressions for PHP v5.3 — Importance: Medium | Difficulty: Hard
- (C) (SEC) Add Customer Session Token to Forms — Importance: Medium | Difficulty: Medium
- (C) (BUG) Validate Removal of Customer Address — Importance: High | Difficulty: Easy
- (AC) (BUG) Sanitize Parameters — Importance: High | Difficulty: Medium
- (A) (UP) Add Support for Basic HTTP Authentication — Importance: High | Difficulty: Medium
- (C) (UP) Generate a New Shopping Cart ID When Restoring Products — Importance: Medium | Difficulty: Easy
- (C) (BUG) Fix Navigation History Session Content — Importance: High | Difficulty: Easy
- (AC) (UP) Improve Validation of E-Mail Addresses — Importance: Medium | Difficulty: Medium
- (AC) (UP) Code Cleanup — Importance: High | Difficulty: Easy
- (A) (UP) Update Define Languages Page — Importance: Medium | Difficulty: Medium
- (C) (BUG) Verify Shopping Cart Product Attribute Combinations — Importance: High | Difficulty: Easy
- (AC) (UP) Remove PHP3 Compatibility Code — Importance: Low | Difficulty: Easy
- (AC) (UP) Improve IP Address Detection — Importance: Medium | Difficulty: Easy
- (A) (BUG) Don't Show Empty Menu Entries — Importance: Low | Difficulty: Easy
- (AC) (UP) Add htaccess Protection to the Images Directory — Importance: Medium | Difficulty: Easy
- (C) (UP) Optimize Tax Calculations — Importance: Medium | Difficulty: Easy
- (AC) (UP) Improve Force Cookie Usage in Sessions — Importance: Medium | Difficulty: Easy
- (A) (BUG) Fix Automatic Removal of Manufacturer Images — Importance: High | Difficulty: Easy
- (A) (UP) Add API Version Tag to Modules — Importance: Low | Difficulty: Easy
- (C) (UP) Hide Currencies and Languages Info Boxes for Single Currencies and Languages — Importance: Low | Difficulty: Easy
- (A) (UP) Hide Language Selection if Only One Language is Installed — Importance: Low | Difficulty: Easy
- (C) (BUG) Fix Retrieval of Special Product Prices — Importance: Low | Difficulty: Easy
- (A) (BUG) Fix HTML E-Mails — Importance: Low | Difficulty: Easy
- (A) (BUG) Improve Saving of Module Parameters — Importance: Low | Difficulty: Easy
- (AC) (UP) Add Pre-Populated List of Currencies — Importance: Low | Difficulty: Easy
- (A) (SQL) (NEW) Introduce Security Directory Permissions Feature — Importance: Medium | Difficulty: Easy
- (AC) (SQL) (NEW) Introduce Action Recorder Feature — Importance: Medium | Difficulty: Hard
- (AC) (UP) Cleanup Language Definitions — Importance: Low | Difficulty: Easy
- (AC) (NEW) Move Installation Checks to New Security Checks Modules — Importance: Medium | Difficulty: Easy
- (A) (UP) Introduce Windows Compatible is_writable() Function — Importance: Low | Difficulty: Easy
- (A) (UP) Bypass HTTP Authentication for IIS Webservers — Importance: Low | Difficulty: Easy
- (AC) (UP) Update PHP_SELF Value — Importance: Low | Difficulty: Easy
- (A) (NEW) Introduce Easy Store Logo Uploader — Importance: Low | Difficulty: Easy
- (AC) (SQL) (UP) Update Password Hashing to Phpass — Importance: High | Difficulty: Easy
- (C) (BUG) Fix Length Check of Customer Passwords — Importance: Low | Difficulty: Easy
- (C) (BUG) Fix Notice When Products Without Attributes are Added to the Shopping Cart — Importance: Low | Difficulty: Easy
- (C) (BUG) Verify Languages Currency Exists — Importance: Low | Difficulty: Easy
- (C) (BUG) Allow Quoted Words to be Searched — Importance: Low | Difficulty: Easy
Labels
Page:
(A) (SEC) Administration Tool Log-In Update
Page: (SQL) (UP) Update Database Field Lengths
Page: (AC) (COMPAT) Fix Timezone Warning Messages for PHP v5.3
Page: (AC) (COMPAT) Use Perl-Compatible Regular Expressions for PHP v5.3
Page: (C) (SEC) Add Customer Session Token to Forms
Page: (C) (BUG) Validate Removal of Customer Address
Page: (AC) (BUG) Sanitize Parameters
Page: (A) (UP) Add Support for Basic HTTP Authentication
Page: (C) (UP) Generate a New Shopping Cart ID When Restoring Products
Page: (C) (BUG) Fix Navigation History Session Content
Page: (AC) (UP) Improve Validation of E-Mail Addresses
Page: (AC) (UP) Code Cleanup
Page: (A) (UP) Update Define Languages Page
Page: (C) (BUG) Verify Shopping Cart Product Attribute Combinations
Page: (AC) (UP) Remove PHP3 Compatibility Code
Page: (AC) (UP) Improve IP Address Detection
Page: (A) (BUG) Don't Show Empty Menu Entries
Page: (AC) (UP) Add htaccess Protection to the Images Directory
Page: (C) (UP) Optimize Tax Calculations
Page: (AC) (UP) Improve Force Cookie Usage in Sessions
Page: (A) (BUG) Fix Automatic Removal of Manufacturer Images
Page: (A) (UP) Add API Version Tag to Modules
Page: (C) (UP) Hide Currencies and Languages Info Boxes for Single Currencies and Languages
Page: (A) (UP) Hide Language Selection if Only One Language is Installed
Page: (C) (BUG) Fix Retrieval of Special Product Prices
Page: (A) (BUG) Fix HTML E-Mails
Page: (A) (BUG) Improve Saving of Module Parameters
Page: (AC) (UP) Add Pre-Populated List of Currencies
Page: (A) (SQL) (NEW) Introduce Security Directory Permissions Feature
Page: (AC) (SQL) (NEW) Introduce Action Recorder Feature
Page: (AC) (UP) Cleanup Language Definitions
Page: (AC) (NEW) Move Installation Checks to New Security Checks Modules
Page: (A) (UP) Introduce Windows Compatible is_writable() Function
Page: (A) (UP) Bypass HTTP Authentication for IIS Webservers
Page: (AC) (UP) Update PHP_SELF Value
Page: (A) (NEW) Introduce Easy Store Logo Uploader
Page: (AC) (SQL) (UP) Update Password Hashing to Phpass
Page: (C) (BUG) Fix Length Check of Customer Passwords
Page: (C) (BUG) Fix Notice When Products Without Attributes are Added to the Shopping Cart
Page: (C) (BUG) Verify Languages Currency Exists
Page: (C) (BUG) Allow Quoted Words to be Searched
Page: (SQL) (UP) Update Database Field Lengths
Page: (AC) (COMPAT) Fix Timezone Warning Messages for PHP v5.3
Page: (AC) (COMPAT) Use Perl-Compatible Regular Expressions for PHP v5.3
Page: (C) (SEC) Add Customer Session Token to Forms
Page: (C) (BUG) Validate Removal of Customer Address
Page: (AC) (BUG) Sanitize Parameters
Page: (A) (UP) Add Support for Basic HTTP Authentication
Page: (C) (UP) Generate a New Shopping Cart ID When Restoring Products
Page: (C) (BUG) Fix Navigation History Session Content
Page: (AC) (UP) Improve Validation of E-Mail Addresses
Page: (AC) (UP) Code Cleanup
Page: (A) (UP) Update Define Languages Page
Page: (C) (BUG) Verify Shopping Cart Product Attribute Combinations
Page: (AC) (UP) Remove PHP3 Compatibility Code
Page: (AC) (UP) Improve IP Address Detection
Page: (A) (BUG) Don't Show Empty Menu Entries
Page: (AC) (UP) Add htaccess Protection to the Images Directory
Page: (C) (UP) Optimize Tax Calculations
Page: (AC) (UP) Improve Force Cookie Usage in Sessions
Page: (A) (BUG) Fix Automatic Removal of Manufacturer Images
Page: (A) (UP) Add API Version Tag to Modules
Page: (C) (UP) Hide Currencies and Languages Info Boxes for Single Currencies and Languages
Page: (A) (UP) Hide Language Selection if Only One Language is Installed
Page: (C) (BUG) Fix Retrieval of Special Product Prices
Page: (A) (BUG) Fix HTML E-Mails
Page: (A) (BUG) Improve Saving of Module Parameters
Page: (AC) (UP) Add Pre-Populated List of Currencies
Page: (A) (SQL) (NEW) Introduce Security Directory Permissions Feature
Page: (AC) (SQL) (NEW) Introduce Action Recorder Feature
Page: (AC) (UP) Cleanup Language Definitions
Page: (AC) (NEW) Move Installation Checks to New Security Checks Modules
Page: (A) (UP) Introduce Windows Compatible is_writable() Function
Page: (A) (UP) Bypass HTTP Authentication for IIS Webservers
Page: (AC) (UP) Update PHP_SELF Value
Page: (A) (NEW) Introduce Easy Store Logo Uploader
Page: (AC) (SQL) (UP) Update Password Hashing to Phpass
Page: (C) (BUG) Fix Length Check of Customer Passwords
Page: (C) (BUG) Fix Notice When Products Without Attributes are Added to the Shopping Cart
Page: (C) (BUG) Verify Languages Currency Exists
Page: (C) (BUG) Allow Quoted Words to be Searched