DATE: 2008-04-02; VERSION: 4.137 (MEB) ================================================== Tweak to ham.c (moved a Var * def) to get HAM to compile on FBSD4.x Removed libcsv/libcsv.h path in ham_products.c DATE: 2008-04-02; VERSION: 4.137 (MEB) ================================================== Added new if you want to find out how long a string is. This string can contain HZML if you wish. Length of string will be returned as %HZV_ as defined by Result. DATE: 2008-03-06; VERSION: 4.136 (MEB) ================================================== cart cookie: changes to tally_order() and tally_subtotal() to make sure discounted prices are displayed properly when using cart cookie and doing an add/view/checkout action. members.c plugin: Made sure username and alias checks are done lowercase: added missing lowercase() call inside Hazel_login__action_chname(). Hazel_login__lookup_alias curr->alias made lowercase before lookup is done. Also, removed ahash chk inside Hazel_login__lookup_alias() Also removed rest of baked cookie/userfile code from state.c and client.c DATE: 2008-02-22; VERSION: 4.135 (JFS) ================================================== You can now delete entire option groups in HAM. DATE: 2008-02-21; VERSION: 4.134 (JFS) ================================================== You can now delete options in HAM. DATE: 2008-02-20; VERSION: 4.133 (JFS) ================================================== You can now add new option groups and new options using the user- friendly option editor in HAM. All that remains is deleting options and option groups. DATE: 2008-02-14; VERSION: 4.132 (JFS) ================================================== Special Valentine's Day Hazel release for all you lovers out there. There are two important new features in this release. Firstly, When you edit your options.txt file directly via the HAM, it now saves it in \n delimited format instead of \r\n which is good unless you are on Windows, and pretty much what Hazel expects to see. Secondly, editing options using the more user friendly option editor in the HAM is now complete. Still missing is the ability to add new options and new option groups in a user friendly way in the HAM. However, you can edit the options name, pricemod, weightmod, and description separately and without having to mess around with ;'s and :'s and @'s. DATE: 2008-02-07; VERSION: 4.131 (JFS) ================================================== Added some new functions to os.c that allow the programmer to grab the individual uname components of the current machine. The new functions emulate uname -s, uname -n, uname -r, uname -v, and uname -m. uname -a is already provided by my_uname(). Updated the HAM_update_CGI() function in ham_install.c to automatically download the correct hazel.cgi binary to the user's cgi-bin directory. It also provides the user with a hardcoded list of available binaries if something goes wrong. The precomplied hazel binaries have been moved over to hazel.netsville.com from ftp.netsville.com DATE: 2008-02-07; VERSION: 4.130 (MEB) ================================================== Renamed maybe_tally_order() to tally_order_if_selected() to 'splain better what it's doing. Also further restricted it so it only runs if action equals one of ADD|VIEW|CHECKOUT. tally_order() has been modified to take a arg that will force it to run in certain cases. DATE: 2008-01-31; VERSION: 4.129 (MEB) ================================================== Bunch of modifications and some new things so pay attention: [2007-12-27] In attempt to track "Missing SKUID" bug where at order completion we have customer info, but lack the skuids they ordered, I've added a trigger (activate with MISSING_SKUID_DEBUG:1 inside hazel.config) that will dump DICT_SELECTED and DICT_SHOPPER when Hazel detects that an skuid is missing. This is inside products.c. [2008-01-15] members.c plugin: Removed the code that compared dossier info to user file info (this was in place to seek out a bug that was not related to Hazel). This check was causing returning members (that had an expired hazelcookie -- i.e. a NEW user) to get logged out because Hazel would ignore the MEMBER_TOKEN inside hazelmember cookie. Customer wants people to remain logged in even after hazelcookie expires and this check was preventing that. [2008-01-15] hazel.c: added maybe_tally_order() to set the %HZT_ vars if there's something in DICT_SELECTED (i.e. a customer, new or otherwise, has selected items) everytime Hazel runs so we can display this info to the user. Example: a custom cookie that has stored products and quantities to display "what's in my cart?" info to customer on first hit to the site. [2008-01-18] well, we've gone ahead and added a 'hazelcart' cookie to store selected items that Hazel controls so the example above is moot. To use this cookie, you must activate it with: CART_COOKIE_ENABLED:1 Other hazelcart hazel.config variables: CART_COOKIE_NAME: - change the name from 'hazelcart' to something else CART_COOKIE_AGE: - set the age of hazelcart cookie, works like USER_FILE_AGE CART_COOKIE_EXPIRES: - alias for CART_COOKIE_EXPIRES. Don't use both of them in your config file at the same time please... The point of this cookie is to store selected items even after the general "session", the main 'hazelcookie' has expired. So, what you generally want is a short expire time for the main hazelcookie and longer one for 'hazelcart' cookie so a returning customer may continue to see what they had in the cart WITHOUT the overhead of keeping a user file lying around. The format of the stored selected items info is SKUID^QTY|SKUID^QTY|... This is just for info purposes, you can't change the format. [2008-01-18] Removed what Quinn called a "basic session cookie". Hazel had been setting two cookies, one with expire and host info and one without. I think this was to get around sites that didn't pass cookies when using SSL or when switching hostnames? I really don't know, but seeing two cookies set every single hit to Hazel didn't make sense. With the addition of the 'hazelcart' cookie, we then got FOUR cookies set on each hit! So, I've removed this. If all hell breaks loose, you can re-enable this by setting: BASIC_SESSION_COOKIE:1 *BUT* then the hazelcart cookie won't work as the "basic session" version of the hazelcart cookie won't have expiration info and will NEVER EXPIRE. In other words, customers WON'T BE ABLE TO CHANGE THE ITEMS IN THEIR CART. This problem didn't come up with hazelcookie because deleting that also deleted the user file. So, without a userfile, a new hazelcookie always got created! But there is no special file associated with hazelcart cookie so Hazel MUST be able to create and expire it correctly. So, you really, really don't ever want to re-enable this. [2008-01-18] TODO: Since I dug into the cookie code, there was this concept of a "baked" cookie which was basically the entire user file encoded into a cookie. I haven't done this yet, but all that code needs to be REMOVED. We should never need to do this and no customers should be using this feature. I doubt it was made public knowledge. Bury it!... DATE: 2008-01-29; VERSION: 4.128 (JFS) ================================================== I added a new feature where in you can edit your options file directly from the HAM. The options file is loaded into a textarea where it can be altered to the users wishes. On save the text in the textarea is used to create a new options.txt file. DATE: 2008-01-27; VERSION: 4.127 (JFS) ================================================== Unfortunately, I found another bug in the CSV parser. If the input file had some non-standard newlines (LFCR or CR) then my script did not properly handle the EOL condition and would gladly continue slurping in bad data until EOF. This resulted in unpredictable behaviour such as infinite loops and very messed up product imports. DATE: 2008-01-15; VERSION: 4.126 (JFS) ================================================== Fixed another bug with the CSV parser. Sometimes bad data could be inserted into the field if the memory I used was not clean due to a side effects of strncat. Cleaned up HAM_products_import a bit. DATE: 2008-01-10; VERSION: 4.125 (JFS) ================================================== Fixed a bug with the CSV parser. If there is whitespace surrounding the delimiter, it will not import the following field correctly, instead it will forget to remove the double quotes and bring forward the whitespace into the field. DATE: 2008-01-10; VERSION: 4.124 ================================================== This commit contains some major new features as well as a few minor fixes. os.c Added a helpful comment ham.c Included a new header file ham_options.h Added HAM_action_options_home() -> Loads options home template Added HAM_action_list_options() -> Loads list options template Added HAM_action_list_option_groups() -> Loads list option groups template Added HAM_action_edit_option() -> Loads edit option template Added HAM_action_edit_option_group() -> Loads edit option group template Added HAM_action_update_option() -> Updates options file with newly modified option Added HAM_action_update_option_group() -> Updates options file with newly modified option group Added OPTIONS action Added LIST_OPTIONS action Added LIST_OPTION_GROUP action Added EDIT_OPTION action Added EDIT_OPTION_GROUP action Added UPDATE_OPTION action Added UPDATE_OPTION_GROUP action Added new files csvparser.c csvparser.h csvparser.c Added advquoted() -> Removes surrounding quotes in a CSV field Added reset() -> Nullifies and frees all variables if something bad happens Added csvgetlist() -> Parses a CSV file and returns a pointer to a list of pointers containing the fields in a line of a CSV file passed into it. Added csvfield() -> returns pointer to the nth field of a csv list products.c Added parse_option_vals() -> Parses option values into name, weight mod, price mod, description products.h Added prototypes for parse_option_vals(), current_option(), set_current_option() hzml.c Added render_HZML_Options_Loop_Extended() -> renders an Extended Options Loop into HTML Added render_HZML_Options_Group_Loop() -> renders an Options Group Loop into HTML Makefile.am Added ham_options.c, ham_options.h, csvparser.c, csvparser.h to Makefile HAM_products.c Added HAM_products_check_valid_tab() -> Validates imported tab deliminated file Modified HAM_products_check_valid_csv() -> Validates imported CSV file Added a check for NULL for CSV file (if something goes wrong CSV file could be NULL) Completely rewrote HAM_products_import_line_csv() to work with my CSV parsing code DATE: 2007-12-26; VERSION: 4.123 ================================================== If you have a PRODUCT_IMAGES_DIR defined so that you can upload images from HAM you should only have to specify the path relative to DOC_DIR. DATE: 2007-12-13; VERSION: 4.122 ================================================== HAM_SHIPPING_NOT_OVERRIDING_SHIPPING_RULES Fix (2007-12-10) If you specify a shipping rate in the SHIPPING Field of HAM, it should override any shipping rate math that would be done in the shipping.rules file unless you put a + sign proceeding your shipping cost in HAM. However, Hazel was adding the shipping.rules cost no matter what. DATE: 2007-12-12; VERSION: 4.121 ================================================== PRODUCTS_WITH_OPTIONS_AND_DISCOUNTS Fix (2007-12-10) If you have a product (for example an ice-cream cone for $1.00) that has an option with a non-zero cost associated with it(+$0.25 for sprinkles for example) and a discount (buy 2 get 1 50% off) Hazel was adding the cost of the option twice (so $0.50 instead of $0.25) if you did not receive a discount (you only bought one ice cream cone not two so no discount). DATE: 2007-12-12; VERSION: 4.120 ================================================== OPTION_CODE_DELIMITER Fix (2007-12-04): * You can now use OPTION_CODE_DELIMITER to change what Hazel uses to concatenate SKUIDs and OPTIONs. By default this is a dash (-), but some customers use dashes in their SKUIDs. This setting provides a solution for this. * Ex: Use in hazel.config like this: OPTION_CODE_DELIMITER:^ to change the delimiter into a carat and you will be able to use SKUIDs with dashes in them. * MUST BE A SINGLE CHARACTER mysql plugin (2007-11-11): Added MYSQL_CONNECT_TIMEOUT hazel.config variable to control how long Hazel waits for MYSQL on connect. Default is 15 seconds. hazel (2007-11-11): * Catch SIGINT (cntl-C) and display a message for that so we don't think it's a general SEGFAULT. * Exit immediately from trap_signal() rather than using my_exit() so we don't have to wait for plugins to shut down since the plugins may be the reason we hit cntl-C in the first place. DATE: 2007-11-03; VERSION: 4.119 ================================================== members plugin: Function added to delete members from HAM, and to log all members out (command line only). Many bugs fixed that can potentially cause users to see other people's membership information (however, one of these bugs we now suspect was caused by corrupt memory in a server and not Hazel -- see members.c comments for details). mysql plugin: Beginning code for creating orderseq and users tables. Code is commented out right now pending further development hazel: Rather than relying on NULL, I'm writing an ___EOU____ (End of Userfile) flag to the end of each userfile inside the Text structure to designate the end of key:value pairs to be written to the user file. This flag is not written to the userfile itself. A new function called text.c::text_fprint_userfile(File *fp, Text *t) is used specifically for writing userfiles. Changed behavior of Hazel-Loops (of Type=File) when both SRC and BASEDIR are defined. We will now process these files as-is without regard to hash marks. Sanitized cgidie output to prevent potential cross-site scripting issues DATE: 2007-10-19; VERSION: 4.11X (johns) ================================================== Fixing a bug in MSIE6 to convert \''s into single quotes. Added a new hazel config variable MSIE_APOS_FIX to turn the feature on and off. Off by default. DATE: 2007-10-03; VERSION: 4.11X (johns) ================================================== Two major features in this commit both are in the HAM when editing a product. First is that the description edit box is bigger so you can enter html into the box more easily. Second is image uploading, browse for an image on your desktop, click upload image and it automatically uploads the image and sets the image property of that product to point to your product. DATE: 2007-09-28; VERSION: 4.118 ================================================== * Sanitize output of error messages to prevent potential cross-site scripting attacks * Fix so HZML in header.rules processed before any HZML template. (Edit: Rory said this fix didn't work, but I haven't gotten back to it as of this edit -- 20071103 meb) DATE: 2007-09-19; VERSION: 4.117 DATE: 2007-09-15; VERSION: 4.11x DATE: 2007-09-13; VERSION: 4.11x DATE: 2007-09-11; VERSION: 4.11x ================================================== Added three new hooks to Hazel Plugin API ::int plugin_define_tag(void) - define new or override existing HZML tags ::int plugin_do_hzml_tag(Var *parms) - allow a plugin to handle these new tags. ::int plugin_encrypt_order(Var *parms) - allow plugin to encrypt orders See tag_hazelversion.c plugin and gpgencrypt.c plugin for an examples of how to do these things. You can also look at hzml.c's do_HZML_* functions for ideas since your plugin will need to work the same way (if you're overriding an existing tag). If you want to encrypt an order, you simply need to pass back an encrypted Text* in place of the post-HZML-rendered one you receive. gpgencrypt.c:: New plugin for encrypting orders using GPG. Must have gpg and gpgme installed. Overrides with two new options: GPG and KEYID GPG (boolean) - use this argument when you want to encrypt KEYID (string) - specify your KeyID for the public key you wish to use. Must already be in your keyring. GPGENCRYPT_ORDERS:1 -Use in your hazel.config to automatically encrypt your orders GPGENCRYPT_KEYID:4A044B0B -Use in your hazel.config to specify the KeyID to use for all encryption. A KEYID arg in a specific Hazel-Belch will override this. Regarding Macs: Minor tweaks to configure.ac and Makefile.am to correctly choose -lcrypto library for Macs. Also, the configure/make process works better WITHOUT Fink's autotools installed. So, make sure the Mac only has Xcode and no /sw dirs are in the PATH during building. DATE: 2007-05-31; VERSION: 4.116 ================================================== Added fopen_delayed() function to os.c that takes in a delay in secs parameter that Hazel will wait before giving up on accessing a file. Used in products.c and search.c when reading products file. DATE: 2007-03-24; VERSION: 4.115 ================================================== Added Return-Path: header everywhere else (members.c, ham.c, ham_auth.c, hzml.c, os.c) Fixed ADJUST flag so it accounts for daylight saving time. DATE: 2006-12-05; VERSION: 4.114 ================================================== Adjusted Unregistered Hazel "nag" function to account for uppercased "NAGGED_" field now that client ids can contain letters. Hazel now creates a new orderseq.txt file if one does not exist. Warning message written to hazel.bug when this happens. Added Return-Path: header to mailing invoices function which is taken from STORE_EMAIL DATE: 2006-10-10; VERSION: 4.113 ================================================== We're attempting to side-step the problem of missing order information during periods of high load during the FINISH operation when an API script is being used. The problem is rare and hard to reproduce. Must be doing 100s of orders a day *AND* be using an API FINISH script to even notice this issue. New hazel.config var ------------------- ALWAYS_KEEP_SESSION - Use this if you want Hazel *NOT* to delete cookie and userfile at FINISH. This will allow an outside script to handle this or you can have Hazel do it at a later time/date. To assist with this, we have two new actions: New Actions ----------- NUKECART - remove all selected items in a user's cart (but keep the userfile itself). NUKESESS - remove current user's userfile/session. Note that these two actions above *DO NOT* return anything to the screen so you don't want to call these during a normal shopping session. These must be used from an API script (at FINISH) or maybe IMG SRC call at the very bottom of the receipt page. Even so, we also recommend running Hazel with "action=cleanup" periodically from CRON if you plan on using ALWAYS_KEEP_SESSION. DATE: 2006-06-05; VERSION: 4.112 ================================================== Fixed bug in hzml.c: get_tag_start() where it wasn't processing lines that begin with hash marks (see 4.108). Modified this previous change so that it only applies to RULES files. This allows us to include HZML in comments without them being interpreted while everything else (public .hzml files, templates, etc) may have lines that begin with comments. ** this change touched the HAM, MEMBERS PLUGIN, MYSQL PLUGIN, PSPELLCHECK PLUGIN so anyone upgrading to this version and using any of these plugins will need the latest version of the corresponding plugin. DATE: 2006-05-12; VERSION: 4.111 ================================================== Added new item to SearchSpec object (bool nonsearch_loop). This allows Hazel to differientiate btw a SEARCH ENGINE type search where searchspec must be able to search across any fields and QUERY_LOOP type search where searchspec must match all fields. NOTE: Had to mod new_SearchQuery args in C_stewmac.c plugin DATE: 2006-05-01; VERSION: 4.110 ================================================== Modfied products.c: do_custom_products_tweak() and store.c: do_api_script() to only run the passed script once per session rather than however many times fill_products() happens to get called in a session. DATE: 2006-04-20; VERSION: 4.109 ================================================== cont: search.c: Removed maybe_exclude_match() and parand_failed(). Still need to remove some refs to SEARCH_LOGIC_PARAND! DATE: 2006-04-06; VERSION: 4.109 ================================================== search.c: match_line() terms that are searched within SEARCH_FIELD fields are now assumed to be OR'ed together rather than taking on the restrictive logic defined by SEARCH_LOGIC itself. SEARCH_PARAND:1 and DEFAULT_SEARCH_PARAND:1 in hazel.config is no longer valid or needed. DATE: 2006-03-29; VERSION: 4.108 ================================================== minor change to hzml.c: get_tag_start() of hzml.c: Don't process lines that begin with hash marks DATE: 2006-03-27; VERSION: 4.107 ================================================== Couple of things: 1. Removed calls for ALLOW_RAW_CLIENT ALLOW_RAW_CLIENT - Now obsolete - Hazel sees all clientids as "raw" because MD5 hashes are alphanumeric 2. Don't encapsulate client id when clientids are "raw" (alphanumeric). 3. Don't add encapsulated version of clientid to PATH_INFO when RANDOMIZE_URL is zero or missing. RANDOMIZE_URL (H4) - Now obsolete - This was used to get around browsers caching pages by making Hazel URLs unique. DATE: 2006-01-24; VERSION: 4.106 ================================================== Added "-lm" math lib to MYSQL_LIBS in plugins/configure.ac ... and configure. Fixed Undefined symbol "floor" error. No Hazel version change. DATE: 2005-12-22; VERSION: 4.106 ================================================== Using new_client_id_md5() to generate the PICKUP_ID. new_client_id_md5() modified to take one argument for adding randomness. DATE: 2005-12-09; VERSION: 4.105 ================================================== In mysql.c plugin, SQL_CACHE was hardcoded in queries. I made it optional so there's a new field option available in hazel.config called MYSQL_USE_SQL_CACHE. Set true or '1', 'SQL_CACHE' will be used in queries that Hazel performs internally otherwise, it will not be used. MYSQL3.x does not support SQL_CACHE so do not enable it if you're using MYSQL3.x. DATE: 2005-12-08; VERSION: 4.104 ================================================== Added functionality for CLIENT_ID_16 to allow for 16 char client id and for PICKUP_ID_LENGTH (allowed values are btw 5 - 16 inclusive) for adjusting the length of the pickup ids. Use: In hazel.config, "CLIENT_ID_16: TRUE" will make all the successive new client ids 16 chars long. In hazel.config, "PICKUP_ID_LENGTH: 13" will make all pickup ids 13 characters in length. If you enter a value out of range or no value, the length will default to 32 characters. DATE: 2005-11-07; VERSION: 4.103 ================================================== new_client_id_md5() using MD5 hashing and a little more randomness to generate a better client id. DATE: 2005-10-12; VERSION: 4.102 ================================================== note: bunch of little fixes with mysql plugin and file locking Added support for custom my.cnf file for mysql plugin. Described here: http://dev.mysql.com/doc/mysql/en/mysql-options.html Specify the file and group in hazel.config like so: MYSQL_DEFAULT_FILE:/home/user/cgi-bin/my.cnf MYSQL_DEFAULT_GROUP:hazel The my.cnf file has same spec as global MySQL file usually found here: /etc/my.cnf. I used it to define the (non-standard location of) "socket" file on customer's MacOSX server: [hazel] socket=/var/lib/mysql/mysql.sock ------- Added -lz (zlib) to MYSQL_LIBS in configure.ac ------ In os.c - Hazel_dlerror(), changed this to map to dlerror() ------ Inserted INCLUDES = $(mysql_la_CFLAGS) Just before this line: COMPILE = $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) in Makefile.in file inside plugins directory (and Makefile.am) ------- Tightened up file locking a little more in client.c hopefully to fix orderid getting upped btw pending & order steps. fp_lock in os.c will DIE if locking fails -- this is better than missing info, orders, etc. * Increased MAX_LOCK_TRIES to 20 and LOCK_SLEEP_SECONDS to 1 by default Fixed HTTP Status: codes which has been bugging me for years... OK was "200 200" to work around a crappy Windows 2000 webserver that didn't properly support CGIs (called Website, I think). DATE: 2004-12-08; VERSION: 4.101 ================================================== Made increment_order_id() function in client.c a little safer. Fixed file locking. Hazel will try harder to lock file...and if she can't, she will die instead of resetting counter. Also modified plugin_search in mysql plugin. It will fill product info now. I also added SQL_CACHE to select queries in case user has that enabled in mysql(meb) DATE: 2004-11-29; VERSION: 4.100 ================================================== Added support for Type=FLOATx in Hazel-Math, where X is a single-digit precision for the output. Seems to carry through for subsequent Hazel-Maths on the result... DATE: 2004-10-13; VERSION: 4.099 ================================================== Make cmdline argument reader put fields into DICT_INPUT (as well as DICT_SHOPPER), so that userfile reads do not overwrite them. (And this should have the side-effect of parse batch product working with cmdline calls.) DATE: 2004-10-04; VERSION: 4.098 ================================================== Hacked preprocess_search_term interpretation in search.c to skip the search term if it is substituted into an empty string. DATE: 2004-09-16; VERSION: 4.097 ================================================== Uh, updated 4.093 change by sending path (as /), so HzSt doesn't cause browsers to set a cookie for every damned hit to Hazel. Delete the user's *.matches file when deleting client files. DATE: 2004-09-10; VERSION: 4.096 ================================================== Added optional MSGID for ERROR action to use Hazel's method of determining which template should be used for displayed for an error. Useful for payflowpro and other payment gateway options. DATE: 2004-08-25; VERSION: 4.095 ================================================== Emergency hack to Hazel_regsub to prevent infinite loops for recursive RE subs. Will only perform one iteration of a search. DATE: 2004-08-20; VERSION: 4.094 ================================================== If one wants credits to be taxable, set TAX_CREDIT:1. To tax surcharges, set TAX_SURCHARGE:1. This affects changes in 4.075, making the old behaviour default. DATE: 2004-08-17; VERSION: 4.093 ================================================== Try sending a "session" cookie with only the name and value (no domain, path, expiration, etc.) DATE: 2004-08-13; VERSION: 4.092 ================================================== Removed search_spec_to_where_statement and skuid_list_to_where_statement from search.c, putting them in the search plugins (or plugin, mysql) itself for engine-specific processing. Also added escape function to mysql plugin, and use it in the new functions. DATE: 2004-07-28; VERSION: 4.091 ================================================== Added . DATE: 2004-07-28; VERSION: 4.090 ================================================== Removed need for empty.html and error.html to exist. Will use message.html if they don't. Two less templates to modify for look-n-feel. DATE: 2004-07-15; VERSION: 4.089 ================================================== Hacked action=test to not blow away current values, d'oh, only fill with defaults if they don't already exist. DATE: 2004-07-14; VERSION: 4.088 ================================================== Hazel-Encode HZML element, and members.c support for reading and decoding field values beginning with $HzEn02$. I don't like this approach. DATE: 2004-07-12; VERSION: 4.087 ================================================== Moved word->logic != PARAND check up in the search.c::maybe_exclude_match loop-- avoids the striword/key lookup. That "key lookup" is for an optional third arg of a product namespace to check instead of a delimited fields string, to facilitate what I'm actually working on, which is a search over a loaded products dictionary. Added DB_SEARCH_RESCORE for re-scoring the result of a database search. (Actually adding scores, since there are none from a search spec converted to an executed SQL query.) Moved copy of search_spec_to_where_statement to mysql.c for it to do its own special mutations. I am not happy with it, it's a hack, but OK then. DATE: 2004-07-09; VERSION: 4.086 ================================================== Beginnings of support for optionally encrypted values in member dossiers, starting with rules.c::Hazel_postprocess_prefs and text.c::Hazel_possibly_decrypt_value. Encrypted (or otherwise encoded/obscured) strings are noted by a $HzEnXX$ prefix, where XX is some index to a decrypt/code method. DATE: 2004-06-30; VERSION: 4.085 ================================================== Added support for wildcard rule header [*], and initialize all rules headers to that value, so a (eg.) *:_0_ rule line can now be given before any header is present. However, rule header blocks don't have any scope, so be aware that the active header will be either * or whichever header was last encountered. DATE: 2004-06-17; VERSION: 4.084 ================================================== Added checkout, view to default CUSTOM_TEMPLATE_RE value in store.c. DATE: 2004-06-11; VERSION: 4.083 ================================================== Check "sales_tax" (in addition to just "tax") in HZML_RULES for possible HZMLification. DATE: 2004-06-02; VERSION: 4.082 ================================================== Changed products.c::product_sort_func to make empty strings lose, then backed out of the change realizing it isn't what I was trying to do. Added DICT_AISLE for aisle matches. DATE: 2004-06-01; VERSION: 4.081 ================================================== Added hzml.c::Hazel_regmatch for minimal regex matching without the bloat of the HZML-centric functions. Hacked store.c to use it for CUSTOM_TEMPLATE_RE checks. DATE: 2004-05-30; VERSION: 4.080 ================================================== Added CUSTOM_TEMPLATE_RE config field, if the template id matches that field value (a regular expression), allow it to be customizable. DATE: 2004-05-28; VERSION: 4.079 ================================================== plugins/mysql.c: Added optional Prefix="COLUMN" attribute for Hazel-DB-Rows for specifying prefix for %HZH_DBR_COLUMNx for each field/column in a row, filled with the value, as an indexible alternative to %HZH_DBR_fieldname. DATE: 2004-05-28; VERSION: 4.078 ================================================== Added HAZEL_STATE_LOG, so state (adding state to stateless HTTP, tracking users through hits to the CGI) debugging isn't including by default in hazel.bug anymore. To add it back, just set HAZEL_STATE_LOG:hazel.bug to hazel.config. State tracking is pretty solid now, and its debugging is very noisy. Added %HZT to recognized Tokens via parse_vset_token_spec. (d'oh) DATE: 2004-05-28; VERSION: 4.077 ================================================== stupid funking grumble grumble taxes DATE: 2004-05-27; VERSION: 4.076 ================================================== Moved init.hzml hook to just /before/ plugin initialization, rather than immediately after. DATE: 2004-05-27; VERSION: 4.075 ================================================== Moved tax calculation after surcharge and credit. This may affect certain calculations which assumed surcharges and credit were not taxable. If %HZM_TAX_TAXABLE, set final tax to the tax rate (returned by the sales_tax.rules file, or %HZT_TAX_RATE from a MY_TAX script) times %HZT_TAXABLE. Thus, one can set both with Hazel-Vset in sales_tax.rules, and allow the rate computed there to be applied to a more specific taxable amount. DATE: 2004-05-26; VERSION: 4.074 ================================================== More aisle tweaks, officially calling the feature "aisles" instead of "categories." Some TAX_SHIPPING debugging steps. DATE: 2004-05-19; VERSION: 4.073 ================================================== Hacked doSearch to return -1 if the products file could not be opened (instead of cgidie dying.) Noting here in case it causes problems down the line. DATE: 2004-05-04; VERSION: 4.072 ================================================== Very rough attempt at an action=categorize which (temporarily, RORY) references a CATEGORY field in the products file to build a category, and uses templates/categories/default.html like a matches.html template, categories/empty.html for a category with no members, and categories/foo.html as a custom override for a category with code foo. Syntax is action=categorize&item=catcode&mode=|new|again|next|prev|goto. DATE: 2004-05-04; VERSION: 4.071 ================================================== Support for HTML_QUOTABLES config field to override which characters Hazel will quote within complex tokens. Always quotes whitespace. DATE: 2004-04-26; VERSION: 4.070 ================================================== Preliminary support for MAINFRAME:filename config value. If present, render templates/ instead of any served page. filename should contain a call to to read in the actual page content. DATE: 2004-04-09; VERSION: 4.068 ================================================== If NOT logic, use AND instead of OR. Wtf? Oh yeah, that was for the above search_spec_to_where_statement. DATE: 2004-04-08; VERSION: 4.067 ================================================== Default OR logic in search.c::search_spec_to_where_statement, for PARAND or OR requests. Use AND only if search logic is explicitly AND. DATE: 2004-04-07; VERSION: 4.066 ================================================== Begin debugging search.c::search_spec_to_where_statement. DATE: 2004-04-01; VERSION: 4.065 ================================================== Added Hazel-Digest Type="Crypt" Salt="whatever". DATE: 2004-03-30; VERSION: 4.064 ================================================== Added ROLL_COMPLEX_TOKENS config field. If true, always replace newlines with spaces in complex tokens, regardless of complex token quoting policy. DATE: 2004-03-13; VERSION: 4.063 ================================================== Various Win32 fixes? DATE: 2004-03-12; VERSION: 4.061 ================================================== Added support for %HZE_SEARCH_SORT and %HZM_DEFAULT_SEARCH_SORT of format "[+-]FIELDNAME" to sort matching products of an entire sort, as opposed to the Sort parameter of a (eg. matches) loop, which sorts only that loop's contents. DATE: 2004-02-26; VERSION: 4.060 ================================================== Fixed bug in do_HZML_Explode. UPPERCASE(prefix) required to canonically set the proper %HZV key. H3 still inserts the iteration index directly, rather than snprintfing it, so its initial UPPERCASE(namebuff) is sufficient. DATE: 2004-02-19; VERSION: 4.059 ================================================== Added check for old H3-style products filename in HAM_action_products_home. DATE: 2004-02-12; VERSION: 4.058 ================================================== Fixed pointer trespass in variables.c::to_fields which would cause a crash when an opening HZML tag ended in a boolean attribute (without a value) followed by a single space. Crikey, that to_fields code is scary. Added new HZST_VERSION 3 with the brevity of v2 and nearly as much flexibility as v1. It chunks an all-numeric clientid and the expiration seconds into a series of base62-encoded pieces. Supports LONG_CLIENT_ID. DATE: 2004-02-10; VERSION: 4.057 ================================================== Fixed text.c::my_vsnprintf to copy cooked string a maximum of `size' characters and not `maxlen' (the internal buffer limit.) DATE: 2004-02-10; VERSION: 4.056 ================================================== Hack for sf1000.registeredsite.com which doesn't identify itself as secure by the usual methods. Set HTTPS_IF_URL_SAYS_SO:secure, make a "secure" link in cgi-bin to the same cgi-bin, and use that as HTTPS to know when we're secure. (Upported from H3.) If LONG_CLIENT_ID:1, prefix new_client_id with an integer tying it to a specific time period, to avoid re-assigning the same id over that particular period. DATE: 2004-02-06; VERSION: 4.055 ================================================== Added DEMAX_COOKIE_EXPIRES and DEMAX_USER_FILE_AGE hazel.config toggles to avoid the internal MAX_USER_REAP_THRESHOLD (of a week.) However, setting cookies to expire after the user file is deleted is probably a bad idea. DATE: 2004-01-23; VERSION: 4.054 ================================================== Added MEMBER_DOSSIER_FORCE_SAVE config setting for saving the dossier after every hit. DATE: 2004-01-19; VERSION: 4.053 ================================================== Allow one to use Value instead of Src for source string of Word loop. DATE: 2004-01-13; VERSION: 4.052 ================================================== Added %HZI_PICKUP_URL to initialized pickups, using new Hazel_pickup_url_extended to give what redirect usually shows. (Could be a problem for anyone who has embedded an explicit PICKUP_URL field in their products file.) DATE: 2004-01-13; VERSION: 4.051 ================================================== Added init.hzml HZML hook called just after init_plugins in main.c (after the config file has been read and validated.) Added ability to set %HZA/DICT_ARGS with Vset. Make plugin redirection explicitly use MAIN_NONSECURE rather than MAIN URL. DATE: 2004-01-07; VERSION: 4.050 ================================================== Added X_javascript ... Javascript plugin, with simple HZML(str) function to render a string as HZML. DATE: 2003-12-30; VERSION: 4.049 ================================================== Added DISABLE_PICKUP_REDIRECTION to, well, disable redirection in action=pickup to a URL ending with the actual filename. DATE: 2003-12-23; VERSION: 4.048 ================================================== Hacked evaluate_HZML_Choice to take "Value" attribute before "Token" for the subject value. %HZN namespace can now be used to access DICT_INPUT values. DATE: 2003-12-19; VERSION: 4.047 ================================================== Added Hazel_regsub to do in-place regular expression replacements, but not sure whether or not to initially hzmlsub the Replace attribute value (eg. someone wants to use an HZML token as of the calling of the loop as the replacement) or to do it for each replacement iteration (eg. they want to use something like %HZV_RE0 to reference a match). For now, the replacement will be parsed anew for each time it is needed. The better solution is to allow escaping %HZ with backslashes, and backslashes with another backslash. (Or to allow $[0-9] subs in this replacement only.) Instead of aborting the save of a historical query if an SKUID is too long, complain via hzdebug and write up to MAX_SKU_LEN. (In save_historical_query.) DATE: 2003-12-18; VERSION: 4.046 ================================================== Hacked rulecmp_* functions in rules.c to recognize a left-hand rule value of "*" as matching anything. Hacked validate_fields in rules.c to check for "*" as the first character on a line, in which case the value checked for is always an empty string, but the `fkey' is retained as the rest of the left-hand-before-the-colon key. As such, you can do your own HZML syntax checks, and still cause an error such as "*BILL_FNAME:+your name cannot be Fred". This change is particularly useful if you'd like to create a templates/custom/input_error.html template with something like this:

The following fields were missing:

%HZV_WORD2
With %HZH_FIELDS_MISSING being an undocumented string so above parsed. You can also access %HZH_FIELDS_INVALID, but *FIELDNAME won't trigger that. Hacked Hazel-Subst to recursively replace all instances of RE. Also, to allow use of HZML tokens in the replacement string, so the replacement can use the replaced text itself, eg. %HZV_RE0, %HZV_RE1, etc. There is a maximum replacement of 100 to avoid an infinite recursive replacement. This until I implement the better solution of replacing the string in-place rather than passing off to strsub and doing the whole damn thing over, which is f-ing stupid. So, for now, be careful what you use in the RE. Something like RE="[^0-9]" with a Replace="anythingnotanumberonethroughnine" is not going to work proper. DATE: 2003-12-04; VERSION: 4.045 ================================================== Fixed another bug for cases without plugins, this time in poll_plugin_versions. (Only occurred with a showreg, though.) Gutted WIN32_PLUGINS section in os.c. Funk dat snit. DATE: 2003-12-04; VERSION: 4.044 ================================================== Added text.c::Hazel_datecmp and Before|After="date" and Past|Present|Future attributes to Hazel-Choice. Added "Result" attribute support for Hazel-Email, Hazel-API, Hazel-Slurp, and Hazel-Belch. Added alias "Value" for "Src" attributes in Hazel-Strip, Hazel-Explode. DATE: 2003-11-25; VERSION: 4.043 ================================================== Initial work on element. Reworking new_SearchQuery, create_SearchSpec to return NULL rather than dying, and all the calling functions must check it. Whoopsie-- fixed bug causing Hazel to crash if no plugins present. DATE: 2003-11-20; VERSION: 4.042 ================================================== Use FORM_SECURE when redirecting to secure server. Restored PLUGIN_KEY checks for plugins with a plugin_token, now just MySQL. Moved plugin_init call to /after/ the keys are checked. Otherwise, an init may register some HZML functions, then later the addresses of those functions will be inaccessible since the plugin will have been closed. DATE: 2003-11-19; VERSION: 4.041 ================================================== Filled in some holes in the HAM install process. DATE: 2003-11-18; VERSION: 4.040 ================================================== Added implied override of Hazel-HAM-Header and Hazel-HAM-Footer. For cases where header.html or footer.html exist in the HAM templates directory, just slurp those out instead. DATE: 2003-10-30; VERSION: 4.039 ================================================== Moved setting of local action and item variables in main() to just after the plugin_pre_validate hook, to allow a hook to change them. DATE: 2003-10-28; VERSION: 4.038 ================================================== Added support in store.c::interpret_api_script_output for writing %HZV variables from an API script. DATE: 2003-10-28; VERSION: 4.037 ================================================== Added DISABLE_SEARCH_RANKING config value to turn off sorting search results by their match strength. DATE: 2003-10-21; VERSION: 4.036 ================================================== Added Adjust="[PF]x[MDY]" attribute for Hazel-Date, just like %HZD_*. DATE: 2003-10-16; VERSION: 4.035 ================================================== Added optional Complement attribute to Hazel-Strip, to strip all but the given chars. DATE: 2003-10-08; VERSION: 4.034 ================================================== Hacked variables.c::Hazel_explode_into_list to skipping past multiple delimiters within the string only when collapse_mults is sent. Should fix problem with HAM imports ignoring empty fields. DATE: 2003-10-01; VERSION: 4.033 ================================================== Added Reversed=1 attribute for product loops, to reverse the order of entries. Also, aliased Scramble=1 to Scrambled=1. Fixed bug with loopnames wherein (eg.) INTL would use the loopnamed value for IN as its pretty name. (stribeg used, was too loose.) DATE: 2003-09-26; VERSION: 4.032 ================================================== Hacked render_HZML_File_Loop to re-add newlines to the file slurped in, so that HZML rendering does not leave us with one big string instead of several lines, then parsable by the File loop. DATE: 2003-09-09; VERSION: 4.030 ================================================== Added "hooks/" as a bypassing directory in get_template_pathname, so a passed TEMPLATE isn't prematurely blown on it. (Didn't affect H3 since there were no hooks.) 200309241;4.031 If a Hazel-Loop Type="File" HZML="Full", then render the entire file as HZML before its results are given. This allows more flexible loops/ files describing dynamically generated options for the shopper. DATE: 2003-09-09; VERSION: 4.029 ================================================== Added optional RefDate=YYYYMMDD[HHMMSS] and RefSeconds=seconds attributes to Hazel-Date for supplying a reference time for date calculations. Also added HAZELDATE boolean attribute to return date in Hazel's YYYYMMDDHHMMSS format. DATE: 2003-09-01; VERSION: 4.028 ================================================== Added FROMBASE optional attribute to Hazel-Math. If given, convert Value from the given FROMBASE base alphabet before any other computations. Added new encapsulation version HzSt02, encoding clientid and expireseconds into a single 12-character string of fixed 6-character base-62 encodings of each. Set HZST_VERSION:2 in hazel.config to use it. DATE: 2003-08-29; VERSION: 4.027 ================================================== Added BASE=[2..62] optional attribute to Hazel-Math to return the result in a particular base alphabet. (Eg. 255 w/Base=16 = FF) If Base has a fractional part with two digits, space the result to that width. (Eg. 255 w/Base=16.04 = 00FF) DATE: 2003-08-29; VERSION: 4.026 ================================================== Fixed obscure bug wherein a search could possibly overwrite already-read product file information, thereby obliterating any special post-processing performed on a particular product. This manifested itself in a BxFyE type discount which was reverting in the middle of a rendered HZML page. Found by tracing every get_HZML_DBREF_Info call and debugging for the Var pointer address itself, which revealed it changing in mid-session. Then grepped for all set_var on DICT_PRODUCTS, traced to new_product, debugged before every line which called it, and finally found the culprit in get_product_fp. In retrospect, I should have known it was a problem with the DICT_PRODUCTS dictionary specifically, as order totals (in DICT_TOTALS) were not being affected. Anyhoo, SQUASH SQUISH STOMP! DATE: 2003-08-26; VERSION: 4.025 ================================================== Added text.c::Hazel_random_word(int) to generate random words (passwords.) Added Hazel-Vset Random=wordsize option for generating random english-sounding values a la Hazel_random_word above. DATE: 2003-08-21; VERSION: 4.024 ================================================== Allow %HZ{'...'} to force complex token quoting off. Allow %HZ{"..."} to force complex token quoting on. DATE: 2003-08-13; VERSION: 4.023 ================================================== Added Hazel_writable_userfiles to check both DISABLE_USERFILES and ARG_NOWUSER when determining whether or not Hazel can write userfiles. Added that check to client.c to prevent writing the "reserved for" lines in these cases. Doing so allows one to put the following into hazel-cat/templates/hooks/pre_action.hzml: ...and thereby avoiding writing any userfiles for Googlebots. DATE: 2003-08-12; VERSION: 4.022 ================================================== Added %HZH_DBQ_INSERT_ID as a result of a Hazel-DB-Query call. DATE: 2003-08-08; VERSION: 4.021 ================================================== Added . DATE: 2003-07-23; VERSION: 4.020 ================================================== Added support for [Body="..." Template] attributes to products loops, to avoid slurping in loop bodies for each iteration of a loop. DATE: 2003-07-11; VERSION: 4.019 ================================================== Added interpret_HZML_File to read and render but discard output. Added support for templates/hooks/hookname.hzml where hookname is one of pre_action, post_action, confirm, finish, filter_cart, welcome, login, birth, chpass, or daily. Fixed bug in parse_namespace_root where "SELECTED" was case sensitive (eg. for Hazel-Vset Root="Selected".) DATE: 2003-07-01; VERSION: 4.018 ================================================== Added check in hzml.c::parse_tag for a closing /> in a tag, indicating that it usually takes a body but that body is explicitly absent. DATE: 2003-06-30; VERSION: 4.017 ================================================== Added Root="SELECTED" to Hazel-Vset. DATE: 2003-06-26; VERSION: 4.016 ================================================== Added support for DISABLE_FOO_NAMES:1 in hazel.config, to prevent Hazel from automagically interpolating %HZE_FOO_NAME from loops and NAMES blocks in custom.rules. DATE: 2003-06-24; VERSION: 4.015 ================================================== Added SUBST_HIGH_BASE hazel.config support for inserting the Hazel BASE tag after the opening HEAD instead of before the closing. DATE: 2003-06-10; VERSION: 4.014 ================================================== Added BlessCmdline tweak to skip check for shell specials in my_run_command. DATE: 2003-05-13; VERSION: 4.013 ================================================== hzml.c: Upped GROUP_LOOP_MAXHITS to 1,000,000, and hacked render_HZML_Query_Loop to use GROUP_LOOP_MAXHITS as its default max. text.c: my_srandom uses getpid as its base seed rather than the time in seconds. DATE: 2003-05-08; VERSION: 4.012 ================================================== Pass TEMPLATE when redirecting to secure or nonsecure. DATE: 2003-04-24; VERSION: 4.011 ================================================== Goddamned typo in the new Hazel_get_*_dir functions caused a missing config field to be interpreted as /. ARGH. DATE: 2003-04-22; VERSION: 4.010 ================================================== Removed mention of actual filepaths in CLEANUP action. Added Hazel_get_(orders,pending_orders,users)_dir functions to store.c. Subject DEBUG and SHOWREG actions to a maybe_disallow_cmdline_action check, so that they may be disallowed via CMDLINE_ACTIONS config value. DATE: 2003-04-15; VERSION: 4.009 ================================================== Damn. text.c::quote_html_specials was not quoting unless there were quotable punctuation characters. Thus, it would not quote whitespace. ARGH. (Fixed.) DATE: 2003-04-15; VERSION: 4.008 ================================================== Commented out the "if cost is your primary concern" from ham_install.c when choosing whether to install H3 or H4, and added a little note about H4 being so cool. DATE: 2003-04-14; VERSION: 4.007 ================================================== Added location of hazel.config to commented SHOWREG_CONFIG area in SHOWREG. DATE: 2003-04-10; VERSION: 4.006 ================================================== Removed hardcoded blanking of %HZM_*_KEY* fields from hzml.c. DATE: 2003-04-08; VERSION: 4.005 ================================================== Added SECONDS attribute for Hazel-Date to output as seconds since epoch. DATE: 2003-04-03; VERSION: 4.004 ================================================== store.c: Added get_themed_pathname_only and get_themed_pathname_or_default to handle conditional fetching of either a themed or (if such a themed file does not exist) default CAT_DIR version of a particular file. store.c: Added get_products_file_pathname_readonly for calls which intend only to read the returned filename. That filename will point to whatever has the best chance of existing. Old get_products_file_pathname will return the themed version, if applicable, whether or not it exists, and can be considered a _write version of the other. DATE: 2003-04-03; VERSION: 4.003 ================================================== Implemented MD5 and HMAC into Hazel via Hazel-Digest (a reworked and renamed version of the now-gone Hazel-HMAC above.) DATE: 2003-04-03; VERSION: 4.002 ================================================== Did I leave a dangling fprintf and fclose on an invalid FP in hazel.c::do_daily_tasks? GARGH! Also, added hmac.[ch] in an attempt to do MD5 and HMAC inside Hazel. Added Hazel-HMAC element. DATE: 2003-03-27; VERSION: 4.001 ================================================== HAM tweaks. Omit port from style URL. DATE: 2003-03-21; VERSION: 4.000 ================================================== The release.