BSE - an engine for simple magazine style WWW sites.
BSE is an engine for creating simple magazine type web sites.
Maybe I'll add some other bits here.
allow flash in the image manager
file post processing hooks
FLV file post processing
allow file downloads to release the session lock
add article file API
treat the whole product code as a word for indexing and allow the configuration to control how words are parsed from the source text.
allow payment of existing unpaid orders
admins can now mark orders paid manually
order_complete hook
user manageable product options on products
background task management
article/product import tool
member/member group attached files
shipping calculations
performance improvements
support NAB's adaption of securepay
static pages now generate and link directly to their cachec thumbnail images instead of linking to thumb.pl.
product wishlists
you can now configure BSE to have users fetch files from Amazon S3 or any service accessible by FTP.
added link aliases to articles, which are used to generate cleaner URLs if present.
extras.txt now uses the pregeneration processing, and you can configure a pregeneration setting section to store relative to the content directory instead of the template directory.
shop.fcgi was failing to encrypt emails, due to conflicts between fastcgi and stdin/out
check the freshness of the database connection on each request for fcgi
added hooks to process login, logout, sending session cookies.
articles created by the newletter tool are now more consistent with articles created using the article editor.
added a default favicon.ico
release is a reserved word in mysql 5.0, quote it appropriately
include filename information in the content disposition when downloading a file for display inline.
avoid double HTML-escaping the displayed filename for filelink
add dthumbimage tag, see BSE::Util::DynamicTags for documentation
the various thumbimage tags now look in [thumb classes].geometryid to set the class of the generated img tag.
added thumbimage[], gthumbimage[] body text tags, and thumbimage, gthumbimage template tags.
generate the search base page using absolute urls
the images iterator will no longer prevent automatic image insertion by itself, there must be an actual image tag replaced.
the capitalize tag now lowercases anything it doesn't uppercase
the link[] body text tag can now be configured to redirect via a disclaimer page. See [html].redirect_links in config.pod.
filelink[] tags weren't being replaced correctly in search results excerpts
added the ability to confirm user email addresses from the admin side.
This requires that the user have the bse_members_confirm right and
access control must be enabled. Note that confirming a user's email
address may result in them receiving subscriptions from your site - if
they haven't given permission you may be in violation of the spam act.
correctly unescape the link text for use on the redirect page
allow the redirect page to work as a form
fix handling of the user not being logged on for add.pl
more consistent terminology in error messages (adriann)
made the message tag available on the lostemailsent template (adriann)
test updates to handle the change in the way we do browser redirects
some article iterators now allow their results to be filtered: allkids_of, allkids_of2, allkids_of3, all dynamic article iterators.
split BSE::Request into a base and live version, and added a test derived class.
filelink[] markup now includes a class and title attribute (adriann)
the shop cart action now accepts an embed parameter to specify an alternate template, this can be used for ajax, though there's no template support provided in the base template set (adriann)
fixed some typos in error messages
add the [basic].cookie_domain configuration parameter
better speed for ajax implementations (not in the base template set), including a fast CGI version of the shop script.
updated the embedded copy of prototype.js
the search template was being generated as a static template, changed to generate as a dynamic template.
fast CGI version of the search script
the style parameter was being ignored for the gimage[] body text tag
use the faster scaling parameter in Imager for thumbnails, if available
allow uploading replacement files for article images and files
you can now specify sort orders for (un-embedded) reports
added support for global files (just like we have global images)
change the article summary to text instead of varchar().
include highlight keywords for product field search matches
transfer the description instead of the summary to the line items
the order_save() custom callback was being called twice on the same
order data
display the order_save modified total on the payment page
added SQL to replace order items (used by update_title_summary.pl)
Example script: getpcode.pl - extracts a product code from the body of a product and sets the products product_code.
Example script: update_title_summary.pl - updates old order items with the title and description (previously summary) from their associated products.
orders now have a purchase_order field.
products now have a product_code field. This is transferred to order items when they are ordered.
added a summary field to articles. The old product summary field is now known as description, though the in database name of the column hasn't changed.
search indexing of the product_code, summary and description fields are controllable by the config file, as for the indexable article fields.
the ajax tags can be enabled for static pages
we now set ansi_quote mode when connecting to a mysql database, so we can use portal identifier quoting in queries.
the handling of column defaults has changed for upgrade_mysql.pl to deal with some mysql 5 issues. Be aware of this and backup your database before upgrading.
the product title and description (previously summary) fields are now editable on products that have been ordered previously
most dynamic output now has a "Cache-Control: no-cache" header, which should prevent caching by over-zealous UAs.
added new targets to cgi-bin/admin/add.pl to support ajax.
parsing of [] constructs in tags has changed to require spaces around subsidiary []. If you have strings containing [] characters as arguments you will need to add "" around them.
work around an ExtUtils::Manifest bug
add extra ofchild iterators (variation on patch from Adrian)
allow the archive flag on the send form to override the newsletter's setting
improve messages for bad image names
avoid infinite redirects on the admin side when the configured admin base URL doesn't match the name the server reports
modification to the session summary lists (date/location display) for seminars (from Adrian)
the order detail display was incorrectly displaying the order date
tags using the cgi or config values weren't displaying correctly on the error page.
fill in more user fields for test newsletters (patch from Adrian)
correctly fill in old alt/url/name values on a failed save of image properties
added a custom hook to the saveopts target in user.pl. You need to set [custom].saveopts=1 for this hook to be called.
various minor hacks to try and get utf8 output in some cases.
undefined <:param name:> tags are now returned as empty strings
There are additions to [pregenerate] in bse.cfg in this release.
the bookings/booking iterator has been added to the userpage, this can be used to list bookings for the current user.
the article edit pages had doubled _t suffixes, but it fell back to the original names, simply causing noise in the error log.
nuser.pl/user has the following new targets: bookinglist, bookingdetail, cancelbookingconfirm, cancelbooking, editbooking, savebooking. This implements Member Seminar Management for AZA.
This release involves some large potentially destabilizing changes, especially in newsletter administration, shop administration and the reports script.
a template set can now be selected for admin groups, the list of template sets is configured via:
[admin group template sets] setid=set description
a template set is a subdirectory of the local and normal template directories.
modified BSE::Request::dyn_response() to supply any template sets set by the admin user's groups as part of the search path for templates, this means that an admin user will use templates from those subdirectories before the main directories if they're in the right group.
modified nearly all admin code to do display via dyn_response() so
that they use the new template sets (and support _t for that matter)
The exceptions are dynamic output, like the newletter progress display and some embedding like in the shop admin catalog tree.
added a formatting code z, that un-html escapes the provided value.
the location display in the shop code only accepted single digit location ids.
added search functionality for the siteusers list.
added rough ajax support to the site users search
stopped an undefined value warning from the ajax tag
logon.pl now uses the common response output code, to make sure it's working the same way everything else does.
renamed the article parameter supplied to tag_url in BSE::Dynamic::Article to prevent a warning.
the session_popup tag on the edit booking page now uses a different date format. This can also be configured with [seminars].popup_date_format
BSE::Edit::Seminar wasn't importing tag_hash_plain, this caused some errors in emails sent when cancelling a session for example.
deleting a seminar session was calling a class method on the wrong class.
the admin logon form target now accept the t template selection option
the t paremeter is now recognized for the addattendee1 and addattendee2 templates
a new user side action dispatching mechanism is in place, all new user side functionality will be going via cgi-bin/nuser.pl. This splits the requests it takes into 2 parts, one is a controller id and the second is the action to take on that controller. These can either be supplied as part of the path if your web server supports PATH_INFO or in parameters. Eg. to use the bookseminar target of the user controller you can either request:
/cgi-bin/nuser.pl/user/bookseminar?id=50
or
/cgi-bin/nuser.pl?_p=user&a_bookseminar=1&id=50
a user can now book seminar sessions without going via the shop if they're free. The script is /cgi-bin/nuser.pl/user - if your server doesn't support PATH_INFO then you can use /cgi-bin/nuser.pl and set _p to user. The targets under this script are: bookseminar, bookconfirm, book, and bookcomplete.
You will need to drop or manually alter the bse_seminar_bookings table for this release.
the bse_seminar_bookings schema has changed in a way incompatible with the update tool. Previously it was just a relation with some extra attributes, it's now treated as a first class table.
a new session can now be selected when the admin edits a user's seminar booking.
the siteuser tag in the emails sent when the admin adds/edits/cancels a booking is now the user tag, for consistency with older emails.
there was a bug in handling some types of tag definitions in [...] lists
the parameters passed to the a_cancelbookingconfirm, a_cancelbooking, a_editbooking and a_savebooking targets in admin_seminar.pl have changed. These now take an id parameter to identify the booking.
the purchase process was broken by the config file product options changes, fixed.
send a booking notification email to the user when the admin books them for a session.
an admin user can now cancel bookings. An email is sent to the member.
an admin user can now edit bookings. An email is sent to the member.
Note: you need to cd to the util directory and run:
perl loaddata.pl ../data/db
from this release onwards.
partial implementation of non-shop seminar booking (database changes, modifying the shop to fill in the new booking fields)
partial implementation of Seminar Administration (access checks, extra fields on the booking form, view member detail, display of booked seminars for a user)
added view location target (a_locview) to admin_seminar.pl
added session list for a given location (available to all location displays, including edit, view, implemented as a_locview with _t=sessions)
new shop product options can now be configured in bse.cfg, so you don't need to touch bse.cfg. I'll document this later, see modules/BSE/CfgInfo.pm to see the code that does the work
various changes to make URLs more context sensitive:
the link fields for dyncart and the normal cart page are now always generated as absolute URLs
the shop base pages are now always pregenerated as if the shop article had an absolute URL, even when it doesn't.
the dynamic version of the url tag will now generate absolute URLs when there is no article context and use the article link to decide whether to generate absolute URLs in article context.
adding an item to an empty cart now causing the current session cookie to be set on the non-secure side as well, to ensure that the cart state is in sync on both secure and non-secure URLs
bump to 0.15_44
don't HTML encode values by default in emails sent by fmail.pl
don't call article methods for the ifStepAncestor tag when working with a fake article.
added addsingle\d+ target to shop.pl to allowing individual items from the catalog page.
bump to 0.15_43
reload the article earlier when updating dynamic status on descendants. The cached dynamic status was being lost when the article was reloaded later.
the shop now refreshes to the cart display instead of displaying the cart in the same request. The change in add adding to the quantities in the cart meant that a reload by the client would modify the cart.
The refresh location can be overridden with the r parameter.
the catalog url tag override wasn't passing through "null" replacements correctly, producing multiple site URLs at the front of url tags that were finally processed at dynamic replacement time.
implement a ifStepAncestor tag which checks if a given article or article id is the current article or a step/normal ancestor of the current article. This is limited to searching to 10 levels of ancestry.
Note: if you have many step parent links on your site then this tag can be very slow, since a large number of articles will be loaded searching for stepparents.
bump to 0.15_42
We were always setting the too big message for files rather than allowing the admin to configure the message.
add a new shop.pl action a_addmultiple which accepts multiple quantities and adds them to the cart.
modify the shop add action to add items to the cart rather than replacing them. So if product A is in the cart at 10 units and it added with 1 unit it will become 11 units instead of 1.
add tags to display the cart on any dynamic page
files now have a flag to hide them from the files iterator. This will require a change to the admin/filelist.tmpl template in custom template sets.
fixed a repeated "the" in the message from attempting to delete the store.
added dynmoveallkid tag for use on dynamic pages.
bump to 0.15_41
correct the closing search highlight to </b> instead of <b>
forms will now process file upload fields and send the files as attachments to the email. The attachments are not encrypted if the form has encryption enabled. Upload fields are not supportted for sending to the database.
forms now only have 3 encryption settings, encrypt, crypt_passphrase and crypt_signing_id. All other values are now set from the BSE shop defaults.
form emails now use BSE::ComposeMail, which will be extended to support HTML emails one day. BSE::ComposeMail was extended to support encryption and attachments.
bump to 0.15_40
added bse_timeout.pl test script. This can be used to test if a hosting provider sets time limits on requests. This script should be removed in production.
fix dynamic tags on some user.pl generated pages
doclink[] tag was causing a 500 error.
the ifCurrentPage tag on the search results templae is not ifCurrentSearchPage, due to a conflict with ifCurrentPage on article templates.
basic ajax support on the search page. This has some known problems. To enable set [basic].ajax to 1. This is experimental.
ability to highlight any result article field with highlight_result tag.
excerpting of search result file notes
customization of search result term highlighting
added fieldname_matched field to the matchfile tag to be able to detect if a given file field matched the search terms.
bump to 0.15_39
remove comment about fixed tiff.c in thumbnails.pod, this has been fixed
add registration notifications emails feature, enable by setting [site users].notify_register to some true value (like 1)
added site/docs/siteusers.pod with a more introductory documentation of the registration emails.
bump to 0.15_38
add match all option to searching
sort articles with the same search score by title
accept an r parameter for fmail.pl form submission to refresh to a page other than the default done page.
fix the default template name for the embedded report tags.
added dynamic tag ifUserMemberOf which checks if the current user is a member of the named group. Supply a leading * to name query groups.
added a name or identifier field to the article_files table, and administration tools to manage it.
re-worked the formatting API for easier extension
added filelink[] body text tag
removed some old commented code from Generate.pm
bump to 0.15_37
add search scores to the result tag
add the ability to require terms to match for a search
add the ability to exclude results that match a term
add bonuses to scores for results where the term matches more than one field.
searching and indexing processing have been moved into configurable modules, so we can add other search engines (a swish-e engine would be nice)
bump to 0.15_36 for release
in some cases the Articles module wasn't being loaded as needed
access checks are no longer done on iterators when an article is displayed in admin mode.
prevent undefined value warnings from fmail.pl when no validation rules are set for a field.
prevent undefined value warnings from validation when no rules are set for a field.
add userupdate.pl for uploading member updates as text files
bump to 0.15_35
added dynamic iterators, listed each here as iterator name/item name.
Global: dynlevel1s/dynlevel1, dynlevel2s/dynlevel2, dynlevel3s/dynlevel3, dynallkids_of/dynofallkid, dynchildren_of/dynofchild.
Article pages: dynallkids/dynallkid, dynchildren/dynchild, dynstepparents/dynstepparent.
added cgi-bin/admin/bse_modules.pl script to check that modules used by BSE are installed. This should probably be removed once BSE is installed and running.
search results now only include accessible articles by default.
the product tag no long warns when you attempt to use an undef (NULL) value from the product.
removed method=post from some display forms used to simply display data.
fill in the ccNumberHash when not doing online processing (this was lost when online processing was added)
fill in ccTranId with an empty string if the cc provider doesn't give us one.
add SecurePay XML credit card driver
briefly document the credit card driver interface.
the stepparents iterator now only lists "visible" articles.
userlist.pl now does logon and access checks - make sure bse_siteuser_dump is allowed for appropriate users.
userlist.pl now replaces newlines in the member data with spaces to prevent problems importing the data.
changed userlist.pl to check for bse_siteuser_export instead of bse_siteuser_dump.
userlist.pl can now dump a range of logons, specified with minlogon and maxlogon. If the field is missing or empty then the range includes the first or last by logon as appropriate.
added periodic API to DevHelp::Payments::SecurePayXML. This API isn't used by BSE.
modified userlist.pl so it can search for id or userId (logon)
changed the attributes of the dummy user for subscriptions (from Adrian Oldham)
menu.pl was using the wrong help icon
the report tag used by BSE itself conflicts with the report informational tag used in reports themselves. Added the subreport tag so you can embed reports into other reports in the context of BSE.
added gimages iterator
you can now use the [tag parms] syntax in the imagen tag
check user has access to an article before allowing file downloads. (#531)
shop emailed order encryption options can now all be set in the configuration file.
the credit card owner and type were not being stored in the order record. (#533)
optionally request the card type when requesting credit card information.
the affiliate.pl a_set action now allows you to configure extra cookies to be set.
prevent a 500 error when the user doesn't have access to create articles at a given level.
apply Adrian's set_errors_to_from patch
handle div/blockquote/address blocks a bit better.
ported the OO validation changes across
allow image[...|padding] to format padding as padding when there's no spaces in padding.
have bse_permission permission non-rights checks (eg. checking for no children on edit_delete_article) do the same checks as for permission
added some debugging output to the ifUserCan tag handler
patch from Adrian Oldham: add metaDescription and metaKeywords article fields.
patch from Adrian Oldham: fix quotes around template tag attributes, and valueless tags.
update t/t20gen.t and t/t21gencat.t to allow for the new fields
fix shell syntax problem in Makefile
implement popimage[] tag.
patch from Adrian Oldham: add missing documentation for article fields in Generate::Article.
word-wrap some lines added by above
copy same field documentation to templates.pod
enable admin security tags when pages are displayed in admin mode (ie. by admin.pl)
stop BSE::Session from keeping a reference to the session hash so it can be cleaned up properly.
parent validation for catalogs now correctly uses eq instead of == when testing the generator type.
the apache page handler now preloads more modules.
fmail.pl can now be configured to send form data to a database table as well as or instead of sending an email.
improved mod_perl compatibility - note: you cannot run more than one instance of BSE under mod_perl, and most scripts shouldn't be expected to work.
added page.fcgi, a FastCGI version of page.pl. See dynamic.pod for information on configuring this.
added BSE::Handler::Page, a mod_perl handler for page.pl. This should have lower initial request times than using page.pl under Apache::Registry.
we no longer attempt to regenerate articles with an empty link
poplink[], link[], doclink[], popdoclink[] now have the class attribute set based on the type of link. By default this class is the same as the name of the tag, but can be configured in [body class].
body text generated HTML now has the class of generated p tags set based on the [body class] config section. By default no class is set.
added formlink[] and popformlink[] tags to link to fmail.pl forms. You can set the title attribute in the config file for the form to set the default text. The class attribute for these can be configured in [body class].
deleting an article now deletes the generated page or cached page, depending on the article type.
changing an article from dynamic to static now deletes the cached page. (going the other way deletes since 0.15_27.)
deleting an article with files attached now deletes the file records and file content.
code processing the deletion of an article has been slightly reorganized. (moved from the edit code to the article object code)
code processing the deletion of an article file has been slightly reorganized. (moved from the edit code to the article file code)
the done template for fmail.pl can now iterate over the selected values as the email template does.
added site/docs/dynamic.(pod|html), which documents BSE's dynamic page generation.
documented [template types] bse.cfg section
the article link column has been expanded to 255 characters
children are no longer always dynamic if their parent is. They must now either inherit access controls or have the force_dynamic flag set in the article or in the config file to become dynamic (but see below.)
added the "Descendants inherit Always Dynamic" flag. If this and the "Always dynamic" flag is set for an article then all descendants will be dynamic.
the doclink[] and popdoclink[] body text tags now include a HTML title attribute in the <a ...> tag.
children are now correctly regenerated when their dynamic parent is saved.
when an article turns from static to dynamic the static content is now removed.
added a session bookings page
the url generated by the doclink[] and popdoclink[] body text tags are now properly HTML escaped
the cached dynamic status of a newly created article is now set correctly.
fmail.pl forms now collect field defaults by, urr, default.
the ifValueSet fmail.pl tag now checks the field default for the initial display of a form.
the shop now skips the payment page if the order total is 0.
ordering a non-seminar product no longer causes a 500 error on final processing of the order.
the final order page wasn't processing dynamic page tags
if a conditional tag isn't defined when during tag replacement, previously defined tags in the true and false parts of the tag were not replaced. They are now.
page.pl now accepts the article id via the page parameter instead of id. You will need to edit and save any existing articles to update their link fields with the new URL.
added bseaddimages.pl, a tool for adding image to an article on a remote BSE. The -u and -p options are currently untested. YMMV.
the ofchild, ofallkid, and inline tags now perform HTML escaping.
many BSE::UserReg error handlers were calling the display functions with the old argument list, cause 500 errors when attempting to display errors.
added ifAccessControlled static article tag
if you did a search in a selected section, the search results page would leave the sections drop down back on "All Sections". It now correctly uses the previous section.
added a notes field to files attached to articles. This is indexed by the search engine. Note that the indexing of the description is split into the indexing of the displayName and description.
admin.pl now applies the dynamic page tags for dynamic articles.
fmail.pl's a_done target now uses the dynamic page tags.
search.pl now displays matching files (with the same limitations as current match displays)
removed from debug output
added [shop].secureurl_articles option. Patch by Adrian Oldham (http://www.visualthought.com.au/)
pregenerated templates used by various scripts are now generated as if they were dynamic articles, and the various scripts now make the dynamic article tags available. This is a complex change, so it may have introduced some problems.
the sidebar logon panel has been updated to generate serverside when the containing page is dynamic.
the t21gencat.t test script wasn't cleaning up properly after itself, leaving the database in an inconsistent state.
fmail.pl forms are now filled from the currently logged on siteuser by default. The field names must correspond to the siteuser field named for this to happen. Note: custom defquery_base variants will need to be updated to support this.
user.pl now attempts to display the userpage by default, instead of the logon form.
the images iterator (on articles) now accepts various options to filter the images iterated over. See templates.pod for details.
the ifImages conditions (on articles) now accepts various options to filter the images tested for. See templates.pod for details.
if siteuser groups were required on a non-top level article, and the user was not logged on, a 500 error would occur, instead of displaying the logon page.
you can now set require_logon to non-zero for an fmail.pl form to require the user to logon before displaying/submitting the form. The message displayed on the logon form can be customized, see formmail.pod for details.
the submit button on the defquery_base page had an empty value unless the submit text was configured
moved the security check code out of BSE::UI::Page to BSE::Request to make it more generally available.
image.pl now checks the user has access to the article before displaying the image
saving a dynamic catalog would cause a 500 error.
added image.pl, intended for image display popups, accepts article id parameter as id and either an image id as imid or an image name as imname.
you can now add siteuser groups required to view an article. Adding such access requirements forces an article to be generated dynamically.
added sql_statements table, used for BSE extensions.
error.tmpl is now generated correctly from error_base.tmpl
siteuser group management actions now correctly refresh to the URL supplied in the r parameter, if any.
minor patch to fix the error message displayed when attempting to save over a modified article (midnight to 1am times now displayed correctly) (supplied by Adrian Oldham)
added image_index tag to the display article tags
Applied a patch from Adrian Oldham:
date fields in the articles created by initial.pl are now set to the date initial.pl is run rather than some date in the past.
simple (optional) protection against saving over pages modified by someone else.
the search engine now indexs the author and pageTitle fields. The file_description is now indexed by default (previously you needed to configure it)
added: document [editor].check_modified in config.pod.
Minor release so I can patch some other things.
renamed the new level1_col tag to level1_byname to prevent a conflict with the older level1_col tag from the level1_cols iterator.
pages can now be generated dynamically, though I'm still working on the UI side of making them flagged dynamic. Structure exists to make it possible to add extra dynamic tags on per article type basis, but isn't used yet.
you can create site user groups, and put users in them, and delete them.
added loaddata.pl tool to util directory for use in loading up tables with data
full_access permission now includes all bse_ permissions
config file entries can now use "here-docs", for example:
[some section] key=<<EOD some data EOD
this is especially useful for sql statements for reports
fixed the dynreport tag, a parameter wasn't being passed to the handler.
added level1_col and level1_sum tags to the report tool.
<:level1_col column_name:>
will extract the column of the given name.
<:level1_sum column_name:>
will return the sum of that column for the result set.
you can now set a debug flag for a report. This doesn't produce much information yet.
added builtin pastdate rule to the validation module.
Iterim release with subscriptions work.
added newsletter subscription filters to subs.pl.
admin/users/edit.tmpl now has an optional include so we can use custom fields without modifying it.
Adds the report changes except for control-break reports.
I'm going to workaround control-break reports for now, it was taking way too long. I'll implement them at a future date when there's no time pressure.
implemented the <:report ...:> and <:dynreport ...:> tags
added access controls to reports
seminars can now be added to orders (if the user is logged on and isn't already booked)
added a_location target to shop.pl to display location information to end-users (intended for use as a pop-up)
removed old commented code from shop.pl
subs.pl now has normal admin tags on the newsletter list, including correcting the help tag.
the validation of the article parent id was incorrect, causing problems when saving existing articles. Corrected the validation.
parsing and handling of the default value for the release and expire fields were reversed.
seminar display templates are now under the seminars directory
seminar display templates now have access to locations, location sessions and sessions iterators.
cart, checkoutnew and checkoutfinal templates now have access to per-item session and location tags
you can now add a user as a seminar attendee, without them having made an order.
DevHelp::Date had been changed to try to import its import method from Exporter, but this doesn't work on older perls. Reverted to subclass Exporter.
upgrade_mysql.pl wasn't correctly checking the entered number, and would perform the upgrade even if the incorrect value was entered.
upgrade_mysql.pl now treats varchar(...) binary as if it were
varbinary(...) and no longer treats this as a column type change
(unless the size changes)
This is a development release, not intended for production.
site/htdocs/images/trans_pixel.gif is now transparent again
search.pl would produce a 500 error if the search string contained regexp metacharacters (#502)
search.pl was only searching for the first search term
the shopadmin.pl product list wasn't listing seminars
field configuration for the location pages was being ignored
add.pl now generally accepts m or message for the message parameter, and can accept multiple messages.
functionality added to add, edit, delete, and take roll for sessions
This is a development release, not intended for production.
location maintenance at the basic level is in, accessible via http://example.com/cgi-bin/admin/admin_seminar.pl
you can create seminars, though there's no sessions or related data yet.
the generator field in articles has been expanded in size, so BSE::Generate::Whatever will fit in.
orders now accept delivery and billing organization names, and a second street line for the delivery and billing addresses
members can now have a second street address line in their billing and delivery addresses. They can also have a billing organization.
the release and expiry dates for articles when creating a new article seem to have been handled incorrectly for a long time. We now properly parse them when adding a new article (or product, etc)
in some cases the date tage %z value would be omitted under Linux. I'm not sure why this was happening, and the fix is pretty empirical.
we now attempt to handle nested non-tag [] when removing tags from body text.
t/t40images.t now uses the links() method instead of the internal
extract_links() method. (this is part of the test suite and doesn't
have an effect on most users)
articles now store their creation date, the user who created them the user who last modified them. (implemented by Adrian Oldham)
articles now have author and pageTitle attributes. The pageTitle attribute overrides the value of the title field in the HTML header title tag. Currently these are not indexed or searched by the search engine. (implemented by Adrian Oldham)
error messages for invalid image identifiers have been changed (implemented by Adrian Oldham)
previously the parentid wasn't being properly validated when adding a new article, possible causing a 500 error. We validate the value and report an error on invalid values now.
affiliate.pl can now set a configured cookie to the value of the affiliate id. See [affiliate].set_cookie in config.pod.
added template sidebar/afflink.tmpl that can use such a cookie
fmail.pl's values_select tag now sets the id attribute to the name of the field.
famil.pl now has the remote_addr tag available when composing the email
the capitalise tag now attempts to capitalize words like "don't" correctly.
a validation rule of:
nomatch=0
would be ignored
fmail.pl added to the smoke test script
the pgp content type header for encrypted fmail emails is now added only if configured to do so with the crypt_content_type option.
the required_if validation option can now be used from the validation configuration.
empty values when specifying values in the form:
fieldname_values=value1=name1;value2=name2
can now be specified
you can now specify a prefix for values specified via section name, for example:
fieldname_values=some section:prefix
[some section] prefix=None Selected prefix1=One prefix2=Two
where the values/names for the select will be:
"" None selected "1" One "2" Two
added formcfg tag to the fmail templates, this tag allows access to other values in the form's configuration file section.
added field_config to the fmail form configuration file section. This can list extra values to be retrieved from the config file for each field.
DevHelp::Validate depends on DevHelp::Date, which wasn't included.
BSE::UI::Formmail now loads the form specific field configuration rather than expecting DevHelp::Validate to do it (which shouldn't really have been modified to handle it)
using custom validation rules would cause a 500 error.
subscription calculations no longer include incomplete orders.
the user and ifUser tags are now available on the user/lostpassword template.
localinst.perl (used by make test, make testinst, make testfiles) no longer ignores empty config values.
the article keyword field now defaults to empty rather than NULL.
fmail.pl forms can now be select, multiselect, radio or check button fields. The values can be specified in the config file. See docs/formmail.pod for details.
the emails sent by fmail.pl can be sent encrypted or encrypted and signed. See docs/formmail.pod for details.
This release adds a new column to the orders table. You will need to run the upgrade_mysql.pl script on existing installations.
product information is now available from the item tag on the final checkout page
another field has been added to the orders table to track the difference between an order that's been created for payment processing, and an order where it's been completed.
The existing order lists filter out the incomplete orders.
if a user attempts and fails online credit card processing on an order, that order record (and hence number) is now re-used for the next attempt. Note: if a user abandons an order after a failed attempt at online credit card processing then an incomplete order is left in the database.
added an order_list_incomplete target which lists only incomplete orders (for completeness...)
the order_detail template now flags incomplete orders and attempts to display credit card processing information.
the embed tag and embed[] markup didn't support newer style tags
Interim release with some minor fixes while I fiddle with trying to re-use the same order after a CC processing failure.
0.15_05 field name changes meant that values from the logged on user record weren't used for delivery fields. The checkout page now adapts for that.
previously if you submitted the checkout page, then went back to it, it would use the defaults from the logged on user (or empty fields). Now it uses those saved values as defaults.
the cardType field is no longer required, or processed.
the extended cart fields are now available on the cart and checkout pages, since it isn't used anywhere anyway.
WARNING: this release makes major changes to the way the shop works. Make sure you test BEFORE you deploy.
This release may introduce incompatibilities with older BSE::Custom modules, if you come across any of these, please let me know.
To deploy this with a custom template set the following templates will need to be updated:
- checkoutnew_base.tmpl - new checkout page - checkoutpay_base.tmpl - new payment page - mailconfirm.tmpl - handle CC processing - mailorder.tmpl - handle CC processing - checkoutfinal_base.tmpl - display credit card receipt number
This is primarily intended as a test release, currently it has three known problems:
the checkout page won't load the saved order values if you go back to it after having gone through it without finishing the order.
each failed online credit card transaction results in a new order in the database (marked as failed)
some admin side templates still need updating
The changes:
major changes to the structure of the shop, There is no longer a purchase action, this has been split into an order action, which saves user information, and a payment action, which attempts to process a payment.
The initial checkout page now uses the checkoutnew template rather than the checkout template. The payment page uses the checkoutpay template.
the final order display is now a separate request from the purchase/payment action, you can now make changes to the template and test them without having to create a new order each time. The final order display page will only display the last successful order for 5 minutes.
the shop can now process credit card transactions online through the Inpho credit card gateway. There is also a also a "test" gateway module that allows for offline testing. See [shop].cardprocessor in config.pod
the shop (and other scripts that use the general dispatcher, like affiliate.pl and fmail.pl) should now work with image buttons submitting the form.
conditions to check for payments types on the shop pages that accepted a payment type name (like <:ifPayments Name:>) would always return value for the CC type, even when it was enabled.
fields that were marked as required previously are now actually required, this most likely a problem for the cardType field. I may end up marking this as not required.
a new credit card field value is accepted and passed to the online credit card processor, the cardVerify field.
fields on the checkout page now must use the name defined in the order record. The older names are no longer usable, except in the required method of BSE::Custom.
the error_img tag is now available on the checkout and payment pages
the allkids iterator no longer lists unlisted stepkids
added the [article defaults], [product defaults] and [catalog defaults] configuration file sections, see config.pod for details.
generate.pl would refresh to the wrong place when secure admin was configured, causing the logon page to be displayed.
reorder.pl had a syntax error which didn't show in the test suite. The test suite has been updated to catch similar errors in reorder.pl
the low level body text formatter now includes <p></p> around its results. Many other minor changes were made to hopefully improve the output from the formatter.
the level2 tag now HTML escapes its results
the old tag is now more backward compatible.
changed the search index primary key from "varchar(200) binary" to "varbinary(200)". Unfortunately mysql 3 reports this type as "varchar(200) binary" so the tool we use to build mysql.str has been mangled to convert that type to varbinary.
the article table included a default value declaration in the column spec for the primary key. This conflicts with the auto_increment on mysql 4 and has been removed.
the makefile now checks for .pl files that still include the option to start the debugger in their #! lines before building a dist. This will prevent releasing a dist that tries to start the debugger when you call a script.
the search results page now has access to the basic dynamic tags
added the fmail.pl script, see formmail.pod for information on using this.
reorder.pl now accepts a type parameter to sort only those children that have the appropriate generator.
catalogs now use the standard iterator tags for products, allprods, stepprods, and adds an allcats iterator.
shopadmin.pl now supports the shop article being a catalog, adding the shop tag and products iterator for the base product_list template.
the summary and thumbnail tags didn't work with newer style article tags
the drop-down parent list for catalogs no longer includes the current catalog or its children.
you can now parent products to the shop article if it's a catalog.
the dynamic old tag can now accept the field name as a [] parameter.
body text is now generated with surrounding <p> and </p> tags.
added the div[class|text...] formatting tag
formatted lists where there was no other text between the lists would produce mis-formatted lists.
the tt[] and pre[] tags were not removed from search result except text. (#460)
creating a new user with subscriptions enabled could sometimes cause a
500 server error. This was due to calling escape_url() instead of
escape_uri(). Thanks to Piers Johnson from Might Media for reporting
and patching this.
added the billMobile and delivMobile fields to the orders and site users tables
the user tag in user.pl could sometimes produce undefined value warnings in the error log.
search excerpt text is now correctly HTML escaped
added the strepeats iterator for use on all pages (resolved on the first build when pre-building templates for dynamic pages)
added the ddigits prefix to the arithmetic tag, which rounds the result, so for example:
<:arithmetic d2:1.234:>
results in:
1.23
img elements produced by the thumbnail tag now include an empty alt
parameter.
the tt[...] tag is now removed from body text in those cases where we're removing other tags
added the delivMobile and billMobile columns to the site_user and orders tables. These are saved and transferred in the appropriate places. The core templates have been changed to display or edit them where appropriate.
No changes since 0.14_37, no issues reported with 0.14_37.
This will become 0.15 on Friday unless a major problem is reported.
The ifRemovable tag on the subscription list should no longer produce undefined value messages.
you can now configure a site user (member) flag that must be set for the affiliate page to be displayed for that user.
documented the [site user flags] configuration file section
Trying again for a release candidate for 0.15.
the <:money ...:> when used on static pages, or when resolved when pregenerating base pages, would ignore the third and subsequent arguments.
the checkupdate target for the checkout page would crash if there was no custom session data defined.
the final purchase page did not have access to the normal BSE static tags
the switch tag didn't handle the protocol used to handle unimplemented subtags.
This is a release candidate for 0.15.
you can now use the |x flag on a tag to re-encode the value suitably for XML (to avoid HTML entities like é). Note: since most BSE tags already HTML escape their data, this tag will convert HTML entities to characters before re-encoding as XML.
the allkids_of, kids_of and inlines iterators now support the [tag ...] syntax for their arguments. Any values returned by the [...] constructs are further split on spaces, so you can have a single tag return more than one value here. This is convenient if you want to use the cfg tag to specify article numbers from bse.cfg.
the <:date ...:> tag now presents the correct day of week. (#450)
added a new tag nobodytext which strips all bodytext markup from
its argument.
subadmin.pl now uses the bse_subscr_* prefix for it's various security checks
thumbnails weren't implemented for the site view/global image manager, they are now available there
you can now supply a new date selection code to the search engine, 'mnumber' will now only list articles that have been modified within the last number days. The supplied search_base.tmpl has been modified to include this. (#136)
updated internal file extension to MIME types based on a list from
Adrian, types which are basicly text files (like
text/x-script.bash) have been changed to text/plain so browsers
don't need to know about obscure aliases for text file types.
doing a refresh due to failure in adding a product to the cart (due to subscription restrictions for example) when the product had options would cause a 500 error (#438)
the arithmetic tag should handle double generated pages where tags needed on the second generation are used in the expression.
we now URI escape apostrophe ' when we're URI escaping in general,
since a trailing unescaped ' could confuse some browsers in a
Refresh header.
cgi-bin/admin/admin.pl now refreshes to the menu with an error message
rather than causing a 500 error if it cannot find the article
specified by id. (#424)
saving a disabled user from the member admin page will no longer send the user a confirmation message if they are unconfirmed and have subscriptions selected. (#393)
a change not listed for 0.14_05 - the delivery instructions entered during checkout are now included on the encrypted order emailed to the site admin. (#354)
the validation error icon image can now be configured, see [error_img] in config.pod. (#230)
user.pl now has an a_orderdetail target which accepts the order
number in id. The order must belong to the currently logged on
user to be displayed.
affiliate.pl will no longer display pages for disabled users (#437)
the image manager will now display images as thumbnails if configured to do so.
Currently the only imaging tool that can be used for the thumbnailing process is Imager.
This adds the thumbimage, ifThumbs and ifCanThumbs tags to the article editor pages.
See thumbnails.pod for more information.
localinst.perl (run with make testfiles) no longer deletes the content of your htdocs/images directory.
logging out now clears the shopping cart
after logging in when you failed to add an item requiring logon now refreshes back to adding the item again (#434)
setting [affiliate].subscription_required to an affiliate text id should now work
trying to add a subscription product while not logged in now refreshes more appropriately after you logon.
checks for renew/start only subscription products are now done when you attempt to add the product to your cart.
SiteUser.pm was missing an import of sql_add_date_days(), which caused
a 500 error.
the subscription expiry date functions were checking the wrong field name for the expiry date. This caused problems when trying to add a renewal product to the cart, amongst other things (#435)
the userpage now has access to a subscriptions iterator, includes access to the subscription fields, and the ends_at, started_at and max_lapsed status fields. This only shows subscriptions the user is subscribed to. (#436)
the options page now has a ifSubscribedTo tag. This accepts one parameter which is the text id of the subscription.
the subscription order summary on the subscription detail page now multiplies the period by the number of units bought
you can now configure a required subscription for affiliates, see the
documentation for subscription_required in the config manpage.
the product tag on the checkoutfinal page now accounts for database NULL values
the subscription detail template didn't display the usage field correctly
the delete subscription link was incorrect
the delete subscription confirmation template wasn't supplied
the subscription edit/add templates were missing a closing </tr>
removed debug code from Squirrel::Row that was sending
addclassname to the error log.
the test for whether a user was subscribed was incorrect.
the number of units of a product bought for a subscription product was ignored, now 2 units of a 2 month sub product will act as 4 months.
it is now possible to include other config files from bse.cfg, see
[includes] in config.pod for more information.
the doclink[] and popdoclink[] tags would not be removed from the search page excerpts if the second parameter was present but empty.
more recent code using the m parameter could crash if the script was passed two m parameters.
a method rename during development meant that some code was calling a method that didn't exist, causing a 500 error.
if you supply an 'r' parameter that defines an 'm' parameter to subadmin targets the code will no longer add it's own 'm' parameter.
DevHelp::Validate now includes some documentation of its built-in rules.
The basic processing for subscriptions is now done.
added max_lapsed to the order_item table, to make sure subscription expiries remain consistent.
the bse_subscriptions table was commented out for the last release (it worked here because the table was created before I commented it out <sigh>)
ordering items with a subscription now results in the bse_user_subscribed table being updated, and hence most of the code which checks if a user has subscribed now has something to check
the users iterator on the subscription details page now works
subadmin.pl now has a target to update all users subscription expiry dates from their orders.
messages usually weren't displayed from a refresh by subadmin.pl, when they should have been
modern iterators could cause 500 errors (bad parameter list internally)
modern iterators could generated undefined value warning in the logs
switched off debugging for Squirrel::Template, which should reduce log pollution considerably.
I'm planning on making all base BSE permission checks use a "bse_" prefix to avoid conflicts with add ons like nPort. The permission checks should all now allow checks against bse_foo when only the foo permission has been granted.
This should allow templates to be updated to use the bse_ prefix.
Note that the permission sets in bse.cfg must continue to use the
non-bse_ names for now.
most of the structure of subscriptions has been done, provided for templating and testing.
Note in particular that the users iterator on the subscription details page will return an empty list for now.
0.14_24 added ".html" to the end of "link title" links, this broke regeneration. This release changes that to "_html" at the end of the links, which shouldn't break regeneration and will hopefully still allow google to index them.
I'll probably preserve the current behaviour if we add a mechanism for setting the content filenames, since unlike filename changes this preserves the link, so a title change won't break links from external sites.
added site/docs/future_plans.pod to the distribution
Release in preparation for subscriptions implementation
deleting site user images didn't work - the SQL used to remove the record was incorrect
it's now possible to associate images with a site user (member), these are editable both by the admin and the user themselves.
They work the same as the nport member images.
By default they are stored in the same location as uploaded files (defaulted in the config file.)
Don't forget to change your custom admin edit site user template to use the right enctype for the form.
you can now use siteuser images on the affiliate page.
SiteUser.pm was still using Orders rather than BSE::TB::Orders <sigh>
affiliate_name can now be set during registration or during addition in the admin interface.
the require_affiliate_name flag in the config file is now supported (it wasn't necessary for the original application)
[site users].display_affiliate_name is now used in validation errors for the affiliate name field.
the referer checks for affiliate.pl extracted the Referer header domain incorrectly.
the order affiliate_code is now accepted as a CGI parameter during purchase if it isn't set in the session.
the order siteuser_id field wasn't being set
added an affiliate_name column to the siteusers table. This value is required to be unique if non-empty and may only contain alphanumeric characters. You will need to add this to any custom templates.
affiliate.pl now accepts alternatives to the id parameter:
lo - the logon name of the user
co - the affiliate name of the user
some prep work for site user images
a few modules were still using Orders/OrderItems instead of BSE::TB::...
work around a discrepancy in the way mysql handles dates, step child records marked to be released on a given date should now be released on that date rather than the next day
added affiliate.pl, which can display an affiliate page or set the saved affiliate code.
extra fields have been added to the site users table to allow for custom data on the affiliate page.
a new debug flag dump_session has been added. if this is true then a data dump of the session hash is performed after it is retrieved from the database.
some of the order processing code checked incorrectly for subscriptions (which don't exist yet anyway).
This release includes some structural changes to article editing, please test before deploying it.
doing a sort of all children wouldn't include the unreleased (step)childen in the sort (#389)
with access control enabled, using the reorder.pl script while not logged (including due to a cookie timeout) on would produce a server error (#419)
the Orders / Order / OrderItems / OrderItem classes are now BSE::TB::Orders / BSE::TB::Order / BSE::TB::OrderItems / BSE::TB::OrderItem, to try to use a more consistent naming system and clean up the top level namespace
the prePurchase target has been disabled in shop.pl, since it's effectively unmaintained, and probably completely broken
updated the document list of session values in BSE::Session.
defaults (both internal and configured) are now used to set article/product fields on creation, this should allow simplified creation templates to omit fields that don't need to be explicitly set
the warning about $Text::Wrap::columns only appearing once should disappear
a shipping_cost column has been added to the order table. This is not set by BSE at all yet, but is available for use by custom order save code.
some fields and code have been added to support subscriptions (no, not the newsletter stuff)
removed some debug dump code from the shop
"link title" links now include ".html" at the end to allow Google to index them
some preperatory work has been done to handle affiliates and subscriptions
differences in whether CR chars are passed in line separators could cause formatting problems with ##/**/%% lists in body formatted text
a ##, %% or ** which wasn't at the beginning of a line could be treated as part of a formatted list
the logon page used the user side help icons (#371)
the admin user and admin site user pages used the user side help icons (#373)
the change password page used user side help icons (#378)
the admin logon page now accepts an m parameter
in general, moved the common admin tags call after the common basic tags call so that admin tags (like the admin help icon) replaces the basic help icon.
remove blank lines from the error messages produced on the admin user administration pages (#382)
a very rough attempt at changes to support UTF-8 content has been made.
Don't rely on this.
previously, if an error occured in producing a template that wasn't a template not found error, while using an alternate template, a 500 error would be produced with no message in the error_log. Now an error page is produced, with the message sent to STDERR (and hence to the error_log).
BSE::DB::Mysql no longer reports that it found SQL in the database.
when link titles were enabled they were being produced twice.
added the <:today:> tag - returns the current date, by default formatted as "dd-mm-yyyy", but can be reformatted as per the <:date ...:> tag, for example <:today "%d/%b/%Y":>
added the <:arithmetic ...:> tag. Any text [word ...] text in the argument is replaced with the corresponding tag value and the final result is then evalled. Do not ever use [cgi ...] values or any other unvalidated data with this tag, to avoid security issues.
the <:sorthelp ...:> tag now seperates the returned URL arguments with & instead of just & to produce correct HTML.
the url tag now generated absolute URLs in subscriptions
non-lower-case link[] commands in subscription body text was causing 500 errors, (doclink[] with unknown article names/ids could cause the same issue)
the <:help file entry:> tag can now be used in all templates, and optionally takes a style argument, with the default style depending on context. This tag is replaced as pregeneration time for pregenerated pages.
In user pages (including the admin version of article pages) the style defaults to "user".
In admin pages the style defaults to "admin".
The style chosen can select a template, and change icons and path depending on the configuration file, see [help style ...] in config.pod.
BSE::Mail::* now accept a bcc address parameter. This is intended for use by nPort.
image[...|url] was HTML encoding the url twice.
added an output_result() method to BSE::Request. This is currently a
shim around BSE::Request->output_result(), but it may change in the
future.
added the <:oldi ...:> tag, for use on any dynamic page
<:oldi fieldname index func funcargs:>
This is used for extracting the correct previously entered value for a multi-value field.
the default <:old ...:> tag was ignoring the fourth and subsequent parameters, for example, if the tag was:
<:old fieldx taga arg1 arg2:>
only arg1 was being passed to taga.
site/util/mysql.str hadn't been updated to the new format
added some support code for use in nPort.
makeIndex.pl was passing in incorrect parameters in a few places to do with article formatting
added the poplink[] and popdoclink[] a body text tags
the link[] tag now uses the URL as the link title if no title is provided
the show_register target of user.pl now accepts a _t argument as a
template selector.
upgrade_mysql.pl now takes a -i filename for the extra table structures to be installed. A -h for help option was added too.
the format of the database structure file for upgrade_mysql.pl has changed, to allow for column types containing commas (like decimal(9,2)).
tbe table[htmloption="value" ... ] form of the table body tag no longer HTML escapes the options. (#348)
one of the changes to use the new formatter for summaries mixed up an argument order, breaking the <:summary ... :> tag (#347)
fixed some problems with the new sorting features in reorder.pl.
BSE::DB::Mysql will now attempt to search the sql_statements table for any SQL needed that isn't found in its internal table. This is intended for use by external applications using BSE's database support tools, specifically for the nport project.
This adds several destabilizing changes, test before using in any production setting.
you can now specify that BSE uses the configured secure URL, the normal URL or a separate admin base URL for access to administrative functions. The action parameter on any custom admin/logon.tmpl should be changed to include the new <:adminbase:> tag.
reorder.pl now accepts a more sophisticated sort parameter, it can
now be a comma separated list of fields to sort by, most significant
at the front. Any unknown fields are ignored. You can put - in
front of any field name to sort that field in reverse.
the image[] and gimage[] tags now take a fourth parameter which can
either be a simple class name (all alphanumeric), a set of parameters
to the padding: style command, or actual CSS style commands.
lastModified is now a datetime rather than a date, be sure to run upgrade_mysql.pl
applied a change to the default table mapping from extension to MIME content type, sent in by Adrian.
added the style[] body text tag
doclink[], class[] and style[] are now removed correctly from summary and excerpt text.
the hr[] body tag now correctly uses size instead of height.
moved the custom_class() function to the new BSE::CfgInfo class.
first steps towards administration via the secure URL (or some other base URL)
the <:admin:> tag can now produce output based on a template.
<:admin:> in an article template uses admin/adminmenu/article.tmpl,
<:admin:> in a product template uses admin/adminmenu/product.tmpl,
<:admin:> in a catalog template uses admin/adminmenu/catalog.tmpl,
<:admin foo:> uses admin/adminmenu/foo.tmpl.
sorting the site user list by id should now sort numerically rather than stringwise.
You can now you %% instead of ## in body text for an alphabetical rather than numerical ordered list
reworked the doclink[] changes so an article didn't need to be supplied to the formatted. This fixed the <:bodytext ...:> tag.
word-wrapping in the text version of body text for subscriptions would move the last word of a multi-line paragraph onto its own line, whether it needed to be or not.
the way links appear in the text version of body text, and the link list at the end can now be customized through the configuration file, see the documentation on text_link_inline, text_link_list and text_link_list_prefix in config.pod for more information.
handle [] inside body text tags a little more intelligently. We assume they are balanced, so b[foo [1]] will do the right thing, but b[foo [] won't.
added doclink[] body tag
cookie generation is now centralized to prevent differences in cookie generation from causing problems. This won't help with certain configuration issues, which you'll need to fix yourself.
allow files not marked for sale, and listed in an ordered item to be downloaded by a user from the userpage.
order files listed for an order on the userpage by item and display order instead of alphabetically
filenames for uploaded files with non-alphanumeric characters are now handled a bit differently - non-alphanumerics are now replaced with '_' and then duplicate '_' are removed.
userpage base pages are now generated with an absolute link field to force absolute article URLs to be generated
the text version of emails in subscriptions now includes the URL at the bottom of the body text, with a bracketted number at the original text
the edit member page now links to a list of orders for that user (if any)
the order detail page now links to the user's order list and their edit page.
logon.pl still required mod_perl.
subscription messages were being sent to subscribed but disabled users.
the search results page tags are now XHTML compatible.
you can now set pp=-1 on the member list page to list every user.
the stepkid tag would sometimes result in a warning in the web server error log
the templater would produce a warning from a <:switch:> tag under perl 5.8.
the installer while now set the #! line of scripts based on the "perl" configuration option in test.cfg.
some scripts would produce compilation errors when run under a perl without mod_perl installed.
the implementation top/bottom left/right image placement has changed. When you select a "bottom" option the images are simply placed as if they were present in reverse order. This means that the image urls are now used to form links.
gen.pl could produce a compilation error in some circumstances.
the telephone field is now actually required on checkout.
if the user options form included the email address but not the subscriptions list and the user changed their email address, the confirmation email wasn't being sent.
the <:ifItemAvail:> tag wasn't returning true for files that don't require payment
spaces are now preserved in uploaded filenames, as underscores.
the <:switch:> template construct had required there be some text between "<:switch:>" and the first case, this is no longer necessary. You still might want to keep a newline there to make it easier to pick out cases
the list of possible archive parents for subscriptions is now sorted by title (#295) We now select the highest id article by default when creating a new subscription, presuming it was created to store an archive.
the <:recipient_count:> tag is now available on the subscription send form, and the Send link is now always available on the subscriptions list. (#269)
the subscription send action, if it somehow is submitted with no users subcribed, will no longer archive an article and update the most recent send date. This can happen if the last user unsubscribes while the administrator is composing their newsletter.
the class[] body text tag now nests correctly when spanning over paragraphs
If the last value of a parsed tag parameter list was an unquoted 0, the 0 was not passed to the tag for processing.
added the cfgsection iterator.
iterators that allowed sorting/filtering now actually sort on the right value
the stepkid tag on edit pages now checks the article is a stepkid before doing a hash lookup, preventing an undefined value warning
the admin/edit_steps template was using invalid article names in ifUserCan checks
the flags iterator and ifFlagSet tags weren't available on the add site user page.
saving a site user in nopassword mode would result in a validation error if the email field was present but no confirmation email field was present. The confirmation email field is now only required if the supplied email address is different from that currently stored for the user.
changing the user's email address in nopassword mode (and possibly in normal mode with subscriptions) resulted in a server error.
printable.pl wasn't looking in the printable/ directory for it's templates (#298)
printable.pl's error reporting wasn't supplying the config value to the templater
printable.pl's error page now uses the article templater rather than the base templater
added smoke test for errors from printable.pl
added smoke test for admin/siteusers.pl
trying to call "site users" "site members" now.
you can now select subscriptions for a site member with the admin tool. This still results in a confirmation email if the user hasn't been confirmed at their email address. (#293)
You will need to run upgrade_mysql.pl for this release.
checkoutfinal_base.tmpl now uses the new <:if Payment name:> tags, and includes a payments customization shim.
shop.pl now uses [shop].display_field-name to convert stored field names into display names for error messages.
cardType and cardHolder fields are now required fields for credit card payments
admin access control now requires that a configuration option to be set before it will accept admin user authentication information from the server (typically basic authentication.)
the class[classname|text] tag was lost when integrating the common tag handling code, added it back in (#284)
you can now define custom flags for site users, the flag value is a single letter or digit, case-sensitive. Add an entry like:
I<letter-or-digit>=I<description>
to the [site user flags] section of the config file. For example:
a=Access to private area of the site b=Accept orders on account
You can check this on templates where the user is visible with the <:if Match:> tag:
<:ifMatch [siteuser flags] "b":>Accept orders on account<:or:><:eif:>
the article editor was using [catalogs].template as the default template rather than the documented [products].template
added the [products].extra_templates configuation file entry. This is
a comma-separated list of extra templates that can be used for
products. You can also just put templates into the products
directory (and have been able to for a while.)
the <:include ...:> meta-tag now takes a second optional argument, if this is the word "optional" then no error text is inserted if the file specified is not found.
updated includes of custom shims to use the "optional" option
removed custom includes from the distribution that didn't have any real content
reorganized menu.tmpl a bit and added the member ("site user") manager to the list
added <:if Payments name-of-type :> and <:checkedPayment name-of-type :> tags to the checkout page, and <:if Payment name-of-type :> to the checkoutfinal page. If name-of-type is unknown these will return false (or the empty string) to allow their use in portable templates where a specific type might not be configured.
the checkout page now uses the ifUser tag to check if there's a logged in user rather than hacking on the user cookie.
This is still a development release.
There have been database changes in this release. You will need to run upgrade_mysql.pl.
CRITICAL: nopassword wasn't checking the password at all. If you don't want to upgrade completely you can include just the three line change that checks the password.
blank lines are no longer included in the error messages on add/edit site user validation errors
the shop now uses the site user authentication hook
the domain value sent to the browser in cookies now has the port number stripped.
you can now configure new payment types through the [payment type names], [payment type descs] and [payment type required] sections of the configuration file.
various templates include custom sub-templates which can be used to add custom payment types.
new <:checkedPaymentpayment-type-name :> tag on the checkout form to make retaining the selected payment type easier.
new basic template facility, with allows sections of text to be
processed by a tag:
<:with begin I<tagname> :>
I<some text>
<:with end I<tagname :>
<:with ... wrap:> tag added to order email tag sets:
<:with begin wrap:>Special Instructions: <:order instructions:><:with end wrap:>
the site user editor would include empty lines for valid fields in error messages
cookies were being generated with the port numbers included in the domain value.
billing address fields are now included in the default checkout form, optionally
This is a development release and is not suitable for production use.
sort ordering, pagination information is now saved in the site user list
added a customization hook called when a change is made to the site users list
added a site user authentication hook. You must set user_auth=1 in the [custom] section of the config file for this to be used.
This is a development release and is not suitable for production use.
in some cases registration or saving user options wasn't outputting a page, producing a 500 error
user options templating changes:
for the textOnlyEmail option to be saved, a saveTextOnlyMail hidden field should be present with a non-zero value
for the keepAddress option to be saved, a saveKeepAddress hidden field should be present with a non-zero value
for the subscriptions to be saves, a saveSubscriptions hidden field should be present
added site user manager, this still needs some template work
user registration can be disabled with the user_register option in
the [site users] section of the config file (you can still create
users using the site user manager.)
billing information fields have been added to the site_users table.
adminNotes field has been added to the site users table (editable only by admins.)
instructions field has been added to the orders table, for shipping instructions (or any). This still needs some support on the admin templates, and the email templates.
added config option billing_on_main_opts to control whether billing
options are on the main user options page. This is managed by the
templates, not the code.
printable.pl was producing a server error (it hadn't been updated after the top tag was added.) Also added a smoke test which would have caught it.
added a few more reports to the experiemental reports system
report.pl now handles being called when the user isn't (or is no longer) logged on, correctly
added some cookie debugging code
confirmation emails weren't being sent when a user registered with subscriptions selected (with nopassword unset)
you can no longer register or save in options a blacklisted email address
email address blacklisting now works
user options can now be set during registration
you can configure which user options are required (during both registration and in user options)
the subscription boxes can individually or all be set to checked during registration by default.
the error_img tag now works on the registration and user options pages
No changes in this release, just a stable release. Enjoy.
This is a release candidate for 0.14, please report any problems with it as soon as possible.
Once I release 0.14 I'll start on a new round of changes
the common <:old name func args:> tag was HTML escaping the result from the <:func args:> call, which gave a double escaped result.
the test count in t/t40images.t was incorrect
even more tests have been added to t/t40images.t
URI::Escape escaped a different set of characters by default in older versions, not including &, we now supply the set of characters that is the default in modern versions.
you shouldn't be able to add an article to itself as a stepchild or stepparent
some admin forms now include name attributes, as an aid to regression testing
added some simple tests for Squirrel::Template
added some simple tests for the image manager (needs more work)
Making steps towards improved stability.
the subscriptions formatting was broken when I made arrows refresh back to their original article. D'oh.
the test text only email flag was ignored
an old problem, only products were listed as stepchildren to catalogs in the article editor
changes to the way named images interact with automatic image placement:
named images are never automatically placed
named images are not included in the list produced by the article display template images iterator
referring to a named image either with image[name] in the article body, or <:imagen name:> in the template will not suppress automated image placement
image[1] or <:image 1:> will continue to suppress automatic image placement (or <:image:> within the images iterator)
This should provide reasonable behaviour that's compatible with existing sites running 0.13 or earlier.
If you get configuration errors from this release, it probably means you've been using some of the default email addresses, which were either nonsense, or my address. Either update Constants.pm or set the appropriate value in bse.cfg.
There have been a lot of changes in this development release, so there's probably at least one bug.
removed my email address from the config files
datadump.pl now uses $DATA_EMAIL as a default for the configuration [datadump].to value, as documented. Also, aborts with a configuration error if this isn't set.
swapped the order of the parts in the multi-format emails sent by the subscriptions manager, since the old order didn't work with some mail clients.
subscription confirmations were being sent with a from derived from the [confirmation].from key instead of the [confirmations].from key in the config file.
the configured from address is now checked before attempting to send the subscription.
title and body are now validated on sending a subscription (#264, #265)
parameters supplied with the <:wrap ...:> construct now have tags of the form [tagname parameters] replaced in values.
the subscriptions send form now allows sending a test subscription message. Defaults for the email and name are controlled by the [subscriptions] section of the config file.
To use this you must be authenticated in some way, either by BSE's user logon system, or through browser authentication (.htpasswd), this is done to prevent abuse of the system by spammers.
imageclean.pl should no longer remove global images
changepw.pl now accepts the r paramater as a refresh URL on the save step
select tags generated by BSE in various places should now be XHTML compatible
most object reordering arrows are now generated using a common function
Only the <:moveUp:> and <:moveDown:> tags are excluded from this, and are now considered obsolete, please use the new <:movekid:> tag instead.
URLs in object reordering arrows included unescaped & characters
BSE generated select tags were using "checked" instead of "selected" in some places, oops.
if a user subscribes, and a confirmations from address is configured we now display an error before the attempt to send a message, and no longer record that an attempt has been made.
the subscriptions help file was missing </a> on the <a name="..."> tags
some templates are now more XHTML compatible (if anyone know how to make http://validator.w3c.org accept wrap="virtual" without adding "] >" to the top of the displayed page, please let me know.)
arrows on the display pages should return you to your original article now
added the <:top field:> tag which allows access to the top level article being generated
the shop now complains if either shop email address is not configured when a customer attempts a purchase.
you can now disable encryption of the email order to your shop email
address, this disables credit card orders. Check the documentation on
the noencrypt option in the [shop] section of the config file in
config.pod.
you can now control whether the shop sends an email of your order to
the shop email address through bse.cfg, see email_order in the
[shop] section, documented in config.pod.
I'm still looking for feedback on article image names and the interaction with automatic image placement. See the options described under the 0.13_02 release notes.
This development release has some major changes.
the delete item handler in the shop now uses the common refresh code, preventing problems with Safari.
the <:old:> tag on the checkout page didn't work correctly in some cases
moved the response dispatch code template to BSE::Template to avoid duplication
admin/menu.tmpl now uses admin/base.tmpl
cookie handling was broken in various annoying ways:
the userid cookie didn't have a timeout
the change to the userid cookie wasn't propagated to the secure side when the user logged out (or to the non-secure side if they used a secure-side logout)
The wrong path was used when propagating the sessionid to the secure side, making it almost completely pointless
The cart is now copied from the old secure side cookie, if any.
admin users can now change their own passwords
the templater now supports a new type of conditional, a switch statement:
<:switch:> text here is ignored <:case conditional-function1 conditional-args1:> result text 1 <:case conditional-function1 conditional-args2:> result text 2 ... <:endswitch:>
Each condition is checked in order.
A special:
<:case default:>
always returns (and should always be last, since all conditions after it are ignored.)
If there is no tag for the given condition-function on the page then the text of the switch tag will be returned, hopefully to be replaced by a second pass during processing of a pre-processed page (like the checkout page.)
Hopefully this will reduce the need for nested ifs, but will probably introduce it's own problems related to partially generated pages <sigh>.
Since the code attempts to do the innermost switch first it shouldn't have nesting problems for complete pages, but may have some when a page is partially generated, like with the shop and search templates. If this becomes a problem I'll add a version with 'names' to act as a nesting aid, but it will be ugly.
you can now manage site global images, accessible with the gimage[] tag from body text, and the <:gimage name ... :> from templates
Make sure you update your config file.
custom templates may choose not to set the keywords field, this could cause makeIndex.pl to complain about undefined values. makeIndex.pl now skips indexing NULLs.
BSE::Request's url() method was HTML encoding when it should have been
URI encoding.
the distributed menu.tmpl now includes menu_custom.tmpl for local customization.
you can specify where under the site tree an article and it's children will be stored using the [article uris] section of bse.cfg
Another development release.
Please play with this and consider how named images and automatic image placement should interact. Should using a named image:
completely suppress automatic image placement?
suppress placement of just the used named images?
Or should named images never be automatically placed, with no effect on automatic placement of other images?
Changes from the last release:
0.13_01 shipped an out of date mysql.str file
the spacer <img> tag used to align arrows now has the alt value set (to the empty string, since it has no semantic meaning) (#262)
the new formatting code was missing a library include
the body image[] tag wasn't suppressing automatic image placement (due to the replacement of the body formatting code.)
adding an image was requiring an image name (it shouldn't)
the title for the image wizard help file was "Files Wizard".
added test script for the [] tag parameter processor
Time to get a little adventurous.
images can now have an identifier associated with them. This can be used by the body text image[] tag to reference an image by name.
the <:imagen imagename alignment rest :> tag
can be used to insert images by name.
body text formatting is now based on the DevHelp::Formatter module.
b[], i[], tt[], font[], fontcolor[] over paragraph breaks are now closed properly at the paragraph breaks.
newlines within pre[] are no-longer converted to paragraph or line breaks. As a consequence of this you can't nest character formatting within each other within pre[text], ie pre[b[foo]] is ok, but pre[b[i[foo]]] won't work.
the width and height parameters to the hr[] markup weren't handled correctly.
the row options to the table[] tag were inserted HTML escaped, so:
tr[... bgcolor="black"|col|... ]
produced a tr tag like:
<tr bgcolor="black">...
list items in ** or ## lists are now closed with </li>
we now put newlines between lines and paragraphs in the output of formatted text, hopefully this will make it easier to read the source.
<:error_img:> now accepts a [...] format expression to get the field name
the <:recipient_count:> tag is now available on the subscription listing page. This is used for display, and to hide the Send option if the subscription has no recipients.
it's now possible to format the output of the subscription send
process by changing the admin/subs/sending.tmpl template
if an article has an image with an identifier of bse_title then it
will be used as the title image for the article.
you should be able to use one level of nested [] inside [] expressions in tags now
No changes since 0.12_31.
Hopefully this will become 0.13.
selection of archive parents for subscriptions is now even more strict, now you can't select the shop or catalogs as archive parents
eliminated debug output from the <:include ...:> meta tag
the move.pl r parameter no longer pre-prepends the base url.
eliminated some undefined value and non-numeric value warnings
push "Flags" on the article edit page back into place
the top-level <:movecat:> tag in the product list now accepts the custom arrow prefix and the url suffix parameters
the refresh function for the subscriptions list wasn't including the ? when adding a message parameter
the order_detail target now accepts an m parameter to set the new
<:message:> tag (which allows <:ifMessage:> too)
each of the targets in shopadmin.pl that accepted a message for
display through the message parameter will now also accept that
message through the m parameter
the msg tag is no longer available on the report system pages. Use
the message tag instead.
move.pl now accepts the refresh URL through the r parameter as
well as through the refreshto parameter.
the list of possible parents for archiving a subscription now only includes articles the user has permission to add children to. This is also validated on saving/adding the subscription.
check that the user has rights to add children to the selected archive parent on sending the subscription
a confirmation message is supplied when refreshing after saving changes to an existing subscription, or deleting a subscription
disabled some debugging code in the subcription send code
removed old code from shopadmin.pl
you can supply a refresh to url using the r parameter to actions in
subs.pl to override the default refresh back to the subcriptions list
all generated img tags now use a XHTML closing " />". The space is
prevent problems with older browsers. If you find a generated img tag
I've missed, please open a ticket. img tags in template might
still not be XHTML compatible, this isn't a bug.
makeIndex.pl now redirects directly to menu.pl rather than to /admin/ after rebuilding the index
added the "Don't index even if listed" and "Don't index this article or it's descendants" flags
the custom session hash is now supplied to the order_save() custom
hook
the product tag on the cart pages now checks for undef values to prevent warnings
field names in the validation messages produced by subs.pl now have the first letter upper-cased.
creating a subscription now mentions that it's successful
the experimental report.pl compiles
added line-breaks between article flags on the edit pages
the image and file lists are now accessed using the default target in add.pl. Use _t=img and _t=file to access the lists now.
admin/edit_2.tmpl through admin/edit_5.tmpl are no longer distributed, all normal article editing now use admin/edit_1.tmpl. If you need different pages for different levels remove the mappings from the [templates] section in bse.cfg
the order_detail target in shopadmin.pl now accepts a message
parameter
the edit_add_child security check will now fail if the article is a product or if the article is too many levels deep to have a child.
the adduser and addgroup forms have been split off into their own pages
the a_saveuser and a_savegroup targets for adminusers.pl now supply the _t parameter passed to them to their default refresh targets. The _t parameter must only contain letters and digits.
the orders iterator for the order_list target in shopadmin.pl now uses a generated iterator, so tags like <:order_count:> are now available.
the page specific date and money tags (<:date order_field:> and <:money order_field:>) are no longer available on the order_list pages, use the general date and money tags (<:date tag args:> and <:money tag args:>).
added <:error_img:> support to the logon form (IRC request)
the <:childtype:> tag is now available on user/group permissions pages which control access to articles (IRC request)
new tags <:add number number...:>, <:concatenate string string ...:>, <:match string regexp output default :>, <:lc string:>, <:uc string:>, <:lcfirst string:>, <:ucfirst string:>, <:capitalize string:> and <:replace string regexp with global:> now available everywhere.
the code to parse [...] and "..." parameters for tags now passes through backslashes (\) not followed by " or another \ inside "...". This makes it easier to enter a regular expression in "...".
Dynamically generated templates that don't explicitly define an <:old:> tag now have a new <:old:> tag by default. Usage:
<: old I<field> :> <: old I<field> I<func> I<args> :>
If a cgi parameter called field has been supplied it will be returned, otherwise an existing function func is called with args and that value is used as the value of the <:old:> tag.
Returns an empty string if no CGI parameter field or function func is defined. (#235)
userlist.tmpl and grouplist.tmpl now include appropriate
value="<:old I<foo>:>"
tags
the "Your system has no groups" message in grouplist.tmpl did not span across enough columns
the <:typename which:> and <:articleType:> tags now work on the user/group permissions pages which control access to articles. (#235)
the crumbs iterator now works on user/group permissions pages which
control access to articles (#235)
<:error_img:> is now available on the userlist/grouplist templates for displaying errors in adding a new user/group. (#235)
#235 mentions a problem with the <:cgi:> tag - could not reproduce
most save/add functions in adminusers.pl should now accept an r
parameter to override the default refresh location (#253)
a save of an empty administration user name was being ignored, the empty name is now saved (#250)
the name of a administration group can now be changed (#251)
quotes surrounding the URL in Refresh headers have been removed (#232)
the Refresh header is only briefly documented at http://wp.netscape.com/assist/net_sites/pushpull.html, and is not part of the HTTP specification, so all I can do is guess.
entry of a blank release date when editing an article now results in a validation error instead of a database error (seen as a 500 error) (#240)
template admin/subs/list.tmpl checked the subs_edit permission when
it should have checked the subs_send permission when choosing to
display the Send link.
subscriptions can now be deleted (#173)
experimental reports system added (work in progress)
admin/edit_product.tmpl had two <:error_img title:> tags
$SHOP_FROM, $SHOP_TO_NAME and $SHOP_TO_EMAIL from
Constants.pm can now be overridden in the config
file. ([shop].from, to_name and to_email)
the name of the custom class can now be specified in the config file
(defaulting to BSE::Custom) ([basic].custom_class)
you can specify an alternate library path to search for your custom
class ([paths].libraries)
the custom class can now handle validate and store extra fields for articles (and relates types, like products)
two custom date fields (customDate1 and customDate2) and two
custom string fields (customStr1 and customStr2) have been added
to the article table to allow simplfied customization.
the default article, product and catalog editing template now include
admin/custom_article.tmpl, admin/custom_product.tmpl and
admin/custom_catalog.tmpl includes to allow adding custom form
fields without having to modify the main distributed editing templates
DevHelp::HTML, used to provide HTML and URI escaping wasn't including a required module. D'oh.
the keywords tag in the search page was being overridden by a tag of
the same name in the global article tags. The old global keywords
tag wasn't very useful and has been removed.
the templates drop-down in the subscriptions system included duplicates
the crumbs iterator is now available on the article edit pages, and we now present a path on the main edit page
you can now use <:crumb fieldname:> to get to crumb article information. The current <:crumbs fieldname:> will be obsoleted at some point in the future.
the content of the help files no longer render as links in Mozilla
<:typename which:> tag added to the article editor pages
the list of articles available to page generation was in the wrong order
when access control was switched off, links were displayed to permit deletion of articles with children, when they shouldn't have. (#221)
Most article editor actions now accept an r parameter which can be used to decide what happens after the action. (#225, #226)
The save_new action adds an id parameter onto the end of the supplied url if the r parameter is supplied.
more messages are included when the article editor successfully performs an action (#225)
article editor and generator tags that generate arrows now take an image prefix parameter which can be used to select alternate arrow images. A second parameter can also be used to add onto the refresh URL to supply extra information to the refreshed to page. (#224, #225, #226)
some code in BSE::Util::Tags was calling CGI::escapeHTML() at regen time (#223)
the list of templates in the drop down on the article edit page didn't reflect the local_templates config option correctlt.
validation errors weren't always reported (or acted upon) correctly
when an invalid product options string was stored a 500 error was produced when generating the page
the image tag wasn't including a closing " at the end of the alt attribute
the article generation code no longer relies upon CGI.pm functions for escaping HTML, URIs or producing product option popups, this should make it possible to use gen.pl from cron jobs without getting prompts for CGI parameters
catalogs had two buttons labelled "Add product", but one added catalogs. Relabelled the one that adds catalogs to "Add Sub-catalog".
the ifnew tag on edit templates is no longer available, use ifNew instead (this was true as of 0.12_22)
added a flags field to articles, this is used for both BSE internal flags and for site specific flags.
the search index builder will now only index articles that are listed, or have the "Index even if hidden" (I) flag set. Changed the simple search test to search for a non-hidden article.
the title field of all articles are now validated to include at least one non-space character
validation failures on images and files are now available via the error_img tag
the move image up/down action on the images manager were refreshing to the wrong page after reordering the images
changed default level names in Constants.pm and bse.cfg
changed tests to use the new level names
templates admin/subs/add.tmpl and admin/add_product.tmpl have be consolidated into their edit versions
added iterator allkids_of to iterate over the children and stepchildren of a given article.
<:iterator begin allkids_of I<parent_id1> ...:> <:ofallkid I<field>:> <:iterator end allkids_of:>
when you clicked send from the subscriptions list the archive parent field wasn't being set from the value set when adding/editing the subscription
generate_search() wasn't supplying a config object when creating the
article generator. This caused problems when some article types were
embedded within the search page.
added mailing list info
$TMPLDIR is no longer present or used in Constants.pm. Use templates in the [paths] section of the config file.
The path specified by the local_templates entry in [paths] is now searched for templates before the path specified by the templates entry in [paths]. This can be used to keep locally modified versions of templates separate from the distributed templates.
reordering arrows now display a filler image where there's a single missing arrow image (at the top and bottom of the list). No spacer is displayed if there's a single item.
added tt[text], pre[text], h1[class|text] through h6[class|text], class[class|text] tags to the body text formatter. Paragraphs are now closed by the body text formatter.
added a few more tests
template change from adrian (edit_steps.tmpl):
Finally fixed something that has bugged me for a while... I simply moved the "if Kids" conditional to include the note about "Delete only removes the stepkid relationship..." since not much point in showing that is no step kids available... the step parent panel already did this.
printable.pl now attempts to look for a content type for a given template. This can be used for different types of presentation, for example WAP.
printable.pl now uses the configured charset if set.
the change to using HTML::Entities cause CR characters to be encoded when written to the browser. This causes some browsers some confusion. The article and product tags in BSE::Edit::Article and BSE::Edit::Product now remove these before output.
if a ## or ** list didn't have a final newline the final item wasn't included in the conversion to a HTML list
some new templates from Adrian
Adrian added some more default user level permissions
article matching for global permissions was still broken. The change broke access to the descendants flag, but it all seems to be working now.
forgot to include access.pod in the MANIFEST. Added it.
added descriptions of the step child/parent permissions to access.pod
the possible stepparents drop-down checked if the possible stepparents could have children, but didn't check if the current article could have stepparents.
article and global permissions should now be listed sorted by their identifier
the not and descendants flags were being ignored on global permissions
stepchildren and stepparents had no access control at all, now they do. Note that you may sometimes get a save button on the step parent/children page with no fields to edit - this means you have save rights on the current article but not on any of the listed step children/parents.
fixed shopitem template from Adrian
more navigation links in the user/group management pages
the logon processing code was calling the logon processing code rather than the logon form code on a failed logon. This cause infinite recursion.
removed the pointless Admin menu link from the logon form
add.pl was producing a warning when called without an id parameter
generate.pl didn't refresh properly if the user didn't have permission to regenerate
the menu now only shows the regenerate options if the user has permission to do so
move.pl (used to handle the reording arrows) didn't even compile
the hide/show links on the product detail page pointed at the wrong place, and were still shown if the user didn't have the rights to do the job.
the edit_product template displayed the hide/show link even if the user wasn't permitted to do so
new templates from adrian to hardcode the text color in the file lists on article pages
the ifUserCan tag wasn't converting article names into numbers correctly
a few pages didn't supply the article parameter to ifUserCan correctly (or at all in some cases)
global permissions simply didn't work, due to a dumb bug
the user/group admin pages now display buttons and checkboxes more intelligently, depending on the user's rights
the user/group save processing was trying to call an undefined method if the user didn't have access to a function. As was the add form in add.pl if there wasn't an article the user could add to at the given level
the hide/unhide links on the edit_product page pointed at the wrong place.
image, file, stepchild and stepparent changes now regenerate the article (depending on the auto generate flag in Constants.pm). You will probably want to do a site regen when you're done still, since it only regenerates the article you're working with, not it's stepchildren and step parents.
link the edituser and editgroup help to the adduser and addgroup help files respectively and add entries for the groups and members field respectively.
added a help file for the access panel help icon to link to.
product_detail.tmpl hadn't been converted to use the global money tag
different versions of CGI::Cookie use different default paths, we now force a path of "/".
really store the date and _time_ in the order date.
if the system needs you to logon for checkout, it now supplies the correct parameter to the logon code to return you to the checkout after you logon.
when setting configuration values from test.cfg with the:
section.key = value
syntax, section can now have spaces in it.
added some basic permission descriptions, and documentation on the permissions system
the title field could be changed on products that had been ordered (an edit field was presented for the summary field, but wasn't saved)
edit_0.tmpl had two manage access forms on it
use the new system logon rather than just checking for a browser authentication userid, when marking an order filled.
attempt to account for differences between what browsers send us for text areas (currently only for the body)
prevent <br> between each element of a <ol> or <ul> list, and try to prevent one after the end. Double spaced entries in a list are now followed by <br>s to make it easier to do spaced out lists.
new hide and unhide targets for add.pl to make the links in the product list work again
the save target for existing articles in add.pl now checks the user is allowed to do it.
the product link on the final checkout page was broken (adrian)
the reordering links were displayed on the shop index page with the multicat template
the query used to retrieve user, group and everyone permissions from the database was broken. Broke it into three separate queries. I wish mysql supported unions
you can now logout if you logged in using the form based logon
creating a user, saving an existing user or deleting a user will now create an apache suitable user file, if the htusers field in [basic] is set.
mysql_build.pl wasn't cleaning up old tables, and since we use it for two different projects, the tables from another project were being included.
annoying and numerous warning from Squirrel::Template eliminated
change admin.pl to check the admin user is logged on
change generate.pl to check the admin user is logged on and has the access needed to regen
change move.pl to check the admin user is logged on and has the rights to perform the move requested
change reorder.pl to check the admin user is logged on and has the rights to perform the reorder requested
change shopadmin.pl to check the admin user is logged on and that they have the rights needed to perform the requested operation
change subs.pl to check the admin user is logged on and that they have the rights needed to perform the requested operation
BSE::Permissions::user_has_perms() now accepts an article id, simplifying some code
added orderfiles iterator to the userpage.
updates to BSE::Edit::Article to only allow movements when the user has appropriate rights
field change permissions
thumbnails are now saved when editing an existing article
the code to save keys to config sections which didn't already exist was broken
the total_extras custom hook now takes two extra parameters, the config object and a "stage" of processing, either "cart", "checkout", "confirm" or "final".
new customization hook order_mail_actions($order, $items, $products, $state, $cfg) for adding extra tags to the confirmation and order emails.
pass the configuration object to each BSE::Custom method
new shop target, "checkupdate" intended for updating information on the checkout page for customizations
you can now set extra configuration items in test.cfg using
section.key = value
(Adrian asked for this a while back.)
dynamic menu display
logon page (only seen if access control is enabled)
start of access control
ability to control permissions each admin user and group has access to
new help for image manager, other updated help files, many template changes, thanks to Adrian.
deleting admin users and groups
selectable payment types
when sending a subscription with HTML content, the boundary between MIME parts has been changed to hopefully prevent problems with some mail clients
when sending a subscription with HTML content, any carriage-returns are converted into linefeed to hopefully prevent problems when sending subscriptions based on Macintosh format files to some mail clients.
htmlemail/basic.tmpl now includes a DOCTYPE, which will hopefully prevent problems with some mail clients.
conditionals are now handled differently in the templating system to avoid some of the undefined value warnings it was producing.
added fields intended for custom processing to the orders table
This is a development release. If you want stable try 0.12_01, since many destabilizing changes have occurred since then.
If you install this release it's possible the upgrade_mysql.pl script cannot be used to upgrade to a later release.
oops, forgot to implement deleting articles, so I implemented it for articles and unused products
you can now add admin groups and users. This is in progress and the templates and code still need work.
image files weren't being deleted when an image was deleted from an article.
the page refreshed to the normal article edit page after deleting an image, it should refresh to the image list
updated and new templates and new file icons from Adrian
added handling for a default template based on parent, level and type. Returns to our original defaults from %LEVEL_DEFAULTS, but uses the config file instead.
now lists level specific templates in the templates drop-down for normal articles
updated templates from Adrian
since the default release date for new products is now the date the product was added, and release is a datetime, add_item()'s check to make sure the product had been released was broken, since it only compared it with a date.
the purchase() and prePurchase() functions in shop.pl had a similar
problem
articles weren't being regenerated on save
report errors supplied to show_cart() in shop.pl
changed add_item() to report why it didn't add an item to the cart via
show_cart() (#167)
t/t00smoke.t now checks add.pl for normal articles, catalogs and products
removed now unneeded onClick handler from delete in the image manager
This release includes some inactive files for access control.
replace edit_2.tmpl (which replaces edit_[345].tmpl) too
fix a dumb bug that prevented changes to the base article fields from being saved
test script to check that all modules and scripts have use strict and all scripts have -w in the #! line
the width and height values were swapped for display of an articles images in the image manager template
children weren't sorted on article editing pages
updated templates from Adrian.
added a previousLogon field to accept the last value of lastLogon at logon, so the previous value could be displayed.
editing an article would give a server error on save (due to some late changes)
the wrong url was redirected to after adding a new image or saving images
manage catalogs now points back at shopadmin.pl
removed the "Image Wizard" buttons and replaced them with "Manage Images" links in the image displays. (and fixed some missing </td> tags)
added child_types() method to BSE::Edit::Product so it knows what
child types a product can have. This meant that the Add Product
button on the view in edit page was trying to add a normal article
rather than a product. Typically a type parameter should be supplied
when creating new articles which aren't base articles.
shopadmin.pl was still using $imageEditor even though it wasn't defined
t00smoke.t wasn't checking shopadmin.pl
edit_[1-5].tmpl and edit_catalog.tmpl included the starting <form> tag in a conditional, breaking the form when creating a new article
When installing this release over earlier releases:
run mysql_upgrade.pl to upgrade the database schema
start the mysql shell and run the following query in your database:
update image set displayOrder = id;
to preserve image ordering.
the <:if art:> conditional tag is no longer available
This is a development release, intended to test the new code in BSE, in preparation for adding security mechanisms. This is not intended for production use yet.
Please see the known problems list.
was parsing wrap parameters when there weren't any, which caused warnings in the error log
you couldn't create a new subscription with the archiving switched off
if you edited a subscription, and unset the archive check, the save left it as archived.
article editing is being almost completely rewritten to allow more code re-use.
article image management has been completely rewritten so that the changes you make are immediate, rather than relying on the user to save the article after making changes. This prevents the problem that sometimes crops up where the images you're editing are for the wrong article, or left over from an aberted attempt to create a new article.
This change also means you can't add images to an article until the article has been created.
previously the order of images would change at the whim of the database, which happened pretty rarely but still happened. Added a displayOrder field to images, and we base the ordering (and re-ordering) on that instead of whatever the database chooses to give us today.
products and catalogs use the new editing code
new tags on edit pages to give access to validation errors (most noticable on the add product page for now),
added an "old" tag to take a value from either the cgi parameters or a given other tag. This makes error reporting more natural
Known issues:
the code allows the product title and summary to be changed. The new security code will correct this (and allow them to be changed, or the product to be deleted, for unused products)
only add_product.tmpl has the new error reporting and old value access tags
the delete/undelete links for products don't work. Currently the same functionality is available through the Listed drop-down, but it might be desirable to keep the links, comments welcome.
Some derived tags may not work with the new fields, since I've switched to the version of Squirrel::Template used by Resource, which should reduce memory consumption a little, once all the tags are converted.
I think I have all the derived tags, but there might be one I missed...
added ifAncestor conditional tag
added iterator children_of and tag ofchild, usage:
<:iterator begin children_of parent_id1 ...:> <:ofchild field:> <:iterator end children_of:>
added iterator inlines and tag inline, usage:
<:iterator begin inlines article_id1 ...:> <:inline field:> <:iterator end inlines:>
more test code to test the above (now I have the infrastructure to simplify adding these types of tests
0.11_21 seems stable enough.
Assuming no other problems are found this will become 0.12
oops, missed some updated templates from Adrian, applied bse_changes archive (#148)
another set of new templates from Adrian
extended title and email fields of site_user to 127 and 255 characters respectively
remove debugging code from Generate::excerpt() (#142)
added script interest.pl to send an email to the site owner when the user registers interest in a product (#133)
must_be_filled really fixed now (#128)
was calling function (now_sqldatetime()) that didn't exist
integrated new templates from Adrian, hopefully I got the right revisions.
<:moveallprod:> for the catalogs page (#122)
admin link for new catalogs now points at admin.pl (#120)
removed extraneous <:embed end:> from printable.tmpl
prevent access to parent fields from autovivifying $parent in Generate::Article::baseActs(), which caused ifParent to return true.
gen.pl now enables the query cache even for small batches, since it makes a big difference.
products pages now remove the <:embed start:> and <:embed end:> markers
need a space between "checked" and the closing "/>" in options_base.html for the checked to be recognized.
keepAddress stayed checked once checked
must_be_filled is now correctly looked up in [downloads] - it was looking in [download] (#128)
prevent a warning about using a regexp range of [\w-.] by making it [\w.-] (BSE::UserReg)
store the date _and_ time in the orderDate field so that orders are sorted correctly on the user page. (#132)
add sort order after date to sort by id descending for orders on the same date (#132)
highlight multi-word matches in search excerpts (#125)
help for body text from add product page (#118)
new templates from Adrian
when creating a new product, the release date was being set to
2001-01-01, rather than the more useful today (whatever day that
happens to be). This was mostly visible to the search engine. (#130)
images list now available on edit_product.html page
updated templates from Adrian (which I forgot to add in 0.11_15 <sigh>)
moved step kids/step parents management to their own page (if you use the old edit templates you can keep them on the same page.)
added file_unlink option to [debug] in bse.cfg
added mail_encryption option to [debug] in bse.cfg
minor reorganization of mail encryption to avoid a "Odd number of elements in hash assignment" error in some circumstances.
added help to the article editor pages
added license
added <:movestepkid:> tag to the Generate::Article set of tags
added the BSE::Version class and the <:release:> tag
more admin templates (most of the edit_*.tmpl) can now be controlled from the config file.
fixed a broken in-page link from the refresh after adding a stepparent
fixed an uninitialized value warning introduced in 0.11_14
changed the misleading "Uploaded files" to "Uploaded images" on the edit pages.
imageclean.pl now keeps thumbnail images
new display templates from adrian
added the stepkids and allkids options to ifUnderThreshold.
documented the kb, date, ifEq, ifMatch and cfg tags.
This is a test release.
added the kb tag which formats the result of it's arguments with a k suffix if the value is over 1000. This can be used for making file size displays prettier.
the config variable wasn't being passed into the ImageEditor object in shopadmin.pl
This is a test release.
make the downloadable files feature available on other pages
add code to support downloads of non-paid for files
make the url tag generate the full url on "extra" pages.
test.cfg now has a securl option to control the configured secure url
added site/doc/secure.pod, describing security considerations
article title field has been extended to 255 characters. The title
edit field maximum length can be controlled with the title_size
item in [field] in bse.cfg.
you can get access to the currently logged in user on the checkout and
cart pages using the ifUser conditional tag and the user value
tag.
stripped some more common code out of shop.pl
extended the common cfg tag to take a third default value parameter
search result excerpts can now bold partial matches
the page regenerator didn't handle the case where a port name was present in the secure url.
now generate gen.html from gen.pl
added POD to site/docs/makedocs and generate the HTML
added POD to site/util/upgrade_mysql.pod and generate a HTML version
when a user logs on and the secure url is different from the base url, BSE now refreshes to the other side of the site to set the same session cookie there. This allows session information to be shared with the two sides of the site.
There is a known issue with this: any session information (like the shopping cart) stored on the other side of the site is not retained.
updated user/* templates from Adrian
checkout code for the shop didn't pass in the config object to the mail class
work around a bug in the search index builder
finally added some test code. This isn't ready for general use yet and could damage your system. So don't use it.
BSE::Cfg now checks the current directory as well as $FindBin::Bin, this lets initial.pl work
This is a test release.
I still need to integrate some of the customization hooks from the realware branch.
remove dependency on Time::HiRes (this was used for benchmarking while speeding up the site regen.)
the global date tag didn't handle a date where the time was missing (like article.lastModified). And it ignored the time when it did manage to extract it.
remove query caching change reports (Table.pm)
This is a test release.
initial.pl now looks at the config file for the secure base url
BSE::Util::Secure wasn't importing md5_hex
added missing user/email_conferror_base.tmpl
the user/confirmed.tmpl entry was missing from [pregenerate] in the supplied bse.cfg. Also user/email_conferror.tmpl
the randomdata key was missing from the [basic] section in the supplied bse.cfg
changed message in site/templates/user/toosoon_base.tmpl to prevent panic when the user goes back and selects another group
changed meaning of ifUser in user templates to accept a parameter if present
updated user/options_base.tmpl to display email confirmed information a bit more correctly
the admin can choose to hide some subscriptions
This is a test release.
I wouldn't be suprised to find problems in this release, there have been a lot of changes.
Still needs some documenting.
optimized generate_all() for large sites. Despite the fact most of
the improvement came from caching, generate seems to use less memory.
added gen.pl command-line regen script
added option to generate.pl to just regen extras and base pages
$URLBASE and $SECURLBASE from Constants.pm have been moved to url
and secureurl in the [site] section of bse.cfg
datadump.pl now uses the newer database configs (has it worked recently?) and the newer mail interfaces.
subscriptions management - interfaces to add new subscription (newsletter) types, and displays options in user options to allow a user to subscribe. To prevent abuse by spammers (maybe) and by other attackers, we get the user to confirm subscription of their email address. This is big.
%EXTRA_TAGS has been moved to [extra tags] in bse.cfg
This is a test release.
added base_tags() to BSE::Custom (tags available during static
generation of most pages.)
step(kids|parents) now available to all articles, though you may have some problems connecting the shop articles (catalogs,products) to others
standard date tag available in most places
the <:summary:> tag now takes an optional which parameter, defaulting to "child".
you can now specify the default template for children of a given article.
you can specify extra template directories to search while editing a given article.
moved the side bar logon form to it's own article (loaded by initial.pl) and added it to the side bar subsection.
shortened the long message used in the refresh back to user.pl when the user has file based products in their cart, but hasn't logged in. This was causing problems with IE6. It now attempts to pull a longer message out of the config file.
handling of downloads from the user page is handled better: you don't get a download link unless the file is downloadable, and rejected download results in a refresh to the user page rather than just displaying the user page
the logon and register pages can now be passed a refresh url, which the shop uses when it refreshes to the logon page
add an orders button when logged in
the file list was messed up
Another test release:
actually tested the form filling with the user's defaults
modify localinst.perl to remove the default bse.cfg
have the checkout function return if the user needs to register (shop.pl)
check in a few more places if the user needs to register (shop.pl)
changed names of fields in SiteUsers to match the checkout form
added telephone and facsimile fields to the user options
Test release:
supports files attached to products for sale
user registration
we now have a config file
Looks like all known problems are fixed. Time to do a semi-major release.
hopefully fixed an occasionaly problem where the images would reorder themselves
make the depth parameter in <:embed which template depth:> work
give the sitemap a lower depth since 7 levels (5 + the level1 and 2) is too much.
try to avoid dividing entered prices by 100 when there's an error on the product edit/add form. There's still some potential problems here, but they're much less likely to cause a problem.
remove the border from image[] generated images
move the error message on the product add form so it isn't mixed up with the menu
the dummy product used to generate the product edit form after an error wasn't useful for getting step catalogs, get the real product object just for that.
remove the border from embedded images with a url
fixed an old bug that defaulted the threshold from the template (oops)
the ... in <:image which align ...:> or <:image which field ...:> is now appended to the attributes of the image field. If it includes a border attribute the default border attribute is suppressed.
new order_list templates from adrian (moved the filter forms into the table)
fixed the image wizard for products. I'm suprised this ever worked. Wasn't preserving parentid when creating a new product.
new edit_product template from adrian
stupid bug in BSE::Shop::Util
email is now in BSE::CustomBase->required_fields() and can be removed
by BSE::Custom->required_fields(). If it is removed then no
validation of the email address is performed.
state changes made in handling the confirm page are now saved
added strict to a few modules
added missing error handling methods to BSE::Mail.
old tag on the confirm tag now never gives the undef value message
if you specify a embedding depth less than the current maximum, you won't get an error message embedded when passing that depth. This lets you do more interesting effects.
shop.pl now writes mail sending errors to STDERR (to the error log on apache) rather than aborting the order display (since the order actually exists at this point.)
support for filtering the order lists by dates entered by the user
make the add section link work, and make the link itself a little more usable
removed some old debug code
make BSE::Custom->checkout_actions() work on the confirmation page
documented new tags for Product.pm and Article.pm
shopadmin.pl can list/move the stepkids (you can hide them too)
added some tests to test if various iterators show anything, ifProducts, ifAnyProds, ifStepProds.
put the reorder links into the edit templates
fix expire labels for edit_1.tmpl and edit_catalog.tmpl
reordering from the catalog works
reordering from the product editor works
Making progress.
fixed the ordering of items in the allprods tag
make allprods always work with products
realware wanted a confirmation page
Another test release:
initial step kids|parents for the shop
new popup menu templates from Adrian
added acknowledgements to AUTHOR section
Test release for Adrian, with his new templates.
Test release for Adrian.
Don't use this version.
URLs can be directly associated with an image
multiple levels of catalogs
shop item options
filtering/sorting of orders from the template
embedded templates can be based on the template of the article being embedded
order status information, marking an order has having been filled
better handling of generation errors
partial support for Microsoft SQL Server under IIS
extended price tag for the cart and checkout pages
prePurchase target for the shop, to allow custom credit card processing
template based filtering of the order list
added the admin/reorder.pl script
template names in <: embed :> tags have $ replaced with the template name of the article.
added the image[] tag (image[index|align|url])
added printable.pl, site/templates/printable/printable.tmpl to allow printable versions of pages (among other things)
implemented the ifCurrentPage tag
added <:siteUrl:> tag in %EXTRA_TAGS (used by the RSS templates)
fixed broken template value for the formatting guide (initial.pl)
fixed broken admin links for the formatting guide (initial.pl)
the formatting guide now generates to http://your.site/a/format_guide.html (initial.pl)
RDF/RSS is now generated to /a/site.rdf. This includes links and titles for the articles on the home page, and a search field (if the tool displaying the RSS supports that.)
WARNING: the tag for articles found for a search has changed from:
article I<field>
to:
result I<field>
There is a new module required: HTML::Parser
the <:embed child:> tags meaning has been expanded to allow embedding of any article with an optional template
there's now an embed[] tag for use in body text. Both this and <:embed ... :> are protected against infinite recursion.
changed display values for sections etc in Constants.pm, you can still put your own in when you customize.
the default templates for each level have been set to a single template, for a simpler default setup
new admin index pages, which may display a little better in some browsers
you can move articles between levels, if enabled in Constants.pm
unquoted search terms will do "start of word" searches if enabled in Constants.pm
html[] tags and <html> body text now has tags stripped when displayed as a summary or as a search excerpt. The search indexing can now handle both of these too.
the search template now uses 'result' rather than 'article' for the search result entries. This is needed since the search base page is generated as an article, using a dummy article. The title and titleImage for this dummy article can be specified in Constants.pm.
you can now control whether an unlisted level1 article is displayed in the crumbs for an article. By default unlisted level1 articles are NOT listed anymore.
a bunch of new templates from adrian, including moving the common layout into base.tmpl where possible, support for "sidebars".
a formatting guide article in initial.pl (from adrian) (and then an updated version of it)
renamed INSTALL to INSTALL.txt to prevent wierdness if someone tries "make install" on a case-insensitive file system.
administration templates are now kept in the admin directory in the templates directory
added simple test installer. WARNING: this destroys the existing content of your site.
distribution now includes site/htdocs/shop as a directory rather than as a file
schema/bse.sql now drops the tables if they already exist
the item description in the shopping cart is now a link to the item
changed some defaults in Constants.pm
catalog templates from $TMPLDIR/templates/catalogs weren't being handled correctly
added support for controlling access to the regenerate option
added the ability to disable auto-regeneration
this initially broke some buttons, fixed
properly escape child properties in add.pl
removing an article now removes any associated images
removing an image from an article now removes the image file when you save the article.
added datadump.pl (send an email containing a mysql datadump), with configuration in Constants.pm
added imageclean.pl - cleans up the image table and images directory
added an advanced admin page with links to datadump.pl and imageclean.pl (you can change these of course).
previously it was possible for a user with admin rights to choose a template that was outside the templates directory.
modified administration templates
formatting is now stripped from body text before an excerpt is produced (for the search results).
I'll add in the 0.07 change list as soon as I figure out what I changed...
Once I get my old 0.08 RC that may include the 0.07 change list.
Some changes are being made to allow the engine to be embedded into a site (specifically squirrelweb.com.au).
Bug fix: shop.pl had a silly exporter mistake, and a sillier reference to an unknown variable name.
changed admin links to buttons for the catalog and product pages, added a Display button to the product page.
cleaned up the shopitem, cart_base, checkout_base, checkoutfinal_base, mailorder and mailconfirm templates, removing tags that don't work in them, removing references to bodyscoop, fixing broken images, removed thawte stamp.gif.
%EXTRA_TAGS now work in mailorder and mailconfirm templates
You can now use $SHOP_EMAIL_ORDER to disable sending the encrypted order. (Useful only for testing or until you get encryption keys organized - there's no other way to get the credit card number and expiry date.)
Generate/Product.pm had a hard-coded link to the internal test site. (Doh!)
some base URIs can be configured, though this still needs some work.
Bug fix: only add the class attribute to thumbnails if one is supplied (doh!)
Moved shop configuration from shop.pl to Constants.pm
Extended template field to 127 characters so directories can be used without chopping off names.
Added installation documentation.
Templates in the drop-down lists in add.pl now includes templates from $TMPLDIR/$level and $TMPLDIR/common.
crumbs now include the section, whether or not they are listed.
added templates.pod, which contains most templating documentation, copied from new documentation in various places (shop.pl, search.pl, Generate::*.pm).
search.pl wasn't handling single-quoted search terms correctly
added ifInMenu tag
more changes to support multiple catalogs:
the initial catalog can be removed. The initial catalog isn't useful when you need more than one catalog. If you want multiple catalogs you need to remove the initial catalog and then add new ones. The templates need work too.
the link/admin fields for the new article are set correctly (oops)
added a sample section template for a multi-catalog shop
the sample templates look better, along with better title images
the shop was being generated with a non-secure url
parent articles were not being regenerated when an article was deleted
You will need to recreate the articles table, since a new column has been added to support article thumbnails.
Added article thumbnails.
Multiple product catalogs.
leadTime is now modifiable in products.
Bug fix: only list .tmpl files from template directories in article editing forms.
Bug fix: prevent adding non-catalog subsections to the shop section.
Bug fix: the crumbs iterator no longer shows crumbs that have "don't list in menu" set. Such subsections often shouldn't be linked to.
The documentation on article templates has been improved.
Some tags that operate on articles have been expanded to work on all article objects available in the template.
Tony Cook <tony@develop-help.com>
I originally wrote BSE while an employee at SquirrelWeb (http://www.squirrelgroup.com/) for one of VisualThought's clients, bodyScoop.com (http://www.bodyScoop.com.au/).
Most of the BSE templates were created by Adrian Oldham of Visual Thought Communications (http://www.visualthought.com.au) He also funded and suggested many improvements.
Realware Systems (http://www.realware.com.au/) funded the nested catalogs, IIS support, the image access tags, and many other shop improvements, including most of the BSE::Custom hooks.