Release info

Created by: stewart.adam
Created on: June 6, 2012 - 15:53
Last updated: June 13, 2012 - 21:31
Core compatibility: 6.x
Release type: Security update

Release notes

uc_ajax_cart 6.x-2.1 is a is a security update and bug fix release that is compatible with the most recent versions of Ubercart (6.x-2.7 and higher). See SA-CONTRIB-2012-102 - Ubercart AJAX Cart - Potential Disclosure of user Session ID

Security fixes:

  • Fixed information disclosure which included the user's PHP session ID in the JavaScript settings array on every page.

Important Changes:

  • Issue #1437798 by stewart.adam: remove (out of scope) stock hook.

Note that this change means that uc_ajax_cart will no longer check product stock levels, as this feature is out of scope for this module and did not function entirely correctly anyways. Users wishing to preserve this behaviour are recommended to install a module dedicated to product stock management such as uc_out_of_stock.

Bug fixes:

  • Issue #1317986 by tunic: Updating to Ubercart 6.x-2.7 breaks Ajax Cart
  • Issue #1532144 by hanoii: Support for other fields type for qty when removing items.
  • Issue #1421256 by neilnz: Changing quantity in AJAX cart page works only first time.
  • Issue #1038130 by jeffmace: Fix how we pass $form_id to drupal_execute().
  • Issue #1437820 by stewart.adam: use attachBehaviors after refreshing cart.
  • Issue #1455636 by stewart.adam: No discounts could cause a PHP error message
  • Issue #1494924: Call undefined function drupal_add_js: use hook_init.
  • Issue #1480322: Cannot redeclare uc_cart_exit
  • Issue #1209344 by rhmtts: UC Discounts Alt integration fix.
  • Issue #1209344: integration with UC Discounts Alt
  • Issue #1317986 by maximpodorov: no cache for AJAX cart URL ops.
  • Issue #1317986 by tunic: Clearing cache mechanism

New features:

  • Issue #1187312 by stewart.adam: Customizable cart messages, also make notification/messages settings clearer.

The uc_ajax_cart settings page now includes a section where users can customize the messages displayed to users as they add items to their cart. One or more messages can be entered and if more than one message is detected, then one will be randomly selected for display to the user from the pool of available messages for that operation (add, update or remove).

As well, this change incorporates a fix where the second popup (the one displaying the Drupal system messages) is only shown to the user if there are messages to display. Users with the cart update messages and cart links action messages disabled will no longer receive an empty popup message.