Recent changes to feature-requests

Installation Problom

Anonymous — Fri, 27 May 2005 15:56:43 -0000

I login by root user. Then run ./configure.pl under a subfoler.

I change the document root setting
to /srv/www/htdocs/qingc/allcommerce, and change the cgi-bin
directory to/src/www/htdocs/qingc/allcommerce/cgi-bin.

Then continue installation to finish.

Unfortunaterly, I can find any new files under the above
directories.

Could you tell why?

Qing

BUG: suEXEC incompatibility

Anonymous — Sat, 14 Sep 2002 23:52:23 -0000

For security reasons, suEXEC (an Apache module to allow
CGI scripts to run as a different user than the web
server) refuses to follow symlinks to CGI scripts.
Therefore, suEXEC cannot run the symlink to "index.cgi"
that the installation process creates.

Fix: Use a hard link, or copy the file.

Repost: BUG: Failure to handle metachars

Anonymous — Sat, 14 Sep 2002 23:42:04 -0000

In the original post, I failed to upload the patch.

This would be in the Bug Tracker, but the bug tracker
requires a login.

In lib/configure.pm:490, and other places in that file,
backticks are used to run shell commands that set up
the database. There are actually multiple problems with
this approach:

- Using the MySQL admin password on a command line is
insecure. On some systems, it can be seen by other
users with the 'ps' command.

- If the password contains any shell metacharacters,
the shell command will fail, because backticks are
processed with "sh -c".

For MySQL, the best way to fix the bug is to connect to
the server directly through DBI and create the database
and database tables by sending SQL queries, the same
way that this is already done for MySQL on the Win32
platform. This fixes both the shell-metacharacter
problem and the security problem. Attached is a patch
against OS AllCommerce 1.2.3 that implements this fix.

BUG: Failure to deal with metacharacters

Anonymous — Sat, 14 Sep 2002 23:38:16 -0000

This would be in the Bug Tracker, but the bug tracker
requires a login.

In lib/configure.pm:490, and other places in that file,
backticks are used to run shell commands that set up
the database. There are actually multiple problems with
this approach:

- Using the MySQL admin password on a command line is
insecure. On some systems, it can be seen by other
users with the 'ps' command.

- If the password contains any shell metacharacters,
the shell command will fail, because backticks are
processed with "sh -c".

Root user/chown problems

Anonymous — Sat, 14 Sep 2002 01:32:43 -0000

The configure scripts should be able to function as a
non-root user.

os_allcommerce may be run on a web hosting service
where the person installing os_allcommerce cannot log
in as root.

Also, on such a system, an Apache web server may be
configured with the suEXEC feature, so it would be
undesireable to chown any of the files to 'nobody'.

The configure scripts are hard-coded to chown some
files to nobody, probably because they assume that the
web server is running as nobody. Not all web servers
are configured to run as nobody. Therefore, the user to
chown files to (if any) should not be hard-coded into
the software.

path.pm improvement

Anonymous — Sat, 14 Sep 2002 01:18:16 -0000

I've noticed in the file "path.pm", the os_allcommerce
root directory, which defaults to
"/home/httpd/os_allcommerce",
is repeated in each of the values of $apath.

The enclosed patch puts the root directory in a
variable, so
that you can change "$root" without having to modify the
values in $apath.

FTP support

Anonymous — Thu, 20 Dec 2001 20:37:25 -0000

I think you should have FTP support/user guide for non-
apache programmers. It would be great for people who
don't run their own servers but have remote server
hosted by ISPs.

Automated Mailing

Anonymous — Fri, 06 Jul 2001 22:51:57 -0000

It would be nice if mailing could be automated when the
order status changes.

For example, when a customer's order changes to
"awaiting fulfillment" it could send an e-mail from a
template stating such.
Similarly, it would be nice to have a facility to
attach a UPS/FedEx/USPS waybill or tracking number so
the customer could receive that information when the
order status reaches shipped.

Installation

Tue, 15 May 2001 08:33:34 -0000

I think suring up the installation proccess (at least
better docs) and alternate database support should be
your first priority. I am trying to intetgrate
AllCommerce with SQL-Ledger. The two, with a some
tweaking, would complement each other perfectly. Could
be a great marriage! But one uses postgresql and yours
mysql. Got to get past that.

Button Font

Anonymous — Wed, 11 Apr 2001 00:29:09 -0000

Release the .ttf button font for public use.