TOT-4175 - Display total discount deal price amounts on Basket Product Listing, Basket Summary, Order Checkout/Submission, and Guest Order Checkout Submission content managed web page areas
On a content managed web page that displays Basket Product Listing, Basket Summary, Order Checkout/Submission, Guest Order Checkout/Submission, Pending Order Review and Order Print Form areas, there is now the ability to show the total amount of the deal discount pricing that is being saved on the user's basket/order. This can also be set up within the Order Confirmation Notification Email. This price saving/discount amount calculated by totaling the sum of product deal discounts against the original price for each product in the basket/order.
In each of these areas format hooks has been added that allow the discount price to show excluding tax, including tax. Additionally a format hooks have been added to indicate if the total discount price should hide or show based on if the total discount amount is greater than 0. The following hooks have been added to the area formats:
Basket Summary Webpage Area Format Hooks:
cart_TotalEx_saved: Total price amount of the basket excluding taxes that has been saved, through deals applied to the products in the basket.
cart_TotalTax_saved: Total tax price amount of the basket that has been saved, through deals applied to the products in the basket.
cart_TotalInc_saved: Total price amount of the basket including taxes that has been saved, through deals applied to the products in the basket.
cart_TotalPrice_saved: Total price amount (excluding or including taxes based on user''s price format setting) of the basket that has been saved, through deals applied to the products in the basket.
cart_total_has_savings_applied_class_name: displays either the styling class name basket_has_price_savings or basket_has_no_price_savings, based on if the basket contains deal applied causing total basket price savings.
cart_total_has_savings_applied_element_id: Set within the ID attribute of an element to allow its class name to be updated when the basket contains deal applied causing total basket price savings. Use with the cart_view_has_savings_applied_class_name hook.
cart_TotalEx_saved_ProjectCurrency: Total price amount of the basket excluding taxes that has been saved, through deals applied to the products in the basket. Price is in the currency set for the project.
cart_TotalTax_saved_ProjectCurrency: Total tax price amount of the basket that has been saved, through deals applied to the products in the basket. Price is in the currency set for the project.
cart_TotalInc_saved_ProjectCurrency: Total price amount of the basket including taxes that has been saved, through deals applied to the products in the basket. Price is in the currency set for the project.
cart_TotalPrice_saved_ProjectCurrency: Total price amount (excluding or including taxes based on user''s price format setting) of the basket that has been saved, through deals applied to the products in the basket. Price is in the currency set for the project.
Basket Header and Basket Products Footer Webpage Area Format Hooks:
cart_view_TotalExSaved: Total price amount of the basket excluding taxes that has been saved, through deals applied to the products in the basket.
cart_view_TotalTaxSaved', 'Total tax price amount of the basket that has been saved, through deals applied to the products in the basket.
cart_view_TotalIncSaved: Total price amount of the basket including taxes that has been saved, through deals applied to the products in the basket.
cart_view_TotalPriceSaved: Total price amount (excluding or including taxes based on user''s price format setting) of the basket that has been saved, through deals applied to the products in the basket.
cart_view_has_savings_applied_class_name: displays either the styling class name basket_has_price_savings or basket_has_no_price_savings, based on if the basket contains deal applied causing total basket price savings.
cart_view_has_savings_applied_element_id: Set within the ID attribute of an element to allow its class name to be updated when the basket contains deal applied causing total basket price savings. Use with the cart_view_has_savings_applied_class_name hook.
cart_view_TotalEx_saved_ProjectCurrency: Total price amount of the basket excluding taxes that has been saved, through deals applied to the products in the basket. Price is in the currency set for the project.
cart_view_TotalTax_saved_ProjectCurrency: Total tax price amount of the basket that has been saved, through deals applied to the products in the basket. Price is in the currency set for the project.
cart_view_TotalInc_saved_ProjectCurrency: Total price amount of the basket including taxes that has been saved, through deals applied to the products in the basket. Price is in the currency set for the project.
cart_view_TotalPrice_saved_ProjectCurrency: Total price amount (excluding or including taxes based on user''s price format setting) of the basket that has been saved, through deals applied to the products in the basket. Price is in the currency set for the project.
Order Review, Pending Order Detail and Order Print Detail Webpage Area Format Hooks:
_PO_TotalExSaved: Total price amount of the order excluding taxes that has been saved, through deals applied to the products in the order.
_PO_TotalTaxSaved: Total tax price amount of the order that has been saved, through deals applied to the products in the order.
_PO_TotalIncSaved: Total price amount of the order including taxes that has been saved, through deals applied to the products in the order.
_PO_TotalSaved_is_greater_zero: Displays either Y or N. If Y then the amount of deal discounts applied to the order is greater than 0
_PO_TotalExSaved_decimal: Total price amount of the order excluding taxes that has been saved, through deals applied to the products in the basket. Price always displays as a decimal number.
_PO_TotalTaxSaved_decimal: Total tax price amount of the order that has been saved, through deals applied to the products in the basket. Price always displays as a decimal number.
_PO_TotalIncSaved_decimal: Total price amount of the order including taxes that has been saved, through deals applied to the products in the basket. Price always displays as a decimal number.
_PO_currency_local_TotalEx_saved: Total price amount of the order excluding taxes that has been saved, through deals applied to the products in the order. Price is calculated in the currency set for the user.
_PO_currency_local_TotalTax_saved: Total tax price amount of the order that has been saved, through deals applied to the products in the order. Price is calculated in the currency set for the user.
_PO_currency_local_TotalInc_saved: Total price amount of the order including taxes that has been saved, through deals applied to the products in the order. Price is calculated in the currency set for the user.
Order Submission Success, Order Submission Failure and Order Submission Pending Webpage Area Format Hooks:
order_total_ex_saved: Total price amount of the order excluding taxes that has been saved, through deals applied to the products in the order.
order_total_tax_saved: Total tax price amount of the order that has been saved, through deals applied to the products in the order.
order_total_inc_saved: Total price amount of the order including taxes that has been saved, through deals applied to the products in the order.
order_total_saved_is_greater_zero: Displays either Y or N. If Y then the amount of deal discounts applied to the order is greater than 0
Within the Administration Centre, under the Stores menu, within the Order Settings interface, for the Order Confirmation Email Order Detail Format setting, the following format hooks have been added:
order_price_total_inc_tax_saved: Total price amount saved/discounted by due to deals applied across all products in the order, inclusive of all taxes.
order_price_total_ex_tax_saved: Total price amount saved/discounted by due to deals applied across all products in the order, exclusive of all taxes.
order_price_total_tax_saved: Total tax price amount saved/discounted by due to deals applied across all products in the order.
order_price_total_saved_is_greater_zero: Either Y or N, if Y then indicates that a price amount has been saved/discounted due to deals applied across all products in the order.
Functionality Affected: Basket Product Listing, Basket Summary, Order Checkout/Submission, Guest Order Checkout/Submission, Pending Order Review and Order Print Form content managed web page areas
Impact: Normal
TOT-4193 - Drop downs to control sorting of products within the Basket Products Listing content managed web page area
On a content managed webpage containing a Basket Products Listing area, within its header and footer formats 2 additional hooks have been added that can display drop downs, allowing the user to select the product field that they can sort the products by in their basket, as well as the direction that the products sorted by. Within the area's Basket Header and Basket Products Footer formats the 2 format hooks have been added:
basket_products_sort_dropdown: Drop down element that changes the field that products are sorted by
basket_products_sort_direction_dropdown: Drop down element that changes the direction that products are sorted by.
The default values of the these drop downs is controlled within the Administration Centre, under the Stores menu, within the Basket Settings interface, the Column To Order Basket Products setting controls the product Sorting Field drop down, and the Direction To Order Basket Products setting controls the direction that products are sorted by. Note that these same settings apply to all Basket Product Listing areas.
Functionality Affected: Basket Products Listing content managed web page area
Impact: Normal
TOT-4198 - Format hooks to filter order list by account based orders and date range within the User Details/Favourites/Orders content managed web page area
On a content managed web page containing a User Details/Favourites/Orders content managed web page area, if the area is displaying a list of historic orders previously submitted, there is now the ability to embedded form inputs to filter the orders that display, based on date range, or for orders submitted against the user's assigned account instead of orders submitted by the user (only allowed for sales representative users). Additionally it also now supports pagination to allow the historic order listing to load faster. By default the area will display a maximum of 50 records, but can be changed to display 10, 25, 50 or 100 records per page. Note that existing areas will need to have the area formats modified to allow users to see the pagination options.
Within the User Details/Favourites/Orders content managed web page area, for the Historic Order Products Header and Historic Order Products Footer formats the following hooks can now be embedded to allow for pagination, date filtering, and filtering for orders based on a sales representative users active account:
order_listing_records_count: The total number of historic orders that were found.
order_listing_filter_year_drop_down: Anchor tag to click through to the first page of the historic order list.
order_listing_filter_month_drop_down: Anchor tag to click through to the last page of the historic order list.
order_listing_show_assigned_orders_by_drop_down: Anchor tag to click through to the first page of the historic order list.
order_listing_page_number: Number of the page currently showing historic order list.
order_listing_page_list: List of page numbers allowing the user to paginate between pages of historic order records.
order_listing_next_page_class: Suffix CSS class text that specifies if the user can paginate forward any further
order_listing_prev_page_class: Suffix CSS class text that specifies if the user can paginate backwards any further
order_listing_next_page_anchor: Anchor element that allows the user to paginate to the next page of historic orders
order_listing_prev_page_anchor: Anchor element that allows the user to paginate to the previous page of historic orders
order_listing_records_per_page_dropdown: Drop down that allows the user to change the amount of historic orders displayed per page.
Functionality Affected: User Details/Favourites/Orders content managed web page area
Impact: Normal
TOT-4233 - Display product Brand and Supplier and fields within a Basket Product Listing content managed web page area
On a content managed web page containing a Basket Product Listing area 2 new format hooks have been added to the Basket Product Record format to be able to display the Brand and Supplier fields stored for each product listed in the area. The new format hooks for the Basket Product Record area format are:
_B_Brand: Name of the brand set against the product that is in the basket.
_B_Supplier: Name of the supplier who is the primary supplier of the product that is in the basket.
Functionality Affected: Basket Product Listing content managed web page area
Impact: Normal
TOT-4234 - Copy products from user's guest basket to their initial active basket when a user logs in
On a content managed website, if a guest user adds products to their basket then decides to login, After they have successfully logged in there now the ability to copy the products from their guest basket, into their current active basket. The products being copied across from the guest basket will only be added to the user's current basket if they are not a Sales Representative user, and the user has permission to add the guest basket products to their active basket. and the products can be re-priced.
A project setting has been created that controls if products should be added from the guest basket across to a user's basket at login. Note that this may cause logins to take longer to load, especially if the user has many products in their basket that need to be copied across to their active basket. Also note that any deals applied to products in the guest basket, will be not be applied when the products are copied to the user's active basket.
Within the Administration Centre, under the Stores menu, within the Basket Settings interface, a setting labelled "Copy Products From Guest Basket On Login". If set to Yes then allows a non-sales representative user to have any products in their guest basket copied into their active basket during login. Else if this setting is set to No then copying process will be ignored.
Functionality Affected: User Login
Impact: Normal
TOT-4243 - Support for Google Analytics 4 reporting within Order Checkout/Submission and Guest Order Checkout/Submission content managed web page areas
On a content managed web page that displays either an Order Checkout/Submission, or Guest Order Checkout/Submission area, if the the area has reporting turned on to send confirmed orders to Google's Analytics service through its Google Tag Manager service, the order data now provided conforms to the Google Analytics 4 service's Ecommerce "purchase" transaction type.
This change drops support for ordering data conforming to the Universal Analytics service since Google is no longer provides support for its Universal Analytics service. For the order data to correctly be handled within Google Tag Manager, the tag that is handling the transferring the data needs to have its Tag Type set to "Google Analytics: GA4 Event" and the tag will need to have its Configuration Tag setting linked to another tag that has its Tag Type set to "Google Analytics: GA4 Configuration". The "Google Analytics: GA4 Configuration" tag will need to have its Measurment ID property set to the Google Analytics 4 account's Data Stream for where the order statistics are to be logged against.
Functionality Affected: Order Checkout/Submission, or Guest Order Checkout/Submission content managed web page areas
Impact: Normal
TOT-4246 - Customise labels of credit card types displayed within credit card payment forms within Order Checkout/Submission and Customer Account Invoice Payment Form content managed web page areas
On a content managed web page that contains either Order Checkout/Submission, Guest Order Checkout/Submission or Customer Account Invoice Payment Form areas, when a credit card payment form is displayed within the areas, within the Credit Card Types drop down, for each of the card type option the option labels are now able to be able to be customised. Additionally within the Administration Centre, under the Stores menu, within the Payments interface, in the Make A Payment tab, for the Credit Card Type drop down, the labels of the card options can also customised with the same label settings.
Within the Administration Centre, under the Stores menu, within the Payment Settings interface, under the Credit Card section, the following 3 settings have been added to control labels of the support card types:
Credit Card Type Label - American Express
Credit Card Type Label - Mastercard
Credit Card Type Label - Visa
These 3 settings are used across all credit card payment forms for a single project within the TOTECS Ecommerce platform to customise the labelling of each card type.
Functionality Affected: Order Checkout/Submission, Guest Order Checkout/Submission, Customer Account Invoice Payment Form content managed web page areas
Impact: Minor
TOT-4254 - Add User Search Rule to find users with products now back in stock in a given number of hours, are assigned to a specified marketing category, and have products with a stock quantity over a given amount
Within the Administration Centre, a new user search rule has been added that can find active users assigned to specified subscription category, that have products in their favourites list that are back in stock within a given number of hours, and have products with a stock quantity over/below/equal to/not equal to a given amount.
After a user logs into the Administration Centre, after clicking on the Users menu button, then the Search Users menu item, within the Search Users interface, under the Advanced Search section, in the Search Category drop down selecting the Marketing option, then within the Search Rule drop down a new rule has been added labelled "Select active users assigned to subscription category name equal to %value1% with favourite products back in stock in last %value2% hours with stock quantity %equaling% %value3%". The search needs to have the following inputs set:
Value1 textbox needs to have the exact name of the User Subscription Category that is to be match on, that targets the users assigned to the specified category
Value2 textbox needs to have number defining the maximum number of hours back to find products that have had a "Stock Available Since Date" store a date within that matches within the hours set.
Value3 textbox needs to have a number indicate the product Stock quantity to compare against and match onEqualing drop down needs to be set to a value that is used to control how the value of product Stock value should be compared against the value 3 given.
Once all these values have been set then the rule can be used to find users assigned to the specified User Subscription Category that have products in their favourites that have the Stock amount required, and the Stock Available Since Date set to a date that fits with the number of hours aloud. This can be used within both the Search Users interface, as well as using the rule for Marketing User Groups. This in turn can target users to receiving back-in-stock email notifications using the existing Emedia Emails marketing feature.
Functionality Affected: Seach Users administration centre interface
Impact: Minor
TOT-4256 - Create hooks in Order Confirmation Email Order Detail Format setting that display Location ID, Code and Name in Order Confirmation Notification Emails
When an order is submitted from within a content managed website or Trade interface and a Order Confirmation Notification email is sent out, or if the email sent out by an administrator users from within the Orders Administration Centre interface, there is now the ability to include the order's assigned location's name and code within the notification email's attached content.
Within the Administration Centre, from the Stores menu, within the Order Store Settings interface, for the Order Confirmation Email Order Detail Format, it now defines the following hooks that can embed different information about the location assigned to the order:
order_location_id: Unique ID of the location assigned to the order. If no location is assigned to the order then the ID will be empty.
order_location_code: Code of the location assigned to the order, that allows it to be identified by humans. If no location is assigned to the order then the code will display null.
order_location_name: Name of the location assigned to the order. If no location is assigned to the order then the name will display null.
order_location_display: CSS styling rule that indicates if location data should display, based on if a location is assigned to an order or not. If no warehouse is assigned then this will output display: none
Functionality Affected: Order Confirmation Notification email
Impact: Normal
TOT-4261 - Copy across customer account pricing to parent combination products when Automatically Calculate Combination Product Prices is turned on and runs
Within the Administration Centre, under the Inventory menu, within the Product Settings interface, if the "Automatically Calculate Combination Product Prices" setting is set to Yes, then when a Product Pricing Connector or Text File data import is run, there is now the ability to additionally copy across customer account pricing of default products in a combination to active and visible parent combination products for unit pricing. Additionally before copying it will delete all existing customer account pricing previously assigned to a combination product, to ensure that account pricing no longer relevant is not be stored, such as for contracts or promotions.
This ensures that if the default child product receives account pricing, that the parent also does, avoid mismatches in pricing, such as when viewed in product detail or listing areas.
Note that this change means that if the "Automatically Calculate Combination Product Prices" setting is set to Yes and parent combination products had customer account pricing set against the products already, then this pricing would get deleted and the child product's account pricing would overwrite it.
Functionality Affected: Product Pricing Connector Text File data imports
Impact: Normal
TOT-4263 - Upgrade Websites and Web Page Editor Administration Centre interfaces to https
Within the Administration Centre, under the Websites menu, within the Websites interface, it now is able to load over a https connection, as well as from within the Websites interface. Upon clicking on a webpage, the Web Page Editor now also loads over a https connection. This ensures that all traffic to and from the servers is sent over secure connections, and avoids issues with web browsers incorrectly not handling loading insecure web pages.
Functionality Affected: Administration Centre
Impact: Normal
TOT-4266 - Block scrapers that identify as thesis-research-bot. fidget-spinner-bot, Bytespider, my-tiny-bot, DataForSeoBot and AwarioSmartBot
Website traffic has been blocked from allowing requests from scrapers who identify with the following user-agents: "thesis-research-bot". "fidget-spinner-bot", "Bytespider", "my-tiny-bot" or "DataForSeoBot"
Functionality Affected: Content Managed Website Block List
Impact: Normal
TOT-4269 - Product Deals and Vouchers deal offers to buy over product quantity X and get price at Y percent off price level Z price, and buy quantity X and get price at Y percent off price level Z price
Within the Product Deals and Vouchers feature 2 new deal offer types have been added that allow a product's price to be discounted based on ordering a certain quantity, and applying a percentage discount from a specific price-level price.
Within the Administration Centre, under the Marketing section, within the Product Deals and Vouchers interface, in the Offer drop down the 2 new offer types have been added:
Buy Product Quantity X For Y Percent Off Price Price Level Z
The offer type applies when a specific product quantity has been ordered, and its price will be set based on discounting a specific price-level price by a given percentage. Ie. "buy 5 of a product, and get 25% off the wholesale price"
Buy Over Product Quantity X For Y Percent Off Price Level Z
The offer type applies when more than a specific product quantity has been ordered, and its price will be set based on discounting a specific price-level price by a given percentage. Ie. "buy over 5 of a product, and get 25% off the wholesale price"
Once product deals have been set up with these offer types, then it may allow users to redeem these deals for the applicable products assigned to the deal. Note that if after the percentage discount of the specified price-level price is higher than the product price a user normally receives, then the deal with be ignored from being applied, since no valid discount is applicable.
Functionality Affected: Product Deals and Vouchers administration centre interface
Impact: Normal
TOT-4271 - Content managed webpage javascript API function to reload Related Products Listing, Category Crumbs, and Product Detail web page areas
Within any content managed webpage the javascript API has been modified to allow external javascript files to trigger web page area events to fire, allowing areas to update at chosen times, initially supporting area types Product Details, Related Product Listing, and Category Crumbs to be reloaded with updated product data. Within the content managed webpage javascript API a new function has been added called: TOTECS.retail.fs.triggerWebPageAreaEvent(triggerAreaEventType, webpageAreaID, argument1);
The function takes 3 arguments, these are:
triggerAreaEventType: ID of the web page area event to trigger. The TOTECS.retail.fs.WEBPAGE_AREA_TRIGGER_EVENT_TYPES stores the following: RELOAD_RELATED_PRODUCT_LISTING - 1 to reload a Related Products Listing area, RELOAD_CATEGORY_CRUMB - 2 to reload a Category Crumbs area, RELOAD_PRODUCT_DETAIL - 3 to reload a Product Detail area.
webpageAreaID: ID of the web page area to specifically trigger an event against. If set to null then any area's listening to the event type will be triggered. By default this argument is not looked, and may be used in the future.
argument1: The first argument to pass when triggering the web page area event. This value's purpose will change based on event triggered. For the first 3 trigger event types this argument needs to contain the product code of the product that is to have it's data updated in the areas being reloaded.
Functionality Affected: content managed webpage javascript API
Impact: Normal
TOT-4276 - Rate limit the amount of time users can attempt to login or use Forgot Password within an allowed time frame
From within the Administration Centre Login page, or from a content managed webpage that contains a User Login area, if a user attempts to login, within the Login server more restrictive limits have been put in place to limit the number of failed login attempts that a user is allowed to make within the a specified time frame. By default a user is limited to only being able to attempt to login 20 times within the last 15 minutes. If the user then attempts to login after 20 attempts have been made then they will automatically receive a failed response. This automatic failed response will occur until less than 20 attempts have been made in the last 15 minutes.
Within the User Login area, if the user tries to use the Forgot Password feature, additional limits have been put place to only allow a user's security question to be attempted to be obtained 20 times within a 24 hour period. If more attempts are made within a 24 hour period the error message "The maximum number of attempts to obtain security questions has been made. Please contact us if you have forgotten your login details." will automatically be returned. Additionally limits have been put in place to only allow up to 20 attempts to answer a user's security question within the last 15 minutes. If this limit is exceeded then the error message "The maximum number of attempts to answer the security question has been made. Please contact us to help with your login details." will automatically be returned.
These increased limits provide additional security measures that help make it more difficult for malicious actors to try and guess a user's login credentials, and take over the user's accounts.
Functionality Affected: User Login, Forgot Password
Impact: Normal
TOT-4277 - Set global http response headers for all web pages within a content managed website
For each content managed website there now the ability to set HTTP response headers that are included in every response for each web page served against the website. This allow responses to be further customised, such as putting in headers for setting website security policies of its content, such as .Content-Security-Policy or Strict-Transport-Security headers to provide stricter security rules to help web browsers add additional security protections to users.
Within the Administration Centre, under the Websites menu, within the Websites interface, clicking on the website domain, within the Website Details interface, a setting labelled "Global Web Page HTTP Response Headers". In its text area each HTTP response header needs to be added on each row, with the header's name and value separated by a colon character. For example: "Strict-Transport-Security: "max-age=22236000; includeSubDomains" always"
Once the Update Site button is saved on, then when any web pages belonging to the website are requested, in the response headers will be included in the web page response.
Note that if any of the following response headers are provided they will ignored, since they may affect underlying platform responses:
Content-Type
Set-Cookie
Content-Encoding
Transfer-Encoding
Functionality Affected: Website Details administration centre interface
Impact: Normal
TOT-4278 - Settings to control user password validation, and minimum character lengths for user Login IDs and Security Answers
When a user's password is being set or updated from either within a User Registration or User Details/Favourites/Orders area on a content managed webpage, or within the Administration Centre's Search Users and Create User interface, there are now settings that control how a user's Password, Login ID and Security Answer are validated. This includes controlling the allowed minimum character length for Login ID, Password, and Security Answer. Additionally there are settings to control how many special characters, upper case letters, and numbers are required to be in the password. Additionally for each User Registration Profile there are settings to control if the password validation should be enforced, as well the abiltiy to set a customisable message when the password validation fails, allowing a new user registering to be informed if they have not provided a strong enough password.
Within the Administration Centre, under the Users menu, within the General Settings interface the following settings have been added:
User Login ID Minimum Length: Set the minimum character length of a user's Login ID allowed when created via User Registration or saved within the Administration Centre.
User Password Minimum Length: Set the minimum character length of a user's password allowed when created via User Registration or saved within the Administration Centre.
User Password Minimum Numeric Characters Required: Set the minimum number of numeric characters required to be set in a user's password, when the password is being set via User Registration, or from within the Administration Centre.
User Password Minimum Special Characters Required: Set the minimum number of special characters required to be set in a user's password, when the password is being set via User Registration, or from within the Administration Centre. Special characters include: !@#$%^&*()
User Password Minimum Lower Case Characters Required: Set the minimum number of lower case letter characters required to be set in a user's password, when the password is being set via User Registration, or from within the Administration Centre.
User Password Minimum Upper Case Characters Required: Set the minimum number of upper case letter characters required to be set in a user's password, when the password is being set via User Registration, or from within the Administration Centre.
User Security Answer Minimum Length: Set the minimum character length of a user's answer to their security question allowed when created via User Registration or saved within the Administration Centre.
Within the Administration Centre, under the Users menu, within the User Registration Profiles interface, open clicking on the name of a profile, within the Profile Details interface, under the Mandatory Registration Fields section, the following settings have been added:
Enforce Password Validation: If checked then when a user uses the profile to register, the password they set will be validated with the above password settings, otherwise the additional password validation will not be enforced. It's recommended to turn this on, unless an administrator user will change their password after immediately registering and the user is not initially active.
Enforce Password Validation Error Message: Set the error message that the user sees if their password doesn't pass validation checks
Note that if user's are created via Customer Account Connector data imports and automatically have a password set, the password will not have validation checks performed.
Functionality Affected: Search Users, Create User administration centre interface, User Registration, User Details/Favourites/Orders content managed web page area
Impact: Major
Bug Fixes
TOT-4210 - Default quantity input value not being increased by 1 for deal offer types over a given quantity for Product Deals Listing content managed web page areas
On content managed webpage containing a Product deal listing area "$product_basket_quantity_input$" hook outputted an incorrect quantity in quantity field for all the products where the deal offer was to buy over a given quantity. Now the "$product_basket_quantity_input$" hook will now correctly increment the quantity set for the deal by 1 when the deal is assigned to any of the below deal types:
Buy Over Product Quantity X For Price Y
Buy Over Product Quantity X For Y Percent Off Price
Buy Over Product Quantity X At Price Level Y
Buy Over X Product Quantity For Y Percent Off Freight Surcharge
Buy Over X Price Of Basket Total (Ex. Product Redeemed), Get Product For Price Y
Buy Over X Quantity Of Total Basket Products (Ex. Product Redeemed), Get Product For Price Y
Buy Over X Quantity Of Total Basket Products, Get Product For Price Y
Buy Over X Price Of Basket Total (Ex. Product Redeemed), Get Product For Y Percent Off Price
Buy Over X Price Of Basket Total (Ex. Product Redeemed), Get Product At Price Level Y
Buy Over X Quantity Of Total Basket Products (Ex. Product Redeemed), Get Product For Y Percent Off Price
Buy Over X Quantity Of Total Basket Products, Get Product For Y Percent Off Price
Buy Over X Price Of Total Basket Products (Before Discounts), Get Product For Y Percent Off Price
Buy Over X Price Of Total Basket Products (Before Discounts), Get Product For Price Y
Buy Over X Total Quantity Of Products In Deal, Get Product For Y Percent Off Price
Buy Over X Total Quantity Of Products In Deal, Get Product For Price Y
Buy Over X Quantity Of Products Belonging To The Same Parent Combination Product, Get Product For Y Percent Off Price
Buy Over X Quantity Of Products Belonging To The Same Parent Combination Product, Get Product For Price Y
Functionality Affected: Product Deal Listing cotnent managed web page area
Impact: Normal
TOT-4237 - Not all available products importing from an historic order into a user's basket within the User Details/Favourites/Orders content managed web page area
For a user logged into a content managed web page containing a User Details/Favourites/Orders area, if the area was displaying a list of historic orders, then if the Import Products button was clicked, not all active and available products may be imported into the order, even if the user has the ability to add these products to basket.
Now if the Import Products button is clicked, all active and available products will now be imported into the order. Previously some products were not being added to basket if non essential attribute data for each product in the order was missing.
Functionality Affected: User Details/Favourites/Orders content managed web page area
Impact: Normal
TOT-4240 - Products assigned to multiple categories of the same model not passing the correct quantity input value when adding to basket within the Model Product content managed web page area
On a content managed web page that contains a Model Product area, if the area was displaying a model that has the same product assigned to it across multiple different categories, then if the area's Product Search Record format was being displayed for each product record and contains the addProductQuantityField format hook to display the quantity input, the input incorrectly had the same element ID set for product records displayed multiple times.
Now the quantity input correctly has a different element ID set for product records displayed multiple times. This ensures that the correct quantity is passed to the server if multiple product records for the same product appear under different categories.
Functionality Affected: Model Product content managed web page area
Impact: Normal
TOT-4242 - Shopping list displaying incorrect number of available and visible products and sorting not working correctly within a Shopping List Products content managed web page area
After a user logs into a content managed website and navigates to a web page containing a Shopping List Products area. If the shopping list shown in area contained products in the shopping list that are not active or visible, then the counts within the ordering drop down incorrectly showed total number of products in the shopping list without factoring in the products that are allowed to be seen. Additionally if user selected to reorder a product within the list using the re-ordering drop down it was incorrectly positioning the product.
Now for each shopping list displayed the count of products will correctly not count products in the shopping list that are not active or visible. Additionally within the Shopping List Products area the shoppinglist_product_count format hook will also not include products in the shopping list that are not active or visible. The shoppinglist_product_ordering_options format hook will also now include the correct count of products to display as re-orderable options for each product.
Note that if an existing product is in a shopping list and becomes inactive or hidden, then a user changes the ordering of any existing products visible in the same shopping list, then if the existing product that is inactive or hidden becomes active or hidden, then its position will have changed to be at the bottom of the shopping list.
Functionality Affected: Shopping List Products content managed web page area
Impact: Minor
TOT-4245 - Area settings not being saved for Category Listing content managed web page area within Webpage Editor of Administration Centre
After a user logged into the administration Centre, clicked on the Websites menu button, then clicked on the Websites menu item, within the Websites interface. Upon right clicking on a content managed web page, and clicking on View All Areas context menu item, within the Web Page Editor, clicking on the name of a Category Listing area, within the Area Settings dialog, upon setting the following area settings and clicking on the Assign button to save the changes, upon closing and reopening the dialog the following area area settings were loading the previous saved values. When the area settings were being saved to the database, the previous settings values were not being cleared before saving the new settings
A fix has been made to correctly clear out the old settings values before saving the new settings values for the area's settings.
Functionality Affected: Category Listing content managed web page area
Impact: Normal
TOT-4247 - Users unable to to subscribe to emarketing after submitting email address within the Emedia Subscription Form content managed web page area
On a content managed webpage that contained a Emedia Subscription Form area, after the user typed their email address into the area's textbox and clicks on the submit button, a browser error alert box displayed within the message "Request has failed whilst trying to connect to the server, please try again later", and the user failed to have their email subscribed to receiving emarketing. This only occurred if the project is running on the TOTECS Ecommerce platform's Web Server Cluster 2.
Now after the user types their email address into the area's textbox and clicks on the submit button, the user correctly against becomes subscribed to receiving emarketing. This issue was caused by the the list of marketing categories not being correctly passed to the server. Note it was only occurring on TOTECS projects running on the platform's newer web servers that implement tighter URL character standards.
Functionality Affected: Emedia Subscription Form content managed web page area
Impact: Normal
TOT-4249 - Incorrect discount price amount being added to basket by sales representative users for child products that's not the first listed in the Product Combination content managed web page area
On a content managed web page that contained a Product Combination content managed web page area, if the area was displaying a list of child products for a parent combination product, and the area was configured to display the child products as a radio list, and the area is being viewed by a sales representative user, and the area was configured to use the Combination Product Option List Record format that had the $add_product_price_field$ or $add_product_price_discount_field$ hooks embedded within it to allow the sales rep user to optionally set a price for the product, then when a child product was added to basket that was not the first product listed in the area, using either the Quantity textbox or a button using the $add_product_basket_onclick$ hook in its onclick event attribute, then the incorrect price/discount amount was being set for the product in the basket using the price/discount amount set for first product in the list.
Now when using either the Quantity textbox or a button using the $add_product_basket_onclick$ hook in its onclick event attribute, then the correct price/discount amount is being set for the product in the basket using the price/discount amount set within the inputs of the child combination product record.
Functionality Affected: Product Combination content managed web page area
Impact: Normal
TOT-4250 - Webpage URL Routes linked to web page not being deleted when the page is deleted within the Within Websites Administration Centre interface
Within the Administration Centre, under the Websites menu, within the Websites interface, under a content managed website, within the Webpages tree node, if a content managed web page was deleted, it did not also delete the Webpage URL Routes that were linked to that webpage. Because of this these routes were still being checked for and used when a content managed web page was loaded, that may cause a blank content managed web page to display.
Now if a content managed web page is deleted, it now also deletes the Webpage URL Routes that are linked to that webpage. Additionally in the Web Page Routes dialog it will also now display all General routes, previously this was being ignored.
Functionality Affected: Websites Administration Centre interface
Impact: Normal
TOT-4251 - Order Notification Email failing to attach Order Details PDF file when a product contains an ampersand within its product code
Within the Administration Centre, under the Stores menu, within the Orders interface, for an order that has a product assigned to it containing an ampersand character within its code, when the user clicked on the Email button, then within the Send Order Email Notification dialog clicked on the Send Email button, then an error dialog displayed with the "The order email notification failed to send returned" and the notification still got sent out but without the email attachment's order details PDF file. This issue only occurred if within the Orders Store Settings interface the "Order Confirmation Email Order Detail Product Format" setting was using the order_product_set_field to embed the product code or barcode within an order line.
Now when the user clicks on the Email button, then within the Send Order Email Notification dialog clicks on the Send Email button, an error dialog no longer displays with the "The order email notification failed to send returned" and the order email notification correctly gets sent out but with the email attachment's order details PDF file. This issue was caused due to the "Order Confirmation Email Order Detail Product Format" setting using the order_product_set_field to embed the product code or barcode within an order line, and the product code or barcode not having the ampersand character correctly HTML encoded, that causes the HTML to PDF converter to fail due to not meeting strict HTML standards.
Functionality Affected: Order Notification Email
Impact: Normal
TOT-4255 - Removal of vulnerabilities within content managed websites and Trade interface
Within content managed websites and the Trade interface there were cross-site scripting vulnerabilities that could be exploited when combined with social engineering and phishing attacks.
Now within content managed websites and the Trade interface a number of vulnerabilities that could allow intruders to exploit a website were found and have been removed, so that nefarious 3rd parties cannot exploit users into providing information without their knowledge or consent.
TOT-4257 - Unable to filter payments by Customer Account Code within Payments Administration Centre interface
When an administrator user logged into the Administration Centre, clicked on the Store menu, then clicked on the Payments menu item, within the Payments interface, within the View Payments tab if the Search drop down was changed to the "Customer Account Code" option, then if a value a placed into the search textbox and the Search button was pressed on, no payments would display, even if a payment existed that is assigned to a customer account that matches the code given.
Now if the Search drop down is changed to the "Customer Account Code" option, then if a value a placed into the search textbox and the Search button is pressed on, payments are now correctly searched that match the code of the customer account given.
Functionality Affected: Payments administration centre interface
Impact: Normal
TOT-4260 - Removal of vulnerabilities within Administration Centre interfaces
Within the Administration Centre a number of vulnerabilities that could allow intruders to exploit its interfaces were found and have been removed, so that nefarious 3rd parties cannot exploit users into providing information without their knowledge or consent.
Functionality Affected: Administration Centre interface
Impact: Major
TOT-4264 - Basket Products Administration Centre interface failing to load the list of products
After an administrator user logged into the Administration Centre, after clicking on the Statistics menu, then clicking on Basket Statistics menu item, within the Basket Statistics interface, under the Basket Summary section, within it's table, if the number in the Total Items was clicked on, then in the browser window that opened the Basket Products interface, the interface was failing to load its contents of the Basket Products table for the user to see.
Now if the number in the Total Items is clicked on, then in the browser window that open the Basket Products interface, the interface will correctly load its contents for the user to see again. This issue was caused by a programming error introduced in TOT-4260
Functionality Affected: Basket Statistics administration centre interface
Impact: Normal
TOT-4267 - Updated Template interface not displaying Update Template Area Container interface after changing a web page's template within the Web Page Editor Administration Centre
After an administrator user logged into the the Administration Centre, under the Websites menu, within the Websites interface, under a content managed website, when clicking on a web page, from within the Web Page Editor, upon clicking on the Templates menu item, within the Update Template interface, within the Change Template drop down, after selecting a different template option and clicking the Update Template button, the interface failed to reload, and showed the Update template Area Containers interface. Instead the web page was assigned to the web page template, but all local areas were not assigned to existing template hooks, making the areas disappear on the web page and within the All Areas interface.
Now after selecting a different template option and clicking the Update Template button, the interface correctly reloads, and shows the Update template Area Containers interface. allowing the web page area's to be assigned to the new web page template's containers.
This issue was caused by new stricter server request parameter value standards that the newer web server version required. The logic has been updated to meet these new standards. Note that if a web page was assigned to a new template, it could be assigned back to the old web page template to allow the existing areas to appear again.
Functionality Affected: Web Page Editor administration centre interface
Impact: Major
TOT-4268 - Unable to save settings within the Model Search Listing content managed web page area within the Webpage Editor of the Administration Centre due to incorrectly making server request over insecure connection
After a user logged into the Administration Centre, clicked on the Websites menu, and then clicked on the Websites menu item, within the Websites interface for any content managed webpage that contained a Maker Listing area, open the web page within the Web Page Editor. From within the Web Page Editor, after clicking on a Maker Listing area, within the Area Settings dialog after changing any setting and clicking the Assign button, it failed to save the setting due to the Assign button incorrectly calling the server with a URL containing the insecure URL request, instead of calling the server with the secure URL request.
Now after clicking on a Maker Listing area, within the Area Settings dialog after changing any setting and clicking the Assign button, it now correctly saves the settings for the area.
Functionality Affected: Maker Listing content managed web page area
Impact: Normal
TOT-4270 - Previous Instructions drop down not sorting unique instructions by last order date within the Order Checkout/Submission content managed webpage area
After a user logged into a content managed website, and had added products to their basket. From a web page that contains a Basket Listing area they clicked on a Checkout button and navigated to a web page containing a Order Checkout/Submission area. Within the area that was displaying the Order Details Form format, within the Previous Instructions drop down, it was incorrectly not sorting the unique previous instructions based on the last time an order contained the instruction.
Now within the Previous Instructions drop down, it will correctly sort the unique previous instructions listed, based on the last time an order contained the instruction. Previously it was finding and grouping the unique instructions, but may not always order by the latest order date.
Functionality Affected: Order Checkout/Submission content managed web page area
30th January 2024
Improvements
TOT-4175 - Display total discount deal price amounts on Basket Product Listing, Basket Summary, Order Checkout/Submission, and Guest Order Checkout Submission content managed web page areas
On a content managed web page that displays Basket Product Listing, Basket Summary, Order Checkout/Submission, Guest Order Checkout/Submission, Pending Order Review and Order Print Form areas, there is now the ability to show the total amount of the deal discount pricing that is being saved on the user's basket/order. This can also be set up within the Order Confirmation Notification Email. This price saving/discount amount calculated by totaling the sum of product deal discounts against the original price for each product in the basket/order.
In each of these areas format hooks has been added that allow the discount price to show excluding tax, including tax. Additionally a format hooks have been added to indicate if the total discount price should hide or show based on if the total discount amount is greater than 0. The following hooks have been added to the area formats:
Basket Summary Webpage Area Format Hooks:
Basket Header and Basket Products Footer Webpage Area Format Hooks:
Order Review, Pending Order Detail and Order Print Detail Webpage Area Format Hooks:
Order Submission Success, Order Submission Failure and Order Submission Pending Webpage Area Format Hooks:
Within the Administration Centre, under the Stores menu, within the Order Settings interface, for the Order Confirmation Email Order Detail Format setting, the following format hooks have been added:
Functionality Affected: Basket Product Listing, Basket Summary, Order Checkout/Submission, Guest Order Checkout/Submission, Pending Order Review and Order Print Form content managed web page areas
Impact: Normal
TOT-4193 - Drop downs to control sorting of products within the Basket Products Listing content managed web page area
On a content managed webpage containing a Basket Products Listing area, within its header and footer formats 2 additional hooks have been added that can display drop downs, allowing the user to select the product field that they can sort the products by in their basket, as well as the direction that the products sorted by. Within the area's Basket Header and Basket Products Footer formats the 2 format hooks have been added:
The default values of the these drop downs is controlled within the Administration Centre, under the Stores menu, within the Basket Settings interface, the Column To Order Basket Products setting controls the product Sorting Field drop down, and the Direction To Order Basket Products setting controls the direction that products are sorted by. Note that these same settings apply to all Basket Product Listing areas.
Functionality Affected: Basket Products Listing content managed web page area
Impact: Normal
TOT-4198 - Format hooks to filter order list by account based orders and date range within the User Details/Favourites/Orders content managed web page area
On a content managed web page containing a User Details/Favourites/Orders content managed web page area, if the area is displaying a list of historic orders previously submitted, there is now the ability to embedded form inputs to filter the orders that display, based on date range, or for orders submitted against the user's assigned account instead of orders submitted by the user (only allowed for sales representative users). Additionally it also now supports pagination to allow the historic order listing to load faster. By default the area will display a maximum of 50 records, but can be changed to display 10, 25, 50 or 100 records per page. Note that existing areas will need to have the area formats modified to allow users to see the pagination options.
Within the User Details/Favourites/Orders content managed web page area, for the Historic Order Products Header and Historic Order Products Footer formats the following hooks can now be embedded to allow for pagination, date filtering, and filtering for orders based on a sales representative users active account:
Functionality Affected: User Details/Favourites/Orders content managed web page area
Impact: Normal
TOT-4233 - Display product Brand and Supplier and fields within a Basket Product Listing content managed web page area
On a content managed web page containing a Basket Product Listing area 2 new format hooks have been added to the Basket Product Record format to be able to display the Brand and Supplier fields stored for each product listed in the area. The new format hooks for the Basket Product Record area format are:
Functionality Affected: Basket Product Listing content managed web page area
Impact: Normal
TOT-4234 - Copy products from user's guest basket to their initial active basket when a user logs in
On a content managed website, if a guest user adds products to their basket then decides to login, After they have successfully logged in there now the ability to copy the products from their guest basket, into their current active basket. The products being copied across from the guest basket will only be added to the user's current basket if they are not a Sales Representative user, and the user has permission to add the guest basket products to their active basket. and the products can be re-priced.
A project setting has been created that controls if products should be added from the guest basket across to a user's basket at login. Note that this may cause logins to take longer to load, especially if the user has many products in their basket that need to be copied across to their active basket. Also note that any deals applied to products in the guest basket, will be not be applied when the products are copied to the user's active basket.
Within the Administration Centre, under the Stores menu, within the Basket Settings interface, a setting labelled "Copy Products From Guest Basket On Login". If set to Yes then allows a non-sales representative user to have any products in their guest basket copied into their active basket during login. Else if this setting is set to No then copying process will be ignored.
Functionality Affected: User Login
Impact: Normal
TOT-4243 - Support for Google Analytics 4 reporting within Order Checkout/Submission and Guest Order Checkout/Submission content managed web page areas
On a content managed web page that displays either an Order Checkout/Submission, or Guest Order Checkout/Submission area, if the the area has reporting turned on to send confirmed orders to Google's Analytics service through its Google Tag Manager service, the order data now provided conforms to the Google Analytics 4 service's Ecommerce "purchase" transaction type.
This change drops support for ordering data conforming to the Universal Analytics service since Google is no longer provides support for its Universal Analytics service. For the order data to correctly be handled within Google Tag Manager, the tag that is handling the transferring the data needs to have its Tag Type set to "Google Analytics: GA4 Event" and the tag will need to have its Configuration Tag setting linked to another tag that has its Tag Type set to "Google Analytics: GA4 Configuration". The "Google Analytics: GA4 Configuration" tag will need to have its Measurment ID property set to the Google Analytics 4 account's Data Stream for where the order statistics are to be logged against.
Functionality Affected: Order Checkout/Submission, or Guest Order Checkout/Submission content managed web page areas
Impact: Normal
TOT-4246 - Customise labels of credit card types displayed within credit card payment forms within Order Checkout/Submission and Customer Account Invoice Payment Form content managed web page areas
On a content managed web page that contains either Order Checkout/Submission, Guest Order Checkout/Submission or Customer Account Invoice Payment Form areas, when a credit card payment form is displayed within the areas, within the Credit Card Types drop down, for each of the card type option the option labels are now able to be able to be customised. Additionally within the Administration Centre, under the Stores menu, within the Payments interface, in the Make A Payment tab, for the Credit Card Type drop down, the labels of the card options can also customised with the same label settings.
Within the Administration Centre, under the Stores menu, within the Payment Settings interface, under the Credit Card section, the following 3 settings have been added to control labels of the support card types:
These 3 settings are used across all credit card payment forms for a single project within the TOTECS Ecommerce platform to customise the labelling of each card type.
Functionality Affected: Order Checkout/Submission, Guest Order Checkout/Submission, Customer Account Invoice Payment Form content managed web page areas
Impact: Minor
TOT-4254 - Add User Search Rule to find users with products now back in stock in a given number of hours, are assigned to a specified marketing category, and have products with a stock quantity over a given amount
Within the Administration Centre, a new user search rule has been added that can find active users assigned to specified subscription category, that have products in their favourites list that are back in stock within a given number of hours, and have products with a stock quantity over/below/equal to/not equal to a given amount.
After a user logs into the Administration Centre, after clicking on the Users menu button, then the Search Users menu item, within the Search Users interface, under the Advanced Search section, in the Search Category drop down selecting the Marketing option, then within the Search Rule drop down a new rule has been added labelled "Select active users assigned to subscription category name equal to %value1% with favourite products back in stock in last %value2% hours with stock quantity %equaling% %value3%". The search needs to have the following inputs set:
Once all these values have been set then the rule can be used to find users assigned to the specified User Subscription Category that have products in their favourites that have the Stock amount required, and the Stock Available Since Date set to a date that fits with the number of hours aloud. This can be used within both the Search Users interface, as well as using the rule for Marketing User Groups. This in turn can target users to receiving back-in-stock email notifications using the existing Emedia Emails marketing feature.
Functionality Affected: Seach Users administration centre interface
Impact: Minor
TOT-4256 - Create hooks in Order Confirmation Email Order Detail Format setting that display Location ID, Code and Name in Order Confirmation Notification Emails
When an order is submitted from within a content managed website or Trade interface and a Order Confirmation Notification email is sent out, or if the email sent out by an administrator users from within the Orders Administration Centre interface, there is now the ability to include the order's assigned location's name and code within the notification email's attached content.
Within the Administration Centre, from the Stores menu, within the Order Store Settings interface, for the Order Confirmation Email Order Detail Format, it now defines the following hooks that can embed different information about the location assigned to the order:
Functionality Affected: Order Confirmation Notification email
Impact: Normal
TOT-4261 - Copy across customer account pricing to parent combination products when Automatically Calculate Combination Product Prices is turned on and runs
Within the Administration Centre, under the Inventory menu, within the Product Settings interface, if the "Automatically Calculate Combination Product Prices" setting is set to Yes, then when a Product Pricing Connector or Text File data import is run, there is now the ability to additionally copy across customer account pricing of default products in a combination to active and visible parent combination products for unit pricing. Additionally before copying it will delete all existing customer account pricing previously assigned to a combination product, to ensure that account pricing no longer relevant is not be stored, such as for contracts or promotions.
This ensures that if the default child product receives account pricing, that the parent also does, avoid mismatches in pricing, such as when viewed in product detail or listing areas.
Note that this change means that if the "Automatically Calculate Combination Product Prices" setting is set to Yes and parent combination products had customer account pricing set against the products already, then this pricing would get deleted and the child product's account pricing would overwrite it.
Functionality Affected: Product Pricing Connector Text File data imports
Impact: Normal
TOT-4263 - Upgrade Websites and Web Page Editor Administration Centre interfaces to https
Within the Administration Centre, under the Websites menu, within the Websites interface, it now is able to load over a https connection, as well as from within the Websites interface. Upon clicking on a webpage, the Web Page Editor now also loads over a https connection. This ensures that all traffic to and from the servers is sent over secure connections, and avoids issues with web browsers incorrectly not handling loading insecure web pages.
Functionality Affected: Administration Centre
Impact: Normal
TOT-4266 - Block scrapers that identify as thesis-research-bot. fidget-spinner-bot, Bytespider, my-tiny-bot, DataForSeoBot and AwarioSmartBot
Website traffic has been blocked from allowing requests from scrapers who identify with the following user-agents: "thesis-research-bot". "fidget-spinner-bot", "Bytespider", "my-tiny-bot" or "DataForSeoBot"
Functionality Affected: Content Managed Website Block List
Impact: Normal
TOT-4269 - Product Deals and Vouchers deal offers to buy over product quantity X and get price at Y percent off price level Z price, and buy quantity X and get price at Y percent off price level Z price
Within the Product Deals and Vouchers feature 2 new deal offer types have been added that allow a product's price to be discounted based on ordering a certain quantity, and applying a percentage discount from a specific price-level price.
Within the Administration Centre, under the Marketing section, within the Product Deals and Vouchers interface, in the Offer drop down the 2 new offer types have been added:
Buy Product Quantity X For Y Percent Off Price Price Level Z
The offer type applies when a specific product quantity has been ordered, and its price will be set based on discounting a specific price-level price by a given percentage. Ie. "buy 5 of a product, and get 25% off the wholesale price"
Buy Over Product Quantity X For Y Percent Off Price Level Z
The offer type applies when more than a specific product quantity has been ordered, and its price will be set based on discounting a specific price-level price by a given percentage. Ie. "buy over 5 of a product, and get 25% off the wholesale price"
Once product deals have been set up with these offer types, then it may allow users to redeem these deals for the applicable products assigned to the deal. Note that if after the percentage discount of the specified price-level price is higher than the product price a user normally receives, then the deal with be ignored from being applied, since no valid discount is applicable.
Functionality Affected: Product Deals and Vouchers administration centre interface
Impact: Normal
TOT-4271 - Content managed webpage javascript API function to reload Related Products Listing, Category Crumbs, and Product Detail web page areas
Within any content managed webpage the javascript API has been modified to allow external javascript files to trigger web page area events to fire, allowing areas to update at chosen times, initially supporting area types Product Details, Related Product Listing, and Category Crumbs to be reloaded with updated product data. Within the content managed webpage javascript API a new function has been added called: TOTECS.retail.fs.triggerWebPageAreaEvent(triggerAreaEventType, webpageAreaID, argument1);
The function takes 3 arguments, these are:
Functionality Affected: content managed webpage javascript API
Impact: Normal
TOT-4276 - Rate limit the amount of time users can attempt to login or use Forgot Password within an allowed time frame
From within the Administration Centre Login page, or from a content managed webpage that contains a User Login area, if a user attempts to login, within the Login server more restrictive limits have been put in place to limit the number of failed login attempts that a user is allowed to make within the a specified time frame. By default a user is limited to only being able to attempt to login 20 times within the last 15 minutes. If the user then attempts to login after 20 attempts have been made then they will automatically receive a failed response. This automatic failed response will occur until less than 20 attempts have been made in the last 15 minutes.
Within the User Login area, if the user tries to use the Forgot Password feature, additional limits have been put place to only allow a user's security question to be attempted to be obtained 20 times within a 24 hour period. If more attempts are made within a 24 hour period the error message "The maximum number of attempts to obtain security questions has been made. Please contact us if you have forgotten your login details." will automatically be returned. Additionally limits have been put in place to only allow up to 20 attempts to answer a user's security question within the last 15 minutes. If this limit is exceeded then the error message "The maximum number of attempts to answer the security question has been made. Please contact us to help with your login details." will automatically be returned.
These increased limits provide additional security measures that help make it more difficult for malicious actors to try and guess a user's login credentials, and take over the user's accounts.
Functionality Affected: User Login, Forgot Password
Impact: Normal
TOT-4277 - Set global http response headers for all web pages within a content managed website
For each content managed website there now the ability to set HTTP response headers that are included in every response for each web page served against the website. This allow responses to be further customised, such as putting in headers for setting website security policies of its content, such as .Content-Security-Policy or Strict-Transport-Security headers to provide stricter security rules to help web browsers add additional security protections to users.
Within the Administration Centre, under the Websites menu, within the Websites interface, clicking on the website domain, within the Website Details interface, a setting labelled "Global Web Page HTTP Response Headers". In its text area each HTTP response header needs to be added on each row, with the header's name and value separated by a colon character. For example: "Strict-Transport-Security: "max-age=22236000; includeSubDomains" always"
Once the Update Site button is saved on, then when any web pages belonging to the website are requested, in the response headers will be included in the web page response.
Note that if any of the following response headers are provided they will ignored, since they may affect underlying platform responses:
Functionality Affected: Website Details administration centre interface
Impact: Normal
TOT-4278 - Settings to control user password validation, and minimum character lengths for user Login IDs and Security Answers
When a user's password is being set or updated from either within a User Registration or User Details/Favourites/Orders area on a content managed webpage, or within the Administration Centre's Search Users and Create User interface, there are now settings that control how a user's Password, Login ID and Security Answer are validated. This includes controlling the allowed minimum character length for Login ID, Password, and Security Answer. Additionally there are settings to control how many special characters, upper case letters, and numbers are required to be in the password. Additionally for each User Registration Profile there are settings to control if the password validation should be enforced, as well the abiltiy to set a customisable message when the password validation fails, allowing a new user registering to be informed if they have not provided a strong enough password.
Within the Administration Centre, under the Users menu, within the General Settings interface the following settings have been added:
Within the Administration Centre, under the Users menu, within the User Registration Profiles interface, open clicking on the name of a profile, within the Profile Details interface, under the Mandatory Registration Fields section, the following settings have been added:
Note that if user's are created via Customer Account Connector data imports and automatically have a password set, the password will not have validation checks performed.
Functionality Affected: Search Users, Create User administration centre interface, User Registration, User Details/Favourites/Orders content managed web page area
Impact: Major
Bug Fixes
TOT-4210 - Default quantity input value not being increased by 1 for deal offer types over a given quantity for Product Deals Listing content managed web page areas
On content managed webpage containing a Product deal listing area "$product_basket_quantity_input$" hook outputted an incorrect quantity in quantity field for all the products where the deal offer was to buy over a given quantity. Now the "$product_basket_quantity_input$" hook will now correctly increment the quantity set for the deal by 1 when the deal is assigned to any of the below deal types:
Functionality Affected: Product Deal Listing cotnent managed web page area
Impact: Normal
TOT-4237 - Not all available products importing from an historic order into a user's basket within the User Details/Favourites/Orders content managed web page area
For a user logged into a content managed web page containing a User Details/Favourites/Orders area, if the area was displaying a list of historic orders, then if the Import Products button was clicked, not all active and available products may be imported into the order, even if the user has the ability to add these products to basket.
Now if the Import Products button is clicked, all active and available products will now be imported into the order. Previously some products were not being added to basket if non essential attribute data for each product in the order was missing.
Functionality Affected: User Details/Favourites/Orders content managed web page area
Impact: Normal
TOT-4240 - Products assigned to multiple categories of the same model not passing the correct quantity input value when adding to basket within the Model Product content managed web page area
On a content managed web page that contains a Model Product area, if the area was displaying a model that has the same product assigned to it across multiple different categories, then if the area's Product Search Record format was being displayed for each product record and contains the addProductQuantityField format hook to display the quantity input, the input incorrectly had the same element ID set for product records displayed multiple times.
Now the quantity input correctly has a different element ID set for product records displayed multiple times. This ensures that the correct quantity is passed to the server if multiple product records for the same product appear under different categories.
Functionality Affected: Model Product content managed web page area
Impact: Normal
TOT-4242 - Shopping list displaying incorrect number of available and visible products and sorting not working correctly within a Shopping List Products content managed web page area
After a user logs into a content managed website and navigates to a web page containing a Shopping List Products area. If the shopping list shown in area contained products in the shopping list that are not active or visible, then the counts within the ordering drop down incorrectly showed total number of products in the shopping list without factoring in the products that are allowed to be seen. Additionally if user selected to reorder a product within the list using the re-ordering drop down it was incorrectly positioning the product.
Now for each shopping list displayed the count of products will correctly not count products in the shopping list that are not active or visible. Additionally within the Shopping List Products area the shoppinglist_product_count format hook will also not include products in the shopping list that are not active or visible. The shoppinglist_product_ordering_options format hook will also now include the correct count of products to display as re-orderable options for each product.
Note that if an existing product is in a shopping list and becomes inactive or hidden, then a user changes the ordering of any existing products visible in the same shopping list, then if the existing product that is inactive or hidden becomes active or hidden, then its position will have changed to be at the bottom of the shopping list.
Functionality Affected: Shopping List Products content managed web page area
Impact: Minor
TOT-4245 - Area settings not being saved for Category Listing content managed web page area within Webpage Editor of Administration Centre
After a user logged into the administration Centre, clicked on the Websites menu button, then clicked on the Websites menu item, within the Websites interface. Upon right clicking on a content managed web page, and clicking on View All Areas context menu item, within the Web Page Editor, clicking on the name of a Category Listing area, within the Area Settings dialog, upon setting the following area settings and clicking on the Assign button to save the changes, upon closing and reopening the dialog the following area area settings were loading the previous saved values. When the area settings were being saved to the database, the previous settings values were not being cleared before saving the new settings
A fix has been made to correctly clear out the old settings values before saving the new settings values for the area's settings.
Functionality Affected: Category Listing content managed web page area
Impact: Normal
TOT-4247 - Users unable to to subscribe to emarketing after submitting email address within the Emedia Subscription Form content managed web page area
On a content managed webpage that contained a Emedia Subscription Form area, after the user typed their email address into the area's textbox and clicks on the submit button, a browser error alert box displayed within the message "Request has failed whilst trying to connect to the server, please try again later", and the user failed to have their email subscribed to receiving emarketing. This only occurred if the project is running on the TOTECS Ecommerce platform's Web Server Cluster 2.
Now after the user types their email address into the area's textbox and clicks on the submit button, the user correctly against becomes subscribed to receiving emarketing. This issue was caused by the the list of marketing categories not being correctly passed to the server. Note it was only occurring on TOTECS projects running on the platform's newer web servers that implement tighter URL character standards.
Functionality Affected: Emedia Subscription Form content managed web page area
Impact: Normal
TOT-4249 - Incorrect discount price amount being added to basket by sales representative users for child products that's not the first listed in the Product Combination content managed web page area
On a content managed web page that contained a Product Combination content managed web page area, if the area was displaying a list of child products for a parent combination product, and the area was configured to display the child products as a radio list, and the area is being viewed by a sales representative user, and the area was configured to use the Combination Product Option List Record format that had the $add_product_price_field$ or $add_product_price_discount_field$ hooks embedded within it to allow the sales rep user to optionally set a price for the product, then when a child product was added to basket that was not the first product listed in the area, using either the Quantity textbox or a button using the $add_product_basket_onclick$ hook in its onclick event attribute, then the incorrect price/discount amount was being set for the product in the basket using the price/discount amount set for first product in the list.
Now when using either the Quantity textbox or a button using the $add_product_basket_onclick$ hook in its onclick event attribute, then the correct price/discount amount is being set for the product in the basket using the price/discount amount set within the inputs of the child combination product record.
Functionality Affected: Product Combination content managed web page area
Impact: Normal
TOT-4250 - Webpage URL Routes linked to web page not being deleted when the page is deleted within the Within Websites Administration Centre interface
Within the Administration Centre, under the Websites menu, within the Websites interface, under a content managed website, within the Webpages tree node, if a content managed web page was deleted, it did not also delete the Webpage URL Routes that were linked to that webpage. Because of this these routes were still being checked for and used when a content managed web page was loaded, that may cause a blank content managed web page to display.
Now if a content managed web page is deleted, it now also deletes the Webpage URL Routes that are linked to that webpage. Additionally in the Web Page Routes dialog it will also now display all General routes, previously this was being ignored.
Functionality Affected: Websites Administration Centre interface
Impact: Normal
TOT-4251 - Order Notification Email failing to attach Order Details PDF file when a product contains an ampersand within its product code
Within the Administration Centre, under the Stores menu, within the Orders interface, for an order that has a product assigned to it containing an ampersand character within its code, when the user clicked on the Email button, then within the Send Order Email Notification dialog clicked on the Send Email button, then an error dialog displayed with the "The order email notification failed to send returned" and the notification still got sent out but without the email attachment's order details PDF file. This issue only occurred if within the Orders Store Settings interface the "Order Confirmation Email Order Detail Product Format" setting was using the order_product_set_field to embed the product code or barcode within an order line.
Now when the user clicks on the Email button, then within the Send Order Email Notification dialog clicks on the Send Email button, an error dialog no longer displays with the "The order email notification failed to send returned" and the order email notification correctly gets sent out but with the email attachment's order details PDF file. This issue was caused due to the "Order Confirmation Email Order Detail Product Format" setting using the order_product_set_field to embed the product code or barcode within an order line, and the product code or barcode not having the ampersand character correctly HTML encoded, that causes the HTML to PDF converter to fail due to not meeting strict HTML standards.
Functionality Affected: Order Notification Email
Impact: Normal
TOT-4255 - Removal of vulnerabilities within content managed websites and Trade interface
Within content managed websites and the Trade interface there were cross-site scripting vulnerabilities that could be exploited when combined with social engineering and phishing attacks.
Now within content managed websites and the Trade interface a number of vulnerabilities that could allow intruders to exploit a website were found and have been removed, so that nefarious 3rd parties cannot exploit users into providing information without their knowledge or consent.
Functionality Affected: Trade interface/content managed wesites
Impact: Major
TOT-4257 - Unable to filter payments by Customer Account Code within Payments Administration Centre interface
When an administrator user logged into the Administration Centre, clicked on the Store menu, then clicked on the Payments menu item, within the Payments interface, within the View Payments tab if the Search drop down was changed to the "Customer Account Code" option, then if a value a placed into the search textbox and the Search button was pressed on, no payments would display, even if a payment existed that is assigned to a customer account that matches the code given.
Now if the Search drop down is changed to the "Customer Account Code" option, then if a value a placed into the search textbox and the Search button is pressed on, payments are now correctly searched that match the code of the customer account given.
Functionality Affected: Payments administration centre interface
Impact: Normal
TOT-4260 - Removal of vulnerabilities within Administration Centre interfaces
Within the Administration Centre a number of vulnerabilities that could allow intruders to exploit its interfaces were found and have been removed, so that nefarious 3rd parties cannot exploit users into providing information without their knowledge or consent.
Functionality Affected: Administration Centre interface
Impact: Major
TOT-4264 - Basket Products Administration Centre interface failing to load the list of products
After an administrator user logged into the Administration Centre, after clicking on the Statistics menu, then clicking on Basket Statistics menu item, within the Basket Statistics interface, under the Basket Summary section, within it's table, if the number in the Total Items was clicked on, then in the browser window that opened the Basket Products interface, the interface was failing to load its contents of the Basket Products table for the user to see.
Now if the number in the Total Items is clicked on, then in the browser window that open the Basket Products interface, the interface will correctly load its contents for the user to see again. This issue was caused by a programming error introduced in TOT-4260
Functionality Affected: Basket Statistics administration centre interface
Impact: Normal
TOT-4267 - Updated Template interface not displaying Update Template Area Container interface after changing a web page's template within the Web Page Editor Administration Centre
After an administrator user logged into the the Administration Centre, under the Websites menu, within the Websites interface, under a content managed website, when clicking on a web page, from within the Web Page Editor, upon clicking on the Templates menu item, within the Update Template interface, within the Change Template drop down, after selecting a different template option and clicking the Update Template button, the interface failed to reload, and showed the Update template Area Containers interface. Instead the web page was assigned to the web page template, but all local areas were not assigned to existing template hooks, making the areas disappear on the web page and within the All Areas interface.
Now after selecting a different template option and clicking the Update Template button, the interface correctly reloads, and shows the Update template Area Containers interface. allowing the web page area's to be assigned to the new web page template's containers.
This issue was caused by new stricter server request parameter value standards that the newer web server version required. The logic has been updated to meet these new standards. Note that if a web page was assigned to a new template, it could be assigned back to the old web page template to allow the existing areas to appear again.
Functionality Affected: Web Page Editor administration centre interface
Impact: Major
TOT-4268 - Unable to save settings within the Model Search Listing content managed web page area within the Webpage Editor of the Administration Centre due to incorrectly making server request over insecure connection
After a user logged into the Administration Centre, clicked on the Websites menu, and then clicked on the Websites menu item, within the Websites interface for any content managed webpage that contained a Maker Listing area, open the web page within the Web Page Editor. From within the Web Page Editor, after clicking on a Maker Listing area, within the Area Settings dialog after changing any setting and clicking the Assign button, it failed to save the setting due to the Assign button incorrectly calling the server with a URL containing the insecure URL request, instead of calling the server with the secure URL request.
Now after clicking on a Maker Listing area, within the Area Settings dialog after changing any setting and clicking the Assign button, it now correctly saves the settings for the area.
Functionality Affected: Maker Listing content managed web page area
Impact: Normal
TOT-4270 - Previous Instructions drop down not sorting unique instructions by last order date within the Order Checkout/Submission content managed webpage area
After a user logged into a content managed website, and had added products to their basket. From a web page that contains a Basket Listing area they clicked on a Checkout button and navigated to a web page containing a Order Checkout/Submission area. Within the area that was displaying the Order Details Form format, within the Previous Instructions drop down, it was incorrectly not sorting the unique previous instructions based on the last time an order contained the instruction.
Now within the Previous Instructions drop down, it will correctly sort the unique previous instructions listed, based on the last time an order contained the instruction. Previously it was finding and grouping the unique instructions, but may not always order by the latest order date.
Functionality Affected: Order Checkout/Submission content managed web page area
Impact: Minor