Zen Cart® is a full-function e-commerce application for your website.

Zen Cart

Last update: Jan 6, 2023

Related tags

E-commerce php ecommerce framework shopping-cart ecommerce-platform shopping-cart-solution zencart ecommerce-framework

Overview

Zen Cart® - The Art of E-Commerce

Zen Cart® was the first Open Source e-Commerce web application to be fully PA-DSS Certified.

Zen Cart® v1.5.8 is an update with several bugfix patches applied on top of the PA-DSS Certified version v1.5.4.

It's free software, with free community-driven support available 24/7 on the Zen Cart® Support Site forums at zen-cart.com/forum

Zen Cart® v1.5.8-dev

Compatibility

Zen Cart v1.5.8 is designed for:

PHP 7.3 to PHP 8.0
MySQL 5.7.8+ or MariaDB 10.2.7+
Apache 2.2 and 2.4

Refer to compatibility requirements for additional details.

Installation

Installation is simple:

Ensure you check that the md5/sha1 hash of the Zip matches those publicly posted.

The md5/sha1 values for verifying the zip files hosted at Sourceforge are displayed on the Zen Cart® website along with instructions on how to verify the file using the hash values.

Unzip the downloaded zip file
Everything inside the folder you unzipped needs to be uploaded to your webserver … for example, into your public_html or www or html folder (the folder will already exist on your webserver)
In your browser, enter the address to your site, such as: www.example.com (or if you uploaded it into another subdirectory such as foldername use www.example.com/foldername)
Rename the /includes/dist-configure.php and /admin/includes/dist-configure.php files to "configure.php" and make the files writable (so the install process can write your configuration information into them after you answer a few questions in the following steps).
Also make the /cache and /logs folders writable. (You will be prompted about making other folders writable during installation)
Follow the instructions that appear in your browser for installation.

If some of the terms used in these brief instructions are things you don't understand, there is a much more detailed set of instructions in the /docs/Implementation-Guide PDF.

Upgrading

Recommended reading related to upgrading: https://docs.zen-cart.com/user/upgrading/

Guidance for Secure Installations

The Implementation Guide document is provided to give detailed instructions on how to install and secure your site in accordance with PCI Compliance requirements. Whether your site "needs" PCI Compliance or not is up to you to decide, but you should still follow the documented principles to maximize your site's resilience against troublesome access attempted by any undesired/unauthorized visitors.

Documentation

Use your browser to open the /docs/index.html page for links to release documentation and the Implementation Guide. A storeowner documentation repository also exists at docs.zen-cart.com/user/.

Developer Documentation

Developers wishing to contribute to the Zen Cart® core code may fork the zencart/zencart repository on github and issue Pull Requests from their own feature branches. Please see CONTRIBUTING.

Visit docs.zen-cart.com/dev/ for guidance on issues relevant to developers. This documentation site is very new, but content will be added over time.

Developers wishing to contribute documentation should fork zencart/documentation and contribute PRs. Please see CONTRIBUTING to documentation.

Source

The Zen Cart source code is available at: https://github.com/zencart/zencart

Support

For free community-driven support with Zen Cart, visit our support site: https://www.zen-cart.com/forum.php

Donations/Sponsorship

Sponsorship through GitHub is a simple and convenient way to say "thank you" to Zen Cart's maintainers and contributors, and to help fund its ongoing development.

Just click the "Sponsor" button on the Zen Cart page on GitHub.

If your company uses Zen Cart, note that sponsorship and donations to the project are a valid regular business expense.

You may also donate via our website at https://www.zen-cart.com/donate

Security

We take security very seriously.

If you have discovered a critical security bug in Zen Cart, please email security [at] zen-cart [.] com with the details of the problem and how to trigger it. Issues will be responded to in a timely manner.

For news and updates about Zen Cart®, follow us on Twitter and Facebook

Subscribe to Critical News Updates And Release Announcements

This project is supported by:

Comments

The future of the Default Template & ClassicTemplate in v1.6.0.. (consistency, mobile design/resposiveness, overall look & feel)

Templates.. Surprised there's been very little to NO discussion here with regards to the current template system.. However, templates are worthy of a serious looksee as they are the thing unfortunately that leads folks to "judge a book by it's cover" with regards to how Zen Cart is evaluated by novice store owners and even technical folks. No matter if this is a fair or unfair evaluation factor, the fact is that it IS an evaluation factor, and there's no reason to NOT improve things in this respect.

So let me start with the proverbial elephant in the room :laughing: Classic Template - I don't think anyone would disagree that the Classic template is a LOT overdue for a MAKEOVER.. The Classic template that comes with Zen Cart out the box doesn't do a very good job of representing the product IMHO. Now I realize that for years, the emphasis has been on security, and functionality.. and no doubt these are important considerations, but WHY NOT make moves to make Zen Cart LOOK attractive as well.. I typically replace ALL of the Classic template folders and files with the Barbones template's folders and files because while Barebones is PLAIN, it's a LOT nicer looking than Classic.. Is there ANY opposition to a pull request to make Classic at least a LITTLE more visually appealing or has one just not been submitted??

Lack of Consistency in the Default Template - Typically when I build a Zen Cart template there's a LOT of overrides I find that I need to include with my template to "fix" (address) what are either missing IDs and classes within the default template or to add a level of consistency to classes and IDs that IMHO is missing in the current default template. Perhaps now is the time to start to examine the entire default template.

Responsive/Mobile Capabilities - I haven't seen any movement on this front, and wonder if the plan is to include any kind of foundation for responsive/mobile elements in the default or Classic templates or will the direction of Responsive/Mobile templates continue to be a function of free template contributors??

opened by DivaVocals 59
php 8.2: dynamic properties deprecated, multiple warnings

Deprecate dynamic properties

Thought I'd try the php 8.2beta: 94 warnings on entering the admin, and all for the same error but different files. It would be good if someone could confirm if anything other than just declaring these variables is necessary....

This is useful, there seem to be only a couple more things to review: https://stitcher.io/blog/new-in-php-82
PHP 8.2

opened by torvista 50
When to release?

Is there a milestone that will determine the next release? a) more people on the forum are starting to report notices and warnings that are aleady fixed in 157 (so time/effort wasted there) b) an idea of the schedule would help to allocate/focus my meagre resources in completing multiple almost-finished PRs for inclusion. I know I should do them all immediately, but it's just not possible in the real world.

opened by torvista 45
V157 enable error logging static

Two items here, one is discussed: https://github.com/zencart/zencart/commit/e87391bbf17368be5f4c0d64518c193d9a35434a#r39297222

The other is a result of seeing how this works and making it possible for the operation to remain as it was for those interested. Kept the default the same as has been provided (to split out the files), but made it admin controllable to be able to make sense of the data in a logical sequence rather than by some sort of file convention.

opened by mc12345678 40
Suggestion: Classic Template needs a facelift

Also being carried over from #304

Ahhhhh yes.. the proverbial elephant in the room :laughing: I see that "Old Green" is STILL hanging on in v1.6.. :laughing:

I don't think anyone would disagree that the Classic template is a LOT overdue for a MAKEOVER.. The Classic template that comes with Zen Cart out the box doesn't do a very good job of representing the product IMHO. Now I realize that for years, the emphasis has been on security, and functionality.. and no doubt these are important considerations, but WHY NOT make moves to make Zen Cart LOOK attractive as well.. I typically replace ALL of the Classic template folders and files with the Barbones template's folders and files because while Barebones is PLAIN, it's a LOT nicer looking than Classic.. Is there ANY opposition to a pull request to make Classic at least a LITTLE more visually appealing or has one just not been submitted??

Would like to suggest that It's time to at LEAST let "Old Green" go be with her cousin the "Flaming Gif".. :laughing:

opened by DivaVocals 39
Language Files - move to new array structure?
@zcwilt wrote:

While code exists to use arrays catalog side, we haven't yet converted any language files to the new array structure. Question: do we go ahead and do this for v158?

Benefits:

No more "already defined" issues when duplicates are encountered when loading up the language strings (because it'll update the array instead, before then setting all the defines in place)

matches zc_plugins approach to languages

already in zc_install

backward-compatible insomuch as other files that define language constants will still be able to do that, since core code still uses constants for rendering all language output

Cons:

touches a lot of files
opened by drbyte 37
zc_plugins getting uninstalled...

i am noticing during development that plugins are getting un-installed by ZC. i have tracked it down to:

https://github.com/zencart/zencart/blob/ace282f116e7d46467f43c97e45f5905e3c94440/admin/includes/application_bootstrap.php#L161

which i notice has been removed from v158; however it is getting called from here:

https://github.com/zencart/zencart/blob/aec59979d3c49da87151bf3fb9bdc6ef90d4d17d/laravel/app/Providers/AppServiceProvider.php#L39

why would cause ZC to automatically uninstall an already installed plugin?

opened by proseLA 34
Remove Newsletter feature

We have discussed this before - the practice of sending volume email from your hosting account is harmful and not something we should be encouraging. Is it time to remove this feature?

opened by scottcwilson 34
v156 Remove integer key data from iterator results

In ZC 1.5.5, the iterator class was implemented allowing the use of foreach to cycle through query results. To support this operation, the rewind module was written to use the Move($position) method which was written to allow query results to be returned as both a key=>value response as well as a position=>value response. Therefore, the initial reset of the query results would produce an array of both the key=>value pair and position=>value pair. Then when the MoveNext method was used, the key=>value pair would be updated; however, the position=>value pair remained constant.

This commit adds continued support for code that intentionally used the Move($position) to access the integer based field result and to also prevent adding the integer based results to the Move($value) method returned values.

A similar condition was identified in the ExecuteRandomMulti function.

Incorporation of this modification added a parameter to each function with a default value that causes the function to operate as it has for all of ZC 1.5.x.

This was ultimately an issue because mysqli_fetch_array (and the legacy mysql_fetch_array) when not provided a resulttype as described in the php manual (http://php.net/manual/en/mysqli-result.fetch-array.php) defaults to providing both the integer based result and the field key based result.

Perhaps this was done to support some yet older code; however, with the implementation of the iterator class to provide only field results (consistently at each next result) a modification was needed at least against the foreach implementation.

opened by mc12345678 34
[Proposal] Stop requiring /admin/ folder rename

Feedback welcome ...

Proposal: Instead of throwing a roadblock up if the /admin/ folder is not renamed, instead just display a warning message inside the admin after logging in.

opened by drbyte 34
Multi lingual country names

This may be a to large of a change for ZC 1.6, but I would love to see the country names to be multi lingual in a future release of Zen Cart.. A lot of my customers have shops in multiple languages, and ften ask how and where they can change the county names. Not every one knows the English names for the worlds countries.

opened by Zen4All 34

zc155a->zc157d Upgrade: Admin logs due to change in HTML Editor

While the current release version of Zen Cart is zc158, I'm in the process of 'rebuilding' a zc155a site to zc157d (since there's no PHP version in common between zc155a and zc158).

I started with a 'fresh' zc157d file-set, did the zc_install and logged into the admin. I'm seeing logs like the following on each admin page-load, since the zc155a site is/was using the then-current HTMLAREA editor:

[09-Jan-2023 15:03:15 Europe/Berlin] Request URI: /site/admin/index.php?cmd=display_logs, IP address: 127.0.0.1
#1 require_once(C:\xampp\htdocs\site\admin\includes\init_includes\init_html_editor.php) called at [C:\xampp\htdocs\site\includes\autoload_func.php:37]
#2 require(C:\xampp\htdocs\site\includes\autoload_func.php) called at [C:\xampp\htdocs\site\admin\includes\application_top.php:37]
#3 require(C:\xampp\htdocs\site\admin\includes\application_top.php) called at [C:\xampp\htdocs\site\zc_plugins\DisplayLogs\v3.0.0\admin\display_logs.php:35]
#4 require(C:\xampp\htdocs\site\zc_plugins\DisplayLogs\v3.0.0\admin\display_logs.php) called at [C:\xampp\htdocs\site\admin\index.php:23]
--> PHP Notice: Undefined index: HTMLAREA in C:\xampp\htdocs\site\admin\includes\init_includes\init_html_editor.php on line 58.

[09-Jan-2023 15:03:15 Europe/Berlin] Request URI: /site/admin/index.php?cmd=display_logs, IP address: 127.0.0.1
#1 require_once(C:\xampp\htdocs\site\admin\includes\init_includes\init_html_editor.php) called at [C:\xampp\htdocs\site\includes\autoload_func.php:37]
#2 require(C:\xampp\htdocs\site\includes\autoload_func.php) called at [C:\xampp\htdocs\site\admin\includes\application_top.php:37]
#3 require(C:\xampp\htdocs\site\admin\includes\application_top.php) called at [C:\xampp\htdocs\site\zc_plugins\DisplayLogs\v3.0.0\admin\display_logs.php:35]
#4 require(C:\xampp\htdocs\site\zc_plugins\DisplayLogs\v3.0.0\admin\display_logs.php) called at [C:\xampp\htdocs\site\admin\index.php:23]
--> PHP Notice: Trying to access array offset on value of type null in C:\xampp\htdocs\site\admin\includes\init_includes\init_html_editor.php on line 58.

Primarily posting here in case someone else comes across this.

opened by lat9 2

Enhancement -Do not display Product count for products in subcategories
Allow categories count to ignore products in sub categories.

Added flag COUNT_SUB_CATEGORIES to allow category tree to only count the products in the category specified.

Modified Category tree to check it the new flag exists and if not continue to count the products in subcategories.

Modified functions_categories to add new parameter to zen_count_products_in_categories to allow subcategories to be ignored in the count. Default true current state count properties.

This could be added now as it checks to see if the new flag is set and if not works as now.
Consider Post 158
opened by brittainmark 3
fixes product sorts on pulldown

fixes the bug as documented in this forum post.

the only question now is if we want to add to the description of this config value that it is also used for product pulldowns:

https://github.com/zencart/zencart/blob/d4398a6ccc9e1c8f30007a0720d9e6024c123109/zc_install/sql/install/mysql_zencart.sql#L2881

opened by proseLA 0
admin, category-product listing, product with no image references directory: 403 erro

create a new product with no details apart from name. it has no image in the listing:

but the src references the directory instead of a missing image:

which is not allowed:

opened by torvista 1

Releases(v1.5.8)

v1.5.8(Oct 17, 2022)

First official release of 1.5.8!

See https://docs.zen-cart.com/release/ for more information.
Source code(tar.gz)
Source code(zip)
v1.5.7d(Feb 28, 2022)
Patch release, including:

Admin: Sanitize output

Admin: Address missing/inconsistent HTML characteristics

Admin: Remove call to inspectAndUpdate from every request and only call on plugin_manager page

Admin: include plugins in search

Admin: Fix width of comments block in invoice

Admin: include plugins in search

Admin: Sanitize Output

Core: Fix typo: langauages -> languages

Core: Accommodate field types with zero length

Core: Fix "Uncaught TypeError: mysqli_close(): Argument #1 ($mysql) must be of type mysqli, bool given

Core: Fix coupon min. required calculation wrong when calculated from = All Products

Storefront: Clean HTML for product_reviews_write, correcting PHP notices regarding missing variables.

Core: paypaldp/paypal_curl, correcting PHP notices, partial payflow-uk correction.

(Note: no database changes between v157/v157a/v157b/v157c/v157d, so no need to run zc_install if v157/v157a/v157b/v157c is already installed.)
Source code(tar.gz)
Source code(zip)
v1.5.7c(Mar 5, 2021)
Patch release, including:

All: Security Patches Applied.

All: Improved PHP 8.0 compatibility.

All: Upgraded PHPMailer to latest version 6.3.0

All: Fix some "is_countable" or "must be Array or Countable" errors/notices.

Admin: Fix incorrect "required" error when editing banners if start/end date existed

Admin: Fixed incorrect URL generated when accessing customer-submitted images.

Admin: Improve plugin compatibility on category/product-listing page.

Admin: Attributes Controller fix for broken button, and improved compatibility with plugins.

Admin: Improved DTK search for zc_plugins.

Admin: Fix long-time error in zen_copy_attributes() function.

Storefront: Fix attribute-related error causing "A-non-numeric-value-encountered-in-shopping_cart.php".

Storefront: Restore "Always Show Categories on Main Page" feature from v156

Storefront: Improved compatibility with Image Handler for empty image dimensions.

Storefront: Added new capabilities to breadcrumb class so templates can override defaults.

Installer: Improved upgrade-detection on MySQL 8.0

(Note: no database changes between v157/v157a/v157b/v157c, so no need to run zc_install if v157/v157a/v157b is already installed.)
Source code(tar.gz)
Source code(zip)
zc-v157b-to-v157c-only.zip(276.92 KB)
zen-cart-v1.5.7c-03052021.zip(9.62 MB)
v1.5.7b(Nov 23, 2020)
Patch Release to:

Properly handle cmd parameter.

Remove deprecated javascript init() calls.

Capture order weight.

Limit field lengths in account creation.

No database changes since prior release. No need to run zc_install.
Source code(tar.gz)
Source code(zip)
patch-157-security-patch1.zip(4.18 KB)
patch-157-to-157b.zip(712.48 KB)
patch-157a-to-157b.zip(58.86 KB)
v1.5.7a(Oct 30, 2020)
More info in the release announcement

Among other things, this release contains:

Admin: Correct issues with adding category images.

Admin: Fix product-available date handling.

Admin: Improve order printing.

Admin: Fix product copying operation, particularly in relation to master category id.

Admin: Search now finds disabled items.

Admin: Recent Orders dashboard widget may now be configured to exclude attributes in popover rows for performance.

Admin: Popover will not show model if product does not define a model number.

Admin: CSS paths fixed in Banner Manager, Coupon Exporter.

Admin: Add attribute images to invoice and packing slip.

Core: Set samesite cookie parameter (site must be run entirely https)

Core: Ensure .htaccess permits .woff2 and svg files to be served.

Core: Fix new/featured/all pages not adding to cart.

Core: Fix allowing special characters in passwords (admin and storefront).

Core: Fix issue with adding items with single-valued attributes from listing page.

Core: PHPMailer Update to v6.1.8.

Core: Ensure error messages are displayed after a page redirect.

Core: Fix early issues with plugin manager.

Core: Improve performance of email page.

Core: Fix small layout issues in responsive_mobile CSS.

Core: Introduce grid layout feature for listing pages.

Core: Ensure external pages are loaded with noreferrer.

Core: Hide shipping modules where appropriate.

Core: Fix PHP notices produced by more recent versions of PHP.

Core: Fix multilanguage issues with Sales Report with Graphs.

Core: Tax behavior aligned between admin and storefront.

Core: Fix issues in also purchased products display.

Core: Fix button truncation on checkout confirmation page.

Core: Improve mobile display of EZ-Pages.

Core: Fix PayPal issues which could result in missed orders.

Core: Ask a Question improvements.

Core: Simplify use of private template on storefront.

Core: New config variable "Disabled Product Status for Search Engines" allows stores to optionally not throw 404 for disabled products.

Core: Notifier calls during checkout now include the order number.

Core: Notifier NOTIFY_PAYPALWPP_DISABLE_GET_OVERRIDE_ADDRESS added.

Define Pages: Correct issues with editing.

Source code(tar.gz)
Source code(zip)
v1.5.7(Jun 23, 2020)
More info in the release announcement

Among other things, this release contains:

Core - Many files have been updated for compatibility with PHP 7.2, 7.3 and 7.4.

Storefront - Products with single-valued attributes (such as downloads) can now be added to the cart from the listing page.

Storefront - Product page now includes Ask a Question

Storefront - Contact Us page now includes a telephone number

Storefront - Improved handling of product restrictions such as units and minimum quantities.

Storefront - Define page added to shopping cart page for static content.

Storefront - The responsive classic template now meets accessibility standards for both desktop and mobile.

Admin - Admins can now login to a customer account (login as that customer), to place an order on their behalf.

Admin - Order Status may be updated from the order listing screen.

Admin - Order Status emails are now sent in the language of the order.

Admin - Order Status dropdown can now be sorted to match your business workflow.

Admin - Order Status notification behavior for an Order Status update (send email/do not send email/hide update) may now be configured by an admin switch.

Admin - Order Listing - hover for quick view of the products ordered or to see customer comments, without opening the order details. (Inspired by Info-At-A-Glance plugin).

Admin - Improved customer search.

Admin - Products to Categories Link Manager - Addition of a global tool to copy linked categories to another product.

Admin - Product Copy expanded to include copy of metatags and linked categories.

Admin - Validation for integer min and max values and email addresses.

Admin - Improved configuration settings descriptions.

Admin - Countries page is easier to perform enable/disable actions.

Admin - Improved error messaging.

Admin - Help links to the documentation website added to all pages.

Admin - Products Viewed report now excludes bots and admins, and its database storage restructured to improve site performance.

Admin - Alphabetical sorting of Reports and Tools menus.

Admin - Validation and alerts for updating configuration settings, and other updates to sanitization layer.

Admin - Improvements in Option Name/Value management.

Admin - UI improvements for Attributes Controller, Featured, Option Names Manager, Option Values Manager, Products to Multiple Categories, Specials.

Admin - Fixed last-order details on customer preview box on right.

Email - SPAM prevention built in to forms (Credits @davewest for zenNonCAPTCHA).

Email - Improvements made to increase email deliverability.

Email - Untranslatable text removed from emai

Checkout - Correction of order total layout issues on mobile in responsive_classic template.

All known bugfixes and security fixes for v1.5.6 are included in v1.5.7

Source code(tar.gz)
Source code(zip)
v1.5.6c(Jul 18, 2019)
More info in the release announcement

Among other things, this release contains:

Security Patch to prevent malicious SQL abuse

Fix regression error from 156a/b where PHP errors would occur during PayPal processing

Bugfix: functions_osh_update had a typo, causing errors

Bugfix: download-by-redirect problem fixed when store is in a subdirectory

Bugfix: duplicate (linked) products appeared during manufacturer filtering

Bugfix: undefined TEXT_NO_PROD_SALES for coupons

Ez-pages: fix lookup errors during multilingual use

Reduce copy/paste errors during customer password reset

Improvements to anti-spam for account creation and contact-us forms

Improve DOB handling on account pages

Fix tax-related errors in situations where no tax applies

Tighter controls to prevent order tampering or spoofing

Admin: Geo-Zone editor screen now displays the current zone name

Admin: Recipient count accuracy fixed if some group emails fail

Admin Keepalive tab stops flashing after expiration

Dozens of small updates to prevent HTML errors and PHP error/notices under PHP 7.2+

Source code(tar.gz)
Source code(zip)
v1.5.6b-2019-05-27(Jul 4, 2019)

as released on 2019-05-27
Source code(tar.gz)
Source code(zip)
v1.5.6a(Jan 4, 2019)
Admin: Fix problem with creating coupons with percent off

Admin: Fix broken attribute-copy-to-whole-category

Admin: Improve whos-online session_decoding

Admin: Fix deletion of multilingual ez-pages when deleting a language

Admin: Fix validation of products_url in collect_info

Admin: Add notifier for categories-products-listing, allowing an observer to insert an additional status-type icon.

Admin: Fix geo-zones editor: wasn't saving inserts/edits due to wrong parameter

Admin: Fix Spiffycal issues in Products Price Manager

Admin: On config pages, only show the first 40 chars of a long config value so screen won't get messed up

Modify notifier for zen_get_products_stock

Prevent error: Cannot change session id when session is active

Show default quantity of 1 in products_quantity_discounts if product doesn't have a discount quantity.

Fix missing EMAIL_TEXT_TELEPHONE in email

Avoid errors when restoring cart while cart has product with attibutes without a text attribute.

Clear strict notifications based around shipping and shipping estimates.

Update and consolidate error handler code

Prevent ezpages "countable" warnings in logs

Fix error in perweightunit module

Added missing 'zen_updated_by_admin' function

Tax: Additional tax-handling notifications

Tax: Allow override of zen_get_tax_rate return value.

ot_coupon.php: Let an observer know that the coupon has been removed.

ot_coupon.php: Indicate that the coupon processing is starting and then, for each product, notify whether/not the product qualifies for the discount.

ot_shipping.php: Allow override of the shipping tax, since it can vary from one location to another.

Template: Auto scroll-to-top on ajax confirmation page

Template: Update the EN flag icon (previous gif was bad)

Template: Added back language define which will be used by older templates

zc_install: Handle old date_added zero dates

zc_install: handle ezpages migration to multilingual where table-prefixes are used

Source code(tar.gz)
Source code(zip)
v1.5.6(Dec 10, 2018)
Core - Now compatible with PHP 5.5 to PHP 7.3

Admin - Sales-Report graphs on Admin dashboard

Checkout - customer confirmation emails now include customer delivery telephone number

Checkout - Square Payment support is now built-in. Start taking credit card payments in just 5 minutes! See www.zen-cart.com/partners/square_setup

Admin - Reworded "in stock"/"out of stock" to "enabled"/"disabled" on product-edit pages due to popular request

Admin - Most of the Admin pages have received styling updates for consistency and improved support for smaller screens (credits @Zen4All)

Admin - Admin pages now show their name in browser tabs, instead of generic "Admin"

Admin - Order pages now have some observer hooks to allow plugins to display "more data" with less code-changes

Admin - GV Queue indicator in Admin Header bar can be enabled/disabled in GV Module settings

Coupon new features added: search, export, reactivate, delete duplicates, clone existing coupons

Coupons can now be restricted to amount of an order or of a specific product

Coupons can now be restricted to customers having a specified number of previous purchases

Coupons can now be restricted to products not on sale

Coupons restrictions can now be bulk-added via manufacturer filter

Coupon Usage Report added

Template - CSS spans added around product-qty min/max/unit output, so that these items can be selectively hidden if needed. (Credits @lat9)

Template - Compatibility updates to accommodate OnePageCheckout plugin integration

Core: Added language-change notifier hooks

Enhancement - Updated database to store more order-related data for easier order-reconstruction. This can help allow plugins to do more with completed order details.

Enhancement - File-Uploading now gives more detailed feedback about failures related to invalid file types.

Fixed - date display on Admin warning about log data is now formatted with store's default date format

Mobile - Updated embedded MobileDetect to latest version

Email - Updated embedded PHPMailer to latest version

Utility - CurlTester has more links to external diagnostic tools, including TLS Testing verification

Utility - Plugin version-check utility optimized to allow specific version-comparisons, and adapt to timeouts more quickly.

DB: Remove unused basket 'final_price' field from database

Removed old sagepay_form payment module, and old authorizenet_echeck payment module

Source code(tar.gz)
Source code(zip)
v1.5.5f(Jan 1, 2018)
NOTE: v1.5.5f is NOT compatible with PHP 7.2 ... it will trigger dozens of "warnings about undefined constants"

Changes in v1.5.5f:

Checkout - As a help to people getting PayPal TLS notifications, the CURL Testing tool now reports compatibility with tlstest.paypal.com

Checkout - Square Payments support is now built-in. Start taking credit card payments in just 5 minutes! See www.zen-cart.com/partners/square_setup

Checkout - FirstData soft-descriptors now optional via module settings

Checkout - PayPal - Australia settings explained better in configuration screen

Checkout - PayPal IPN-handler posts back over ipnpb URL and now gracefully ignores unrecognized new notification types

Checkout - Payeezy module now also accommodates 2-series MC BINs

Checkout - Authorize.net AIM - add option to display reason for CVV or date failure

Checkout - Authorize.net AIM - improvements to detect always-SSL site configuration

Checkout - Credit Card Slamming threshold now customizable via Observer code or plugin

Checkout - Internal fix to payment modules to avoid thousands-rounding errors

Fix upload-class bug related to filtering desired file-extensions

Fix multi-language error (since v155a) in functions_email for PHPMailer

Fix possible bug in subdomain handling of secure cookie session handling

Fix attribute sort-order rules

Fixed - if an invalid or non-existent tax rate was encountered, would get: PHP Warning: A non-numeric value encountered in /includes/functions/functions_taxes.php on line 172

Admin: Restored percent calculators on Products Price Manager

Admin: Fix a few sanitizer fields to avoid over-cleaning

Admin: Update currency-exchange calculators since BOC change

Template - Support ISO-8601 style date-of-birth date

Template - Compatibility updates to accommodate OnePageCheckout plugin integration

Template - Improvements for jQuery conflict prevention, and support older browsers

Template - Fix CSS typo in colors

Template - hreflang URL correction

Template - Fix incorrect use of logo image height

Security: CVE-2017-11675 - Low-Risk vulnerability (required your Admin login to be hijacked first). Now prevents exporting to invalid filenames.

Optimization - Abort ajax requests from spiders

Enhancement - Cache-bypass added for certain db queries, so retrieved data is always fresh

Utility - Plugin version-check utility optimized to allow specific version-comparisons, and adapt to timeouts more quickly.

Source code(tar.gz)
Source code(zip)
v1.5.5e(Mar 9, 2017)
Bugfix and a few other improvements:

Fix bug introduced in v1.5.5c related to deleting customers

Upgrade PHPMailer from 5.2.21 to 5.2.22

Update gmail support to use TLS per published standards

Add built-in support for new .htaccess rules required for Apache 2.4, so mod_compat doesn't need to be installed

zc_install improvements better handling for upgrades from v138 / v139

zc_install - removed extraneous backticks from upgrade SQL from v154-to-v155

Bridge compatibility for transition to removal of the ENABLE_SSL_ADMIN constant

Updates to Payeezy and First Data HCO payment modules

Includes the revert of null-exception-handling from v155d

Consolidate to a single upload class, shared between admin/catalog

NOTE: 03/03/2017 - also downgraded the PHP array syntax in the /includes/classes/upload.php class to accommodate people running ancient PHP versions.

NOTE: 03/05/2017 - also fixed an error message problem in the upload class, and another older-PHP syntax issue.

Source code(tar.gz)
Source code(zip)
v1.5.5d(Jan 3, 2017)
While Zen Cart already sanitizes aggressively against the vulnerabilities published in CVE-2016-10033 and CVE-2016-10045 for PHPMailer this week, we are pushing this new release with the embedded security fixes, as a matter of precaution, in the interest of keeping stores safe. This also has the added benefit of helping provide an extra layer of protection against poorly-sanitized plugins (or completely unrelated software) that might be installed on the store site.

Contained in this release are:

Upgrade PHPMailer from 5.2.19 to 5.2.21 to fix critical security bug CVE-2016-10045

Update Authorize.net storage field type in database to accommodate different values returned by Authnet emulator gateways using these modules

Fix zc_install to prevent DB_CHARSET from being set to blank during upgrades when upgrading v1.3.x configure.php files to new format

Revert admin-side null handling to v1.5.5b level (changed mistakenly in v155c)

Source code(tar.gz)
Source code(zip)
v1.5.5c(Dec 27, 2016)
Fix serious PHPMailer bug (upgraded to 5.2.19)

Fix some variable strict-type rule enforcement issues for better PHP 7 compatibility

Fix sanitizer (admin) overzealous cleaning for Attribute Option Comments

Fixed bug preventing sending Coupon and GV emails to "all customers"

Fixed rarely-triggered bug with product-type overrides for delete/copy logic

Fixed problem where deleting a customer wouldn't delete old product-notification requests associated with that customer

Fixed PayPal Standard to no longer transmit a comma as thousands-separator. (PayPal is being more strict about this in 2017.)

Fixed shopping-basket quantity alert problem where changing quantities didn't always fire if min/mix rules were set

Make null-exception treatment consistent in admin to match catalog

zc_install no longer rejects PHP 7.1

Source code(tar.gz)
Source code(zip)
v1.5.5b(Nov 2, 2016)
Bugfixes against v1.5.5/v1.5.5a. Thanks to all our users for sharing details and code fixes!

Details of the changes are summarized at:

https://www.zen-cart.com/showthread.php?219730-Zen-Cart-v1-5-5b-released!&p=1321070#post1321070

https://www.zen-cart.com/docs/changed_files-v1-5-5.html#v155b

Source code(tar.gz)
Source code(zip)
v1.5.5a(May 7, 2016)

New release containing numerous bugfixes and improvements. Thanks to all our users for the excellent feedback, and code submissions!

Details of the changes are summarized at https://www.zen-cart.com/showthread.php?219730-Zen-Cart-v1-5-5a-released!&p=1310272#post1310272
Source code(tar.gz)
Source code(zip)
v1.5.5(Mar 21, 2016)

Zen Cart v1.5.5, released 03/17/2016, updated 03/21/2016

Includes new mobile-friendly responsive template, and numerous other optimizations and modernizations.

Described at https://www.zen-cart.com/showthread.php?219730
Source code(tar.gz)
Source code(zip)
v1.5.4(Jan 8, 2015)

Zen Cart v1.5.4, released 12/31/2014

Described at http://www.zen-cart.com/showthread.php?215684
Source code(tar.gz)
Source code(zip)
v1.5.3-hotfix1(Jul 19, 2014)

This fix, July 19, 2014, fixes a problem with authenticating when attempting to do a db upgrade using zc_install.
Source code(tar.gz)
Source code(zip)
v1.5.3(Jul 13, 2014)

Zen Cart v1.5.3, released 07/04/2014
Source code(tar.gz)
Source code(zip)
v1.5.2(Jul 13, 2014)

Zen Cart v1.5.2-beta2, released 12/17/2013
Source code(tar.gz)
Source code(zip)
v1.5.1(Nov 10, 2013)

Zen Cart v1.5.1, released 09/18/2012
Source code(tar.gz)
Source code(zip)
v1.5.0(Nov 10, 2013)

Zen Cart v1.5.0 release, 12/30/2011. PA-DSS Certified.
Source code(tar.gz)
Source code(zip)