Module - Secure Zones - Changelog

1.3.3 - 11th December 2024

• Add more logging to Form Submissions to support debugging

• User Form Submissions - Expose human-friendly names for fields - Roadmap

1.3.2 - 25th June 2024

• Updated security as outlined in System Files update v2.8.2.4

1.3.1 - 23rd January 2024

• Added Form ID to password reset Form to better handle error messages

1.3.0 - 3rd October 2022

• Support for Automations structure

1.2.11 - 11th March 2022

• Patch for slug on User Orders output

1.2.10 - 7th December 2021

• Add support for new eCommerce Order structure on User Orders output via order_products_flat

1.2.9 - 13th July 2021

• Fix for Password Reset on previously deleted users

1.2.8 - 2nd June 2021

• Access to CRM Company data on User Details output

1.2.7 - 17th May 2021

• Wording update on 'Add to Favourites' alert boxes

• Access to CRM User Address data on User Details output

1.2.6 - 14th April 2021

• Add support to user_orders for sorting and pagination

1.2.5 - 11th February 2021

• Updated default layouts to use Siteglide Studio (this won't overwrite existing installed layouts)

1.2.4 - 7th January 2021

• Updates to User Orders query to fetch Ordered Products

1.2.3 - 10th December 2020

• Made CRM Custom Field output easier by giving you access to field names (e.g. this['User Field XYZ'])

1.2.2 - 5th November 2020

• Minor field changes ready for upcoming Module Custom Field updates

1.2.1 - 30th October 2020

Important: Security update for Secure Zones

Our latest Secure Zone Module update fixes a security vulnerability in Sign Up Forms and is a recommended update for all Sites.

For most of our partners, no change in your code will be needed. Simply install the updated Module version 1.2.1. However, if your Site uses custom code to add Secure Zones not currently attached to the Form, you will now need to attach them to the Form.

Further Details:

It has been possible to use Front End code to change which Secure Zone a Sign Up Form will give Users access to. There were legitimate uses for this, however, if a malicious User with knowledge of JavaScript was able to guess a Secure Zones ID, they would have been able to sign themselves up to that Secure Zone.

After this update, only Secure Zones attached to a specific Form in Admin will be allowed when Front End code changes the active Secure Zone of a Form. Any other Secure Zones will be rejected by the server.

We have worked quickly to close this vulnerability after discovering it internally and thank you for your understanding.

1.2.1 - 28th October 2020

• Favourites - You can now add a button to WebApp/ Module layouts to allow logged in users to store items as 'favourite'

• Email/Password edit - Users can now edit their Email Address and Password

• User Secure Zones - This data array can now be accessed in Templates as well as Pages

1.1.0 - 4th September 2020

• Structural changes to improve performance and usage costs.

CRM Secure Zone data is now stored as User Properties rather than as User Profiles. Any custom extensions of this database will require you to change to the new field before updating your Module. All data is migrated to the new field on update.

Accessing data before: session.current_user._user_.properties.secure_zones Now: session.current_user.properties.secure_zones

If you apply this update, then your eCommerce Module should be updated to at least v1.0.4 in order to fully support this change.

1.0.0 - 14th August 2020

• Support for Secure WebApp items

0.10.0 - 29th July 2020

• User Subscriptions View updated to include new Subscriptions functionality.

0.9.6 - 7th July 2020

• CRM - You can output Custom Field Set data with the rest of User Details

• Forms - Slight improvement to performance on Secure Zone signup forms, by combining 2 system level calls into 1

0.9.4 - 25th March 2020

• Fix for missing name in Password Reset emails

• Fix for Password Reset emails not sending if user was previously deleted

0.9.3 - 14th February 2020

• Browser Support updates

• Bug fix - Secure Zones blocked signup -

Initial report here -> https://roadmap.siteglide.com/bugs/p/secure-zones-second-signup-with-same-email

If someone submitted a basic contact form, and then a Secure Zone signup form with the same email address, they'd see a "Invalid email or password" error, even though they'd never set a password before.

0.9.2 - 19th November 2019

• Allow custom redirects after a Password Reset request has been submitted

0.9.1 - 4th September 2019

• Added support for older browsers