DATE: 2010-08-10;  VERSION: 4.150 (JFS);
======================================================
Updated the country, credit type, shipping method, payment method, 
and state loops to use the colon_blow() function to grab the key/
value pairs rather than parsing the file myself. I didn't want to 
force all keys to be uppercase so I changed the explode_colon() 
function to not uppercase keys. Then I went through and uppercased
the keys everywhere the explode_colon() funtion was being used. 

This change also improves the update messages that the user sees in 
the HAM when they update countries, credit types, etc.

DATE: 2010-08-05;  VERSION: 4.150 (JFS);
======================================================
Merged Changes in from Hazel 4.518

DATE: 2010-07-26;  VERSION: 4.150 (JFS);
======================================================
Added a SORT option to the category loop.

DATE: 2010-07-20;  VERSION: 4.150 (JFS);
======================================================
Added a new kind of Loop, a category loop that loops through product
categories. It looks for the GROUP field by default but you can specify
what field(s) you want the loop to examine. 

DATE: 2010-07-15;  VERSION: 4.150 (JFS);
======================================================
Updated mysql plugin to surround search criteria in backticks so that 
fields that are reserved mysql keywords will work. This is a really basic
change that has been in the Hazel 4.5 plugin forever and is bugging me 
so I put it in the stable version as well. Bumped mysql plugin version to 
1.933. 

DATE: 2010-07-15;  VERSION: 4.150 (JFS);
======================================================
Restored copy_var() to just copy_vars as is without doing any encoding on 
DICT_SHOPPER. Instead loop through DICT_SHOPPER_RAW, encode the string, and
stick it into DICT_SHOPPER. This is slower but works better on a 64 bit 
kernel for some reason. 

DATE: 2010-06-25;  VERSION: 4.150 (JFS);
======================================================
Fixed hazel_strdup to work if you are not using the strdup() library function.

DATE: 2010-06-25;  VERSION: 4.149 (JFS); Rev. 4328
======================================================
Final 4.149 release version for real this time.

DATE: 2010-06-25;  VERSION: 4.149 (JFS);
========================================
Found an obscure bug where somehow when building the cart cookie if you had
a bad product in DICT_SELECTED it could cause Hazel to crash. I also made it
so you could have both excptions in hazel.config and look for the NOCARTCOOKIE
flag. 

DATE: 2010-06-23;  VERSION: 4.149 (JFS);
========================================
The interpret_api_script_output() function in store.c has 2 improvements.
First it recognizes HZR variables passed in from script outputs and sets
the DICT_SHOPPER_RAW variable accordingly. Second and most importantly, when
interpret_api_script_output() runs across either an HZE or HZR value is runs
set_dict_shopper_safe() which sets the variable in both dicts and entifies
the one that goes into HZE. 

DATE: 2010-06-10;  VERSION: 4.149 (JFS);
========================================
Make sure that when set_dict_shopper_safe() gets called with a blank
integer or float value, the value gets set to 0 and 0.0.

DATE: 2010-06-09;  VERSION: 4.149 (JFS);
========================================
Make sure that every time a variable gets copied into DICT_SHOPPER, it
always gets copied into DICT_SHOPPER_RAW first without exception. When
reading in from the userfile, first copy into DICT_SHOPPER_RAW, then copy the
Var into DICT_SHOPPER while converting special chars into html entities. 
While fiddling with copy_var() I made it also copy LIST, TEXT, FILE, and
BOOLEAN types.

DATE: 2010-06-08;  VERSION: 4.149 (JFS);
========================================
When data is copied from the user file into DICT_SHOPPER, also copy the
data into DICT_SHOPPER_RAW. This will make %HZR variables accessible in more
places. Also updated canonicalizeplugins.sh from the Hazel 4.5 version. 

DATE: 2010-04-09;  VERSION: 4.149 (JFS);
========================================
You can exclude products from being added to the Hazel cart cookie
by setting the NOCARTCOOKIE field in your products.txt to 1 for the 
product. 

DATE: 2010-04-09;  VERSION: 4.149 (JFS);
========================================
reverted digest_cookie() back to pre-4.147 digest_cookie() in cgi.c

Don't mess with the key or value, just take the cookies from HTTP_COOKIE 
and stick em' in DICT_COOKIES as is. From Hazel 4.147 to 4.148 the cookie 
was only added if the value of the cookie was not all uppercase. 
This was done to prevent HAZELCOOKIE and hazelcookie cookies from both 
being added to DICT_COOKIES, but instead of checking the key I checked 
if the value was all uppercase which is pointless. 

This broke the hazelcart cookie because the value of the hazelcart cookie 
consists of skuid's which are always all uppercase. If you are running 
Hazel 4.147 or Hazel 4.148 and are having problems with your cartcookie then 
upgrade to Hazel 4.149. I am always lowercasing the cookie names internally 
anyway so this should not have been a problem in the first place. 

Bottom line is, the old code was fine so we are going back to it. 

DATE: 2010-03-19;  VERSION: 4.149 (JFS);
========================================
Changes to fix compilation errors on Sun Solaris 2.8 on SPARC. Also added 
alpha to the list of possible host's in configure.ac. 

Changed fcntl() to error when == -1 instead of < 0 in os.c 

DATE: 2010-03-09;  VERSION: 4.149 (JFS);
========================================
On the FINISH Action I save a pending order before revalidating the fields. 
If an error occurs and a pending order has not already been created, a new one 
will get created. This is in a response to a bug found involving the PayPal 
Plugin. A required field can cancel the finish action without saving an 
invoice if the checkout step is skipped and there is a missing field at FINISH. 
Of course this normally never happens but in the case of PayPal Express 
Checkout the user can skip checkout and go right from the view page to the 
FINISH action without passing any intermediate steps. 

DATE: 2010-01-11;  VERSION: 4.149 (JFS);
========================================
I changed HAM_HTML_enlist_values() to only enlist 100 lines since the output
was getting cutoff if it was greater than that and the next button wasn't showing. 
(backported fix from 4.5)

DATE: 2009-12-15;  VERSION: 4.149 (JFS);
========================================
All file editing in HAM encodes and decodes html now. Code cleanups from H45.

DATE: 2009-12-01;  VERSION: 4.148 (JFS);
========================================
Added loop count variables for the new country, credit_type, payment_method, 
shipping_method, and state_loops. Hazel 4.148 is done. Updated template files.

DATE: 2009-12-01;  VERSION: 4.148 (JFS);
========================================
Disabled editing the products file from the HAM until further notice. It 
does not work if you products file is large. The textarea gets cutoff before 
the end of file is reached. It appears to be some problem rendering very large 
html documents hidden deep in the bowels of Hazel. Since this feature never 
appeared in a released version it should not be missed.

DATE: 2009-11-24;  VERSION: 4.148 (JFS);
========================================
Backported the country, credit_type, payment_method, shipping_method and state
loops from Hazel 4.5. I did not include the portion that attaches to the 
database, just the part that reads in the loop files. This is so that the 
templates can be updated to use these new loops rather than rely on the
file loop. This is part of an initiative to make the Hazel4->Hazel4.5 
transition as easy as possible. Updated HAM to edit these files as well. In 
Hazel 4.146 I added payment method file editing to HAM, this allows the rest of
the loops (shipping methods, credit types, etc) to be edited in HAM.

DATE: 2009-11-19;  VERSION: 4.148 (JFS);
========================================
You can now edit the products.txt file directly from the HAM. (No you can't, 
see above) This is to ensure that when the day comes that the product.txt file 
is no more, legacy (and by that I mean those not using the mysql db) customers 
will still have a way to edit their product.txt file from the HAM. Also a handy 
way to edit the products file since it uses the same backup capabilities as the 
regular method and has the bonus of not needing to go all the way to the 
webserver to manually edit your products file.

DATE: 2009-10-28;  VERSION: 4.148 (JFS);
========================================
The major feature of this release is the addition of html_special_chars_decode()
so that html encoded strings can be decoded again and used. So &gt; becomes <, 
etc. This is used in the HAM template editor to fix a bug where <textarea> tags 
inside of templates would screw up the edit template form. Details below:

Renamed html_special_chars() to html_special_chars_encode(). Better name now 
that there is a decode function as well. Added new function 
html_special_chars_decode() which does the reverse of 
html_special_chars_encode(). 
Also added contains_html_special_entities() function that checks to see if a 
passed in string contains any of the special entities defined by 
HTML_SPECIAL_CHARS config file varible or the following default set (&"'<>). 

minor changes: addnote() break out of loop when a dup is found. Added some 
backported code changes from Hazel 4.5. Check right-away to see if the user has 
a MY_SHIPPING var set in their hazel.config file. If so, run the script. If the 
script succeeds, set the SHIPPING total and return. Otherwise process the rules.
The reason for this is if the user has a MY_SHIPPING var set and the script 
runs and returns a shipping price the rules are not ever read. Before the rules 
would be read and processed but the result not used. So this is a speedup fix 
as well as limiting dependencies.

DATE: 2009-09-08;  VERSION: 4.147 (JFS);
========================================
This update fixes 2 bugs both noticed by Roger MacBride Allen when attempting 
to update to Hazel 4.146. 

Firstly, the main cookie has been renamed from HAZELCOOKIE to hazelcookie. 
This has caused the shopping cart to get confused and refuse to keep the 
cart contents until one or the other cookies is removed by the end user. 
I have updated Hazel to check for all uppercase cookie names and ignore them 
if she finds them. This means that when you upgrade to 4.147 Hazel may "forget"
your cart contents and use the new hazelcart cookie, leaving the old cookie 
unused. If you have a user file, Hazel will create the new cookie from it. 
Hazel will continue to work with the new cookie and ignore the old one. 
Eventually the uppercase cookie will expire harmlessly. 

The second change regards notes being added multiple times. To fix this I added
some code to check to make sure that the note has not already been added
before adding a new note. 

Removed config.guess and config.sub from the repository, they are 
auto-generated.

DATE: 2009-07-16;  VERSION: 4.146 (JFS);
========================================
Added payment method file editing to the HAM. You can now edit the 
payment_methods.txt file directly from the HAM. This is as much as 
you'll get in Hazel 4.1.x branch but in Hazel 4.5 payment methods will be 
in the database and edited from the HAM with a custom interface.
Two new files added:
	ham_payment_methods.c
	ham_payment_methods.h
Several files modified:
	Makefile.am
	store.c
	store.h
	ham.c
	ham.h

Updated the HAM self-update feature to allow it to update the ham.cgi 
file itself. You can now download the latest ham.cgi binary from the 
HAM just as you could previously (as of Hazel 4.144) download the latest 
hazel.cgi binary. Updated the template to check your HAM version number to
see if your Hazel is new enough to support this feature. If it is not
new enough (below Hazel 4.146) you won't see the HAM update option. 
Also check to see if your Hazel version is above 4.144 to see if your
Hazel is new enough to update to the latest Hazel version. To get these
template changes, use the HAM template update feature of the HAM! (Must
have HAM version > 4.144 to utilize HAM update feature effectively).

Modified the following files:
	ham.c
	ham_install.c
	ham_install.h

DATE: 2009-07-09;  VERSION: 4.145 (JFS);
========================================
Updated ham_products.c to wait 50 seconds before giving up on opening the
products file like in products.c 

DATE: 2009-07-08;  VERSION: 4.145 (JFS);
========================================
Fixed a regression involving SKUID checking for products using an alternative
option code delimiter. No version update. Below is an overview of how SKUID 
checking should relate to the option code delimiter.

By setting the INVALID_SKUID:1 all SKUID checks are disabled and using this 
option will break optioned products that have the option code delimiter in 
their SKUID. 
Setting INVALID_SKUID:1 is not recommended for this reason. The products can be 
added to the cart but everything after the option code delimiter will be treated
as an option resulting in a non-existing SKUID being added to the cart.

The OPTION_CODE_DELIMITER config file variable can be set to change the option
code delimiter from the default (-). If this config file variable is set than
products with a dash in their SKUID will become valid, otherwise they are
considered to be invalid. Of course SKUIDs that contain the new option code
delimiter will be invalid. One way to get around this restriction is to set the
option code delimiter to be a character that is not included in the list of 
valid SKUID chars. More on that below. 

The SKUID_CHARS config file variable is used to set the non-alphanumeric 
characters that are allowed to be in an SKUID. By default this includes the 
following chars:

$-_.!(),{}|\^~[]

This is a very conservative list designed not to break existing SKUIDs. You can 
set the SKUID_CHARS list to be much more aggressive to eliminate certain types 
of attacks. Note that the option code delimiter no longer must be in the list of
valid SKUID chars. Also note that the first character of and SKUID must be 
alphanumeric no matter what non-alphanumeric characters are allowed. In order 
to disallow all non-alphanumeric chars from an SKUID set the SKUID_CHARS config 
file variable to any alphanumeric string such as NONE or NA.

DATE: 2009-07-03;  VERSION: 4.145 (MEB);
========================================
Minor build fixes. For those of us that compile Hazel. No version update.

Added AC_CONFIG_MACRO_DIR([m4]) to configure.ac and "-I m4" to ACLOCAL_AMFLAGS
in Makefile.am.

Check that your ltmain.sh is linked to same in your system's install of libtool.
If not, run "libtoolize --force".  See BUILDNOTES.txt for more info.  As a 
result ltmain.sh has been removed from the repository (r4154).

If this completely rocks your world, you need to upgrade your versions of 
autoconf and automake. Then do the reconfiguration dance described in
BUILDNOTES.txt.

DATE: 2009-05-06;  VERSION: 4.145 (JFS);  Rev: 4152
===================================================
Run each input through both strescape() and html_special_chars().

Update the HAM to be able to update the the newest template files and
newest hazel.cgi file

DATE: 2009-04-22;  VERSION: 4.145 (JFS);  Rev: 4149
===================================================
Bumped the version to 4.145. This release is the culmination of the work 
started in Hazel version 4.142 to prevent XSS and SQL injection attacks.

All input is run through strescape() to escape quotes. This should protect
against most SQL injection attacks. At the time I thought
that template changes would be required to prevent the user from seeing
spurious \ characters but instead I simply run the DICT_SHOPPER variable 
through a stripslashes() function to remove the extra \ characters. 
stripslashes() works just like it does in PHP. I have turned escaping on
by default in this release.

All output is run through html_special_chars() before being printed to the 
browser. This function replaces the special html characters with their entity
equivalents. This should prevent most XSS scripting attacks. 

text.c
	strescape() now passes whitespace chars through to the output string 
	instead of removing them. This preserves newlines in textareas. All
	other non-printable characters are removed. The function 
	quote_html_specials() has been removed. The functionality of this
	function has now been split into two new functions, html_special_chars()
	which replaces "special" characters with their equivalent html entities
	and the replace_whitespace_with_space() function which replaces any 
	whitespace chars (as defined by isspace()) with spaces. The only place
	where the quote_html_specials() function was being called now calls
	both functions in succession. What is the point of all this? Now I can
	call the html_special_chars() function on incoming strings and scrub any 
	harmful javascript out without messing up newlines. The 
	replace_whitespace_with_space() function is used to preserve the 
	functionality of quote_html_specials() in the one instance that it
	was being called. Added a stripslashes() function that works like the
	PHP function of the same name.
hzml.c
	The html_special_chars() function has been moved to hzml.c. This has 
	less to do with the fact that it deals with html and more to do with the 
	fact that I cannot seem to access any of the DICT arrays from text.c.
	Alse added a helper function contains_html_special() which checks to see 
	if a string contains any "special" html characters. Call stripslashes()
	before outputing DICT_SHOPPER values.

DATE: 2009-04-15;  VERSION: 4.144 (JFS);  Rev: 4147
===================================================
text.c
	renamed function grow() to grow_stream(). Added function prototype
	to text.h. Rewrote strescape() again to use a Stream. This is 
	not as safe and fast as my previous implementation described below
	but is more canonical. Besides, it might be faster because it only
	loops once. The point of all this is to get strescape() working 
	fast and without leaks because it is going to be used A LOT when
	all user input is being scrubbed. The html_special_chars() function
	mentioned below will be used to prevent XSS attacks. 
store.c
	Modified get_themed_pathname_or_default() and get_themed_pathname_only()
	to take a const char instead of just a regular char for the 
	subdir parameter. Compiler was complaining.
Miscellaneous
	Replaced \n with MY_EOL from os.h (\r\n on windows \n on all others)
	Replaced \n with \r\n in html forms. Files affected include:
		ham_web.c
		ham_rules.c
		http.c
		digest.c
		ham_options.c
		os.c
		text.c
		ham_hzml.c
		ham.c
		softgoods.c
		csvparser.c
		rules.c
		store.c
		products.c
		client.c
		encryption.c
		ham_install.c
		hazel.c
		ham_sys.c
		hzml.c
		ham_products.c
	Check the svn diff log for rev 4147 for more details.

DATE: 2009-04-09;  VERSION: 4.144 (JFS)
==================================================
text.c
	Rewrote strescape() to malloc() once instead of realloc()'ing 
	in a loop. Safer, faster, and avoids a possible memory leak. The only 
	drawback is that is loops through each input string twice instead of 
	just once.

	Added html_special_chars() function. html_special_chars()
	replaces some special html chars with their html entites. It is based 
	on the PHP function htmlspecialchars(). This function is similar to the 
	quote_html_specials() function, but it doesn't mess with whitespace 
	chars. This will be useful soon for doing html/js scrubbing.
os.c
	Added my_uname_processor() which emulates uname -p 
	The function returns:
	- powerpc on PPC Mac OS X
	- i386 on Intel Mac OS X
	- unknown on ix86 Linux
	- i386 on ix86 

Miscellaneous:
	Moved some macros from defines.h to other header files since they were not
	needed by the rest of Hazel. defines.h is strictly for definitions needed
	by all of Hazel.

DATE: 2009-01-06;  VERSION: 4.144 (JFS)
==================================================
ham.c
    Updated ham.c to include rules file editing in
    the ham. These are basically backported features
    from Hazel 4.5. Unlike 4.5 however, only rules
    file editing is possible, not rules db editing.
    This is just another way to allow the user to
    conviniently edit text files without having to
    go to the server directly along the same lines
    as option file editing and template file editing.

Makefile.am
    Added ham_rules.c and ham_rules.h to the build-
    path.


DATE: 2008-12-31;  VERSION: 4.143 (JFS)
==================================================
variables.h
    Some more backports from Hazel 4.5. Added FILE and 
    BOOLEAN types to the Var data structure. I needed
    these in Hazel 4.5 to pass into the database.
    See svn diff -r 4139:4140 for more details.


DATE: 2008-12-30;  VERSION: 4.143 (JFS)
==================================================
Fixed some of the stuff I did in the import that didn't
work very well. A lot of textual changes, the big
change is in products.c detailed below.

os.c
    made a cast to (int)
-     return fs.st_size;
+     return (int)fs.st_size;
    created a new function: int fn_dir(const char *fn)
    which returns 1 if the passed in filename is a directory 
    and 0 if the passed in filename which is not a directory.
text.c
    added some description comment to strescape() and a 
    comment about how to better write the function without
    using realloc which is bad form. 
hzml.c
    modifed render_HZML_Directory_Loop() function simplifying
    it. %HZH_WORD1 displays the filename. Added
    %HZH_WORD2 which displays the file type: DIR or FILE.
    This is so that you can tell if a given file is a directory
    or a regular file so that you can do futher processing. 
    Before everything looked like a file. 
products.c
    In do_custom_products() changed:
    -    nuke_var(parms);
    +    /* if you nuke parms here Hazel crashes, figure out why */
    +    /*nuke_var(parms);*/


DATE: 2008-12-09;  VERSION: 4.143 (JFS)
==================================================
Backported some changes from the Hazel45 branch
os.c
    an additional check is done to see if a plugin
    is good.
ham.c
    made error message fit in 80 chars
    In HAM_action_export_products() changed variable
    ok to extension.
numerous other small changes

DATE: 2008-11-26;  VERSION: 4.142 (JFS)
==================================================
There was a bug in 4.142 where optioned products were 
not getting added, instead a missing SKUID error was
coming up. This has been fixed. This was caused by
skipping over the code that adds optioned products 
while trying to avoid adding dummy products for bad
SKUIDs. Dummy products are still not being added.  

Since this is a bug fix with no new features the 
version number has not been incremented. 

Other changes in this revision:
Option_Code_Delimiter, Hazel_Cookie_Name, Cart_Cookie_Name, 
Cart_Cookie_Delimiter, and Cart_Cookie_Quantity_Delimiter
global variables are set exactly one time during init
in the validate_config() method in store.c. 
These global variables are used in many different places
in the code, many times replacing a function call. 
The default values are set in defines.h. 

DATE: 2008-11-17;  VERSION: 4.142 (JFS)
==================================================
There are two major features in this version of Hazel.
    1) SKUID Checking
    2) Escaping %HZE Vars*

=== SKUID Checking ===
Added a function is_valid_skuid() to products.c that
checks to see if an SKUID is valid, whether it contains
any bad characters like * or ` that might be used
in SQL attacks or XSS attacks. The allowed characters
are alphanumeric and $-_.!(),{}|\^~[] 
Set of allowed SKUID Chars are defined in defines.h
SKUID validation can be turned off by setting the 
following in the hazel.config file:

INVALID_SKUID:1

The list of characters allowed in an SKUID can be
overridden by setting the SKUID_CHARS config file 
variable like so:

SKUID_CHARS:$_.!*,^~

Alphanumeric characters are always allowed in an SKUID. 
Setting the SKUID_CHARS variable is not recommended 
and is intended to be used for backwards compatibility
only. 

The detail page will redirect to the error page if it
receives an invalid SKUID as input. This is to prevent
malicious users from trying to inject SQL or javascript
into the ITEM parameter from the URL. If the SKUID is
invalid Hazel will redirect to an error page harmlessly.

=== Escaping %HZE Vars ===
*This feature will not be complete until the template
files are updated some time in the future. For now
the %HZR values are available but are not used. 

The purpose of escaping input strings is to prevent
XSS attacks and SQL injection attacks by escaping
any malicious input so that it is rendered harmless
before it is rendered back onto the site. 

Added a strescape() function to text.c to escape 
DICT_SHOPPER inputs. A new dict DICT_SHOPPER_RAW
contains the unmolested string. string escaping
must be turned on by setting:

ESCAPE_DICT_SHOPPER:1

in the hazel.config file. strescape strips any \0, 
\r, \n, or \x1a (SQL NULL) characters from the 
string and it escapes (puts a backslash before) any
\, ', and " chars in the string. The result is put in
DICT_SHOPPER for all user inputs. DICT_SHOPPER_RAW
contains the raw unmodified user input and can be 
accessed using the %HZR_ variables. This is important
for instance if you have a ' in your last name as in
Rory O'Connor. The template files need to be updated
so that the unescaped version is shown to the user.
This requires more testing to be done before this 
feature is considered final.

A convenience function set_dict_shopper_safe() allows
you to easily escape DICT_SHOPPER variables and do all
of the work of adding the original string into 
DICT_SHOPPER_RAW. Just call set_dict_shopper_safe(...)
instead of set_var(DICT_SHOPPER, ...)

=== Miscellaneous ===
If START_PAGE isn't set, it will automatically try 
index.html for action=HOME before giving up.

In digest.c I added a cast to char pointer for the result
of a crypt. This prevents a warning from gcc.

Added a function in text.c called maybe_trim_trailing_char().
The function takes two arguments, a string to check and a
char to look for. The function checks the string to see if 
the last character is the same as the char that is passed in.
If so, it chops that characters off, otherwise it leaves it
alone. The resulting string is passed back. I use this function
to chop off a trailing '/' character at the end of a dir path
or URL.

In the write_file_from_textarea() function in ham.c I greatly
simplified and sped up the writing of files from textareas
by replacing a call to fprintf(fp, "%s", textarea) with a 
simple fputs(textarea, fp). 

Option Code delimiter set in config file must be a valid SKUID
char or it will use the default.

DATE: 2008-09-26;  VERSION: 4.141 (MEB)
==================================================
members.c:  1.957
    Removed Hazel_login__do_HZML_List_All_Members_Loop() function.

    All functionality moved into Hazel_login__action_list_all_members(void).
    Also, the format of the template file that describes the fields is different.

line 1:MEMBER_EMAIL|MEMBER_USERNAME|MEMBER_PASSWORD|BILL_NAME1|...
line 2:%HZ{'H_MEMBER_EMAIL'}|%HZ{'H_MEMBER_USERNAME'}|%HZ{'H_MEMBER_PASSWORD'}|%HZ{'H_BILL_NAME1'}|...

    line 1: This is the header line that describes the fields below.  
    line 2: The actual data you want to see.  Note that we are using the
            pipe (|) as a delimiter in this example.  Get your fields from
            the user's dossier.txt file.  Make sure to preceed the field
            name with %HZH_.

            The %HZ{'H_FIELDNAME'} complex token format is recommend so
            special characters will NOT be escaped and spaces around data
            will be removed.


DATE: 2008-09-19;  VERSION: 4.141 (JFS)
==================================================
members.c: 
    Added a Hazel_login__do_HZML_List_All_Members_Loop() function.
    registered <HAZEL_LIST_ALL_MEMBERS_LOOP> tag in members plugin.
    Also added a Hazel_login__action_list_all_members() driver function.
    These function can only be called from the command line and will loop
    through all member dossier files and print to stdio member info
    gathered from a template file in a specific format.
    command line looks like this: 
    hazel.cgi -action cl_list_all_members -template template.html
    template.html should be in the templates/custom folder under HAZEL-CAT
    template should look something like this:
    <HAZEL_LIST_ALL_MEMBERS_LOOP>
        %HZH_MEMBER_EMAIL | %HZH_MEMBER_USERNAME | %HZH_MEMBER_PASSWORD | %HZH_BILL_NAME1
    </HAZEL_LIST_ALL_MEMBERS_LOOP>
    Plain text version of %HZH_MEMBER_HASHPASS can be accessed 
    using %HZH_MEMBER_PASSWORD.

DATE: 2008-07-07;  VERSION: 4.141 (JFS)
==================================================
In hzml.c I added a new type of loop -- the directory
loop. The directory loop loops over the files in a 
directory and displays them. The function syntax is
render_HZML_Directory_Loop(Text *body, Var *fields)
and you access the directory loop like so:

<Hazel-Loop type="Dir" basedir="%HZH_CAT_DIR" src="templates/payment">
    <p>%HZH_WORD1</p>
</Hazel-Loop>

The type keyword has to start with dir to activate
this type of loop so dir or direc or directory will
all active the directory loop.

The default basedir is the documents directory so the
basedir in the previous example is sets the basedir
to the hazel-cat directory instead. %HZH_WORD1 is the 
file name, no other words exist at the moment. If the 
src keyword is ommitted than the current directory is 
displayed. 

I am using the directory loop to loop over template files 
in the payment directory, but the directory loop can be 
used anywhere. I made the default directory the documents
directory because I anticipate theis function being used
by website authors to display lists of files on their web-
site, for instance they might list all of the image names
in an image directory. 

DATE: 2008-06-30;  VERSION: 4.140 (JFS)
==================================================
The main updates in this version are template 
editing in the HAM and some option code fixing.

In HAM_options_write_options_file() I am now calling
a function called write_file_from_textarea() passing
in the filename to write to a char pointer 
containing the text of the textarea. This has two
benefits, first, this function can also be called
from other areas that take template inputs and stick
them into files such as templates (more on that later)
and secondly I fixed a couple of bugs in the way I
was parsing the textarea field. I also got rid of an 
ugly goto statment by returning early and cleaning up 
in the case of an error. 

In the edit_options.html template file I changed some of
the names of the fields around and made the correspon-
ding changes in the Hazel 4.5 branch, but unfortunately
did not do the same here, so I had to make a bunch of 
code changes to update the variable names. In any option
function, the unique option identifier has been renamed
from NAME to CODE. The description has been renamed from
NOTE to DESC. The price modifier has been renamed from 
PRICE to PRICEMOD and the weight modifier has been 
renamed from WEIGHT to WEIGHTMOD. Several variable names
were changed as well, for instance, name became code, etc.

HAM_options_get_option_group() was removed and replaced by 
get_option_group() in products.c, the header files were 
modified similarly. The reason is because get_option_group()
is now called from hzml.c in the 
render_HZML_Options_Loop_Extended() function.

Added three new actions in ham.c:
void HAM_action_list_templates(void);
void HAM_action_read_template(void);
void HAM_action_write_template(void);

Added new source file ham_templates.c. This file contains
the following functions:
	HAM_templates_read_template_file()
	HAM_templates_write_template_file()
These functions read in the passed in template file from
disk and write the passed in template file from the HAM
back to disk respectively. They are called by the templ-
ate actions in ham.c listed above.

write_file_from_textarea() writes a file from a textarea.
The code was extraced from HAM_options_write_options_file().
Several improvements were made which is now called from both
HAM_options_write_options_file() and
HAM_templates_write_template(). Firstly, line endings are 
converted from \r\n to \n on UNIX platforms only. Secondly,
percent signs are not stripped from the output. 

DATE: 2008-06-19;  VERSION: 4.139 (MEB)
==================================================
Fixed inspect_cookie_client() in state.c which was
freeing memory that contained the client ID before
Hazel was done with it.  The result was new client IDs
created (i.e. Hazel 'forgets' what's in the cart).
This seemed to only manifest itself on x86 Linux

DATE: 2008-06-19;  VERSION: 4.139 (JFS)
==================================================
Updated HAM_products_image_import() in ham_products.c
to work better. The function takes just a filename 
and imports an image into either the default location
or a location specified in the hazel.config file
specified by the PRODUCT_IMAGES_DIR tag. The function
works the same way as it used to but no longer
requires the caller to specify the directory.

DATE: 2008-06-17;  VERSION: 4.139 (JFS)
==================================================
In ham_install.c in HAM_action_install_download_cgi()
I was copying a string to an unitialized piece of 
memory. This worked most of the time but was 
correctly erroring on Linux. Corrected this error
by creating an array of memory, memset()ing it to
nulls and then strcpy()ing into it. 

In os.c 
	if (text_length(output) == 0) { 
was causing an error if output was null. Changed to 
	if (output && text_length(output) == 0) {
Which will only hzdebug() in the case of a non-null
but zero length text stream. Apparently just null
output's are possible and are okay so I am not
checking for the case where the output is just null. 
I ran into this error while running the ham installer. 

DATE: 2008-06-03;  VERSION: 4.139 (JFS)
==================================================
state.c:
Added a hazel.config variable CART_COOKIE_EXCEPTIONS
which is a semi-colon delimited list of SKUIDs that
allows you to make exceptions to your hazelcart cookie
so that products don't get added to the cookie, but they
are still added to the user file. This is in response
to some custom cookie work that Rory has done on 
shopirish.com where some promotional items and special
items don't get added to the hazelcart cookie. That
way once the user file expires the items are no longer
in the user's cart even if their hazelcart cookie has
not yet expired. 

I also added a couple of hazel.config variables so that
you can change your hazelcart delimiters from the default
'|' to separate products and '^' to deliminate quantities.
These are called HAZEL_CART_COOKIE_DELIMITER and 
HAZEL_CART_COOKIE_QUANTITY_DELIMITER respectively. 

In os.c I added a hzdebug if a script runs and returns no
output so that there is a log if a script doesn't run.
This is in response to an error that happens if a script
won't run due to a permission error or some other error
preventing it from returning correctly. This is because
there was no notification if a script doesn't run. This 
feature is in response to Brad Ishida having issues run-
ning my-products-tweak.pl on the latest version of Hazel.

DATE: 2008-06-03;  VERSION: 4.138 (MEB)
==================================================
members.c plugin: bumped to version 1.955.
nuke_userfile_client_data() removed from plugin_login().  
There is no need for this as nuking here did not solve the 
crossed-member problem. In fact, it prevented use of client 
data during the member login stage. No %HZE_ vars could be 
accessed from the member_login.html template. Now they can.
 

DATE: 2008-05-23;  VERSION: 4.138 (JFS)
==================================================
Added two m4 files to the Makefile.am in the plugins directory.
The two m4 files needed to check for gpgme are:
	acinclude.m4
	gpgme.m4

We need a couple of macros from the above two files that are
normally installed with gpgme to see if gpgme 
is present at compile time. If gpgme is installed it 
should use the m4 files from gpgme, otherwise, it will
use the m4 files in the plugins/m4 directory to check
if gpgme is installed. However, automake may use the above
files instead of those installed with gpgme which could
become a problem if the gpgme m4 files are updated.

The main reason for this update is to fix a bug in Hazel where
your hazelcookie is not being sent to your secure server if
your secure server is on a different domain than your non-
secure server. The bug was caused by a bad return value in 
find_returning_cookie_client() in state.c. Along the way 
several other bugs and regressions were stubled over. Firstly
is the BASIC_SESSION_COOKIE. This is a domainless, non-
expiring cookie that gets set as a kind of catch-all cookie.
The BASIC_SESSION_COOKIE is bad, and is deprecated, it should
not be used ever. Another feature from long ago that was 
recently revived is the EXTRA_COOKIE_DOMAINS. This is a config
file variable that allows you to create cookies for "extra"
domains not including your main domain. However, because the
browser won't accept cookies of a different domain than the
one creating them due to a major security hole that would
create, this feature is of limited value and is deprecated.
find_returning_cookie_client() used to loop over multiple
hazelcookies trying to find the "real" hazelcookie. Will
the real hazelcookie please stand up? However, now that both
BASIC_SESSION_COOKIE and EXTRA_COOKIE_DOMAINS are deprecated,
this behavior is no longer necessary. You should only have one
hazelcookie, and when you switch from a non-secure server to a
secure server on a different domain, your client id should be
passed so that the hazelcookie created on the new domain will
have the same id as on the old domain. This ensures that you 
only ever have one hazelcookie per user thus fixing the bug. 


DATE: 2008-05-16;  VERSION: 4.137 (JFS)
==================================================
Now that libcsv is gone I had to rewrite some functions that 
depended on the functionality of that library. Two functions
HAM_products_check_valid_tab and HAM_products_check_valid_csv
now call a single function HAM_products_check_valid that checks
to make sure that a tab or csv file is valid, it just does some
basic checks and makes sure that the first line contains the 
header information, that SKUID, DESC, NAME, and PRICE are in 
the list and that there are no extra or missing fields in the
data portion of the csv/tab file. Although this code is less
thorough than the previous code it will still find basic 
problems like trying to import a CSV delimited file when a 
TAB delimited file is expected and vice versa. 

I also created a new function in client.c called burn_cookie() 
which unsurprisingly burns (ie gets rid of) the user's cookie. 
This function is called by maybe_burn_cookie() and forget_cookie().

DATE: 2008-04-02;  VERSION: 4.137 (MEB)
==================================================
Tweak to ham.c (moved a Var * def) to get HAM to compile on FBSD4.x
Removed libcsv/libcsv.h path in ham_products.c. John rewrote ham_products.c so it wouldn't
need libcsv anymore.


DATE: 2008-04-02;  VERSION: 4.137 (MEB)
==================================================
Added new <Hazel-Length Value="string" [Result=HZVKEY] /> if you want to find out how long a
string is.  This string can contain HZML if you wish.  Length of string will be returned
as %HZV_<key> as defined by Result.


DATE: 2008-03-06;  VERSION: 4.136 (MEB)
==================================================
cart cookie: changes to tally_order() and tally_subtotal() to make sure discounted prices
             are displayed properly when using cart cookie and doing an add/view/checkout
             action.

members.c plugin: Made sure username and alias checks are done lowercase: added missing lowercase()
             call inside Hazel_login__action_chname().  Hazel_login__lookup_alias curr->alias
             made lowercase before lookup is done. Also, removed ahash chk inside 
             Hazel_login__lookup_alias()

Also removed rest of baked cookie/userfile code from state.c and client.c


DATE: 2008-02-22;  VERSION: 4.135 (JFS)
==================================================
You can now delete entire option groups in HAM.

DATE: 2008-02-21;  VERSION: 4.134 (JFS)
==================================================
You can now delete options in HAM.

DATE: 2008-02-20;  VERSION: 4.133 (JFS)
==================================================
You can now add new option groups and new options using the user-
friendly option editor in HAM. All that remains is deleting
options and option groups.  

DATE: 2008-02-14;  VERSION: 4.132 (JFS)
==================================================
Special Valentine's Day Hazel release for all you lovers out there.
There are two important new features in this release. Firstly,
When you edit your options.txt file directly via the HAM, it now
saves it in \n delimited format instead of \r\n which is good unless
you are on Windows, and pretty much what Hazel expects to see. 
Secondly, editing options using the more user friendly option
editor in the HAM is now complete. Still missing is the ability
to add new options and new option groups in a user friendly way in 
the HAM. However, you can edit the options name, pricemod, 
weightmod, and description separately and without having to mess
around with ;'s and :'s and @'s. 

DATE: 2008-02-07;  VERSION: 4.131 (JFS)
==================================================
Added some new functions to os.c that allow the programmer to grab the individual uname
components of the current machine. The new functions emulate uname -s, uname -n, uname -r, 
uname -v, and uname -m. uname -a is already provided by my_uname().

Updated the HAM_update_CGI() function in ham_install.c to automatically download the 
correct hazel.cgi binary to the user's cgi-bin directory. It also provides the user
with a hardcoded list of available binaries if something goes wrong. The precomplied
hazel binaries have been moved over to hazel.netsville.com from ftp.netsville.com

DATE: 2008-02-07;  VERSION: 4.130 (MEB)
==================================================
Renamed maybe_tally_order() to tally_order_if_selected() to 'splain better what it's doing.  Also
further restricted it so it only runs if action equals one of ADD|VIEW|CHECKOUT.

tally_order() has been modified to take a arg that will force it to run in certain cases.


DATE: 2008-01-31;  VERSION: 4.129 (MEB)
==================================================
Bunch of modifications and some new things so pay attention:

[2007-12-27] In attempt to track "Missing SKUID" bug where at order completion we have
customer info, but lack the skuids they ordered, I've added a trigger
(activate with MISSING_SKUID_DEBUG:1 inside hazel.config) that will dump DICT_SELECTED and
DICT_SHOPPER when Hazel detects that an skuid is missing. This is inside products.c.

[2008-01-15] members.c plugin: Removed the code that compared dossier info to user file info
(this was in place to seek out a bug that was not related to Hazel).  This check was causing
returning members (that had an expired hazelcookie -- i.e. a NEW user) to get logged out because
Hazel would ignore the MEMBER_TOKEN inside hazelmember cookie.  Customer wants people to remain
logged in even after hazelcookie expires and this check was preventing that.

[2008-01-15] hazel.c: added maybe_tally_order() to set the %HZT_ vars if there's something in
DICT_SELECTED (i.e. a customer, new or otherwise, has selected items) everytime Hazel runs so
we can display this info to the user.  Example: a custom cookie that has stored products and
quantities to display "what's in my cart?" info to customer on first hit to the site.

[2008-01-18] well, we've gone ahead and added a 'hazelcart' cookie to store selected items 
that Hazel controls so the example above is moot.  To use this cookie, you must activate it with:

CART_COOKIE_ENABLED:1

Other hazelcart hazel.config variables:

CART_COOKIE_NAME:    - change the name from 'hazelcart' to something else
CART_COOKIE_AGE:     - set the age of hazelcart cookie, works like USER_FILE_AGE
CART_COOKIE_EXPIRES: - alias for CART_COOKIE_EXPIRES.  Don't use both of them in your config file
                       at the same time please...

The point of this cookie is to store selected items even after the general "session", the main
'hazelcookie' has expired.  So, what you generally want is a short expire time for the main
hazelcookie and longer one for 'hazelcart' cookie so a returning customer may continue to see what
they had in the cart WITHOUT the overhead of keeping a user file lying around.  The format of the 
stored selected items info is SKUID^QTY|SKUID^QTY|...  This is just for info purposes, you can't
change the format.

[2008-01-18] Removed what Quinn called a "basic session cookie".  Hazel had been setting two cookies,
one with expire and host info and one without.  I think this was to get around sites that didn't pass
cookies when using SSL or when switching hostnames?  I really don't know, but seeing two cookies set
every single hit to Hazel didn't make sense.  With the addition of the 'hazelcart' cookie, we then got
FOUR cookies set on each hit!  So, I've removed this.  If all hell breaks loose, you can re-enable this
by setting:

BASIC_SESSION_COOKIE:1

*BUT* then the hazelcart cookie won't work as the "basic session" version of the hazelcart cookie won't
have expiration info and will NEVER EXPIRE.  In other words, customers WON'T BE ABLE TO CHANGE THE
ITEMS IN THEIR CART.  This problem didn't come up with hazelcookie because deleting that also deleted the
user file.  So, without a userfile, a new hazelcookie always got created!  But there is no special file
associated with hazelcart cookie so Hazel MUST be able to create and expire it correctly. So, you really,
really don't ever want to re-enable this.

[2008-01-18] TODO:  Since I dug into the cookie code, there was this concept of a "baked" cookie which was basically
the entire user file encoded into a cookie.  I haven't done this yet, but all that code needs to be REMOVED.
We should never need to do this and no customers should be using this feature.  I doubt it was made public
knowledge.  Bury it!...


DATE: 2008-01-29;  VERSION: 4.128 (JFS)
==================================================
I added a new feature where in you can edit your options file
directly from the HAM. The options file is loaded into a 
textarea where it can be altered to the users wishes.
On save the text in the textarea is used to create a new
options.txt file.

DATE: 2008-01-27;  VERSION: 4.127 (JFS)
==================================================
Unfortunately, I found another bug in the CSV parser. If the 
input file had some non-standard newlines (LFCR or CR) then 
my script did not properly handle the EOL condition and would
gladly continue slurping in bad data until EOF. This resulted
in unpredictable behaviour such as infinite loops and very 
messed up product imports.

DATE: 2008-01-15;  VERSION: 4.126 (JFS)
==================================================
Fixed another bug with the CSV parser. Sometimes bad data could be
inserted into the field if the memory I used was not clean due to 
a side effects of strncat. Cleaned up HAM_products_import a bit. 

DATE: 2008-01-10;  VERSION: 4.125 (JFS)
==================================================
Fixed a bug with the CSV parser. If there is whitespace surrounding 
the delimiter, it will not import the following field correctly, instead
it will forget to remove the double quotes and bring forward the 
whitespace into the field. 

DATE: 2008-01-10;  VERSION: 4.124
==================================================
This commit contains some major new features as well as a few minor fixes.
os.c
	Added a helpful comment

ham.c 
	Included a new header file ham_options.h
	Added HAM_action_options_home() -> Loads options home template
	Added HAM_action_list_options() -> Loads list options template
	Added HAM_action_list_option_groups() -> Loads list option groups template
	Added HAM_action_edit_option() -> Loads edit option template
	Added HAM_action_edit_option_group() -> Loads edit option group template
	Added HAM_action_update_option() -> Updates options file with newly modified option
	Added HAM_action_update_option_group() -> Updates options file with newly modified option group
	Added OPTIONS action
	Added LIST_OPTIONS action
	Added LIST_OPTION_GROUP action
	Added EDIT_OPTION action
	Added EDIT_OPTION_GROUP action
	Added UPDATE_OPTION action
	Added UPDATE_OPTION_GROUP action

Added new files csvparser.c csvparser.h

csvparser.c
	Added advquoted() -> Removes surrounding quotes in a CSV field
	Added reset() -> Nullifies and frees all variables if something bad happens
	Added csvgetlist() -> Parses a CSV file and returns a pointer to a list of pointers
						  containing the fields in a line of a CSV file passed into it.
	Added csvfield() -> returns pointer to the nth field of a csv list

products.c
	Added parse_option_vals() -> Parses option values into name, weight mod, price mod, description

products.h
	Added prototypes for parse_option_vals(), current_option(), set_current_option()

hzml.c
	Added render_HZML_Options_Loop_Extended() -> renders an Extended Options Loop into HTML
	Added render_HZML_Options_Group_Loop() -> renders an Options Group Loop into HTML

Makefile.am
	Added ham_options.c, ham_options.h, csvparser.c, csvparser.h to Makefile

HAM_products.c
	Added HAM_products_check_valid_tab() -> Validates imported tab deliminated file
	Modified HAM_products_check_valid_csv() -> Validates imported CSV file
	Added a check for NULL for CSV file (if something goes wrong CSV file could be NULL)
	Completely rewrote HAM_products_import_line_csv() to work with my CSV parsing code

DATE: 2007-12-26;  VERSION: 4.123
==================================================
If you have a PRODUCT_IMAGES_DIR defined so that you can upload images from HAM you should only have to specify the path relative to DOC_DIR. 

DATE: 2007-12-13;  VERSION: 4.122
==================================================
HAM_SHIPPING_NOT_OVERRIDING_SHIPPING_RULES Fix (2007-12-10)
If you specify a shipping rate in the SHIPPING Field of HAM, it should override any shipping rate math that would be done in the shipping.rules file unless you put a + sign proceeding your shipping cost in HAM. However, Hazel was adding the shipping.rules cost no matter what. 

DATE: 2007-12-12;  VERSION: 4.121
==================================================
PRODUCTS_WITH_OPTIONS_AND_DISCOUNTS Fix (2007-12-10)
If you have a product (for example an ice-cream cone for $1.00) that has an option with a non-zero cost associated with it(+$0.25 for sprinkles for example) and a discount (buy 2 get 1 50% off) Hazel was adding the cost of the option twice (so $0.50 instead of $0.25) if you did not receive a discount (you only bought one ice cream cone not two so no discount). 

DATE: 2007-12-12;  VERSION: 4.120
==================================================
OPTION_CODE_DELIMITER Fix (2007-12-04):
* You can now use OPTION_CODE_DELIMITER to change what Hazel uses to concatenate SKUIDs and OPTIONs.
  By default this is a dash (-), but some customers use dashes in their SKUIDs.  This setting
  provides a solution for this.
* Ex: Use in hazel.config like this:         OPTION_CODE_DELIMITER:^
  to change the delimiter into a carat and you will be able to use SKUIDs with dashes in them.
* MUST BE A SINGLE CHARACTER

mysql plugin (2007-11-11):
Added MYSQL_CONNECT_TIMEOUT hazel.config variable to control how long Hazel waits for MYSQL on
connect.  Default is 15 seconds.

hazel (2007-11-11):
* Catch SIGINT (cntl-C) and display a message for that so we don't think it's a general SEGFAULT.
* Exit immediately from trap_signal() rather than using my_exit() so we don't have to wait for
  plugins to shut down since the plugins may be the reason we hit cntl-C in the first place.


DATE: 2007-11-03;  VERSION: 4.119
==================================================
members plugin:
Function added to delete members from HAM, and to log all members out (command line only).
Many bugs fixed that can potentially cause users to see other people's membership
information (however, one of these bugs we now suspect was caused by corrupt memory
in a server and not Hazel -- see members.c comments for details).

mysql plugin:
Beginning code for creating orderseq and users tables.  Code is commented out right now pending
further development

hazel:
Rather than relying on NULL, I'm writing an ___EOU____ (End of Userfile)
flag to the end of each userfile inside the Text structure to designate
the end of key:value pairs to be written to the user file.  This flag is
not written to the userfile itself.

A new function called text.c::text_fprint_userfile(File *fp, Text *t)
is used specifically for writing userfiles.

Changed behavior of Hazel-Loops (of Type=File) when both SRC and BASEDIR are
defined.  We will now process these files as-is without regard to hash marks.

Sanitized cgidie output to prevent potential cross-site scripting issues


DATE: 2007-10-19;  VERSION: 4.11X   (johns)
==================================================
Fixing a bug in MSIE6 to convert \&apos;'s into single quotes. Added a new hazel config variable 
MSIE_APOS_FIX to turn the feature on and off. Off by default. 


DATE: 2007-10-03;  VERSION: 4.11X   (johns)
==================================================
Two major features in this commit both are in the HAM when editing a product.
First is that the description edit box is bigger so you can enter html into the 
box more easily.  Second is image uploading, browse for an image on your desktop, 
click upload image and it automatically uploads the image and sets the image 
property of that product to point to your product.


DATE: 2007-09-28;  VERSION: 4.118
==================================================
* Sanitize output of error messages to prevent potential cross-site scripting attacks
* Fix so HZML in header.rules processed before any HZML template.
  (Edit: Rory said this fix didn't work, but I haven't gotten back to it as of this edit -- 20071103 meb)


DATE: 2007-09-19;  VERSION: 4.117
DATE: 2007-09-15;  VERSION: 4.11x
DATE: 2007-09-13;  VERSION: 4.11x
DATE: 2007-09-11;  VERSION: 4.11x
==================================================
Added three new hooks to Hazel Plugin API
::int plugin_define_tag(void)  - define new or override existing HZML tags
::int plugin_do_hzml_tag(Var *parms) - allow a plugin to handle these new tags.
::int plugin_encrypt_order(Var *parms) - allow plugin to encrypt orders

See tag_hazelversion.c plugin and gpgencrypt.c plugin for an examples of how to do these
things.  You can also look at hzml.c's do_HZML_* functions for ideas since your plugin 
will need to work the same way (if you're overriding an existing tag).  If you want to
encrypt an order, you simply need to pass back an encrypted Text* in place of the 
post-HZML-rendered one you receive.

gpgencrypt.c:: New plugin for encrypting orders using GPG.  Must have gpg and gpgme installed.
               Overrides <Hazel-Belch> with two new options:  GPG and KEYID
               GPG (boolean)  - use this argument when you want to encrypt
               KEYID (string) - specify your KeyID for the public key you wish to use.
                                Must already be in your keyring.

GPGENCRYPT_ORDERS:1        -Use in your hazel.config to automatically encrypt your orders

GPGENCRYPT_KEYID:4A044B0B  -Use in your hazel.config to specify the KeyID to use for all encryption.
                            A KEYID arg in a specific Hazel-Belch will override this.

Regarding Macs:
Minor tweaks to configure.ac and Makefile.am to correctly choose -lcrypto library for Macs.
Also, the configure/make process works better WITHOUT Fink's autotools installed.  So, make
sure the Mac only has Xcode and no /sw dirs are in the PATH during building.

DATE: 2007-05-31;  VERSION: 4.116
==================================================
Added fopen_delayed() function to os.c that takes in a delay in secs parameter that Hazel will wait before
giving up on accessing a file.  Used in products.c and search.c when reading products file.


DATE: 2007-03-24;  VERSION: 4.115
==================================================
Added Return-Path: header everywhere else (members.c, ham.c, ham_auth.c, hzml.c, os.c)

Fixed <Hazel_Date /> ADJUST flag so it accounts for daylight saving time.

DATE: 2006-12-05;  VERSION: 4.114
==================================================
Adjusted Unregistered Hazel "nag" function to account for uppercased "NAGGED_<clientid>" field
now that client ids can contain letters.

Hazel now creates a new orderseq.txt file if one does not exist.  Warning message written to
hazel.bug when this happens.

Added Return-Path: header to mailing invoices function which is taken from STORE_EMAIL

DATE: 2006-10-10;  VERSION: 4.113
==================================================
We're attempting to side-step the problem of missing order information during periods of high load 
during the FINISH operation when an API script is being used.  The problem is rare and hard to 
reproduce.  Must be doing 100s of orders a day *AND* be using an API FINISH script to even notice
this issue.

New hazel.config var
------------------- 
ALWAYS_KEEP_SESSION - Use this if you want Hazel *NOT* to delete cookie and userfile at FINISH.
                      This will allow an outside script to handle this or you can have Hazel
                      do it at a later time/date.

                      To assist with this, we have two new actions:

New Actions
-----------
NUKECART  - remove all selected items in a user's cart (but keep the userfile itself).
NUKESESS  - remove current user's userfile/session.

Note that these two actions above *DO NOT* return anything to the screen so you don't want to
call these during a normal shopping session.  These must be used from an API script (at FINISH)
or maybe IMG SRC call at the very bottom of the receipt page.  Even so, we also recommend running
Hazel with "action=cleanup" periodically from CRON if you plan on using ALWAYS_KEEP_SESSION.


DATE: 2006-06-05;  VERSION: 4.112
==================================================
Fixed bug in hzml.c: get_tag_start() where it wasn't processing lines that begin with hash marks (see 4.108).
Modified this previous change so that it only applies to RULES files.  This allows us to include HZML in 
comments without them being interpreted while everything else (public .hzml files, templates, etc) may have
lines that begin with comments.

** this change touched the HAM, MEMBERS PLUGIN, MYSQL PLUGIN, PSPELLCHECK PLUGIN so anyone upgrading to this version and
using any of these plugins will need the latest version of the corresponding plugin.


DATE: 2006-05-12;  VERSION: 4.111
==================================================
Added new item to SearchSpec object (bool nonsearch_loop).  This allows Hazel to
differientiate btw a SEARCH ENGINE type search where searchspec must be able to
search across any fields and QUERY_LOOP type search where searchspec must match
all fields.

NOTE:  Had to mod new_SearchQuery args in C_stewmac.c plugin


DATE: 2006-05-01;  VERSION: 4.110
==================================================
Modfied products.c: do_custom_products_tweak() and store.c: do_api_script() to only
run the passed script once per session rather than however many times fill_products() happens 
to get called in a session.


DATE: 2006-04-20;  VERSION: 4.109
==================================================
cont: search.c: Removed maybe_exclude_match() and parand_failed().  Still need to remove some refs to
SEARCH_LOGIC_PARAND!


DATE: 2006-04-06;  VERSION: 4.109
==================================================
search.c: match_line() terms that are searched within SEARCH_FIELD fields are now 
assumed to be OR'ed together rather than taking on the restrictive logic defined 
by SEARCH_LOGIC itself.

SEARCH_PARAND:1 and DEFAULT_SEARCH_PARAND:1 in hazel.config is no longer valid or needed.


DATE: 2006-03-29;  VERSION: 4.108
==================================================
minor change to hzml.c:

get_tag_start() of hzml.c: Don't process lines that begin with hash marks


DATE: 2006-03-27;  VERSION: 4.107
==================================================
Couple of things:

1. Removed calls for ALLOW_RAW_CLIENT
ALLOW_RAW_CLIENT - Now obsolete - Hazel sees all clientids as "raw" because MD5 hashes are alphanumeric

2. Don't encapsulate client id when clientids are "raw" (alphanumeric).

3. Don't add encapsulated version of clientid to PATH_INFO when RANDOMIZE_URL is zero or missing.

RANDOMIZE_URL (H4) - Now obsolete - This was used to get around browsers caching pages by making Hazel URLs unique.


DATE: 2006-01-24;  VERSION: 4.106
==================================================
Added "-lm" math lib to MYSQL_LIBS in plugins/configure.ac ... and configure.  
Fixed Undefined symbol "floor" error.  No Hazel version change.


DATE: 2005-12-22;  VERSION: 4.106
==================================================
Using new_client_id_md5() to generate the PICKUP_ID.  new_client_id_md5() modified to take one
argument for adding randomness.


DATE: 2005-12-09;  VERSION: 4.105
==================================================
In mysql.c plugin, SQL_CACHE was hardcoded in queries.  I made it optional so there's a
new field option available in hazel.config called MYSQL_USE_SQL_CACHE.  Set true or '1',
'SQL_CACHE' will be used in queries that Hazel performs internally otherwise, it will not
be used.  MYSQL3.x does not support SQL_CACHE so do not enable it if you're using MYSQL3.x.


DATE: 2005-12-08;  VERSION: 4.104
==================================================
Added functionality for CLIENT_ID_16 to allow for 16 char client id and for 
PICKUP_ID_LENGTH (allowed values are btw 5 - 16 inclusive) for adjusting the
length of the pickup ids.

Use:

In hazel.config, "CLIENT_ID_16: TRUE" will make all the successive new client ids 16 
chars long.

In hazel.config, "PICKUP_ID_LENGTH: 13"  will make all pickup ids 13 characters in 
length.  If you enter a value out of range or no value, the length will default to
32 characters.


DATE: 2005-11-07;  VERSION: 4.103
==================================================
new_client_id_md5() using MD5 hashing and a little more randomness to generate
a better client id.


DATE: 2005-10-12;  VERSION: 4.102
==================================================
note: bunch of little fixes with mysql plugin and file locking

Added support for custom my.cnf file for mysql plugin.  Described here: http://dev.mysql.com/doc/mysql/en/mysql-options.html
Specify the file and group in hazel.config like so:

MYSQL_DEFAULT_FILE:/home/user/cgi-bin/my.cnf
MYSQL_DEFAULT_GROUP:hazel

The my.cnf file has same spec as global MySQL file usually found here: /etc/my.cnf.  I used it to define the 
(non-standard location of) "socket" file on customer's MacOSX server:

[hazel]
socket=/var/lib/mysql/mysql.sock

-------

Added -lz (zlib) to MYSQL_LIBS in configure.ac

------

In os.c - Hazel_dlerror(), changed this to map to dlerror()

------

Inserted 

INCLUDES = $(mysql_la_CFLAGS)

Just before this line:

COMPILE = $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)

in Makefile.in file inside plugins directory (and Makefile.am)

-------

Tightened up file locking a little more in client.c hopefully to fix orderid getting upped btw pending & order steps.

fp_lock in os.c will DIE if locking fails -- this is better than missing info, orders, etc.
* Increased MAX_LOCK_TRIES to 20 and LOCK_SLEEP_SECONDS to 1 by default

Fixed HTTP Status: codes which has been bugging me for years...  OK was "200 200" to work around
a crappy Windows 2000 webserver that didn't properly support CGIs (called Website, I think).



DATE: 2004-12-08;  VERSION: 4.101
==================================================

Made increment_order_id() function in client.c a little safer.  Fixed file locking.  Hazel
 will try harder to lock file...and if she can't, she will die instead of resetting counter.

Also modified plugin_search in mysql plugin.  It will fill product info now.  I also added
SQL_CACHE to select queries in case user has that enabled in mysql(meb)




DATE: 2004-11-29;  VERSION: 4.100
==================================================

Added support for Type=FLOATx in Hazel-Math, where X is a single-digit precision for the output.  Seems to carry through for subsequent Hazel-Maths on the result...


DATE: 2004-10-13;  VERSION: 4.099
==================================================

Make cmdline argument reader put fields into DICT_INPUT (as well as DICT_SHOPPER), so that userfile reads do not overwrite them.  (And this should have the side-effect of parse batch product working with cmdline calls.)


DATE: 2004-10-04;  VERSION: 4.098
==================================================

Hacked preprocess_search_term interpretation in search.c to skip the search term if it is substituted into an empty string.


DATE: 2004-09-16;  VERSION: 4.097
==================================================

Uh, updated 4.093 change by sending path (as /), so HzSt doesn't cause browsers to set a cookie for every damned hit to Hazel.

Delete the user's *.matches file when deleting client files.


DATE: 2004-09-10;  VERSION: 4.096
==================================================

Added optional MSGID for ERROR action to use Hazel's method of determining which template should be used for displayed for an error.  Useful for payflowpro and other payment gateway options.


DATE: 2004-08-25;  VERSION: 4.095
==================================================

Emergency hack to Hazel_regsub to prevent infinite loops for recursive RE subs.  Will only perform one iteration of a search.


DATE: 2004-08-20;  VERSION: 4.094
==================================================

If one wants credits to be taxable, set TAX_CREDIT:1.  To tax surcharges, set TAX_SURCHARGE:1.  This affects changes in 4.075, making the old behaviour default.


DATE: 2004-08-17;  VERSION: 4.093
==================================================

Try sending a "session" cookie with only the name and value (no domain, path, expiration, etc.)


DATE: 2004-08-13;  VERSION: 4.092
==================================================

Removed search_spec_to_where_statement and skuid_list_to_where_statement from search.c, putting them in the search plugins (or plugin, mysql) itself for engine-specific processing.  Also added escape function to mysql plugin, and use it in the new functions.


DATE: 2004-07-28;  VERSION: 4.091
==================================================

Added <Hazel-Decode Value="valueencodedwithhazelencode" Result="hzvkey" />.


DATE: 2004-07-28;  VERSION: 4.090
==================================================

Removed need for empty.html and error.html to exist.  Will use message.html if they don't.  Two less templates to modify for look-n-feel.


DATE: 2004-07-15;  VERSION: 4.089
==================================================

Hacked action=test to not blow away current values, d'oh, only fill with defaults if they don't already exist.


DATE: 2004-07-14;  VERSION: 4.088
==================================================

Hazel-Encode HZML element, and members.c support for reading and decoding field values beginning with $HzEn02$.  I don't like this approach.


DATE: 2004-07-12;  VERSION: 4.087
==================================================

Moved word->logic != PARAND check up in the search.c::maybe_exclude_match loop-- avoids the striword/key lookup.  That "key lookup" is for an optional third arg of a product namespace to check instead of a delimited fields string, to facilitate what I'm actually working on, which is a search over a loaded products dictionary.

Added DB_SEARCH_RESCORE for re-scoring the result of a database search.  (Actually adding scores, since there are none from a search spec converted to an executed SQL query.)

Moved copy of search_spec_to_where_statement to mysql.c for it to do its own special mutations.  I am not happy with it, it's a hack, but OK then.


DATE: 2004-07-09;  VERSION: 4.086
==================================================

Beginnings of support for optionally encrypted values in member dossiers, starting with rules.c::Hazel_postprocess_prefs and text.c::Hazel_possibly_decrypt_value.  Encrypted (or otherwise encoded/obscured) strings are noted by a $HzEnXX$ prefix, where XX is some index to a decrypt/code method.


DATE: 2004-06-30;  VERSION: 4.085
==================================================

Added support for wildcard rule header [*], and initialize all rules headers to that value, so a (eg.) *:_0_ rule line can now be given before any header is present.  However, rule header blocks don't have any scope, so be aware that the active header will be either * or whichever header was last encountered.


DATE: 2004-06-17;  VERSION: 4.084
==================================================

Added checkout, view to default CUSTOM_TEMPLATE_RE value in store.c.


DATE: 2004-06-11;  VERSION: 4.083
==================================================

Check "sales_tax" (in addition to just "tax") in HZML_RULES for possible HZMLification.


DATE: 2004-06-02;  VERSION: 4.082
==================================================

Changed products.c::product_sort_func to make empty strings lose, then backed out of the change realizing it isn't what I was trying to do.

Added DICT_AISLE for aisle matches.


DATE: 2004-06-01;  VERSION: 4.081
==================================================

Added hzml.c::Hazel_regmatch for minimal regex matching without the bloat of the HZML-centric functions.  Hacked store.c to use it for CUSTOM_TEMPLATE_RE checks.


DATE: 2004-05-30;  VERSION: 4.080
==================================================

Added CUSTOM_TEMPLATE_RE config field, if the template id matches that field value (a regular expression), allow it to be customizable.


DATE: 2004-05-28;  VERSION: 4.079
==================================================

plugins/mysql.c: Added optional Prefix="COLUMN" attribute for Hazel-DB-Rows for specifying prefix for %HZH_DBR_COLUMNx for each field/column in a row, filled with the value, as an indexible alternative to %HZH_DBR_fieldname.


DATE: 2004-05-28;  VERSION: 4.078
==================================================

Added HAZEL_STATE_LOG, so state (adding state to stateless HTTP, tracking users through hits to the CGI) debugging isn't including by default in hazel.bug anymore.  To add it back, just set HAZEL_STATE_LOG:hazel.bug to hazel.config.  State tracking is pretty solid now, and its debugging is very noisy.

Added %HZT to recognized Tokens via parse_vset_token_spec.  (d'oh)


DATE: 2004-05-28;  VERSION: 4.077
==================================================

stupid funking grumble grumble taxes


DATE: 2004-05-27;  VERSION: 4.076
==================================================

Moved init.hzml hook to just /before/ plugin initialization, rather than immediately after.


DATE: 2004-05-27;  VERSION: 4.075
==================================================

Moved tax calculation after surcharge and credit.  This may affect certain calculations which assumed surcharges and credit were not taxable.

If %HZM_TAX_TAXABLE, set final tax to the tax rate (returned by the sales_tax.rules file, or %HZT_TAX_RATE from a MY_TAX script) times %HZT_TAXABLE.  Thus, one can set both with Hazel-Vset in sales_tax.rules, and allow the rate computed there to be applied to a more specific taxable amount.


DATE: 2004-05-26;  VERSION: 4.074
==================================================

More aisle tweaks, officially calling the feature "aisles" instead of "categories."  Some TAX_SHIPPING debugging steps.


DATE: 2004-05-19;  VERSION: 4.073
==================================================

Hacked doSearch to return -1 if the products file could not be opened (instead of cgidie dying.)  Noting here in case it causes problems down the line.


DATE: 2004-05-04;  VERSION: 4.072
==================================================

Very rough attempt at an action=categorize which (temporarily, RORY) references a CATEGORY field in the products file to build a category, and uses templates/categories/default.html like a matches.html template, categories/empty.html for a category with no members, and categories/foo.html as a custom override for a category with code foo.  Syntax is action=categorize&item=catcode&mode=|new|again|next|prev|goto.


DATE: 2004-05-04;  VERSION: 4.071
==================================================

Support for HTML_QUOTABLES config field to override which characters Hazel will quote within complex tokens.  Always quotes whitespace.


DATE: 2004-04-26;  VERSION: 4.070
==================================================

Preliminary support for MAINFRAME:filename config value.  If present, render templates/<filename> instead of any served page.  filename should contain a call to <Hazel-Slurp Content /> to read in the actual page content.


DATE: 2004-04-09;  VERSION: 4.068
==================================================

If NOT logic, use AND instead of OR.  Wtf?  Oh yeah, that was for the above search_spec_to_where_statement.


DATE: 2004-04-08;  VERSION: 4.067
==================================================

Default OR logic in search.c::search_spec_to_where_statement, for PARAND or OR requests.  Use AND only if search logic is explicitly AND.


DATE: 2004-04-07;  VERSION: 4.066
==================================================

Begin debugging search.c::search_spec_to_where_statement.


DATE: 2004-04-01;  VERSION: 4.065
==================================================

Added Hazel-Digest Type="Crypt" Salt="whatever".


DATE: 2004-03-30;  VERSION: 4.064
==================================================

Added ROLL_COMPLEX_TOKENS config field.  If true, always replace newlines with spaces in complex tokens, regardless of complex token quoting policy.


DATE: 2004-03-13;  VERSION: 4.063
==================================================

Various Win32 fixes?


DATE: 2004-03-12;  VERSION: 4.061
==================================================

Added support for %HZE_SEARCH_SORT and %HZM_DEFAULT_SEARCH_SORT of format "[+-]FIELDNAME" to sort matching products of an entire sort, as opposed to the Sort parameter of a (eg. matches) loop, which sorts only that loop's contents.


DATE: 2004-02-26;  VERSION: 4.060
==================================================

Fixed bug in do_HZML_Explode.  UPPERCASE(prefix) required to canonically set the proper %HZV key.  H3 still inserts the iteration index directly, rather than snprintfing it, so its initial UPPERCASE(namebuff) is sufficient.


DATE: 2004-02-19;  VERSION: 4.059
==================================================

Added check for old H3-style products filename in HAM_action_products_home.


DATE: 2004-02-12;  VERSION: 4.058
==================================================

Fixed pointer trespass in variables.c::to_fields which would cause a crash when an opening HZML tag ended in a boolean attribute (without a value) followed by a single space.  Crikey, that to_fields code is scary.

Added new HZST_VERSION 3 with the brevity of v2 and nearly as much flexibility as v1.  It chunks an all-numeric clientid and the expiration seconds into a series of base62-encoded pieces.  Supports LONG_CLIENT_ID.


DATE: 2004-02-10;  VERSION: 4.057
==================================================

Fixed text.c::my_vsnprintf to copy cooked string a maximum of `size' characters and not `maxlen' (the internal buffer limit.)


DATE: 2004-02-10;  VERSION: 4.056
==================================================

Hack for sf1000.registeredsite.com which doesn't identify itself as secure by the usual methods.  Set HTTPS_IF_URL_SAYS_SO:secure, make a "secure" link in cgi-bin to the same cgi-bin, and use that as HTTPS to know when we're secure.  (Upported from H3.)

If LONG_CLIENT_ID:1, prefix new_client_id with an integer tying it to a specific time period, to avoid re-assigning the same id over that particular period.


DATE: 2004-02-06;  VERSION: 4.055
==================================================

Added DEMAX_COOKIE_EXPIRES and DEMAX_USER_FILE_AGE hazel.config toggles to avoid the internal MAX_USER_REAP_THRESHOLD (of a week.)  However, setting cookies to expire after the user file is deleted is probably a bad idea.


DATE: 2004-01-23;  VERSION: 4.054
==================================================

Added MEMBER_DOSSIER_FORCE_SAVE config setting for saving the dossier after every hit.


DATE: 2004-01-19;  VERSION: 4.053
==================================================

Allow one to use Value instead of Src for source string of Word loop.


DATE: 2004-01-13;  VERSION: 4.052
==================================================

Added %HZI_PICKUP_URL to initialized pickups, using new Hazel_pickup_url_extended to give what redirect usually shows.  (Could be a problem for anyone who has embedded an explicit PICKUP_URL field in their products file.)


DATE: 2004-01-13;  VERSION: 4.051
==================================================

Added init.hzml HZML hook called just after init_plugins in main.c (after the config file has been read and validated.)

Added ability to set %HZA/DICT_ARGS with Vset.

Make plugin redirection explicitly use MAIN_NONSECURE rather than MAIN URL.


DATE: 2004-01-07;  VERSION: 4.050
==================================================

Added X_javascript <Hazel-Script>...</Hazel-Script> Javascript plugin, with simple HZML(str) function to render a string as HZML.


DATE: 2003-12-30;  VERSION: 4.049
==================================================

Added DISABLE_PICKUP_REDIRECTION to, well, disable redirection in action=pickup to a URL ending with the actual filename.


DATE: 2003-12-23;  VERSION: 4.048
==================================================

Hacked evaluate_HZML_Choice to take "Value" attribute before "Token" for the subject value.

%HZN namespace can now be used to access DICT_INPUT values.


DATE: 2003-12-19;  VERSION: 4.047
==================================================

Added Hazel_regsub to do in-place regular expression replacements, but not sure whether or not to initially hzmlsub the Replace attribute value (eg. someone wants to use an HZML token as of the calling of the loop as the replacement) or to do it for each replacement iteration (eg. they want to use something like %HZV_RE0 to reference a match).  For now, the replacement will be parsed anew for each time it is needed.  The better solution is to allow escaping %HZ with backslashes, and backslashes with another backslash.  (Or to allow $[0-9] subs in this replacement only.)

Instead of aborting the save of a historical query if an SKUID is too long, complain via hzdebug and write up to MAX_SKU_LEN.  (In save_historical_query.)


DATE: 2003-12-18;  VERSION: 4.046
==================================================

Hacked rulecmp_* functions in rules.c to recognize a left-hand rule value of "*" as matching anything.

Hacked validate_fields in rules.c to check for "*" as the first character on a line, in which case the value checked for is always an empty string, but the `fkey' is retained as the rest of the left-hand-before-the-colon key.  As such, you can do your own HZML syntax checks, and still cause an error such as "*BILL_FNAME:+your name cannot be Fred".

This change is particularly useful if you'd like to create a templates/custom/input_error.html template with something like this:

<Hazel-True Token="%HZH_FIELDS_MISSING">
<p>The following fields were missing:</p>
<table>
<Hazel-Loop Type="Word" Src="%HZH_FIELDS_MISSING">
<Hazel-Explode Src="%HZH_WORD" Delimiter=":" />
<tr>
<td bgcolor="#dddddd">%HZV_WORD2</td>
<td><input name="%HZV_WORD1" value="%HZ{E_ %HZV_WORD1}" /></td>
</tr>
</Hazel-Loop>
</table>
</Hazel-True>

With %HZH_FIELDS_MISSING being an undocumented string so above parsed.  You can also access %HZH_FIELDS_INVALID, but *FIELDNAME won't trigger that.

Hacked Hazel-Subst to recursively replace all instances of RE.  Also, to allow use of HZML tokens in the replacement string, so the replacement can use the replaced text itself, eg. %HZV_RE0, %HZV_RE1, etc.  There is a maximum replacement of 100 to avoid an infinite recursive replacement.  This until I implement the better solution of replacing the string in-place rather than passing off to strsub and doing the whole damn thing over, which is f-ing stupid.

So, for now, be careful what you use in the RE.  Something like RE="[^0-9]" with a Replace="anythingnotanumberonethroughnine" is not going to work proper.



DATE: 2003-12-04;  VERSION: 4.045
==================================================

Fixed another bug for cases without plugins, this time in poll_plugin_versions.  (Only occurred with a showreg, though.)

Gutted WIN32_PLUGINS section in os.c.  Funk dat snit.


DATE: 2003-12-04;  VERSION: 4.044
==================================================

Added text.c::Hazel_datecmp and Before|After="date" and Past|Present|Future attributes to Hazel-Choice.

Added "Result" attribute support for Hazel-Email, Hazel-API, Hazel-Slurp, and Hazel-Belch.

Added alias "Value" for "Src" attributes in Hazel-Strip, Hazel-Explode.


DATE: 2003-11-25;  VERSION: 4.043
==================================================

Initial work on <Hazel-Search /> element.

Reworking new_SearchQuery, create_SearchSpec to return NULL rather than dying, and all the calling functions must check it.

Whoopsie-- fixed bug causing Hazel to crash if no plugins present.


DATE: 2003-11-20;  VERSION: 4.042
==================================================

Use FORM_SECURE when redirecting to secure server.

Restored PLUGIN_KEY checks for plugins with a plugin_token, now just MySQL.

Moved plugin_init call to /after/ the keys are checked.  Otherwise, an init may register some HZML functions, then later the addresses of those functions will be inaccessible since the plugin will have been closed.


DATE: 2003-11-19;  VERSION: 4.041
==================================================

Filled in some holes in the HAM install process.


DATE: 2003-11-18;  VERSION: 4.040
==================================================

Added implied override of Hazel-HAM-Header and Hazel-HAM-Footer.  For cases where header.html or footer.html exist in the HAM templates directory, just slurp those out instead.


DATE: 2003-10-30;  VERSION: 4.039
==================================================

Moved setting of local action and item variables in main() to just after the plugin_pre_validate hook, to allow a hook to change them.



DATE: 2003-10-28;  VERSION: 4.038
==================================================

Added support in store.c::interpret_api_script_output for writing %HZV variables from an API script.


DATE: 2003-10-28;  VERSION: 4.037
==================================================

Added DISABLE_SEARCH_RANKING config value to turn off sorting search results by their match strength.


DATE: 2003-10-21;  VERSION: 4.036
==================================================

Added Adjust="[PF]x[MDY]" attribute for Hazel-Date, just like %HZD_*.


DATE: 2003-10-16;  VERSION: 4.035
==================================================

Added optional Complement attribute to Hazel-Strip, to strip all but the given chars.


DATE: 2003-10-08;  VERSION: 4.034
==================================================

Hacked variables.c::Hazel_explode_into_list to skipping past multiple delimiters within the string only when collapse_mults is sent.  Should fix problem with HAM imports ignoring empty fields.


DATE: 2003-10-01;  VERSION: 4.033
==================================================

Added Reversed=1 attribute for product loops, to reverse the order of entries.

Also, aliased Scramble=1 to Scrambled=1.

Fixed bug with loopnames wherein (eg.) INTL would use the loopnamed value for IN as its pretty name.  (stribeg used, was too loose.)


DATE: 2003-09-26;  VERSION: 4.032
==================================================

Hacked render_HZML_File_Loop to re-add newlines to the file slurped in, so that HZML rendering does not leave us with one big string instead of several lines, then parsable by the File loop.


DATE: 2003-09-09;  VERSION: 4.030
==================================================

Added "hooks/" as a bypassing directory in get_template_pathname, so a passed TEMPLATE isn't prematurely blown on it.  (Didn't affect H3 since there were no hooks.)

200309241;4.031

If a Hazel-Loop Type="File" HZML="Full", then render the entire file as HZML before its results are given.  This allows more flexible loops/ files describing dynamically generated options for the shopper.


DATE: 2003-09-09;  VERSION: 4.029
==================================================

Added optional RefDate=YYYYMMDD[HHMMSS] and RefSeconds=seconds attributes to Hazel-Date for supplying a reference time for date calculations.

Also added HAZELDATE boolean attribute to return date in Hazel's YYYYMMDDHHMMSS format.


DATE: 2003-09-01;  VERSION: 4.028
==================================================

Added FROMBASE optional attribute to Hazel-Math.  If given, convert Value from the given FROMBASE base alphabet before any other computations.

Added new encapsulation version HzSt02, encoding clientid and expireseconds into a single 12-character string of fixed 6-character base-62 encodings of each.  Set HZST_VERSION:2 in hazel.config to use it.


DATE: 2003-08-29;  VERSION: 4.027
==================================================

Added BASE=[2..62] optional attribute to Hazel-Math to return the result in a particular base alphabet.  (Eg. 255 w/Base=16 = FF)  If Base has a fractional part with two digits, space the result to that width.  (Eg. 255 w/Base=16.04 = 00FF)


DATE: 2003-08-29;  VERSION: 4.026
==================================================

Fixed obscure bug wherein a search could possibly overwrite already-read product file information, thereby obliterating any special post-processing performed on a particular product.  This manifested itself in a BxFyE type discount which was reverting in the middle of a rendered HZML page.

Found by tracing every get_HZML_DBREF_Info call and debugging for the Var pointer address itself, which revealed it changing in mid-session.  Then grepped for all set_var on DICT_PRODUCTS, traced to new_product, debugged before every line which called it, and finally found the culprit in get_product_fp.

In retrospect, I should have known it was a problem with the DICT_PRODUCTS dictionary specifically, as order totals (in DICT_TOTALS) were not being affected.

Anyhoo, SQUASH SQUISH STOMP!


DATE: 2003-08-26;  VERSION: 4.025
==================================================

Added text.c::Hazel_random_word(int) to generate random words (passwords.)

Added Hazel-Vset Random=wordsize option for generating random english-sounding values a la Hazel_random_word above.


DATE: 2003-08-21;  VERSION: 4.024
==================================================

Allow %HZ{'...'} to force complex token quoting off.
Allow %HZ{"..."} to force complex token quoting on.


DATE: 2003-08-13;  VERSION: 4.023
==================================================

Added Hazel_writable_userfiles to check both DISABLE_USERFILES and ARG_NOWUSER when determining whether or not Hazel can write userfiles.  Added that check to client.c to prevent writing the "reserved for" lines in these cases.

Doing so allows one to put the following into hazel-cat/templates/hooks/pre_action.hzml:

<Hazel-True Token="%HZH_HTTP_USER_AGENT" RE="Googlebot|WebCrawler">
<Hazel-Vset Token="%HZM_DISABLE_USERFILES" Value="1" />
</Hazel-True>

...and thereby avoiding writing any userfiles for Googlebots.


DATE: 2003-08-12;  VERSION: 4.022
==================================================

Added %HZH_DBQ_INSERT_ID as a result of a Hazel-DB-Query call.


DATE: 2003-08-08;  VERSION: 4.021
==================================================

Added <Hazel-Email To="..." From="..." Headers="..."></Hazel-Email>.


DATE: 2003-07-23;  VERSION: 4.020
==================================================

Added support for [Body="..." Template] attributes to products loops, to avoid slurping in loop bodies for each iteration of a loop.


DATE: 2003-07-11;  VERSION: 4.019
==================================================

Added interpret_HZML_File to read and render but discard output.

Added support for templates/hooks/hookname.hzml where hookname is one of pre_action, post_action, confirm, finish, filter_cart, welcome, login, birth, chpass, or daily.

Fixed bug in parse_namespace_root where "SELECTED" was case sensitive (eg. for Hazel-Vset Root="Selected".)


DATE: 2003-07-01;  VERSION: 4.018
==================================================

Added check in hzml.c::parse_tag for a closing /> in a tag, indicating that it usually takes a body but that body is explicitly absent.


DATE: 2003-06-30;  VERSION: 4.017
==================================================

Added Root="SELECTED" to Hazel-Vset.


DATE: 2003-06-26;  VERSION: 4.016
==================================================

Added support for DISABLE_FOO_NAMES:1 in hazel.config, to prevent Hazel from automagically interpolating %HZE_FOO_NAME from loops and NAMES blocks in custom.rules.


DATE: 2003-06-24;  VERSION: 4.015
==================================================

Added SUBST_HIGH_BASE hazel.config support for inserting the Hazel BASE tag after the opening HEAD instead of before the closing.


DATE: 2003-06-10;  VERSION: 4.014
==================================================

Added BlessCmdline tweak to skip check for shell specials in my_run_command.


DATE: 2003-05-13;  VERSION: 4.013
==================================================

hzml.c: Upped GROUP_LOOP_MAXHITS to 1,000,000, and hacked render_HZML_Query_Loop to use GROUP_LOOP_MAXHITS as its default max.

text.c: my_srandom uses getpid as its base seed rather than the time in seconds.


DATE: 2003-05-08;  VERSION: 4.012
==================================================

Pass TEMPLATE when redirecting to secure or nonsecure.


DATE: 2003-04-24;  VERSION: 4.011
==================================================

Goddamned typo in the new Hazel_get_*_dir functions caused a missing config field to be interpreted as /.  ARGH.


DATE: 2003-04-22;  VERSION: 4.010
==================================================

Removed mention of actual filepaths in CLEANUP action.

Added Hazel_get_(orders,pending_orders,users)_dir functions to store.c.

Subject DEBUG and SHOWREG actions to a maybe_disallow_cmdline_action check, so that they may be disallowed via CMDLINE_ACTIONS config value.


DATE: 2003-04-15;  VERSION: 4.009
==================================================

Damn.  text.c::quote_html_specials was not quoting unless there were quotable punctuation characters.  Thus, it would not quote whitespace.  ARGH.  (Fixed.)


DATE: 2003-04-15;  VERSION: 4.008
==================================================

Commented out the "if cost is your primary concern" from ham_install.c when choosing whether to install H3 or H4, and added a little note about H4 being so cool.


DATE: 2003-04-14;  VERSION: 4.007
==================================================

Added location of hazel.config to commented SHOWREG_CONFIG area in SHOWREG.


DATE: 2003-04-10;  VERSION: 4.006
==================================================

Removed hardcoded blanking of %HZM_*_KEY* fields from hzml.c.


DATE: 2003-04-08;  VERSION: 4.005
==================================================

Added SECONDS attribute for Hazel-Date to output as seconds since epoch.


DATE: 2003-04-03;  VERSION: 4.004
==================================================

store.c: Added get_themed_pathname_only and get_themed_pathname_or_default to handle conditional fetching of either a themed or (if such a themed file does not exist) default CAT_DIR version of a particular file.

store.c: Added get_products_file_pathname_readonly for calls which intend only to read the returned filename.  That filename will point to whatever has the best chance of existing.  Old get_products_file_pathname will return the themed version, if applicable, whether or not it exists, and can be considered a _write version of the other.


DATE: 2003-04-03;  VERSION: 4.003
==================================================

Implemented MD5 and HMAC into Hazel via Hazel-Digest (a reworked and renamed version of the now-gone Hazel-HMAC above.)


DATE: 2003-04-03;  VERSION: 4.002
==================================================

Did I leave a dangling fprintf and fclose on an invalid FP in hazel.c::do_daily_tasks?  GARGH!

Also, added hmac.[ch] in an attempt to do MD5 and HMAC inside Hazel.  Added Hazel-HMAC element.


DATE: 2003-03-27;  VERSION: 4.001
==================================================

HAM tweaks.  Omit port from style URL.


DATE: 2003-03-21;  VERSION: 4.000
==================================================

The release.