------------------------------------------------------------------------------

                  What's new in each version of Interchange

------------------------------------------------------------------------------

Interchange 4.8.4 not yet released.

Core
----

* Fixed cgi and value filters which were completely broken (Bug #380).
  Thanks to Jonathan Clark <jonc@webmaint.net> for reporting.

* Fixed bug in [if-item-param field eq string] which would now work due
  to improper field pointer type.

* Prevent converting exchange rates twice for shipping -- bug found
  and patch supplied by Frederic Steinfels <fredo@dvdupgrades.ch>.

* Fixed searches with op=em as single specification.

* row_hash returns undef now for memory databases too instead of 
  throwing an error if no row is found.

* Give better error message when a required catalog directive 
  is missing (Bug #337). Use main file (usually catalog.cfg) instead of 
  empty string or catalog_after.cfg (etc.) as example of where directive 
  should go. Thanks to Jeff Murphy (jcmurphy+rhic@jeffmurphy.org) 
  for reporting.

Usertags
--------

* Changed ups_query to only pass on 5-digit base ZIP code in U.S., 
  since UPS rejects ZIP+4. Thanks to Bill Carr <bill@worldwideimpact.com> 
  for pointing out this requirement in Business::UPS docs.

Admin UI
--------

* Fixed permission checks in several pages (thanks to Massimiliano Ciancio 
  <mciancio@tiscali.it> for investigating to audit the permission checks)
  and a typo in if-mm.

* Make link_template in layout.html editable (thanks to Mark Johnson
  for the patch)

* About links are working now in catalogs that are not based on foundation.

* Edit button which appears on flex_select page if database attribute
  LARGE is set works now as expected.

* Personal CSS removed from preferences. Neither worked nor maked much
  sense.

Payment
-------

* Improved documentation and added default URL in the Skipjack module.
  Thanks to Ron Phipps <rphipps@reliant-solutions.com> for this patch.

* Mispelled month name fixed in iTransact module which caused failure.
  Found by Cameron Prince.

Foundation
----------

* Make sure mv_successpage gets passed on from login page, so customers
  can go straight to an arbitrary members_only page instead of always 
  'customerservice' (Bug #392). Thanks to Ron Phipps 
  <rphipps@reliant-solutions.com> for reporting this problem.

* Removed trailing whitespace that caused browse page to contain
  Perl code garbage. Found by Salvador Caballe.

* Removed duplicates from category selection on the "Advanced Search"
  page.

* Added missing Database UPPERCASE 1 settings in the Oracle database
  configuration. Thanks to Jonathan Lee <jonalee740304@yahoo.com>
  for reporting this problem.

* Avoid Oracle constraint errors where empty string looks like NULL
  in country database.

Packaging
---------

* Username and password for UI superuser account is queried from
  the user by debconf for the interchange-cat-foundation Debian
  package.

* Directory /etc/interchange/usertag for locally used global usertags 
  add to the interchange Debian package.

* Fixed overly strict dependency of the libapache-mod-interchange
  Debian package on apache-common. Thanks to Matthew Wilcox 
  <willy@debian.org>).

* Added version to dependency of the interchange Debian package 
  on libsql-statement-perl, because newer versions cause Interchange 
  to fail in some cases.

* interchange-ui Debian package now suggests a HTTPS server.

I18N
----

* New usertag [parse_locale] to allow on-the-fly parsing of
  [L]...[/L] and alike in usertags and variables.

* improved Dutch translation (UI)

------------------------------------------------------------------------------

Interchange 4.8.3 released 2001-11-27.

Core and usertags
-----------------
* Some fairly major changes to limit exposure to the cross-site
  JavaScript vulnerabilities described in:

		http://www.cert.org/advisories/CA-2000-02.html

  The vulnerability is only serious if you have "CookieLogin Yes"
  in your catalog.cfg definition (as unfortunately was in foundation).

  It is recommended that you either set CookieLogin to No, or at least do

  		SaveExpire  8 hours

  - Notably, [cgi ...] and [value ...] will not display < characters
    unless you specifically enable it with the enable-html=1 option.

	Normally this should cause no problems. If your site breaks
	because of this update, you can temporarily re-enable this with:

		Promiscuous Yes

	in your catalog.cfg file.

* New filter restrict_html. Called with:

	[filter restrict_html.a.b.i.u.p.br]
			<SCRIPT> malicious('Gotcha!') </SCRIPT>
	[/filter]

  which prevents the <SCRIPT> from executing.

* Fixed crash of page servers in PreFork mode due to phantom
  database entries created by unwanted auto-vivification in
  $Vend::Cfg->{Database}. Much thanks to Chris Ochs who researched
  this problem which was plaguing a lot of people and wouldn't have
  been found without his fine help.

* Fixed Vend::Util::round_to_frac_digits() to work if frac_digits are
  zero. Thanks to Shozo Murahashi <murahashi@ayayu.com> who
  investigated and detailed this problem.

* Make mv_more_alpha work in query tags.

* Fixed get_option_hash in Util.pm, thanks to Javier Martin
  <martin@trymedia.com> who discovered and analyzed this bug
  (in his case any options for &charge are ignored).

* Fixed bug in database query methods which can hose query strings
  like "select ... where column like '%...%'".

* Issue an error message if a search can not be performed due
  to the NoSearch directive.

* Added hide option to usertags email and email_raw.

* Check for Digest::MD5 instead of MD5 in the usertag version and
  the RPM spec file.

* New option -D for localize script (Don't put default locale in output.),
  insert comments only if they are distinct from the key.

* Allow [dump] of portion of session, for example [dump scratch].

* New methods hash_query and get_slice added to the Table modules.

* In cases where tabs end up in database fields, prevent corruption of
  tab-delimited DB exports by filtering tabs to spaces.

* Added workaround for a bug in FreeBSD stock Perl build that sometimes
  caused a segmentation fault when starting the Interchange daemon. If
  you're upgrading from an earlier verson of Interchange, be sure to grab
  the appropriate setting in interchange.cfg. Search the icconfig doc for
  'MV_DOLLAR_ZERO' for more info.

* Fix oversight that kept [on-match] and [no-match] from working with
  [loop list=`...`].

* Close security hole by disabling Safe :base_io group by default.

* Log error message if order profile not found.

* Add "filter" order check type. It runs the value through a filter and
  checks that it is unchanged.

* Support Database xxx NO_ASCII_INDEX attribute.

* Prevent death when using row_hash in DBM types and non-existent key
  is hit.

Payment
-------
* Bank of America payment module added.
* Added $transtype fix in AuthorizeNet module. Thanks to Javier Martin.

Admin UI
--------
* Check for delete permissions before giving option and/or allowing delete
  of orders. Resolves bug #333. Thanks to Donal Harrington and Mark Johnson
  for pointing this out.

* Static page building uses the original catalog settings instead
  of the UI ones for images and URLs. Fixed two more bugs which
  render selection of "never build" and maximum number of pages useless.

* Spreadsheet save error fixed. Interchange prevents loading of spreadsheet
  values when the key is empty now. This has the side effect that
  autonumbering is not possible when adding records from the spreadsheet.

* New usertag diffmerge, improved usertag diff.

* Bump matchlimit for order report queries to 100000.

* Correct wizard help links. Thanks to John Beima for reporting.

* Prevent limitations on database show for superuser in list_databases
  usertag, found by Ed LaFrance.

I18N
----
* localization support added to UI usertag file_info.

* Hebrew locale from Chen Naor <chen@lilux.co.il> added.

* Japanese locale from Murahashi <murahashi@ayayu.com> and
  Hiroyuki Cozy Kojima <kojima@redhat.com> added.

* Brazilian Portuguese locale from Jack Tsai <jack@3light.com.br> added.

Documentation
-------------
* Add ic_howto_cvs by Dan Browning, ic_ecommerce by Ed LaFrance (based on
  rediscovered parts of the Minivend 4 docs), and the long-lost IC FAQ.


------------------------------------------------------------------------------


Interchange 4.8.2 released 2001-09-19.

Core and usertags
-----------------
* In ups_query tag, don't use defaults for country, always send. Fixes
  problem caused when UPS changed their behavior.

* Add ability to set beginning/ending years in date widget.

* localize now catches [msg] tags.

* compile_link: Check for build_dir = source_dir to prevent attempts by
  File::Copy to copy files on top of themselves; truncates the files.

* Fix bug that caused HTML entities to not be encoded if another filter was
  already chosen.

* UserDB: Add outboard_key_col option so that you can do lookups on an
  account_id or other information with outboard DBs.

* Add option to print ellipsis (...) after truncated [filter] results,
  like this:

  [filter 10]Howdy there good buddy[/filter] -> Howdy ther
  [filter 10.]Howdy there good buddy[/filter] -> Howdy ther...

  Wherever filters work, including PREFIX-filter, etc.

* Fix Util::change_url and Interpolate image rewriting for any full URL
  protocol specification (like javascript:), not just http: and https:.

* makecat
  - take sampleurl from command line if -F specified.
  - new option --catalogconf to make makecat fully usable on Debian
    installations

* Config.pm: Change root_dir parse routine so that it returns a scalar.
  Add root_dir_array parsing routine for TemplateDir.

* Strip Windows-style path components from uploaded images (in update_data).

Foundation
----------
* Fix some country and state database problems for Great Britain.

* Show correct 'log in' or 'log out' text for foundation users.

* makedirs: Don't try to chown or chgrp if no username was given
  (as is common when running as root, mode U, no group).

* Fix promo bug forcing thumbnail sizes to 80 pixels.

Admin
-----
* Support UI_LANG_DIRECTION variable: rtl (right to left, for Hebrew,
  Arabic, etc.) or ltr (left to right).

* Fix build_related.html so it works with DBM databases.

* icmenu: The "create new affiliate" had an exclude_on setting that
  should've been an include_on setting. The menu option now shows up in
  the correct place. Fix for bug #297.

* page_edit: Fix problem where image paths are substituted, reported
  by Cameron Prince and others.

* preferences.html fix: close input tag.

* Add support for no-cookies browsing to numerous UI forms.

* Add the Ultimate Image Widget (tm) suggested by Cameron Prince. Combines
  best aspects of imagehelper and imagedir widget. Activated by adding
  wildcard on end of outboard parameter in metadata, i.e. images/items/*
  instead of images/items.

* Primitive.pm: Add capability for specifying suffix in imagedir widget type.
  Specify one of:
  - Complete regex: \.(gif|jpe?g|png)
  - or list of extensions (case-sensitive): gif jpg png
  - or to ignore case on some: (?i)gif (?i)jpg JPEG png

* Fix disappearing submenus in UI_STD_HEAD. Thanks to Brian Kosick for
  noticing the problem.

* Stop admin menus from appearing right after a logout. Thanks to John
  Beima for pointing out the fix.

* Stop generating OPTION GROUP tags for Opera browser in UI Wizard.

* Resolve bug #319 by removing a page that was specific to the now-defunct
  sample computer data.

* Don't cut help topics after the default of 50 items (thanks to Ed LaFrance).

Packaging
---------
* Minor RPM dependency improvement for interchange-foundation-demo.

* Debian packaging improvements:
  - install README.debian into /usr/share/doc
  - useful descriptions for interchange-ui and interchange-cat-foundation
    added (closes: #109228, #109565)
  - foundation catalog was disabled if not reinstalled in postinst
  - change owner/group of the base directory for static HTML files
    to the Interchange owner/group
  - let makecat write into /etc/interchange/catalogs.cfg


------------------------------------------------------------------------------


Interchange 4.8.1 released 2001-08-13.

Foundation
----------
* Fix flypage typo preventing display of options.

* Fix stock-alert thumbnail display (based on image availability).

* Changed from and reply-to email address to __EMAIL_SERVICE__
  This brings it line with the name in the variable table.

* Fix to catalog.cfg that closes longstanding history-scan "expired" problem.

* Fix problem with PostgreSQL userdb table definition found by Brian Kosick
  <briank@nacs.net>.

* Add counties of Ireland to state.txt, correct two minor UK/EI mistakes.
  Thanks to Donal H. <donalh@online.ie> for submitting this update.

* Add DECREMENT_INVENTORY to the default variable.txt, fixing bug #292.

* Rename some images to get around long path problems when not using
  a reasonable tar program, e.g.:

  dist/foundation/templates/sampledata/tools/images/items/gift_certificate_large.gif

* Remove GNUisms from Foundation configuration scripts.

Admin UI
--------
* Allow setting UI_SECURE with environment variable MV_UISECURE.

* Set UI_HELP_URL to interchange.redhat.com by default, to enable access to
  most up-to-date online help in the UI.

* Add MV_DEMO_MODE variable and MVC_DEMOMODE makecat setting.

* Swedish UI locale (sv_SE) added by Tommi Labermo <tommi.labermo@surfnet.fi>.

* Many more i18n improvements from Stefan Hornburg.

* Do something reasonable if transactions or userdb is defined LARGE.

  - If LARGE and no search input comes to order page, bounce to
    flex_select with proper table selected and page title set to something
    reasonable.

  - If a query by example is put in, use order.html (transactions)
    or customer.html (userdb) to actually display the item.

* Fix longstanding admin/admin/error bug when you hit a non-existent
  transactions or userdb table.

* Allow manual setting of order number from UI.

* Make new dbconfig stuff show up if UI_DBCONFIG is set.

* Carry destination forward on failed login attempt at login.html.

* Disable useless meta link in the wizard.

* Define new action-click parameter to put an mv_click in
  where it will only be executed on Next --> {next_text}.

* Make Cancel really work on order number setting, using above strategy.

* Fix page footer include on wizard/do_launch.html.

* Add link to documentation after initial preview build....

* Update wizard_profiles to use did_products=required instead
  of old products=defined

* In the wizard, the admin user was being created in both the Admin
  database, and the Customer database. This left the admin user password
  in plaintext in the customer database. Now the admin is created in the
  admin db, and the customer in the customer db.

* Modify all pages to use ui_wizard_fields instead of the
  table=variable and fake keys.

* Slightly refine default tax location so it is only presented for US.

* Make "Detect Settings" dependent on MV_DEMO_MODE.

* Don't die if ImageMagick not there. Give error saying bad thumbs.

* Fix Primitive.pm reference integrity problem
  ($Vend::UI_Entry->{table_control_ref}).

* Make secret not mandatory for AuthorizeNet setup in Wizard.

* Add missing file pages/include/order_delete_archive preventing order
  deletion/archiving.

Tags
----
* In display tag, add option for cases where we don't want a translation
  (e.g. mv_metadata may be written in another language).

* In image-collate tag:

  - Always push sku/image/thumb data onto stack. Before, image files
    didn't get copied from the upload directory if an 'image' field was
    already properly set up and the 'Generate thumbnails' option was
    not chosen.

  - Add support for plain tar archives.

  - Copy correct thumb filename (rarely caused trouble since we usually
    use the same filename for both).

* return-to tag: When mv_data_table was in ui_return_to, would get
  transformed to the name of the table variable set to a blank value.
  This tromped on any field named the same as the table. Resolves bug #288.

* In table-editor, allow disabling meta on a per-form basis with no-meta=1
  parameter.

Core
----
* Fix problem where refresh or add of items would set cart back to "main".
  Now, once you set the cart to something besides main it should stick.

* Fix bug where -u or -i did not work because the Config.pm setting
  ignored the fact that the other option was defined. Resolves bug #286.

* Always set PriceDivide in operation if any Locale is set.

* Make PriceDivide work properly for shipping.

* Make documented "o PriceDivide = 1" work properly.

* Fix bug where if table was not imported prior to tag_perl tables call, it
  would be imported but the $Db{table} object would never be set. Resolves
  Bugzilla #289.

* Changes to support linkmode configuration in makecat.

* In Order.pm, put the real profile name into error log ('Unknown order
  check ...').

* In Util.pm: Fix bug where a merge hash would not properly set options
  if the base hash was a ref.

* Fix problems with AuthorizeNet module found by Pann McCuaig
  <pann@ourmanpann.com>.

  - changed zip reference to b_zip
  - Removed requirement for secret
  - added country and email to variables sent

Install/makecat
---------------
* Makefile.PL --nocpaninstall option added, needed to fix the longstanding
  Debian bug #93669.

* Overhaul permission setting when making catalogs as root. Now makes image
  files group writable (never needed before UI image upload), as well as
  making files the correct group depending on M/G/U permission modes.

* Add automatic determination of MVC_CATGROUP based on permission
  mode and supplied UIDs.

* Only offer setting of default linkmode if one is root.

Miscellaneous
-------------
* Added script for use in cronjobs, reset_order_number. Provides
  date-based order numbers for Interchange. From an idea posted to the
  interchange-users@ic.redhat.com mail list by Leon Harris <leon@quoll.com>.

* Added new component 'news' to eg directory. Enables the shop owner to
  easily add news items to the foundation catalog. By Ton Verhagen.

Packaging
---------
* Much reworking of Debian packages. Stefan no longer considers them to be
  experimental status.

* Update RPM documentation to cover interchange-foundation-demo and
  interchange-doc, and some other missing things.


------------------------------------------------------------------------------


Interchange 4.8.0 released 2001-07-27.

* Minor bugfixes.


------------------------------------------------------------------------------


Interchange 4.7.7 released 2001-07-26.

Admin UI
--------
* Change payment wizard to do a better job. Only alters one global parameter,
  MV_PAYMENT_MODE, to set up the route. The rest are done via Route.

  - Change payment stuff to use Payment routes.
  - Change CyberCash config to have them upload their merchant_conf.
  - Add some parameters to Skipjack and Signio.
  - Rename parameters to be gateway-specific.
  - Set up to use new ui_wizard_fields= and wizard support, reducing page
    complexity.

* More admin translations.

* Update admin order entry page to use [item-options]. Delete reference to
  old "related" field in products. Remove [item-accessories size] and color.

* Prevent double-escaping of [ characters in item.html.

* page_new.html: Prevent path name in template name from polluting
  template file spec. Prevent lack of current content from aborting page
  edit. Make "New Page" honor UI_TEMPLATE_DIR.

* ship_data.html: Read shipmode from either CGI or Values, which allows us
  to bounce to the ship_data page and retain the mode.

* table-editor:

  - Remove improperly-set default for widget type disabling metadata from
    the mv_metadata table.

  - Wizard mode no longer requires a table, it creates a transitory
    database object "mv_null" and uses that.

  - In wizard mode, you don't need to have a key field, and you can
    specify "ui_wizard_fields" instead of having to supply both
    ui_data_fields and ui_display_only.

  - Wizard no longer displays a Back button if no "mv_prevpage" is defined.

  - View now can be "none" to override table display info in mv_metadata.

  - Add start of some docs.

Foundation
----------
* Add "Require module DBI" to foundation catalog configuration to further
  isolate errors with SQL problems.

* Make address and fname field lengths match between userdb and transactions.

* On Stock-alert page, only display a thumbnail if it exists.

* Fixed bug #275, found by Barry Flanagan. Up-sell question was mislabeled
  as "cross-sell".

* Change results.html button style to text type for Macs, which can't handle
  onClick with type=image. Resolves Bugzilla #268.

Core
----
* Remove CyberCash directive, but warn so old catalogs don't fail startup.
  Never use CyberCash directive or never-implemented mv_payment_mode
  for charges.

* Clean up some discount pricing routines.

* Encode HTML entities for accessories <textarea>s. (Keeps <img src="...">
  from being processed for the current image directory in UI page or
  template editing areas.)

* Move cart copy to before inline_profile is run.

* Put a structure in sesssion with the payment_id for each route, so that
  split charges can be tracked.

* Fix problem with payment_mode being run in check_only mode.

* Change Order.pm so that it handles failed routes properly, even subroutes.

* Get gateway from either Route or MV_PAYMENT_GATEWAY if not defined and
  there is no gateway.

* Unique check allows passing a custom message like "Username already
  exists" instead of the default somewhat cryptic message.

* Document --sharedir and --shareurl in makecat POD.

* Fix --DEBUG startup option docs, resolving Bugzilla #158.

Packaging
---------
* Several Debian packaging improvements.


------------------------------------------------------------------------------


Interchange 4.7.6 released 2001-07-18.

Core
----
* Instituted VAT and extended taxing, including UI support.

  If the SalesTax directive is set to "multi", the type of tax is read from:

  [data table=country col=tax key="[value country]"].

  NOTE: Most everything is configurable for variable name and
        field name via Variable MV_*, but defaults are shown below.

  1. If no string is found, tax returns 0.

  2. If string "simple:(\w+)" is found, uses fly_tax() as with
     recent standard demos.

  3. If string "state" is found, does a re-lookup with

        select tax from state where country = country and state = state

     and value is applied below.

  4. If just digits are found, rate applied directly -- i.e. "0.05"

  5. If N.NN% is found, applied as percentage.

  6. If category = N.NN%, default = N.NN% is found, the tax_category
     field in the products database is used to determine tax basis.
     If no tax_category, "default" rate is used.

  This product data

    sku      price     tax_category
    os28003  10.00     tools
    os28004  20.00     food

  with this country and state data:

    code     name     tax
    US       U.S.A.   state
    JP       Japan    tools=10%, default=15%

    code   country   state   name      tax
    0001   US        IL      Illinois  6.5%
    0002   US        OH      Ohio      default = 5.5%, food = 1%
    0003   US        AZ      Arizona

  Will yield tax for one each of os28003 and os28004 of:

    Japan   $4.00
    US/IL   $1.95
    US/OH   $0.75
    US/AZ   $0.00

* Add PRELOAD_EMPTY_ONLY option for preloading files once at the beginning
  of time, which is what we really want for icmenu.txt and ichelp.txt.

* tlink.c: Implement patch from Tamas to make tlink.c compile with no
  complaint on all compilers. Resolves bugzilla #22.

* Add INDEX capability for SQL databases -- uses CREATE INDEX template.

* Change INDEX Database parameter to array type, adjusting routines
  in Vend::Table::Common to handle for ASCII indexing.

* Add report=1 option to [item-options ...] tag. This returns a comma-
  separated list of options, i.e.:

	blade: Steel, knob: Ebony

  Separator and joiner are ": " and ", " by default, but can be changed
  with [item-options report=1 joiner=";" separator="="] or somesuch.

* Add pragma safe_data, with same function as safe_data option available on
  some tags.

* Parse [pragma] tags on flypages before interpolating fly-list.

* Change fly-page and fly-list so variables don't get parsed twice, but
  still get parsed before flypage substitutions. Add opt variable to call
  for control; could be used in future for other purposes.

* Fix [fly-list] tag so that the options work; previously they never
  would have.

* Add pragma dynamic_variables_file_only to avoid opening databases
  when GDBM -- if needed.

* Order single-widget matrix options by o_sort, as suggested by Ton V.

* Fix new defined check type to actually work -- checks to see if
  $Values->{$var} is defined.

* Set default lock type to 'fcntl' for HP/UX, possibly resolving bug #267.

* Make UPDATE and INSERT work properly with DBM.

* Make mv_successpage set in a form work right when a profile check succeeds.

* Added first general-purpose functionality to [image] tag:

  Given sku os29000 in the Foundation demo, and assuming the products
  database specifies os29000.gif in the image field for os29000,
  the tag [image os29000] returns HTML code something like this:

  	<img src="/foundation/images/os29000.gif" width=120 height=150
  	alt="3' Step Ladder" title="3' Step Ladder">

  If file os29000.gif hadn't existed, or the products database image
  field were empty, the tag would check for files called "(sku).jpg",
  "(sku).gif", etc. and use the first one it found.

  Full documentation is in POD format in the usertag itself.

* Require catalog IDs be of pattern ^[-\w]+$, which makes sure that
  expireall and other utilities will find all catalogs. This was
  documented but not enforced by makecat. Resolves Bugzilla #209.

Admin UI
--------
* Add da_DK (Danish) locale by Kim Lauritz Christensen <kim@hambrosalle.dk>.

* Add nl_NL (Dutch) locale by Ton Verhagen.

* Allow localization of month names, and other localization tune-ups.

* Allow Variable in imagehelper directory and path

* Fix Knar editor entry so returns to flex_select?mv_data_table=variable
  with appropriate page title.

* The affiliates submenu ("create new affiliates") in the UI, was set to
  exclude_on:affiliates, instead of depend_on:affiliates.

* Error message from flex_select added.

* Fix double-escaping of left brackets in flex_editor.

* Fix save profile so that it uses $Values (and automatically picks
  up new additions).

* Fix entry order problem found by Bob Jordan.

* Hide more customer delete buttons if user doesn't have permission, and
  prevent surreptitious passing in of delete command.

* Fixed problem where we leave secure mode at various places.

* Changed the font sizes on the Admin UI admin menu so that the different
  section names matched in size to their description.

* UI_STD_HEAD and UI_STD_INIT cleaned up.

* Display country in order view if not the same as SHIP_DEFAULT_COUNTRY.
  Resolves Bugzilla #212.

* ByAffiliate.html report: Add the bd (mv_base_directory) attribute to the
  search for non-absolute TrackFile values.

* Add warning if Spreadsheet::*Excel modules not installed, as that will
  cause a fatal error attempting to import XLS spreadsheets. Resoves
  Bugzilla #239 -- thanks to Tal Hart for reporting.

* Several item options patches by Mark Johnson:
  - Fix wholesale price overwriting regular price in variant edit.
  - Stop including "none, " in description of an empty option.
  - pages/include/item_option_simple:
    * Added separate 'opt_label_*' form var
    * Added js to set label to name (and reset to previous value)
    * Replaced '[sql-*]' with q{[sql-*]} for strings
    * Added sql/entities filter where appropriate

* Change setting of sku in table-editor to override as opposed to "default",
  preventing previous setting of "sku" to cause corruption of display.

* Wizard: Make "images" piece run after everything else, so that products
  uploaded will be in database. Other miscellaneous changes to the wizard.

* New usertags: [cp], [image-collate].

* Prevent Interchange tags in database fields from being parsed when
  displaying with [table-editor] tag.

Foundation
----------
* Fix Foundation indexing for PostgreSQL.

* Minor database table changes to support VAT and new multi taxing.
  - Add tax_category field to products.txt (including sampledata/tools)
  - Add tax field to country database
  - Set default type in pgsql/country.pgsql to varchar(255)
  - Set default type in oracle/country.ora to varchar2(128)

* Use new [item-options report=1] in mailed reports and log_transaction.

* Use [scratch mv_autocreate] to supply mv_username/mv_password for order
  status link, similar to what we do for anonymous downloadable products.
  Resolves Bugzilla #226.

* Added sale_price and image_large to the batch product upload template.xls.

* Changed the mv_nextpage from customerservice.html to @@MV_PAGE@@. If you
  selected a new country or shipping method for yourself, it'd kick you back
  to the customer service page and that was kind of annoying.

* Changed the "Buy it Now!" text button on the flypage to a graphic button.

* Fixed the Checkout page to use [button] tags for the bottom Place Order
  and Recalculate image buttons.

* Added some default admin Groups to the access database -- Content Manager,
  Merchandiser, Sales/Orders.

* Fix modular_create view so that o_master is tied to the SKU of what we are
  creating.

* Adjust default widgets in metadata for modular_create view.

* Fix typo in SAMPLEHTML setting.

* Rename fullwidth template to noleft to match region.

* Make label for retrieving address be the nickname, not the city, as
  suggested by barryf-newprod@online.ie.

* Fix promo component to use [table-organize] for settable number of columns.
  Resolves Bugzilla #240.

* Add tax_category field to products database for tools type.

* Remove banner database that is not used and is just cluttering things up.

* Fix installsample so that it tolerates no images/ directory in sample
  data set.

* Do downloadable product authorization during log_transaction so that
  auto-created users are handled.

* Change deliver action so that auto-created users can log in and download.

* Remove EncryptProgram directive, no longer needed (found globally
  and by default).

* Add EncryptKey directive -- PGP now works out of the box with the wizard.

* Change catalog.cfg to use PGP_KEY instead of GPG_KEY Variable for pgp_key
  in routes.

* Add PGP_KEY to Preferences, and put it and ENCRYPTOR in "Encryption" area.

Packaging
---------
* Debian packages can produce a demo.
* Minor Foundation hostname problem in RPM install fixed.


------------------------------------------------------------------------------


Interchange 4.7.5 released 2001-07-03.

Core
----
* Allow GlobalSub session autoloads.

* Introduce use of AutoVariable for global.

* Overhaul encryption just a bit. We now recognize natively three
  encryption programs, gpg, pgp, and pgpe. Each has argument strings
  automatically generated, and the catalog.cfg directive EncryptKey
  is used by default for encryption. If you pass a directive value
  which is only (/usr/local/bin/)?gpg, it uses these default argument
  values. The defaults:

    gpg      gpg --batch --always-trust -e -a -t -r '%s'
    pgp      pgp -fat - '%s'
    pgpe     pgpe -fat -r '%s'

  These have all been tested with the exception of pgpe, but that
  should be good.

* Route encrypt_program value may not be overridden by expansion from
  variables or by extended. This is for security -- otherwise a change
  in route or variable could allow an arbitrary program to be run.

* Add refinement to bar_link and the area.txt databases where you
  can specify the sort field (or other additional parameters) by entering
  in "search" column. Will make top-category stuff ordered in category
  order instead of random based on prod_group.

* Remove explicit setting of order routes in ValuesDefault, use
  the "cascade" setting of the master route instead.

* Refuse access for empty passwords or "anything" passwords (empty in DB).

* Make username and password minimum lengths customizable (defaults 2, 4).

* When creating UserDB object, use Vend::username instead of session
  username for better security.

* Allow AdminUser superuser access to all catalogs; no access DB required.

* Log attempts by anyone other than superusers to change another user's
  password (e.g. by munging form variable mv_username).

* Make reconfig tags reference RunDir vice ConfDir, resolving bug #207.

* Fix configuration parsing for simple 'Locale xx_XX' directives (for
  pulling locale info from system).

* Enable use of Net::SMTP for systems without sendmail. All are
  likely to have it, as Bundle::libnet is part of Bundle::Interchange.

* Change the Vend::Config::parse_executable check to allow use of a Perl
  module as an option, doing a require for it.

* Change sql_statement error handling to always die upon parse
  error. This will allow the calling routines to trap errors better.

* Order single-widget matrix options by o_sort, as suggested by Ton Verhagen.

* Add matrix option widget and handling so that you can select the
  variants based on individual widgets instead of one. Uses the
  methodology of taking multiple settins of mv_skuN, where N is the cart
  line. Each is joined with a - character, and
  $::Variable->{MV_VARIANT_FILLER}|| 0 is inserted if it is blank.

* Method to tell if the individual widget method is used is to have both
  o_matrix and o_modular set. This is less than ideal, and a better method
  is needed. Will not document this until the method is set.

* Change handling of option updates so that if an illegal variant
  is selected from the database the code and mv_ib refuse to change.

* Fix problem with quoting wrong entity setup in textarea.

* Change add_items() quantity handling to strip letters and fractionals
  (unless FractionalItems).

* Change default order routes so that it comes from $Values instead of
  $CGI. This allows the FormIgnore to block form-entered order routes.

* Change route code so that an empty route will never be emailed.

* change_url function needed with resolve_links() had bug in adding
  arguments. Discovered by Taylor Mitchell and Erik Wichern.

(User)Tags
----------
* Add random saying component and usertag [fortune], based on
  /usr/games/fortune.

* Make [reconfigure] tag use RunDir instead of ConfDir.

* Add run=1 option to file-info tag.

* Return nothing from tag [table-organize] if there are not <td> elements.

* Add [if pragma ...] conditional.

* Add [if global VARIABLE] for testing on globals.

* Added new core [msg] tag for doing parse-time locale substitutions.

* Change the [mail] routine in Vend::Interpolate to use
  Vend::Util::send_mail so that it can use Net::SMTP.

* Fix [options] so that SKU on multiple-widget will always be
  set even if not previously.

* Fix [record ...] tag to work with all DB types.

* Fix [catch] tag so that you can put ITL inside the error evals;
  all errors are now delimited by [/pattern/] [/(?pattern/)?]

* Add new [warnings] tag to eliminate the problem with overwriting
  and fragmentation of [data session failure], [data session error], [data
  session ui_failure], [data session ui_error], etc. Will add separate
  namespaces in next iteration so that we can use different ones for UI.

* Add ranges option to [loop list="A..Z" ranges=1] to allow alpha-numeric
  lists. Limit number of produced options to
  $Vend::Cfg->{Limit}{option_list}.

* Add auto=1 option to [timed-build ...]. Makes an MD5 digest of the
  contained text, then auto-builds using that go generate a filename.
  Demonstrated in latest templates/components/category_vertical.

Admin UI
--------
* Multi-locale UI (selectable at login time) improved.

* New admin context-sensitive help topics added.

* Fixed images/products combined upload problem (Bugzilla #251).

* Add re-routing map capability to wizard maps so that the
  same pages can be used when only the mv_nextpage/mv_prevpage
  stuff changes. We set up the map in pages/include/wizard_profiles.

* Go to password change page after new user is created, so admins won't
  forget to set a password for new users.

* Build categories even if sampleproducts not selected, give
  chance to turn off on preview page.

* Change so that the save will set the pref_group on the
  Variable, which allows it to be later edited logically under
  Administration->Preferences.

* Fix uploadhelper mv_click so that preceding path will be stripped.

* Refine guess_info to work with either standard wizard or CommerceLauncher.

* Change shipping wizard a bit to allow the user to select their default
  country and shipmode in all cases.

* Add ability to pass form params in via the checklist menus.

* Sort item options when producing matrix options, so new matrix
  separate mode will work.

* Fix target page for login errors.

* Rework password changing in admin UI to always use UserDB functions
  instead of directly writing to database.

Foundation catalog
------------------
* Break out different order methods in different checkout profiles.
  Eliminate the fax_order variable. Retain old checkout_profile for
  compatibility.

* Move default category_vertical component to second instead of
  third slot to prevent duplicate category lists on some of the
  default foundation pages.

* Finished the advanced search (searching by category now works, as well
  as searching by item field).

* Move default category_vertical component to second instead of
  third slot to prevent duplicate category lists on some of the default
  foundation pages.

* Add timed-build capability to category_vertical.

* Fixed merch components so that if an image doesn't exist, it will not
  display a broken one.

* Change item_option.html to use [record ...] tag instead of separate
  [data ...]. Add Matrix options with separate IDs, still need JS logic
  to insert -0- on empty option.

* Fix item_options in matrix form, removing silly overload of o_modular
  bit. o_matrix now can have two values, 1 (one widget) and 2 (separate
  widgets). The item-option tag can override the separate/single display type
  with a display-type=separate or display-type=one (default) option.

* Add o_enable to variant creation form, which enables the option for
  display.

* Default table/area/category to some reasonable defaults.

* Trailing blanks were causing problems in admin/order.html when displaying
  archived/pending orders. Made all definitions consistent at char(1).

* Fix "nullsellect" typo in mv_metadata.

Various
-------
* Added file UPGRADING, rudimentary help on updating Interchange, to
  complement icupgrade(8) docs.

* Support running Interchange under Cygwin for testing purposes.

* Fixed the small search box components - substring matching was not working,
  only whole word matching.

* Add companion page to qb_getord.pl (get_orders.html), which allows
  you to download orders and move the file to a new location so that
  future orders will start a new file.

* Add widget key selector for GnuPG keys.

* Added flat-file table editor utility (eg/te).

* Removing eg/make_gnumeric.sh tool, since Gnumeric dropped support for
  the flat-file table format.

* Silly workaround to make Perl 5.6.1 compatible with File::Copy under Safe.

* Fix host and port changes in makecat.PL when selecting INET mode.

* Place STDIN in binmode so tlink.pl will work with Cygwin/Apache.

* Added mv_session_id hidden form value in a few places it was missing to make
  cookie-free browsing work everywhere.

* Fix the intro script so it will build even if not run from Makefile.PL,
  given an Interchange Root. This will allow a "update_cvs_limited" script
  that updates bin / lib / selected_other_files.

* Minor HTML and CSS fixes.

* Removed unused images.


------------------------------------------------------------------------------


Interchange 4.7.4 released 2001-06-16.

Core
----
* Fix bug #220, Interchange server crashing in Server.pm. Caused by
  inappropriate "next" upon select timeout after MaxServer > Num_servers
  condition.

* Change default of [catch] to NOT interpolate. Impossible to conditionally
  execute code if that is the case.

* Fix [catch] to work with only the proper body, not with both THEN and ELSE.

* Add maxsize parameter to file write in tag_value_extended, fulfilling
  enhancement request #99 in Bugzilla.

* Add a filter for decode_entities, and make encode_entities an alias to
  entities.

* Add ability to restrict tag execution in a region. If a restricted tag is
  encountered, it is simply output. Based on an idea from Jon Jensen.

  [restrict policy=deny*|accept enable="tag1 tag2" disable="tag1 tag2"]
      restricted area
  [/restrict]

  options:
  policy   "allow" or "deny". Default is deny.
  enable   space or comma-separated list of tag names, including
           UserTag names.
  disable  space or comma-separated list of tag names, including
           UserTag names.

  For instance, this:

  [restrict enable=page]
      [area something]
      [page aboutus]A link[/page]
  [/restrict]

  will output something like:

      [area something]
      <a href="http://sam.heins.net/cgi-bin/mfound/aboutus.html">A link</a>

  Defaults are important:

  interpolate=0
  reparse=0

  It would defeat the purpose to set interpolate or reparse, but it can be
  done.

* Allow parameters for comment tag -- not parsed, but at least tolerated.

* Fix some Interpolate.pm bugs in option display to allow overriding for
  simple options too, and to select the widget type for matrix options.

* Add get=1 to setlocale tag. That is sort of counter-intuitive, so I added
  a [getlocale] alias for [setlocale get=1].

* Fix makecat instructions on how to set ShareURL if using ~yourname/
  style paths, and allow ShareURL to be empty if passed from command line.

Admin UI
--------
* Added German UI images and other text translations.

* Automatically symlink to default en_US UI images for missing images in
  other locales.

* Fix problem with IMAGE_DIR variable being inadvertantly changed for store-
  front by UI. (Thanks to John Beima for finding this.)

* Fix area and cat reordering problem in layout.html of admin with a patch
  from Mark Johnson. Fixes bug #180.

* Finished help pages for the Wizard.

* Make UI_SECURE behave so that global policy can be enforced --
  i.e. if @@UI_SECURE@@ = 1 then the setting of __UI_SECURE__ does not matter.
  @@UI_SECURE@@ isn't set in the foundation demo, so this doesn't affect
  current defaults.

* Move @@UI_STD_HEAD@@ before item bounce checks, so that when the bounce
  occurs it will go to the right URL. Because we now use [table-editor],
  the positioning is no longer necessary. Should fix Bugzilla bug #217,
  though that was marked invalid because we don't support different
  SSL/non-SSL domains.

* Fixed missing mv_session_id variables in admin UI form posts, causing
  problems when cookies were not used.

* Add database-table based backup capability. Depends on a table "backup"
  being available. Looked at CVS, but the repository creation/management
  issues are too daunting at this point. Since it is likely that an entire
  catalog would want to be in CVS, this partial solution seems wiser.

* More improvements to page editor:

  - Policy for editing individual components/page/template can be set in
    template as well as globally. Soon we will have per-page and per-user
    control.

  - A PREAMBLE and POSTAMBLE area is defined, so that code can be run before/
    after template regions without being restricted to what you can do with
    the page settings.

  - preamble and postamble are editable on a per-template basis.

  - Preview works on latest version of Mozilla, Netscape 4, and MSIE 5.

* Usertag changes:

  - Update read_ui_page to support latest page edit.

  - Add diff tag in support of new backup capability.

* New, improved admin UI graphics make you healthy, wealthy, and wise.

* Minor [table-editor] fix affecting special Wizard profiles.

Foundation
----------
* Add supplant=1 to master route. Left in "main" so that it would be
  compatible with old checkout forms, shouldn't cause any harm.

* Turn off transactions by default in catalog.cfg -- not needed or wanted for
  MySQL and DBM, two most common dbs. Since we have had virtually zero
  complaint about transaction atomicity in general, it makes sense to disable
  this. If someone wants transactions, they merely need to enable the
  TRANSACTION_TABLES variable.

* Add currency_locale field to transactions, resolving Bugzilla enhancement
  request #128. This is valuable because if there is an exchange rate
  situation, it needs to be known at time of purchase.

* Include options in the emailed receipt and report.

* Fix product description display in receipt.html.

* Add example for configurable spec sheets for products. Can be extended to
  track lists for albums, etc.

* Fix template settings for some lesser-used pages.

* Fixed a small typo in the 'cross' component. width_percent was set to 100,
  instead of 100%, causing an occasional cross item to look very skinny.

Other
-----
* RPM specfile reworked to build 3 RPMs: core, foundation skeleton, foundation
  live demo. Foundation demo made friendly for relocation by RPM build.

* Various cleanups: removal of unneeded variables, files, etc.


------------------------------------------------------------------------------


Interchange 4.7.3 released 2001-06-12.

Core
----
* Add Skipjack and iTransact to list of gateways supported.

* Item options improvements and bugfixes.

  - Fix a bug that ignores name= in the display tag when using option_format,
    date, imagehelper, or uploadhelper types.

  - Fix a bug that prevented changing your selection once you had selected one
    (code was only updated if mv_sku was not already set).

* Increase limit of possible keys returned for lookup in DBM.

* Full pedantic HTML 4 compliance. (Ability to change URL data separator.)

* Allow attaching a version number to usertags, for later use in Require and
  Suggest directives.

* Fixed bug that caused Interchange to silently fail to start if -q(uiet)
  option was given on command line and a Suggest or Require directive was
  used in one of the config files.

* Improvements to [catch] and [try] tag pair.

  - Added 'clean' option to [try] tag, which suppresses output in case of
    error. The default tag output behavior is unchanged.

  - Modified original behavior of

    [catch]
       [error message]
          catch block
       [/error message]
    [/catch]

    The original code requires an exact match, including the newline
    and line numbers from the Interchange core (i.e., it includes the

       " at (eval line nnn)...\n"

    message). The new code strips the 'at (eval ...' to leave an
    approximation of the original $@. Added 'exact' option to invoke
    original behavior.

  - Fixed [try] tag to watch $Session->{try}{$label} instead of $@ after
    the eval because $@ as originally written does not trap most errors
    (which occurred in earlier eval in the Interchange core).

  - [catch] interpolates by default.

* Fix bug where filter was not set to passed {name} parameter, always set to
  $column (which may not exist in non-DB widget).

* New [image] usertag, for getting the image directory (regular or secure),
  and eventually doing other handy things like getting pixel sizes, checking
  for image existence, etc.

* Updated button usertag to provide alternatives to the image input when
  using a JavaScript-challenged browser.

* Make [var ...] usertag honor dynamic variables.

* Fix a bug in the options tag that passed the wrong argument to
  tag_accessories (weight instead of o_widget, oops).  Also allow
  [item-options] to take a type argument, which is passed through so that
  you can override the type should you need to.

* Allow '*' suffix default mechanism to work for text-display accessories
  like it does for select widgets. Fixes weird display bug in
  admin/customer_view.html that caused an input textbox with '0' to appear
  instead of the text 'Credit Card'.

* With help of Dave Jenkins, isolated the problem that caused problems
  entering non-ISO-8859 data in table editor. Now should work properly for
  all locales.

* Make control-set tags tolerate - as well as _ in component attributes.

* Four new options to the [perl] tag that make it a bit easier to work
  with when debugging:

  number_errors
  Add line numbers to the source code displayed in the error.log, amazingly
  useful if some of the perl is being generated elsewhere and interpolated.

  eval_label
  Set to a string, will replace the (eval ###) in the error message with
  this label, handy to quickly track down bugs when you have more than
  one perl block in the page, especially if you are using short_errors.

  short_errors
  If set to a true value, syntax errors and the like in [perl] tags will
  log just the error, not the whole source code of the block in question,
  handy when you have the code open in an editor anyway and don't want
  the error itself to get scrolled away when running 'tail -f error.log'.

  trim_errors
  Seemed to be the logical extension of short_errors, if set to a number,
  and the error produced includes a line number, then only that number
  of lines before and after the broken line itself will be displayed,
  instead of the whole block.

* Issue error message if filter is missing.

* Add zerofix option to [time]. Strips leading zeroes from numbers just
  like in [convert-date] usertag.

* Make embedded Perl values equal per-route values.

* Place $Tags_added in Vend:: package so it will be reset upon entry to
  a page/catalog. This should make it thread-safe. Symptom was catalog
  UserTag not being added at times.

* Fix a problem detecting if SQL::Statement is available.

* Fix bug introduced with new sf=:field1:field2 search syntax. Old method
  of sf=:3:4 was broken by new fieldname hash.

* Fix bad username error message found by Ed LaFrance.

* Get rid of language-dependent error message scan.

* Vend::Util::set_lock_type() allows setting global lock type at runtime.

* Fix a bug that suppressed error messages that Vend::Scan::sql_statement
  returned using 'die'.

* Better error trapping on DB calls.

Admin back-end
--------------
* Page editor and template system rewritten.

  - Retains the global settings for the page, things like page_title,
    members_only, etc.

  - Depends on ui_template_version being set in the template as to
    whether new editor is used, if not set defaults to the old type.

  - Add types to components, so we can determine which are to be presented for
    selection.

  - Page preview improvements.

  - Allow control of which elements of a page get edited.
    By setting the variable UI_CONTENT_EDIT to contain a string with tags, you
    can disable/enable certain aspects of page edit:

      template    Allows changing the page template
      page        Allows changing page-wide settings (i.e. scratch)
      components  Allows changing page components
      content     Allows editing page content

* Components overhauled.
  - Add best and cross components that work both horizontally and vertically.
  - Removed old 4.6 components.

* Lots of internationalization work.

* Wizard improvements, including guessing of info.

* Admin images overhaul:
  - Global admin images moved from /akopia/ui to /interchange/$LOCALE.
  - Can now have images directory for each locale (for images with text).
  - All images in one directory, no more admin/ and navigation/.
  - Admin image paths rewritten by Interpolate.pm; no more @_UI_IMG_@ needed.

* Disallow admin UI access by default when there is no 'access' database.
  Thanks to Christopher VanOosterhout for finding this weakness.

* Fix so that $Tag->area() is used to call all links.

* Fix problem with GDBM database tables not being able to import
  a single table (due to no write flag).

* Enhance list-pages tag so that an array can be returned.

* Patch table-editor option parsing, fixing bug #190.

Foundation demo
---------------
* New Advanced Search page.

* Lots of artwork, HTML, and other little-detail changes.

* Do not set content-type and charset in doc META -- this may need to be
  different based on locale.

* Added a image_large to the products database for large image support.

* Changed most PostgreSQL fields from CHAR to VARCHAR to prevent space
  padding problems.

* Left menu bar items take text from banner_text if available to allow name to
  stay behind the scenes.

* Fixed errors in receipt found by Angelica Olin, <angel@loadup.com>.

Packaging
---------
* Add cachedir setting (e.g. /var/cache/interchange) to allow catalog session
  and tmp directories to be in separate location.

* Add rundir setting (e.g. /var/run/interchange) to keep temporary files like
  status.* separate from things in VENDROOT/etc. This takes advantage of the
  OS deleting everything in /var/run/interchange at OS boot time without
  losing files like *.before, etc.

* Have system logrotate daemon rotate catalog error.log files.

* Various other RPM and Debian package improvements.

General
-------
* Remove a number of unused images.

* Remove Red Hat's Reston office addresses so we stop getting returned
  merchandise for companies who have work done by clueless developers who
  never change the contact info on their catalogs. HINT, HINT.


------------------------------------------------------------------------------


Interchange 4.7.2 released 2001-05-10.

Server
------
* There is a pre-forked server mode enabled in interchange.cfg with:

    PreFork       Yes
    StartServers  5

  The number 5 can be set as high as 50 if you have enough
  memory. A number less than 2 makes little sense.

  THIS IS AN ALPHA FEATURE, and is not fully tested.
  But it gives big, big, performance gains.

* Server should now run safely in the Foreground -- when
  in foreground writes to $Vend::Cfg ($Config) are gated via
  Tie::ShadowHash, which is now required. (A copy comes with IC.)

* Server should now be nearly thread-safe when run in 5.6 NEW_THREADS
  mode, can probably be ported to Windows if anyone cares.

Database
--------
* Transactions now fully supported. Can open a transaction-capable
  database in transactions mode [flag type=transactions table="table"]
  and it will commit all changes not done in transaction mode and reopen
  under transaction constraints. [flag type=commit table=table] commits,
  [flag type=rollback table=table] rolls back.

* Can reference foreign keys with:

    [data table=foo column=bar key=baz foreign=buz]

  That does the roughly equivalent to:

    SELECT bar from foo where baz = 'buz' LIMIT 1

* Improve autonumbering support to automatically use sequences or
  autonumber field types. So now you can do:

  Database addr addr.txt dbi:Pg
  Database addr AUTO_SEQUENCE 1
  Database addr COLUMN_DEF    "code=int SERIAL PRIMARY KEY"
  Database addr COLUMN_DEF    "val=varchar(128)"

  and it will pick up the sequence at an insert. It makes calls to
  the known_capability, and does the last_value or last_sequence_id()
  call as appropriate to return the key value.

  Tested with Postgres and Mysql. Should work for Oracle when the
  template is set -- we should provide some examples for selecting
  from the "dual" table.

* Add $db->set_slice($key, \@fields, \@values) function that will
  update a slice of a row. Works for all DB types.

* All base-table database updates done by UserDB and UI are now done in
  one query via set_slice. Extra-table values still use set_field.

* All databases should now handle cached DBI handles properly, even
  when they can't be shared among processes. Will work toward a single
  handle for all processes on DBs that support that.

* Change all chained cost levels limit check to use new Limit directive

Orders/Pricing/Shipping
-----------------------
* Significant changes to Order.pm in the area of order routing, while
  still maintaining backward compatibility. (Able to submit and monitor
  order on old construct, simple, and basic with no changes.)

* Added "cascade" route capability, that allows you to specify
  one master order route that calls the rest of the routes.
  Perhaps an interface in payment mode to add some logging....??

* Routes can be dynamically read from database if master order
  route is set dynamic_routes=1.

* Routes always interpret __VARIABLE__ from database.

* Routes can interpret ITL from the database if master order
  route is set expandable=1.

* Keep value of current route name in Values->{mv_current_route}.

* If no order route is given from checkout form (always a
  security pitfall anyway) then the default route is read. If you
  want to run more routes from that master route, place in the
  cascade parameter. Can still be set in mv_order_route, but
  the demo now has "FormIgnore mv_order_route".

* Extended field allows you to stringify a hash and set many, many
  parameters. We were running out of column space, and payment routes
  add many settings. This concept will soon be used in mv_metadata.

* Add new tag "assign". It allows you to assign to four things,

  subtotal    preempts the cart subtotal derived from prices. NOT ROUNDED.
  shipping    if any  non-zero mv_shipmode is present at all, sets the total
              value of shipping. Rounded to fractional digits.
  handling    if any non-zero mv_handling is present at all, sets the
              total value of shipping. Rounded to fractional digits.
  salestax    preempts the salestax normally derived from the salestax.
              NOT ROUNDED.

  You cannot assign to total_cost -- it will always be the sum of the
  four above.

  If there is no assignment to one of the four, it will use the
  normal method. To make salestax zero, you must use [assign salestax=0].

  Called with [assign salestax=N.NN], etc. If the value has a length
  of zero, will delete the assigned value from the assignment hash
  and the normal method of calculation will kick back in.

  If you call [assign clear=1] it will clear all, and the normal method
  of calculation will kick back in.

  If a non-real-number value is passed, it logs an error and clears
  the assignment.

  It is persistent in the user's session and effects only that user,
  and should be used only when you know exactly what you are doing. Ha.

* Add support for new CVV2 credit card security field in
  mv_credit_card_cvv2, treated with same care as mv_credit_card_number.

* Add recognition for a few more credit card types based on number.

Parser
------
* Solve the great [if ] [othertag][else][/else][/othertag] [else]
  [/else] [/if] problem. The behavior should be much improved in [if ...]
  tags. Will not now snarf the [else] from another tag that uses that.

* Make the default a secure submit if we are on a secure page and
  have the user set secure=0 to disable.

* Eureka!!! All usertags can be used in embedded perl without
  "tables" or other Safe stuff. Boy was I stupid. As long as they
  don't do a "require" at runtime, you should be OK.

* Fix the long-untouched tag_column routine to handle preformatted
  text with align=none.

* Add "yesno" display filter so that you can [filter yesno]1[/filter]
  and get "Yes" back -- also translates for Locale.

Payment
-------
* Extensively rework Payment routines. Decided to keep something like
  current framework, but you now can do:

  &charge=route

      or

  $Tag->charge($route, $opt); # If no runtime "require"

      or

  [charge route=THE_ROUTE gateway=ccvs id=milton secret=pass]

* Add Payment.pm module to contain the base routines, and be a
  target for the routines added via the different Payment
  modules.

* A pretty convenient mechanism to bring in modules:

      Require module Vend::Payment::Authorize

  Prevents errors and memory bloat(er) when Net::SSLeay or other
  needed companion modules are present/not present, and should
  give reasonable errors when the module is not working.

* Initial support for CyberCash, AuthorizeNet, Skipjack, iTransact,
  CCVS, and Signio/Verisign. All documented with in-module POD.

* There will be a Vend::Payment::Skeleton to show adding your own
  payment module.

* All modules needing Net::SSLeay or Crypt::SSLeay updated to
  support either with common calls.

* GlobalSub method still supported, current GlobalSub things
  should work fine (tested with Authorize.net and "custom
  authorizenet" mode).

* Beginnings of PayPal support will be there shortly, but thinking
  of how to generalize that send-offsite-then-return-post paradigm.

* Should be completely backward compatible.

* All payment stuff taken out of Vend::Order except _charge
  profile interface routine, a couple of stubs left for backward
  compatiblity.

* Parameters can be completely Route resident, no MV_PAYMENT_*
  variables needed.

* Changed mv_credit_card_info to delete all but mv_credit_card_reference
  digits when not encrypted. This is overdue....

* All options are pulled from the option call first, the Route matching
  the name second, then finally the global MV_PAYMENT_* variables.

* All routes should be transparent if the mode exists. For instance,
  you can define a route called "purchase_order" which will handle
  POs, "internet_check" which handles checks, etc.

* Add CCVS support via globalsub. Will do auth, sale at this point. Will
  soon add AVS support. Has extended information support.

Miscellaneous
-------------
* Message directive now accepts -n (no trailing newline or whitespace) and
  -i (screen info only, not logged) options before message.

* Add set="Message" option to error tag, allowing you to set an error via tag.

    [if value lname =~ /^mccoy$/i]
    <!-- [error  show_error
            set="No stinking McCoys allowed at hatfield.com!"
            name=lname ] -->
    [/if]

  Implies keep=1.

* Allow set-cookie tag to set domain and path.

* Added UI_SECURE variable which forces the use of the SecureURL instead
  of VendURL if set, each UI page should include either UI_STD_INIT
  or UI_STD_HEAD to ensure this works
  (supplied by Stefan Hornburg <racke@linuxia.de>).

* Added catalog configuration wizard, to move non-essential config from
  makecat and simplify it a bit.

* Added more links based on the leading letters of the results
  so the selection of the more link is much easier for the customer,
  especially with huge number of results. Short example:

  <input type=hidden name=mv_search_field value=description>
  <input type=hidden name=mv_sort_field value=description>
  <input type=hidden name=mv_more_alpha value=yes>
  <input type=hidden name=mv_return_fields value=code,description>

  (supplied by Stefan Hornburg <racke@linuxia.de>).

Bug fixes
---------
* Fix bug in IMPORT_ONCE reported by vasile_abo@wexim.com.
* Fix no-zero-display bug in [cgi ...] tag, found by Mark Johnson.
* Fix a couple of bugs with AlwaysSecure not working in an order link.
* Fix rounding problem with Shipping.
* Fix failure to test record_exists in tag_data($table,undef,$key,{hash=>1})
* Quite a few unreachable code sections removed, largely thanks to Bill
  Dawkins.
* Fix textarea build to call routine, remove unused call to
  build_accessory_textarea, add proper call in /^text/ branch.
* Make sure tax is rounded to the proper number of frac_digits in
  variant salestax() routines.
* Delete $CGI::mv_order_item when ordering, don't want to order
  twice (could happen if update values called)
* Remove for good unsightly extra attributes qw/true false undef/ in every
  tag option hash.
* Fix some item options bugs.
* Many other small things.


------------------------------------------------------------------------------


Interchange 4.7.1 released 2001-03-28.

* Added ability to cascade mv_click statements, e.g.:

  [set delete]
      deleterecords=1
      item_id=[item-code]
      mv_click=db_maintenance
  [/set]

  [page  href="@@MV_PAGE@@"
         form="
             mv_action=back
             mv_click=delete
         "]Delete this</A>

* Added "clone item" to item pages. Allows you to clone an existing item
  for purposes of adding new ones.

* Re-instituted multiple-table deletes for deleting an item. It will look
  in __UI_ITEM_TABLES__ and delete records.

* Added clone_set and clone_row primitives in Data modules. Allows you to
  copy a record except for certain fields.

* Added [item-options] tag which automatically finds and presents options
  based on the options table. The table name is settable based on Variable
  MV_OPTION_TABLE. Fields can be remapped with MV_OPTION_TABLE_MAP.

* Now can use "variant" items which are based on a base SKU but set in an
  options table (same as the one for [item-options]). Changed behavior of
  [item-field ...] to look in the code first, then the base SKU, for the
  relevant product databases. [item-data ...] always works off of the
  relevant base SKU.

* Price looks at variant code first, then the base SKU if that is zero;
  or it can be made to do so with CommonAdjust.

* Fully modular options with cascade.

  A UI module allows editing and definition of the modular options,
  including "phantom" options that act to group additional items.

  When an item is defined as modular upon order, it can have accompanying
  it a series of other items in the same order group. The price of the
  options is not shown, but is added to the price of the master item.

* Added [item-sku] tag to get base SKU for a variant.

* Added fall-through for sku to [item-field].

* Rerouted [item-data ...] to always point to sku, not the code for the
  variant. (This will mean inventory has to be checked via a [data ...]
  tag when variants are in use.)

* Added new [control] and [control-set] tags to set series of Scratch-
  like option areas. Used for components in UI content editing.

* Added [mail ...]MESSAGE[/mail] tag to the core. Works with update_data
  routine to send emailed notifications of database changes. Otherwise
  works like combination of [email ...] and [email-raw] ... usertags.

* added [PREFIX-options] to get and parse options of all types.

* New [profile ...] tag allows you to set directives normally set in
  catalog.cfg with a tag in the session Autoload. This is really the
  same as the current Autoload, except it is automatic on login/logout,
  faster, and leaves Autoload for user user.

  [profile name=profile_name tag=tag set=1 run=1 restore=1]

  name      name of profile. Needed unless restore=1.
  tag       normally not set, defaults to "default". Matches what is
            the UserDB profile.
  run       run profile code only, don't save.
  set       set profile for future only, don't run.
  restore   remove the current profile

  [profile name] will run and set by default.

* UserDB now can set a price_level via the [profile ...]
  tag routine. Set this in catalog.cfg for dealer pricing:

  Profile dealer CommonAdjust <<EOR
  "
      pricing:w5,w10:,
      ;:wholesale,
      ;:wholesale:mv_sku,
      ;$,
      ==:options
  "
  EOR
  Profile dealer NonTaxableField nontaxable

  Quotes are needed (as in all locale-style directives) unless you want
  to do a full hash set like:

  Profile dealer <<EOR
  {
      CommonAdjust => q(
      pricing:w5,w10:,
      ;:wholesale,
      ;:wholesale:mv_sku,
      ;$,
      ==:options
      ),

      NonTaxableField => 'nontaxable',
  }
  EOR

  which is also supported.

* Added SDBM database option for those poor Solaris folks.

* Added MINIVEND_ALLDBM environment check to prevent using unneeded
  modules (takes more memory).

* Added [table-editor ...] tag which easily produces editable tables.
  Capabilities:

  * Can edit the hash address books in userdb.
  * Safe to place in user page with auto_secure=1. Generates a
    [scratch mv_data_enable] matching the table:col1,col2,col3:key
    you passed it.
  * Reads from CGI array or from parameters.
  * Automatically reads table info from mv_metadata if available.
  * The following can be overridden compared to mv_metadata:

    widget
    width
    height
    help
    extra (JavaScript)
    filter
    pre_filter

  * Can auto-check with order_profile definitions.
  * Can append or prepend your additional form information.
  * Can generate an email copy of the data submission for review. (TBA)

  Ready for a form widget? 8-)

* Added new mv_form_profile variable that sets profiles with any action.
  Designed for easy checking of variables in submits.

* Speeded import of DBI databases by placing numeric pointers in an
  array at initial config time.

* Added ability to set defaults for empty fields at import and record
  creation time, regardless of the underlying DB, with:

  Database  userdb  DEFAULT  password=please_change

  Operates exactly like COLUMN_DEF.

* Added database attributes

  ALTERNATE_DSN        ALTERNATE_PASS     ALTERNATE_USER
  ALTERNATE_LDAP_HOST  ALTERNATE_BIND_DN  ALTERNATE_BIND_PW

  and logic to allow fallback to a second database server.

  If you have ALTERNATE_DSN (and possibly ALTERNATE_USER and
  ALTERNATE_PASS) defined for a table, and Interchange is unable to get
  a database connection to the primary DSN, it will attempt to connect to
  and use the ALTERNATE_DSN.

  These are array values, so you can define any number of fallbacks. The
  same approach works for LDAP databases except ALTERNATE_LDAP_HOST and
  other appropriate parameters are set.

* Added interchange.cfg directive HotDBI, which takes a catalog name which
  should use persistant database connections. When a connection is
  persistent, it will be maintained and cached without reconnecting every
  page request.

* Added Inet_mode and Unix_mode directives to interchange.cfg, which allows
  you to guarantee the mode in which the server comes up.

* New filters:

  mime_type: returns mime type based on file extension
  compress_space: strip trailing/leading and s/\s+/ /g
  checkbox: set value to "" if not defined in CGI space

* Added <optgroup> support to tag_accessories select build. Allows grouping
  of options. When an option value is ^\s*~~something~~\*$, it is read as
  an <OPTGROUP LABEL="something">, and options can be grouped per HTML 4.0.

* Added "tz" option to time/tag time, allowing display of time for a
  particular time zone. Specified in the usual EST5EDT form.

* FileDatabase catalog.cfg directive now specifies a table:field which can
  be used to store pages and other files. Will allow a catalog without any
  system files stored on disk.

* Require directive now can require Perl modules, as in:

  Require module SQL::Statement

* New Suggest directive is a non-fatal form of Require, which generates a
  warning message but allows catalog to run.

  Suggest module Business::UPS WWW-based UPS routines will not work!

* Bugfix: chaining character in CommonAdjust wrongly appended to atom
  in some situations.

* ProductFiles was not resetting Vend::OnlyProducts when a locale change
  was done. Caused [PREFIX-field ...] to fail.

* Variable MV_DEFAULT_SEARCH_TABLE now works for st=db searches like
  Variable MV_DEFAULT_SEARCH_FILE works for text searches.

* Added [tree] tag to walk tree-based lists. It produces hash-based rows
  which are iterated ala item-list (the hash-based list iterator). Sets
  some information in the row. See the tag reference for behavior.

* Made tag_calc routine indirectly callable from within embedded Perl code
  by doing straight eval when already in Safe compartment.

* Made [if-PREFIX-(data|field|modifier|param|pos) ...] nestable by checking
  for nesting conditions in the run list and then generating integer
  additions to the tags.

* There is a "links" type for the [accessories ...] tag. Builds a series
  of clickable links based on an option list. Accepts the "form" and "href"
  parameters to allow setting of the initial form, otherwise just generates
  a link to the current page with the attribute passed as a CGI argument.

* Added "password" widget to [accessories ...].

* Added new [PREFIX-tag ...] which allows extending the tags that are
  interpreted as a part of a PREFIX-list. Example in tag_address, called
  with [PREFIX-tag-address]. Full attribute support and nesting.

* Added attr_list tag which allows tagging of attribute lists in hash-based
  templates. Allows you to generate complex templating without needing to
  have a complete search. Example of use is in tag_address_list.

* Added support for modular items, sets mv_mp parameter to *parent* item
  of the item ordered, and mv_mi to the item group of the main item.

* Made failure to pass all quantities to quantity update (refresh)
  non-fatal. Will update them if mv_update_quantity=1.

* Form profiles: added new format check routines, largely intended to
  work with new mv_form_profile capability:

  * variable=regex "EXPR" "Error message"

    Checks for compliance with regex EXPR. If you wanted
    to ensure two word-only characters were put in a "name"
    variable, it would be:

    variable=regex "^\w+\s+\w+$" "We need first/last name"

  * variable=length MIN-MAX "Error message"

    Checks for length between required MIN and optional MAX characters.
    Example:

    username=length 4-10 "Username must be between 4 and 10 characters"

  * variable=unique TABLE

    Checks to see that a key in a table (presumably to be inserted) is
    unique. Errors out if key exists.

* Form profiles: Added new profile chaining capabiility. Can place &or or
  &and on a line between different check parameters and create simple
  dependencies.

* Form profiles: Reference to check can now be passed to the routine, so
  you can check CGI stuff only for mv_form_profile.

* Form profiles: Fixed problem with second passing check on a variable
  overwriting the error message from a first failing routine.

* Can now use - and _ interchangeably in parameter names, i.e.

  [value-extended name=foo file-contents=1]

  is the same as

  [value-extended name=foo file_contents=1]

  where it would have caused an error before.

* Bug fixes to make mv_sql_query work properly. There was a
  push_spec('nu' ...) call which was in the wrong place, making numeric
  hash all out of sync.

* Remove last dependencies on $! =~ /Some English error/ and move
  to Errno settings, as in $!{EAGAIN}, etc.

* Add pragma to strip leading white space from HTML output. If you put
  [pragma strip_white] to page, there will be no leading white space.

* Added ability to have a PRELOAD file for database imports, where a
  table is parsed for field names and data before the normal file in
  ProductDir. This allows adding fields without user intervention when
  the database type is internal. Mostly useful for mv_metadata.

* Support for clone_row and clone_set, which clone a single row from an
  existing one or clone a set of rows based on a common key.

* Added support for autonumbering. For SQL, the ability will be given to
  override the autonumber routine with one set up by the capabilities.
  Figured out solution to nagging File::CounterFile problem by always
  initializing a counter object when database is opened in writable mode.

* Allow tables to have the same underlying name in their own database
  with $config->{REAL_NAME}. For example, if you have two MySQL databases
  each with a "products" table, you can set them up:

  Database  products  products.txt  dbi:mysql:construct1

  Database  prodstoo  prodstoo.txt  dbi:mysql:construct2
  Database  prodstoo  REAL_NAME     products

  This should work fine in almost all cases.

* Added DEFAULT parameter to allow database-independent setting of
  defaults. Particularly useful in avoiding NOT NULL errors from DBs that
  don't have a DEFAULT setting in create(). This also works when doing
  [data table=tab col=col key=key value=val] on a non-existent row.

* Improved speed of table open by reducing number of tests.

* Improved speed of import by pre-setting numeric array and no longer
  requiring tests for each field on each row.

* Debian packaging files added (supplied by Stefan Hornburg
  <racke@linuxia.de>).

* Usertag formel added which composes form elements and signals errors
  (supplied by Stefan Hornburg <racke@linuxia.de>).

* Rewrite image background paths in <table>, <tr>, <td>, and <th> tags
  according to ImageDir/ImageSecureDir by default. (Removed pragma
  substitute_table_image that was just added in 4.6.2.) Set pragma
  no_image_rewrite to disable all image path rewriting.

* Split RPM into two packages: base Interchange and foundation demo
  catalog skeleton. Should make RPM upgrading safer.

* Removed Tagref.pm. There's now a normal ictags document instead.

* Move UI menus into icmenu database.

* Add ItemAction to map a subroutine to alter items every time toss_cart
  is run, i.e. after an add or refresh.

  Calling syntax is $sub->($item_reference), return value is not used.

* Add a new directive "Limit". It is designed to hold limits for
  certain things. Implemented to begin with:

  Limit   chained_cost_levels       20
  Limit   cart_quantity_per_line    10000

* Rework server to allow preforking daemons, similar to Apache.
  New global directives:

  PreFork yes/no
  StartServers number (0: old way; 1 or more: exact number to allow)

* New SOAP protocol support allows two-way communication with all sorts
  of other web "objects". Features:

  - Catalog and session ID are embedded in proxy call. This avoids
    having to do fancy gyrations with the SOAP envelope.

  - Allows most any tag to be called, with nearly the same syntax
    as with embedded perl on IC.

  - Embedded Perl (and variants like [item-calc] and [item-exec]
    are not allowed by default, but can be enabled with SOAP_Enable.

  - Can specify the ID, or accept one from Interchange.

  - Can get and put entire Values, Scratch, and Session structures.

  Documentation for using SOAP is forthcoming.

* Add mv_like_field and mv_like_spec to search specifications, designed
  to filter SQL (only!) searches with

  mv_like_field like 'mv_like_spec'.

  This is a stackable field/spec set like mv_search_field and
  mv_searchspec, and will eliminate any fields with empty mv_like_spec
  values.

  Checks the known_capability to see if UPPER_COMPARE is set for that
  database, and uses (pseudo-code) "UPPER($col) like "\U$spec" if that
  is the case.

* Add known_capability UPPER_COMPARE (set for Pg and Oracle to begin
  with) to allow upper-case transforms for case-insensitive compares.

* Add ability to call custom UserTag or other ITL in Vend::Cfg->{SalesTax}.

* Allow passing of extra parameters to button usertag with $opt->{extra}.

* Add beginnings of transaction support. New [flag type=transaction table=x]
  allows you to open (write implied) a table for transactions. Will have no
  effect on tables that don't support it, but will open tables that do
  support it in non-AutoCommit mode. Sequence is:

  [flag type=transactions table="transactions orderline"]
  [import ...] or any other db update routines [/import]
  [flag type=commit table="transactions orderline"]

  Tested only on PostgreSQL at this point.

* Add ability to read files from a database instead of the filesystem.


------------------------------------------------------------------------------


Interchange 4.7.0 not publicly released.


------------------------------------------------------------------------------

(end)
