Announcement

**Rick Wilson** · 02-05-10, 01:32 PM

Re: Wombat Beta - Feedback

Yo,

Will you open a ticket with support and get them access so they can look. Are you using our built in Auth.net module or a third party one?

**yovation** · 02-05-10, 02:21 PM

Re: Wombat Beta - Feedback

Your built in module.
Yes, I will open a ticket with support.

**surveillanceguy** · 02-05-10, 04:08 PM

Re: Wombat Beta - Feedback

Ok well that good ,mine just showd xxxxxx and last numbers ,but may be the way i set up too .Thanks ,I doinf everything I can to make sure not to take a chance for my customers and for compliance ,

Again Thanks

**Rick Wilson** · 02-08-10, 06:29 PM

Re: Wombat Beta - Feedback

Beta 7 has just been released.

**Rick Wilson** · 02-08-10, 06:32 PM

Re: Wombat Beta - Feedback

Miva Merchant 5.5 WB7 (wombat-beta-7)

Release Notes

Bug Fixes:

Bug #1912: State based sales tax not rounding correctly
Bug #4775: Displayed numeric values not rounded (WAS: ups: Handling charge is not rounded properly)
Bug #4839: igsgroup: PaymentModule_Report_Label returns "Name on Card" for field "cc_number"
Bug #4925: With Country field hidden, secondary country value sometimes comes through empty
Bug #4961: Module feature changes are not propagated to stores on update
Bug #4992: It's possible to create a circular category hierarchy in the admin
Bug #5008: There is no way to provision domain countries
Bug #5042: SHIPMENT_PICKLIST creation failure does not abort store creation
Bug #5056: PCHDFT item does not remove records when the product is deleted from the Batch Edit.
Bug #5057: PCHDFT item does not remove records when the category is deleted from the Batch Edit.
Bug #5058: CSSUI-PCHDFT does not cleanup it's records when they're deleted from the Batch Edit.
Bug #5062: 3rd party incompatibility when reviewing an order.
Bug #5066: We need to rename Microsoft Live Search to Bing Cashback
Bug #5093: Checkbox Variants are not aligning correctly in Admin
Bug #5106: Links to new pages generated by CSSUI don't exist
Bug #5108: Product Batch Edit >> Active mode should be the default.
Bug #5111: Force secure admin login when a secure URL is configured
Bug #5112: Runtime error when adding an item to an order that uses attribute templates
Bug #5113: Item Dialog: Option autocomplete does not work for attribute templates
Bug #5114: Custeml module is not working properly when creating orders in Admin
Bug #5116: Order Management >> New Order >> Credit Cards should not be caching
Bug #5117: Wombat Order Delete does not call modules
Bug #5119: OrderItem_Insert uses BasketCharge storekey instead of BasketItems
Bug #5120: Attribute Machine onchange scripts require existing functions to explicitly return true
Bug #5121: Titles missing in admin for Manage Orders and Manage Shipments sections
Bug #5122: Module_Order_Delete functions not being called in vis_order 5.03 API
Bug #5123: Upgrade Wizard contains JavaScript reference to non-existent form element
Bug #5124: Order Management >>Create Return is not cleaning up OrderReturn records properly
Bug #5125: Order Management > Attribute Options that dont exist in Admin, do not display in emails
Bug #5126: Edit_Store variable can be used to create a store.
Bug #5127: XSS: Add/Edit Module, Module_Module unencoded
Bug #5128: XSS: Domain/LaunchPad, LaunchPadButton[n]:label/:sublabel
Bug #5129: XSS: JavaScriptEncode does not prevent against HTML comment-based attacks
Bug #5130: Textarea field values are not being saved in the new Order Management system
Bug #5131: Domain: LaunchPad tab: Hidden error messages
Bug #5132: Order Tabs are not refreshed after a payment authorization
Bug #5133: Upsell Batch Edit: SQL Injection on Upsell_Search
Bug #5134: Category Batch Edit Screen: XSS On Custom_Fields[n]:values
Bug #5135: Category Batch Edit Screen: XSS on Category_Search
Bug #5136: Groups has an XSS vulnerability on privilege/name fields.
Bug #5139: CSSUI >> Runtime >> All Products >> Inconsistency with Quantity in Basket.
Bug #5140: Edit Page: XSS on Page_Code
Bug #5141: Product Batch Edit Screen: XSS On Custom Fields variables
Bug #5142: Product Batch Edit Screen: XSS on Product_Search
Bug #5143: Customer Batch Edit: XSS on Custom_Fields[]:xxx
Bug #5144: Product Export: XSS on Product_Check_CustomFields[n]:name
Bug #5145: Customer Export: XSS on Customer_Check_CustomFields[n]:name
Bug #5146: Category Export: XSS on Category_Check_CustomFields[n]:name
Bug #5147: Custom Fields Module: Category tab outputs custom field name unencoded
Bug #5148: cmp-mv-prodctgy-meta: XSS on category component tab
Bug #5149: CSSUI >> Runtime >> Checkout >> Same as Shipping checkbox triggers hidden errors
Bug #5150: CSSUI >> Runtime >> All Products >> Buy Now >> Products with Attributes are not returned to correct page
Bug #5151: We need to make Runtime Login error reporting more ambiguous.
Bug #5152: Product Variants that dont have stock still display In Stock message.
Bug #5154: Runtime > Account > Order Status > Reorder button is displayed for products that dont exist
Bug #5155: Admin > Manage Orders > Edit Order > Add/Edit Item is not adjusting Inventory
Bug #5156: Admin > Manage Orders > Edit Order > Add Item is not setting the product_id in OrderItems
Bug #5157: USPS runtime error with zip+4 for Puerto Rico
Bug #5158: Module Batch Edit Screen: XSS on Module Feature List
Bug #5159: Edit Category >> Custom Fields >> XSS on CFM_Fields[n]:name
Bug #5160: Domain >> SEO Settings Tab >> XSS on SEO_Settings:cat_lit
Bug #5161: Customers >> Edit Customer >> Custom Fields Tab >> XSS on CFM_Fields
Bug #5162: SQL Injection in Google Checkout
Bug #5163: Google Checkout has some XSS vulnerabilities.
Bug #5164: Legacy Printer Friendly Order Screen: XSS on Edit_Store
Bug #5165: Upgrade Wizard: XSS on Upgrade_Message.
Bug #5166: License Manager URL for update.mvc goes to licensemgr.miva.com
Bug #5167: Domain >> Launchpad tab loads the module list inefficiently.
Bug #5168: Store Modules Screen: Infinite loop when g.Module_Count is not an integer
Bug #5169: the JavaScript unescape function being used to decodeentities
Bug #5170: Manage Orders > Edit Order > Edit Charges > Recalculating Shipping removes other shipping charges.
Bug #5171: Admin > SEO Settings > URL Delimiter field does not validate it's input
Bug #5173: CSSUI Buttons: XSS on store tab
Bug #5174: Privilege-based access control is needed for new order processing functionality
Bug #5175: cmp-mv-meta: Cross Site Scripting
Bug #5176: Runtime > Edit Affiliate > Payment Date is not formatted.
Bug #5180: Utilities >> Google Checkout Orders >> The Layout appears broken.
Bug #5181: The cssui-links component is directing "Home" button to store select
Bug #5182: Denial of service attack through Product_Attribute_Count
Bug #5183: Denial of service attack through Upsell_Product_Count
Bug #5184: CSSUI >> Runtime >> Affiliate Links is overwriting g.Affiliate
Bug #5185: ItemModified is not cleared on Reset/Update/Delete
Bug #5186: Upsell Settings: Validation error when products to show is "Unlimited"
Bug #5187: malf: Multiple upsold products are not logged
Bug #5188: Privilege-based access control is needed for attribute inventory
Bug #5189: Shipment picklist displays no items
Bug #5191: ORDS "View Order" references data_logn

Continued in next post...

**Rick Wilson** · 02-08-10, 06:33 PM

Re: Wombat Beta - Feedback

Release Notes Continued:

New Features Introduced in this Beta:

If a secure URL is configured, a redirect is used to force administrative users to log in securely. This resolves JavaScript tainting issues with the new AJAX code, and is also required for PA-DSS. For debugging/repair purposes, the redirect may be avoided by appending "NonSecureMode=1" to the URL.
New fulfillment modules have been created to send confirmation emails to shoppers when items are shipped or RMAs are issued or received.
The default display mode for the product batch edit screen is now "Active" instead of "All".
Runtime customer and affiliate login error messages are now more ambiguous to avoid leaking sensitive information.
New functions have been added to lib/util.mvc to efficiently iterate through sparse arrays, using new functions present in 5.07 or falling back to older behavior in 5.06.
Errors during store creation now cause the partially created store to be deleted.
Database-level EOF handling has been modified to avoid wiping out g.Error_Code and g.Error_Message when EOF is detected.
The new order processing interface is now protected by the same Group Privilege as legacy order processing.
Attribute inventory configuration is now protected by the Product and Inventory Group Privileges.
Provisioning functionality has been added for the domain country list.
Provisioning functionality has been added for attribute-level inventory.
Admin audit logging using the UNIX syslog() facility has been added for PA-DSS compliance, when using the 5.07 engine. A new Domain table column, "log_fac", controls the logging facility used for these messages. The default is local2.
Autocomplete windows may now be brought up for a full list of available options by pressing the up or down arrow.
The function Decrypt_Payment() in lib/crypto.mvc has been deprecated, because it provided insufficient information to properly log the decryption operation, as required by PA-DSS. New functions Decrypt_Order() and Decrypt_OrderPayment() provide similar functionality.
A new PA-DSS Checklist tab has been added to the Domain Settings screen. This tab will verify that the software has been configured according to our PCI Implementation Guide.
The creation date of order encryption keys is now tracked so that the keys may be rotated on a regular basis, as required for PA-DSS. The creation date is displayed on the Store Encryption screen, and the age of the current key is verified on the PA-DSS Checklist tab of the Domain Settings screen.
The minimum encryption key passphrase length is now 16 characters for newly created keys, as required for PA-DSS.
User supplied passphrases are now XOR'd with a software key when encrypting a private key, as required for PA-DSS.
Administrative sessions are now managed by two tokens. A cookie controls visual access to the administrative interface, and the parameter Session_ID now controls actions. Session_ID must be present for administrative actions to execute, and the cookie must be present to render display elements. Existing modules should not require modification as long as they use the existing admin UI API functions and the g.sessionurl or g.secure_sessionurl variables. The admin session cookies expire on both the client and server in the timeout period specified by the domain settings, and are set using the "secure" cookie flag. These changes are intended to combat session fixation, cross site request forging, and session leakage.
The administrative UI code now passes the Screen and Tab parameters through the URI, to make the HTTP access log more informational. Session_ID, when possible, is passed through POST parameters. New variables g.adminurl and g.secure_adminurl provide the correct URL to the administrative interface without the Session_ID parameter that is present in the sessionurl variables.
Fixed a bug that prevented the Viking Coders FedEx module from working from the Edit Charges dialog.
Fixed a bug that prevented shipping label display from working.
Fixed a bug in LaunchPad that prevented fulfillment, currency, and tax modules from appearing in the list of available links.
Removed an unnecessary MvLOCKFILE that reduced performance with a large number of concurrent admin accesses.
Legacy order processing is now visible for non-Administrator users with only the Order Processing or Store Encryption privileges.
Added autocomplete="off" form attribute to the admin login form and forms where credit card information may be present, to prevent browser auto fill functions from caching the information.
Modules will now fail to update if a store-table level feature (UI, Currency, or Tax) has been added or removed while the module is in use by one or more stores.

**surveillanceguy** · 02-08-10, 06:51 PM

Re: Wombat Beta - Feedback

whew thats a lot ,can't wait for the official release ,sounds like a lot of new stuff though will we need to do any refiguring of anything we already have in place or will it all work ,pretty sure all the modules I have have been updated

**Rick Wilson** · 02-08-10, 06:53 PM

Re: Wombat Beta - Feedback

Generally speaking it'll just work, however if you want to add the new features like Order History/Status into your shopping interface you'll have to do those manually.

**morditech.com** · 02-08-10, 07:02 PM

Re: Wombat Beta - Feedback

Rick,
I updated to this latest version then I tried to install one of the Miva Merchant skins and when I clicked update after uploading the new framework I got the following error:

Miva Merchant has encountered a fatal error and is unable to continue. The following information may assist you in determining the cause of the error:

Error Code: MER-DBE-OPN-00002
Description: Unable to open store ''
Other Information:

There is no store code or other information listed.

**Rick Wilson** · 02-08-10, 07:04 PM

Re: Wombat Beta - Feedback

If you try and upload the frameworks from the Skin packages into a Wombat Beta, I'm not too surprised you ran into a wall.

Can you email me access so I can look?

**morditech.com** · 02-08-10, 07:07 PM

Re: Wombat Beta - Feedback

Originally posted by Rick Wilson View Post

Can you email me access so I can look?

On its way.

**surveillanceguy** · 02-08-10, 07:47 PM

Re: Wombat Beta - Feedback

nice to know about the order status ,Chuck says he has it set up already for the new wombat release so not to try usinfg it yet , so maybe he already has it manualy set up ,guess i will see,that was one thing I was waiting on that wasn't sure about ,good to know

**surveillanceguy** · 02-08-10, 07:50 PM

Re: Wombat Beta - Feedback

www.Morditech.com glad to see another host that says there compliant ,well i got that on another post but glad to see a host stand up and say it

**yovation** · 02-09-10, 05:50 AM

Re: Wombat Beta - Feedback

When importing product flat file, selecting 'Keep Existing Products'. The Product Categories are getting updated for existing products.

Yovation.

**RayYates** · 02-14-10, 07:34 PM

Re: Wombat Beta - Feedback

In the Admin, Wombat-beta-7 changed the <form name="SMOD" on the utility screen. This broke some javascript in several of my utility modules.

Previously the form looked like this.

Code:

<form name="SMOD" method="POST" action="http://www.domain.com/mm5/admin.mvc?Session_ID=c484392b99a6af23ed97ff1c06113ea2&" onsubmit="return false;">

<input type="hidden" name="Screen" value="SMOD">
<input type="hidden" name="Tab" value="{ module:code }">

Now the form looks like this.

Code:

<form name="SMOD" method="POST" action="http://www.domain.com/mm5/admin.mvc?Screen=SMOD&amp;Tab=module:code&amp;Store_Code=pci" onsubmit="return false;">

The values for screen and tab are now embedded in the action URL instead of being hidden form values. My javascript looks at these form values.

Unless there is a compelling reason for these values to be part of the actions tag, please put them back into hidden form fields.

Announcement

Wombat Beta - Feedback

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment