Download uc_ajax_cart-6.x-2.1.tar.gztar.gz 26.67 KB
MD5: 62fbc546f4d6d2e4d6fa285f4d369232
SHA-1: ccb9794abab2bed914e7363a7a27c66e0b14f40c
SHA-256: 4d0dbd509a3759b2f966b776491066364d2673b3bfc672501fd754a8d392bb46
Download uc_ajax_cart-6.x-2.1.zipzip 31.93 KB
MD5: 57b583acd149b4385f3a1fca68fa5f61
SHA-1: 8aa4b5f8e1e887f5b1ab6d50372972456beb2d04
SHA-256: 53bffe5619a92399cd9cc8265b103a430ad1d3deb3ab49134b79272bda1c7268

Release info

Created by: stewart.adam
Created on: June 6, 2012 - 15:53
Last updated: June 13, 2012 - 21:31
Core compatibility: 6.x
Release type: Security update

Release notes

uc_ajax_cart 6.x-2.1 is a is a security update and bug fix release that is compatible with the most recent versions of Ubercart (6.x-2.7 and higher). See SA-CONTRIB-2012-102 - Ubercart AJAX Cart - Potential Disclosure of user Session ID

Security fixes:

  • Fixed information disclosure which included the user's PHP session ID in the JavaScript settings array on every page.

Important Changes:

  • Issue #1437798 by stewart.adam: remove (out of scope) stock hook.

Note that this change means that uc_ajax_cart will no longer check product stock levels, as this feature is out of scope for this module and did not function entirely correctly anyways. Users wishing to preserve this behaviour are recommended to install a module dedicated to product stock management such as uc_out_of_stock.

Bug fixes:

  • Issue #1317986 by tunic: Updating to Ubercart 6.x-2.7 breaks Ajax Cart
  • Issue #1532144 by hanoii: Support for other fields type for qty when removing items.
  • Issue #1421256 by neilnz: Changing quantity in AJAX cart page works only first time.
  • Issue #1038130 by jeffmace: Fix how we pass $form_id to drupal_execute().
  • Issue #1437820 by stewart.adam: use attachBehaviors after refreshing cart.
  • Issue #1455636 by stewart.adam: No discounts could cause a PHP error message
  • Issue #1494924: Call undefined function drupal_add_js: use hook_init.
  • Issue #1480322: Cannot redeclare uc_cart_exit
  • Issue #1209344 by rhmtts: UC Discounts Alt integration fix.
  • Issue #1209344: integration with UC Discounts Alt
  • Issue #1317986 by maximpodorov: no cache for AJAX cart URL ops.
  • Issue #1317986 by tunic: Clearing cache mechanism

New features:

  • Issue #1187312 by stewart.adam: Customizable cart messages, also make notification/messages settings clearer.

The uc_ajax_cart settings page now includes a section where users can customize the messages displayed to users as they add items to their cart. One or more messages can be entered and if more than one message is detected, then one will be randomly selected for display to the user from the pool of available messages for that operation (add, update or remove).

As well, this change incorporates a fix where the second popup (the one displaying the Drupal system messages) is only shown to the user if there are messages to display. Users with the cart update messages and cart links action messages disabled will no longer receive an empty popup message.


The selected release is the release that will be used for automated testing. Optional projects are only used for testing.



No optional projects