Module - Secure Zones - Changelog
Last updated
Was this helpful?
Last updated
Was this helpful?
Add more logging to Form Submissions to support debugging
User Form Submissions - Expose human-friendly names for fields -
Updated security as outlined in
Added Form ID to password reset Form to better handle error messages
Support for Automations structure
Patch for slug on User Orders output
Add support for new eCommerce Order structure on User Orders output via order_products_flat
Fix for Password Reset on previously deleted users
Access to CRM Company data on User Details output
Wording update on 'Add to Favourites' alert boxes
Access to CRM User Address data on User Details output
Add support to user_orders for sorting and pagination
Updated default layouts to use Siteglide Studio (this won't overwrite existing installed layouts)
Updates to User Orders query to fetch Ordered Products
Made CRM Custom Field output easier by giving you access to field names (e.g. this['User Field XYZ'])
Minor field changes ready for upcoming Module Custom Field updates
Important: Security update for Secure Zones
Our latest Secure Zone Module update fixes a security vulnerability in Sign Up Forms and is a recommended update for all Sites.
For most of our partners, no change in your code will be needed. Simply install the updated Module version 1.2.1. However, if your Site uses custom code to add Secure Zones not currently attached to the Form, you will now need to attach them to the Form.
Further Details:
It has been possible to use Front End code to change which Secure Zone a Sign Up Form will give Users access to. There were legitimate uses for this, however, if a malicious User with knowledge of JavaScript was able to guess a Secure Zones ID, they would have been able to sign themselves up to that Secure Zone.
After this update, only Secure Zones attached to a specific Form in Admin will be allowed when Front End code changes the active Secure Zone of a Form. Any other Secure Zones will be rejected by the server.
We have worked quickly to close this vulnerability after discovering it internally and thank you for your understanding.
Favourites - You can now add a button to WebApp/ Module layouts to allow logged in users to store items as 'favourite'
Email/Password edit - Users can now edit their Email Address and Password
User Secure Zones - This data array can now be accessed in Templates as well as Pages
Structural changes to improve performance and usage costs.
CRM Secure Zone data is now stored as User Properties rather than as User Profiles. Any custom extensions of this database will require you to change to the new field before updating your Module. All data is migrated to the new field on update.
Accessing data before: session.current_user._user_.properties.secure_zones
Now: session.current_user.properties.secure_zones
If you apply this update, then your eCommerce Module should be updated to at least v1.0.4 in order to fully support this change.
Support for Secure WebApp items
User Subscriptions View updated to include new Subscriptions functionality.
CRM - You can output Custom Field Set data with the rest of User Details
Forms - Slight improvement to performance on Secure Zone signup forms, by combining 2 system level calls into 1
Fix for missing name in Password Reset emails
Fix for Password Reset emails not sending if user was previously deleted
Browser Support updates
Bug fix - Secure Zones blocked signup -
If someone submitted a basic contact form, and then a Secure Zone signup form with the same email address, they'd see a "Invalid email or password" error, even though they'd never set a password before.
Allow custom redirects after a Password Reset request has been submitted
Added support for older browsers
Initial report here ->