Workarea 3.0.37

Patch release notes for Workarea 3.0.37.

Bump Puma To Latest Minor Version

This helps fix local networking issues with Docker setups, but there are more features that might tickle your fancy.

Read all about it!

Issues

Commits

Specify Product Image Path Options Explicitly

Rather than allow Rails to infer them, specify product_image_path options explicitly in its implementation, specifically the call to mounted_core.dynamic_product_image_path. This helper can raise errors at random times due to a difference in the attributes based on whether Rails can or cannot infer their values, so it's less error-prone to specify these parameters explicitly in the helper definition.

Discovered by Greg Harnly.

Issues

Pull Requests

Commits

Keep Payment Profile Email Address and Order Email Address Consistent

Payment profile email addresses should always be the same value as the order email during the checkout process. However, in guest checkout it's possible to bring these values out-of-sync by changing your email when a payment profile has already been created for the order. This change ensures that Workarea finds payment profiles by reference number and email, and if not, creates a new record. This ensures that a new payment profile record is created for each change to the email on an order, and both fixes the issue for guests as well as prevents against profile takeover of registered users (or existing users in the system).

Issues

Pull Requests

Commits

Protect "Contact Us", Email Signup, and Forgot Password Forms from Denial-of-Service Attacks

Forms on the /contact, /email_signup, and /forgot_password pages were open to Denial of Service attacks since they had no way of throttling requests sent to those pages. Workarea now mitigates the impact spammers might have on the resources of your application by adding a Rack::Attack rule for POST requests to the above routes, based on IP and/or email address. This also prevents Workarea from needing to depend on CAPTCHA even further to prevent automated clients from using the form.

Issues

Pull Requests

Commits

Fix Indicator of Selected Category in Secondary Navigation

Fragment cache keys for a menu of taxons did not originally include the ID of the selected taxon in the key, resulting in the page appearing like the link was never selected. Workarea now avoids this problem by including the selected taxon's ID in the fragment cache key for the menu.

Issues

Pull Requests

Commits

Change Regions In Address Region Select Field, Regardless Of Dom Structure Changes

Update the resetSelectUI() function in WORKAREA.addressRegionFields to query for the region <select> field in order to change its contents. Previously, the order in which the order that DOM elements were laid out on the page mattered, and a bug was discovered when the two elements reversed position on the page layout. Now, the $regionField from within the local .address-fields element is selected, improving reliability and robustness in the JS code.

Issues

Pull Requests

Commits

Now on GitHub