News

We've almost completed the development of the e-commerce extension for SCHLIX, with internal code schtore. This is an update to the previous post back in May 2020. Last week, all features have been finalized and frozen and we're going to release the first beta version in about two weeks from now.

Expected timeline

• Between September 13 - 18, 2020: first beta release
• End of September/early October 2020: final release (as extension, fully usable)
• Mid-Late October 2020: additional shipping options: USPS (America), Fedex, DHL, UPS, Purolator, British Royal Mail will be available.
• December 2020/January 2021: automated refund, dashboard - integrated with our mapping server.
• 2021: gift card, store credit, subscription

Current features (frozen as of August 27)

• E-commerce catalog with multiple images (dynamic image size can be set in the config section).
  
  • One product can be assigned to multiple categories.
  • Product specifications (each sub-variant has a unique URL)
  • Product variance
  • CTO (Configure-to-order) product options
  • Each product can be optionally assigned a product type. You can assign only 1 product type per product. If you want to have multiple product types per product, use the category (folder) instead of product type sub-application.
  • Downloadable materials attached to product and/or product type (e.g. PDF warranty statements for all product).
• 127 tax rules for different countries, automatic setup
• Country, state/province, city database - this is different from most e-commerce as the city input is free-text.
• Discount - % or fixed.
• Coupon - must be attached to product for the initial release. We will enable store coupons later.
• Payment plugins (alphabetical order): Alipay, BluePay (CardConnect), Braintree, G2APay, Midtrans, Moneris, Paypal, Stripe, 2Checkout, Xendit. Offline payments are supported as well (bank cheque, wire transfer, Interac e-Transfer). Note: the available Moneris payments are for Canadian merchants only. We can build the US one as well if there's a request.
• Shipping plugins (alphabetical order): AsiaXpress, Australia Post, Flat Rate, GoSend, Hongkong Post, India Post, Malaysia Post, Pakistan Post, PHLPost, Postmen, RajaOngkir, Singapore Post, SpeedPost Singapore and Thailand Post
• All transactions are logged.
• Security: we test for basic XSS and SQL injection. XXE (XML injection) prevention is already built-in to SCHLIX CMS.
• Configurable email templates (must use SCHLIX CMS v2.2.4 or later)

Note: some of the payment & shipping plugins will be commercial release.

Caveats for the first version

• Reporting will be available in the next release. Information can already be extracted via SQL and we can build add-ons suitable to your needs.
• No gift card & loyalty point functionality yet - that will be done in 2021 if there's a request.

Here's what schtore looks like as of September 2020:

1. Catalog - product listing
   
   
   
2. Catalog - Images
   
   
   
3. Product Type - Options (CTO)
   
   
   
4. Product type - CTO option choice
   
   
   
5. Product - Options (CTO)
   
   
   
6. Config
   
   
   
7. Payment plugins
   
   
   
8. Shipping plugins
   

Stay tuned for more info! 😄

SCHLIX CMS v2.2.4 has been released with a few enhancements:

• Some icons on the toolbar now have been assigned colour so it's easier for the user to find which toolbar button to click.
• The datetime picker is now a lot more user friendly. Previously, the calendar would pop up automatically whenever the user clicks a datetime input. This behavious has now been changed to requiring the user to click the handle bar if the datetime picker needs to be used. With this behaviour change, it's easier for the user to type freely on the input box without the datetime picker getting in the way.
• There are various other internal changes as well and this will be  the minimum version required to run SCHLIX CMS e-commerce extension when we release it next month (we'll release the beta version in 2 weeks)

SCHLIX CMS v2.2.3-1 has been released. This is a minor update release that fixes a few minor bugs and typos. We are still developing the Schtore e-commerce extension (will be done in September) and this update is required before the extension can be used.

• Some highlights:
• Visual - menu appearance on the backend admin
• Composer packages can now be installed (comand line option has been removed). Please note that PHAR is required
• PHP 8.0 compatibility issue (str_contains, str_starts_with, str_ends_with)
• For developers:
  • cmsCurl and cmsXMLTool class. This is used to handle web service calls for the upcoming e-commerce extension, mostly for payment and shipping.
  • Javascript class ___$HTML and ___$INPUT to create html string tags programmatically. SCHLIX.Util.escapeHTML now has a shortcut ___h, similar to the PHP one.

Greetings,

It has been a little over 3 months since we last released v2.2.2-1 in late January and we finally had the chance to provide some news. First of all, we'd like to apologize for the slower responses for forum replies as well as commercial support between February until April. Even though all of our team members have already been working remotely since 2 years ago, the "new normal" still required some adjustments. COVID-19 took us by surpise and we were scrambling for alternative arrangements for many things, so work stopped for nearly 5 weeks and hence we delayed the release of our e-commerce extension (Schtore). Things are somewhat returning to almost normal now and our response time should be better now.

We realize that everyone is in this together and that there are others who experience even more hardship, so back in April we made a small donation of $2020.04 to Boyle Street Community Service, a non-profit organization for the homeless in the city of Edmonton. Homeless people are very vulnerable in this kind of situation and deserve our help.

Schtore

Schtore is our new e-commerce extension. It's quite massive (custom user-defined table fields, 127 tax rules for different countries (including EU), complete list of currencies and countries (down to the city level, user privacy features, etc). Initially, Schtore will contain the following payment plugins:

• Paypal Express (global)
• Braintree (global)
• Stripe (global)
• Alipay (China)
• Moneris (we've only tested the Canadian version, not the US version)
• Xendit (Indonesia) - as requested in the forum

Shipping plugins:

• Canada Post
• Postmen
• Rajaongkir

There's not that many shipping modules when we release it for the first time, but Postmen should cover most of it.

We may need a volunteer who's willing to test our the EU tax rules.

Please note that this is the temporary layout. It may change once we really release this for general public availability.

SCHLIX CMS v2.2.2 has been released and it is now compatible with PHP 7.3 and 7.4. With this change, SCHLIX CMS is now compatible with PHP 5.6, 7.0, 7.1, 7.2 and 7.3. Other notable changes include the newly included newspaper theme. The previously included company profile theme still exists. You can check the demo (frontend only) at https://demo3.schlix.com. Note to packagers: since it now comes with 3 sample data (newspaper, company profile, blank company profile), the parameter for automated installation has been changed. Please refer to the following article: https://www.schlix.com/documentation/v2/configuration/automated-installation.html. If you have any questions, just head to the forum!

Today we've released the 6th revision for SCHLIX CMS v2.2.1. This should be the final release for 2019. Happy New Year 2020 and we'll catch up with you next year with new e-commerce extensions and other goodies.

List of all revisions for SCHLIX CMS v2.2.1-x:

• Errata #6: Updated typo in the automated installer (not regular installer) for the email address input.
• Errata #5: Updated Google Analytics block, fixed installer and site manager PHP version detection and backslash escape function, minor correction for gallery package name (comment only), HTML encoding issue for SCHLIX_SITE_NAME in the default theme.
• Errata #4: Blog category may not appear on the backend during new item creation (Nov 12, 2019)
• Errata #4: UI layout was incorrect for the password reset form, removed the inner row/column
• Errata #4: File type check for media manager upload
• Errata #4: Fixed zh-CN (simplified Chinese) translations
• Errata #3: fixed layout where the treeview on the left has many items exceeding the browser's viewport. The left column has a scrollbar now and the tag has been changed to the default div. This actually caused an extra scrollbar to be displayed on Firefox and it is a known issue. Fixed blog primary category not being updated after the document has been saved.
• Errata #2 - fixed Fontawesome 5 iconpicker that caused an icon to be generated when saving a menu item.

In regards to CVE-2019-11021 for older SCHLIX CMS v2.1.8-7 (November 2018 - last year), which claimed that "admin/app/mediamanager in Schlix CMS 2.1.8-7 allows Authenticated Unrestricted File Upload, leading to remote code execution.", the analysis needs to also mention that the user who can access admin area will require an elevated superuser permission (the user must belong to [Administrators]before he/she can upload the PHP file. We also allow uploading of zipped PHP scripts to install extensions, by the way, and it's still the case even in 2.2.x.

While inadvertently allowing a PHP file to be uploaded via Media Manager was an oversight, it still requires an admin permission. We think it's pretty rare for an administrator to exploit a bug on his/her own site to own his/her own site.

It's best for security researchers to contact us first to validate a vulnerability before publishing it. Regardless, we still thank for the effort.

For SCHLIX CMS users, simply click Settings - System Update to keep your system secure all the time. Also, subscribe to this RSS news feed for the latest news including security related advisories.

SCHLIX CMS v2.2.1 has been released with an integrated Extension Gallery (App Store) where you can download extension directly from the CMS without having to manually download it from our Extension Directory. We also now welcome publishers who'd like to publish their work to showcase their work and be linked from our website. The first phase, which lasts until end of December 2020, will be open for open source extensions, with commercial offering planned to be open in January 2021.

Other notable changes include:

• Installation/removal of extension now requires administrator password
• Automated installer bug fix - missed 1 parameter during config file generation
• French translation bug fix
• Font Awesome Free has been updated to v5.11.2
• Change email and change password dialog under Users administration have been improved with better user interface
• Inclusion of manual_upgrade.php for manual upgrade in a more restricted hosting environment or if the automated upgrade fails for any reason

Download it here.

CentOS 8 has just been released yesterday. We've tested it and the new SCHLIX CMS v2.2.x series works out of the box (including with the new MySQL 8.0) with only minimal changes to the default configuration. Check out the CentOS 8 LAMP server installation guide for SCHLIX CMS.

In mid-October, we will release a new SCHLIX CMS version 2.2.1-x with a new marketplace integration application called Extension Gallery. With the new Extension Gallery, website owner can easily install/uninstall extension without having to download a ZIP file manually from our current Extension Gallery. If you're a PHP web agency or a PHP freelance developer, you can submit a SCHLIX CMS plugin (application/block/macro) and get more exposure. It's free and this is a great opportunity to showcase your solutions. Both commercial and open source extensions are accepted.

The extension submission process is already open and we're hoping to get more developers to use SCHLIX CMS.

Sample screenshots: