CS-Cart 4.15.1 Changelog

New Features and Improvements

[+] Add-ons: Advanced products import: The ability to use archives with images was added.

[+] Add-ons: Advanced products import: The ability to download an example of an import preset was added.

[+] Add-ons: GDPR Compliance (EU): Request and fixation of consent to the individual cookie setting were added.

[+] Add-ons: Integration with Zapier was added.

[+] Add-ons: Import from Shopify: A new add-on for importing products from Shopify was added.

[+] Add-ons: Price per unit add-on, that allows you to show price per milliliter, gram, etc., as required by EU regulations, was added.

[+] Add-ons: Product Variations: The setting to make all variations in a group count as one product for quantity discount calculation was added.

[+] Add-ons: Product reviews: The ability to import and export product reviews in the admin panel was added.

[+] API: The ability to create products without passing the category was added.

[+] API: The ability to return product description on the product list was added.

[+] Design: The ability to load svg images for logos was added.

[+] Multi-Vendor: Add-ons: Vendor data premoderation: Products: Display of changed product fields was added.

[+] Multi-Vendor: Privileges: Privilege to merge vendors was added.

[+] Multi-Vendor Plus: Add-ons: Vendor Privileges: Privileges: Privilege for managing user groups with the “Vendor” type was added.

[+] Multi-Vendor Plus: Add-ons: Common Products for Vendors: Information about each vendor shipping was added to the product page.

[+] Multi-Vendor Ultimate: The ability to designate a storefront that is accessible to administrators was added.

[+] Multi-Vendor Ultimate: Add-ons: Warehouses: Products return to the warehouses they were taken from.

[+] Privileges: Privileges for managing user groups with the “Administrator” type and for using advanced HTML in the content were added.

Functionality Changes

[*] Add-ons: Suppliers: Add-on marked as deprecated.

[*] Add-ons: Access restrictions: IPv6 support was added.

[*] Add-ons: Product bundles: Layout for SEO requirements was optimized.

[*] Admin panel: Payment methods: The order of the fields was changed.

[*] Core: Minimal PHP version requirement bumped from 5.6.0 to 7.1.0, PHP 8.0 support was added.

[*] Core: The Smarty library was updated to version 4.1.0

[*] Phone mask: A new mask for Indonesia was added, and the list of phone masks was updated.

[*] Products: Features: Options: The button for more convenient variant addition when editing a feature or option appeared.

[*] Profile fields: Phone: Phone autofill was disabled for Safari browser because it was not working correctly.

[*] Storefronts: Currencies: The ability to change the default storefront currency was added.

Bug Fixes

[!] Add-ons: Access restrictions: IP address was not blocked when authorizing through a pop-up window. Fixed.

[!] Add-ons: Advanced products import: If there are several CDATA tags in one XML node, only the last tag was taken into account. Fixed.

[!] Add-ons: Advanced products import: It was impossible to upload some files for the import from the remote servers. Fixed.

[!] Add-ons: Advanced products import: The value of the “Images delimiter” field did not change when importing XML files. Fixed.

[!] Add-ons: Call requests: After clicking on the “Buy now with 1-click” button, the order was not created. Fixed.

[!] Add-ons: Hook handlers in add-ons using add-on schema v4 could be called incorrectly. Fixed.

[!] Add-ons: Landing pages from Tilda: Сontent of Tilda page might not be displayed on the storefront. Fixed.

[!] Add-ons: Maps and geolocation: Shipping cost could not be estimated for products with mandatory file type options. Fixed.

[!] Add-ons: Message center: Links in the first message of the dialog were displayed as text. Fixed.

[!] Add-ons: Product bundles: Bundle could be hidden because of insufficiency of product even if this product inventory was not tracked. Fixed.

[!] Add-ons: Product bundles: The description of the bundle was not saved if the field value was empty when saving. Fixed.

[!] Add-ons: Product Bundles: Bundle was displayed at storefront even after the end of accessibility period. Fixed.

[!] Add-ons: Product bundles: Discount could not be applied if product had zero price and mandatory pay options. Fixed.

[!] Add-ons: Product Variations: Out of stock variations could be hidden on the storefront when “Show all possible feature variants” setting was active. Fixed.

[!] Add-ons: Product Variations: Promotions: Variation product could not be discounted as promotion bonus in some cases. Fixed.

[!] Add-ons: Product Variations: Features: Product variations could be created based on a feature that is not available for the product category. Fixed.

[!] Add-ons: Product Variations: Options: Unavailable combinations of options were not applied to child variations. Fixed

[!] Add-ons: Product Variations: With numerous features, the variation list was overflowed. Fixed.

[!] Add-ons: RMA: Unauthorized customer could not see created return requests. Fixed.

[!] Add-ons: RetailCRM: Suppliers: Shipping methods were duplicated when syncing orders with products from suppliers. Fixed.

[!] Add-ons: Searchanise: “Identifier “view” is not defined” error occurred during checkout. Fixed.

[!] Add-ons: Searchanise: Relevance sorting was not applied on the results page when an empty query was entered in the Instant Search Widget. Fixed.

[!] Add-ons: SEO: Storefront: When storefront’s URL was specified with port, all SEO links on the storefront could not work. Fixed.

[!] Add-ons: SEO: The title on the category page was not updated when going to a new page. Fixed.

[!] Add-ons: Social buttons: Social buttons were sometimes not displayed on mobile devices. Fixed.

[!] Add-ons: Stores and pickup points: PHP notice appeared if the rate area for all countries was disabled. Fixed.

[!] Add-ons: Stripe payments: Sometimes when paying for Google or Apple Pay, money was debited and the order was not created. Fixed.

[!] Add-ons: Stripe payments: Stripe Connect payments: When entering an incorrect card number, the checkout page could freeze. Fixed.

[!] Add-ons: Wish List: The list of pending products on several devices was not synchronized when deleting products from the list. Fixed.

[!] Add-ons: Watermarks: Watermark could be applied to a logo if the image of the product and the logo had the same title. Fixed.

[!] Admin panel: If an administrator was logged in via the storefront, then when going to the admin panel through via the bottom toolbar, this administrator had to re-enter the username and password. Fixed.

[!] Admin panel: Bottom toolbar: There was an incorrect redirect to the storefront from the product list page and category update page. Fixed.

[!] Admin panel: Customers: Search: An error occurred when entering text data without numbers when searching by phone number. Fixed.

[!] API: Orders: When creating an order with a product with disabled options, the values of the options were included in the order. Fixed.

[!] Block manager: Due to an incorrect redirect_url in the blocks that were embedded in the page content, the remaining blocks were not updated. Fixed.

[!] Checkout: It was possible to place an order without paying for delivery. Fixed.

[!] Context menu: In the context menu, the percentage price calculation was incorrect. Fixed.

[!] Design: Languages: Language icons without a dropdown list were not displayed. Fixed.

[!] Design: Layouts: If the wrapper had a form, then block forms didn’t work. Fixed.

[!] Design: Layouts: Some blocks in layout sections could have wrong width. Fixed.

[!] Design: Mobile view: Product image gallery in the “The Big picture” template and preloader icon on the checkout page were not centered on the screen. Fixed.

[!] Design: Product Filters: The price slider in product filters was displayed incorrectly in RTL languages. Fixed.

[!] Design: RTL: Some icons may not display correctly. Fixed.

[!] Document Editor: The translation of the snippet name was not displayed in the documents. Fixed.

[!] Export/Import: The “Set quantity of all products to zero” option did not work. Fixed.

[!] Export/Import: In some cases import of Features could create duplicates of feature variants. Fixed

[!] File Editor: In CS-Cart most of the files were not available in the File editor. Fixed

[!] Hooks: The “orders:list_extra_links” hook was duplicated on the storefront list page. Fixed.

[!] Languages: Product features: Information about categories was displayed in the language selected for the admin panel. Fixed.

[!] Mobile application: Home screen was blank on startup. Fixed.

[!] Mobile application: The language variable was not updated after the upgrade. Fixed.

[!] Mobile application: Search worked in limited mode. Fixed.

[!] Mobile pplication: Add-ons: Product reviews: Admin comments were not displayed on the product page. Fixed.

[!] Multi-Vendor: Add-ons: Advanced products import: Vendor data premoderation: Existing product could be put on moderation as the new ones after import. Fixed.

[!] Multi-Vendor: Add-ons: Vendor data premoderation: Maps and geolocation: When previewing product on moderation, PHP error notices were displayed. Fixed.

[!] Multi-Vendor: Add-ons: Vendor data premodetation: Product after first disapproving could never be sent to moderation again if approval of product info updates wasn’t required. Fixed.

[!] Multi-Vendor: Add-ons: Vendor panel configurator: Menu items with language and currency selection did not work on mobile devices in the vendor panel menu. Fixed.

[!] Multi-Vendor: Add-ons: Vendor plans: Vendors could choose a plan that was not available to them. Fixed.

[!] Multi-Vendor: Add-ons: Vendor plans: Vendor created in the admin panel wasn’t assigned to the storefront. Fixed.

[!] Multi-Vendor: Add-ons: Vendor plans: In some cases, the text for the vendor plans was overflowing. Fixed.

[!] Multi-Vendor: Add-ons: Vendor-to-admin payments: The language in which the auto-comment was created was taken from the default language, instead of the language from the company settings. Fixed.

[!] Multi-Vendor: Add-ons: Searchanise: The sync request queue was not reset after pressing the “Force re-indexation” button. Fixed.

[!] Multi-Vendor: Add-ons: Stripe Connect payments: Sometimes when paying with a card with 3-D Secure enabled, money was debited and the order was not created. Fixed.

[!] Multi-Vendor: Add-ons: Stripe Connect payments: When 3-D Secure was enabled, the marketplace fee was calculated incorrectly. Fixed.

[!] Multi-Vendor: Design: Vendors: The width of the first column was incorrect on the vendor list page. Fixed.

[!] Multi-Vendor: Features: Vendors could see the “Save” button when viewing common features. Fixed.

[!] Multi-Vendor: Features: Vendors could see the “Remove” button for categories of common features. Fixed.

[!] Multi-Vendor: Vendors: Categories: An error could occur when a category ID that does not exist in the store was entered in the address bar. Fixed.

[!] Multi-Vendor: Vendors: If a vendor logged in via the storefront, then when going to the vendor panel via the “Admin panel” button in the account pop-up window, this vendor had to re-enter the username and password. Fixed.

[!] Multi-Vendor: Orders: The order could be considered paid before the payment process began. Fixed.

[!] Multi-Vendor: Promotions: Promotion with specified product in the condition could stop applying to cart after updating. Fixed.

[!] Multi-Vendor Plus: Add-ons: Common Products for Vendors: All product variations were added to the wish list instead of a single variation. Fixed.

[!] Multi-Vendor Plus: Add-ons: Common Products for Vendors: The product was incorrectly added to the cart with the “Track inventory” setting disabled and “Buy a default common product” enabled. Fixed.

[!] Multi-Vendor Plus: Add-ons: Common Products for Vendors: The “Add to cart” button in some cases didn’t work for best offer. Fixed.

[!] Multi-Vendor Plus: Add-ons: Common Products for Vendors: There could be errors on the storefront with disabled vendor offers. Fixed.

[!] Multi-Vendor Plus: Add-ons: Common Products for Vendors: Values of features for common product and vendor offers wasn’t shown in the vendor panel. Fixed.

[!] Multi-Vendor Plus: Add-ons: Common Products for Vendors: In the HTML code of the “And other offers” link, the attribute was not replaced by a value and remained in the product detail page code. Fixed.

[!] Multi-Vendor Plus: Add-ons: Common Products for Vendors: Offers of common products were available for choosing in manually product block although they were not displayed in this block on the storefront. Fixed.

[!] Multi-Vendor Plus: Add-ons: Common Products for Vendors: Bestsellers & On-Sale Products: Products were not displayed in the “Bestsellers” block and on the page with bestsellers. Fixed.

[!] Multi-Vendor Plus: Add-ons: Common products: Filters: Common products were hidden in the filter by vendor results. Fixed.

[!] Multi-Vendor Plus: Add-ons: Direct Customer-to-Vendor Payments: Vendor catalog promotion could be applied to other vendor’s products. Fixed.

[!] Multi-Vendor Ultimate: Add-ons: Order fulfillment by marketplace: Stores and pickup points: Stores could not be seen on the storefront. Fixed.

[!] Notifications: Emails: The logo was not clickable. Fixed.

[!] Orders: Order statuses: The invoice and credit notification numbers were not displayed on the order list page. Fixed.

[!] Payment methods: The database request was made incorrectly. Fixed.

[!] Products: Features: When saving a feature with variants, the redirect returned to the page of the current feature. Fixed.

[!] Products: Features: A variant of another feature was added to the product. Fixed.

[!] Products: Filters: Some filters created via the context menu in the list of features were not displayed on the storefront. Fixed.

[!] Products: Options: Notification of unsaved data was not displayed when adding options. Fixed.

[!] Products: Out of stock: When changing the “Out of stock” option the quantity of goods was reset to zero. Fixed.

[!] Products: The alert about unsaved changes was not displayed when reloading the page after creating a feature on the product editing page. Fixed.

[!] Profile fields: An error appeared when uploading files to the profile. Fixed.

[!] Profiles: Selecting the year of birth worked incorrectly on the profile editing page on the storefront. Fixed.

[!] Promotions: When creating a promotion with a condition on a product with the selected options, a PHP notice occurred. Fixed.

[!] Rate areas: The disabled regions remained available for setting rate areas. Fixed.

[!] RTL: Currencies: Displaying the amount after the currency did not work. Fixed.

[!] RTL: Notifications: E-mail: The phone number was displayed incorrectly. Fixed.

[!] Taxes: Tax exempt status didn’t affect taxes included into price. Fixed.

[!] Taxes: Tax amount was included into product subtotal and order shipping fixed cost when using unit price based tax calculation method. Fixed.

[!] Ultimate: Add-ons: Warehouses: Product Variations: Product amount was saved incorrectly for variation products. Fixed.

[!] Ultimate: Add-ons: Warehouses: Store or warehouses could not have more than 88 shipping destination areas. Fixed.

[!] Ultimate: Storefronts: In some cases, the storefront selection was displayed incorrectly. Fixed.

[!] Ultimate: Storefronts: Currencies: Languages: Storefront could be created without active currencies and languages. Fixed.

[!] Ultimate: Storefronts: With an extended search for storefronts, unnecessary pagination appeared. Fixed.

[!] User groups: Filters: Administrators with the “View only” privilege for filters could see the “Remove” button for filter categories. Fixed.

[!] Users: Add-ons: The storefront administrator could change the status of the add-on, delete and install the addon. Fixed.

[!] Users: Profiles: It was not possible to make the “State” field mandatory during checkout or profile update/registration. Fixed.

Service Packs

4.15.1.SP1

[!] Add-ons: PayPal payments: Taxes: If in the admin panel the tax calculation was set to the unit price and price didn’t include tax, then the order amount didn’t include tax while paying via PayPal. Fixed.

[!] Add-ons: Price per unit: It was impossible to export/import the “Unit name” field. Fixed.

[!] Multi-Vendor: Add-ons: PayPal Commerce Platform: Stripe Connect payments: A PHP error occurred on the order details page. Fixed.

[!] Order management: The product discount was applied every time the order was changed. Fixed.

[!] Products: Features: Administrator couldn’t add variants to an existing feature in a popup. Fixed.

4.15.1.SP2

[!] Export/Import: Product import could cause a database error. Fixed.

4.15.1.SP3

[!] Security: The vulnerability could allow anyone with access to the admin or vendor panel and the block editing privilege to gain unauthorized access to the server. Fixed.

Note

As a token of gratitude, we’d like to mention the partner who discovered this issue. The company is called ASAP Lab. They specialise in servers, performance, and security. Not only do they regularly check CS-Cart code for vulnerabilities, but they can also check your entire project, including server configuration, third-party add-ons, etc.

4.15.1.SP4

[!] The SP3 security fix was incompatible with third-party add-ons and themes. Fixed.