ubercart 7.x-3.6

SA-CONTRIB-2013-098 - Ubercart - Session Fixation Vulnerability

Changes since 7.x-3.5:

• #1344582: Removed Google Checkout.
• #1054028: Fixed product selector to only show products the admin has access to when adding products to an order.
• #2119541: Added Ajax refresh of admin comments pane when adding products to an order.
• #2112095: Removed unused unique_hash database column.
• #2065619: Fixed IPv6 addresses in PayPal transactions.
• #2097737 by hanoii: Added order total weight field to Views.
• #2102989: Removed cart help text setting in favour of translations.
• #1991394: Fixed hard coded link to login page in anonymous checkout completion messages.
• #1559676: Added click sorting of display price in Views.
• #2104877: Fixed undefined variable: _SESSION in uc_googleanalytics_page_alter().
• #2098749: Added Views support for filtering line item titles and amounts.
• #2044223 by david_garcia_garcia: Fixed attribute options form for compatibility with SQL Server.
• #2090221: Fixed error when attempting to send role emails to blank addresses.
• #2086951: Removed unused hook_node_access() implementation.
• #1129378: Added 'Complete sale' and 'Authorization only' options to PayPal Express Checkout.
• #2040889: Fixed order entity to call hook_entity_presave, hook_entity_insert, hook_entity_update and hook_entity_delete.
• #2084664: Removed 'administer product kits' permission in favour of 'administer products'.
• #1969664: Increased checkout page timeout to 30 minutes.
• #2077235 by mettasoul: Typo in view all orders permission check.
• #2065401: Fixed PayPal setup documentation.
• #2064723: Fixed favicon link in printable order invoice template.
• #2024565: Fixed admin users with 'view all downloads' permission to allow download of files purchased by any user.
• #1363464: Fixed 'headers already sent' error after successfully downloading a file.
• #2044223 by david_garcia_garcia: Fixed duplicate SQL placeholders for compatibility with SQL Server.
• #2047795 by trrroy: Updated USPS double-encoded HTML substitution.
• #2055775 by fgm: Removed unnecessary check in uc_product_forms().
• #1988196: Removed role expiry display text settings in favour of translations.
• #1988196: Removed 'Continue shopping' button text setting in favour of translations.
• #1988196: Removed PayPal order submit button text setting in favour of translations.
• #1988196: Removed 2Checkout order submit button text setting in favour of translations.
• #1597154: Fixed incorrectly abandoned PayPal orders by increasing order timeout to 24 hours.
• #2032365 by sobi3ch: Changed hook_uc_line_item() 'validate' and 'submit' callbacks to accept $form and $form_state instead of only order ID.
• #1551130: Fixed notice: Undefined index: cc_number in uc_payment_method_credit().
• #353001: Improved reliability of concurrent order modification check.