Workarea 3.1.23
Patch release notes for Workarea 3.1.23.
Bump Puma To Latest Minor Version
This helps fix local networking issues with Docker setups, but there are more features that might tickle your fancy.
Issues
Commits
Specify Product Image Path Options Explicitly
Rather than allow Rails to infer them, specify product_image_path
options explicitly in its implementation, specifically the call to
mounted_core.dynamic_product_image_path
. This helper can raise errors
at random times due to a difference in the attributes based on whether
Rails can or cannot infer their values, so it's less error-prone to
specify these parameters explicitly in the helper definition.
Discovered by Greg Harnly.
Issues
Pull Requests
Commits
Keep Payment Profile Email Address and Order Email Address Consistent
Payment profile email addresses should always be the same value as the order email during the checkout process. However, in guest checkout it's possible to bring these values out-of-sync by changing your email when a payment profile has already been created for the order. This change ensures that Workarea finds payment profiles by reference number and email, and if not, creates a new record. This ensures that a new payment profile record is created for each change to the email on an order, and both fixes the issue for guests as well as prevents against profile takeover of registered users (or existing users in the system).
Issues
Pull Requests
Commits
- 59d81c24c1316acf9036dfaa28d3dbd362ce8db4
- 804bd9f7ede6fac8de2875e52cdcf94106b1ea75
- 2b0d8d702028d8b8efa731c7381c4f034e4a1393
- 2635595a5eacef1f55001cb481f8fb59a205add9
Protect "Contact Us", Email Signup, and Forgot Password Forms from Denial-of-Service Attacks
Forms on the /contact
, /email_signup
, and /forgot_password
pages
were open to Denial of Service attacks since they had no way of
throttling requests sent to those pages. Workarea now mitigates the
impact spammers might have on the resources of your application by
adding a Rack::Attack
rule for POST requests to the above routes,
based on IP and/or email address. This also prevents Workarea from
needing to depend on CAPTCHA even further to prevent automated clients
from using the form.
Issues
Pull Requests
Commits
Fix Indicator of Selected Category in Secondary Navigation
Fragment cache keys for a menu of taxons did not originally include the ID of the selected taxon in the key, resulting in the page appearing like the link was never selected. Workarea now avoids this problem by including the selected taxon's ID in the fragment cache key for the menu.
Issues
Pull Requests
Commits
Change Regions In Address Region Select Field, Regardless Of Dom Structure Changes
Update the resetSelectUI()
function in WORKAREA.addressRegionFields
to query for the region <select>
field in order to change its
contents. Previously, the order in which the order that DOM elements
were laid out on the page mattered, and a bug was discovered when the
two elements reversed position on the page layout. Now, the $regionField
from within the local .address-fields
element is selected, improving
reliability and robustness in the JS code.