Upgrade from AbleCommerce 7.0 to 7.1

This document includes important information regarding the upgrade from 7.0 to 7.1. This upgrade is available for active subscription holders.

Latest Version: AbleCommerce 7.1 Build 10875
Release Date: 11/14/08
Applies To: Existing installations of AbleCommerce 7.0 (builds 9879+)
Change Log : A list of changes between build AbleCommerce 7.0 build 10863 and 7.1 build 10875.

Overview of Upgrade

The upgrade to AbleCommerce 7.1 has some significant database changes with regards to shipping zones and taxes, as well as the inclusion of an additional database field for order numbers.

The focus of this release was international enhancements. This upgrade is primarily intended for merchants doing business in Canada, United Kingdom, and Australia. Unless you have a specific reason for upgrading, we recommend that you wait until version 7.2 is released, as it will contain many bug fixes.

NOTE: Please take a moment to read this entire page before beginning installation. This upgrade will take longer than average due to the adjustments required for taxes and email templates.

Download Upgrade

To download the upgrade for AbleCommerce 7.1, you will need to have an active subscription. We will notify all subscription holders when a new version is available for download. If you are not notified and believe you are entitled to this upgrade, please open a new case and be sure to include your order number.

Backup your Existing Files

Make a backup copy of the entire AbleCommerce install folder and the database.
Any customizations that you may have made should be located in the following folders of your <installpath>:

\ConLib\Custom\..
\App_Data\Scriptlets\Custom\..
\App_Themes\..(current store theme)..\*.css, *.skin

The upgrade will NOT overwrite customizations located within these specific folders.

Installation of New Files

Double-click the .exe file to extract the contents to a temporary location.
Select all the new files, copy, and overwrite your existing files in the <installpath> program folder.

Upgrade your Database

WARNING: Make sure you have a backup of your database before upgrading !!!!

Browse to the <installpath>/install/upgrade.aspx page to run the database script.

e.g. http://localhost/ac7/install/upgrade.aspx
Follow the on-screen instructions to complete the upgrade:

Type BACKUP in the space provided to confirm you understand. DO NOT PROCEED UNTIL YOU HAVE REALLY BACKED UP YOUR DATABASE!
Choose Microsoft SQL Server 2005 (includes Express version) or Microsoft SQL Server 2000.
Initiate the upgrade. When finished, you should receive confirmation.
You may also receive some information on changes made during the upgrade.

If you get an error during upgrade - STOP! Copy the error for AbleCommerce support, and revert to your backups.

Remove the Install Directory

When finished with the installation, make sure you remove the \Install\ folder.

Keep the file \install\updatekey.aspx and updatekey.aspx.cs (to manually update a license key in the future)

Replace any Customizations (if applicable)

AbleCommerce will not replace any files located in the \Custom\ folders, however, you may need to restore customizations made to files (.css\.skin) within the \App_Themes\ folder.

\ConLib\Custom\..
\App_Data\Scriptlets\Custom\..
\App_Themes\..(current store theme)..\*.css, *.skin

Post Upgrade Tasks

This section for informational purposes only:

Configure > Shipping > Countries has been moved to Configure > Regions > Countries.

No changes were made to this feature except for it's placement in the Configure menu.

Configure > Shipping > Shipping Zones has moved to Configure > Regions > Zones.

The existing shipping zones feature has been expanded to allow merchant to standardize regions for use with shipping and taxes. To create or modify existing zones for taxes or shipping, you will need to do that from the new menu found under Configure > Regions > Zones. During upgrade, an attempt was made to consolidate any defined tax areas that match an existing shipping zone. For any unmatched tax areas, a new zone will be created for each tax rule.

Shipping Methods: If you have previously created zones for shipping, they will be exactly the same after upgrade. You can still view and modify the zone that is associated to each shipping method by going to Configure > Shipping > Methods. If you need to create new zones for shipping, you will need to do that from the new menu found under Configure > Regions > Zones.

Taxes: If you have previously created tax rules that apply to a specific country, state/province, and/or zip code, you will notice that each of the tax rule locales will be created as a new zone under Configure > Regions > Zones. The naming of the new zones, that have been converted from any existing tax rules, is as follows:

[country] with [name of state/province] - or - [postal code]

The new zone names are for merchant display only. The names of existing tax rules have not been changed and will be displayed on the invoices as they were before upgrading.

STEP 1) Re-enable Taxes

For any 7.0 store that had tax rules created, you will need to re-enable taxes after upgrading and configure your new display settings.

Go to the Configure > Taxes > Settings menu.
Select the 'Yes' option. This will offer some new display options for taxes. These are display options for the customer only. The merchant display will remain the same except for printable invoices which will offer the same display options.
Shopping Display: Choose whether you want to show your prices with or without tax.

Show prices without tax - This is the default option. Prices will be displayed without tax included.
Show prices with tax included - If you choose this option, prices will include any applicable tax for a registered user who is logged in. If a user is not logged in, then the prices will be shown with tax that is based on the default store warehouse.

Invoice Display: Choose how your customers should view any taxes in the basket, during checkout, or on the invoices.

Show taxes as separate line items - This is the default option. Taxes are itemized in the basket and invoices.
Show prices with taxes included - Typically, this display option would be used in conjunction with the 'Show prices with tax included' shopping display option above. Prices include applicable tax.
Show taxes in summary only - This option will not itemize tax amounts. Any taxes will be combined and appear in the summary section of the invoice.

Tax Column: If you check this option, the tax rate will be shown in a separate column for each item. You can enter a custom name for the column display with this option. The default value is "VAT" which stands for Value Added Tax, a United Kingdom requirement.
When finished, click the SAVE button.

New Tax Rule Settings

As mentioned, you will now have the ability to assign your tax rules to zones, or pre-defined geographical regions. Additionally, tax rules can be associated to a user group or excluded from a user group. From the Configure > Taxes > Tax Rules menu, you can edit a tax rule and select these filters.

In the special case of compounding taxes, or where tax is calculated on tax, there is a new option to select another tax code that should be used to charge tax on the selected tax rule. Compounding taxes are used in Canada, so we provide an example of how this can be setup properly in AbleCommerce.

Setting up Compounding Tax (example)

Add a tax code called "Taxable" from the Configure > Taxes > Tax Code menu.
From the product editing page, assign the new tax code, "Taxable", to the product.
Go to the Configure > Taxes > Tax Rule menu and create two tax rules using the following settings as a guide:

Tax Rule Name	Apply to Tax Codes	Rate	Address Filter	My Tax Code	Priority
GST	Taxable	5%	choose zone(s)	Taxable	1
PST	Taxable	10%	choose zone(s)	none selected	2

On checkout, for any address that applies to the tax rule, here is how the taxes are calculated for a product priced at $100.

Amount of Sale	$100.00
GST (5%)	$5.00
Sub-Total	$105.00
PST (10%)	$10.50
Total Payable	$115.50

STEP 2) Updating Email Templates

In this version, we modified the database to use Order Number as well as Order ID. What was previously the Order ID is now the Order Number. The Order ID is used for legacy integrations. Unfortunately, this change requires some updates to the email templates.

Please review this page for instructions on updating your email templates: Email Templates for AbleCommerce 7.1

STEP 3) Compatibility with IIS7.0 Integrated Pipeline Mode

Issue ID 7067

This step is optional. If you want to use IIS7, without setting the application pool to "classic ASP.NET", then after upgrading, you will need to manually change the web.config file.

Open the web.config file in the root of the AbleCommerce installation and locate the system.webServer section toward the bottom.

The default installation will contain this data:

To upgrade, new nodes must be added. This is the default data from a 7.1 installation. As you can see, the AbleCommerce Http Module is added, along with three additional handlers.

Take special care when you copy the text below as you may end up with extra line breaks which should be removed after pasting them.

        <system.webServer>
                <validation validateIntegratedModeConfiguration="false"/>
                <modules>
                        <add name="ScriptModule" preCondition="integratedMode" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
                        <add name="AbleCommerceHttpModule" type="CommerceBuilder.Services.AbleCommerceHttpModule, CommerceBuilder.Services" preCondition="managedHandler" />
                </modules>
                <handlers>
                        <remove name="WebServiceHandlerFactory-Integrated"/>
                        <add name="ScriptHandlerFactory" verb="*" path="*.asmx" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral,   PublicKeyToken=31bf3856ad364e35"/>
                        <add name="ScriptHandlerFactoryAppServices" verb="*" path="*_AppService.axd" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral,   PublicKeyToken=31bf3856ad364e35"/>
                        <add name="ScriptResource" preCondition="integratedMode" verb="GET,HEAD" path="ScriptResource.axd"   type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
                        <add name="WebChart.axd_GET" path="WebChart.axd" verb="GET" type="WebChart.CachedImageService, WebChart" preCondition="integratedMode,runtimeVersionv2.0" />
                        <add name="Captcha.ashx_*" path="Captcha.ashx" verb="*" type="CommerceBuilder.Web.CaptchaGenerator, CommerceBuilder.Web" preCondition="integratedMode,runtimeVersionv2.0" />
                        <add name="ProcessPayPal.ashx_*" path="ProcessPayPal.ashx" verb="*" type="CommerceBuilder.Payments.Providers.PayPal.IpnProcessor, CommerceBuilder.Paypal" preCondition="integratedMode,runtimeVersionv2.0" />
                </handlers>
        </system.webServer>

STEP 4) Include additional SQL worm protection in global.asax

Issue ID 7285

AbleCommerce 7.1 is not vulnerable to the SQL worm. Still, we can include a change to the global.asax file to try and reduce server impact of SQL worm and other XSS attacks coming in on the query string. Also, this change prevents registrations in the page view log which could help alleviate concerns about hacking.

IMPORTANT: This change is not required to be safe from SQL injection attacks because AbleCommerce 7.1 is not vulnerable to the SQL worm. The purpose of the change is to ignore these requests and save server resources.

Open the global.asax file in the root of the AbleCommerce installation and modify as shown below. This change activates the check for suspicious URLs.

The default global.asax file begins like so:

    protected void Application_BeginRequest(object sender, EventArgs e)
    {
        string ncp = Request.QueryString["NCP"];

Insert a block of code into the BeginRequest method:

    protected void Application_BeginRequest(object sender, EventArgs e)
    {
        //TERMINATE SQL INJECTION ATTEMPTS
        int maxQueryLength = 500;
        string rawUrl = Request.RawUrl;
        int qIndex = rawUrl.IndexOf("?");
        if (qIndex > -1)
        {
            string query = Request.RawUrl.Substring(qIndex).ToUpperInvariant();
            if (query.Length > 500 || query.Contains("DECLARE%20"))
            {
                //POTENTIAL ATTACK
                Response.Clear();
                Response.Write("INVALID REQUEST");
                Response.Flush();
                Response.End();
            }
        }
        //CHECK FOR "NEW COOKIE PLEASE" INDICATOR
        string ncp = Request.QueryString["NCP"];