Changelog:WHMCS V5.1

From WHMCS Documentation

« Back to Changelogs

Version 5.1.15

  • Release Date: 27th November 2013

Bug Fixes

Case #3075 - 5.3 Backport: Update to ECB Exchange Rates Data Feed URL
Case #3482 - Currency type must be calculated prior to feed aggregation
Case #3662 - Improved the emptying of template cache
Case #3663 - Client area additional currency selection not working
Case #3665 - Improved HTML quoting to handle all character sets in admin logs
Case #3666 - Added required token to Block Sender Action in Admin Ticket View
Case #3670 - Update to WHOIS Lookup Links to use form submission for lookups
Case #3672 - Add Predefined Product link in Quotes leads to invalid token error
Case #3674 - Updated plain-text email generation to strip entity encoding
Case #3675 - Admin Order failing at Configurable Options with Token Error
Case #3676 - Admin Ticket Merge via Options Tab resulting in Invalid Token
Case #3677 - Fix PDF batch export for more than one user
Case #3678 - Project Management: Should redirect back to project after attaching file
Case #3680 - Required Token added to Open New Ticket Client Search function
Case #3685 - PayPal Callback failing under certain conditions
Case #3686 - Redirect with User ID when deleting email from client profile
Case #3687 - cPanel and WHM Import Tool filter buttons failing
Case #3688 - Remove reliance on the escapeshellcmd() function
Case #3696 - Resolved Import Override from Admin Ticket Mail Import Log
Case #3697 - Email message sender shows quotes encoded
Case #3698 - Emails sent to Admin have erroneous entity characters for some fields
Case #3690 - Ensure all values are free of entities in PDFs

Version 5.1.14

  • Release Type: TARGETED RELEASE
  • Release Date: 21th November 2013


Case #2989 - Downgrade orders failing when no payment due
Case #3467 - API GetClientsAddons fails on certain conditions
Case #3471 - Unable to download ticket attachments from first ticket message
Case #3515 - Add tilde to valid character list of redirect path
Case #3528 - Updated Smarty to latest 2.6.28 release
Case #3545 - Project Management settings redirect on save fails
Case #3482 - Improve default currency logic
Case #3641 - Allow MaxMind Service Type selection


Case #3447 -- Redacted --
Case #3441 -- Redacted --
Case #3459 -- Redacted --
Case #3476 -- Redacted --
Case #3478 -- Redacted --
Case #3489 -- Redacted --
Case #3492 - Remove dependency on unserialize() for admin table sorting
Case #3495 -- Redacted --
Case #3530 -- Redacted --
Case #3554 -- Redacted --
Case #3580 -- Redacted --
Case #3581 -- Redacted --
Case #3584 -- Redacted --
Case #3585 -- Redacted --
Case #3586 -- Redacted --
Case #3587 -- Redacted --
Case #3589 -- Redacted --
Case #3603 -- Redacted --
Case #3605 -- Redacted --
Case #3606 -- Redacted --

Version 5.1.13

  • Release Type: SECURITY PATCH
  • Release Date: 25th October 2013


Case #3444 - Improved validation of monetary amounts


Case #3464 - Information disclosure via the client area as published by 'localhost'
Case #3510 - HTTP Split Attack discovered by the WHMCS Development Team
Case #2633 - SQL Injection Vulnerability discovered by the WHMCS Development Team
Case #3281 - Privilege boundaries not being enforced on addons reported by Vlad C of NetSec Interactive
Case #3453 -Download directory traversal reported privately by an individual
Case #3268 - Lack of input validation in data feeds input discovered by the WHMCS Development Team
Case #3462 - Deficient Null Byte sanitization on input discovered by the WHMCS Development Team

Version 5.1.12

  • Release Type: SECURITY PATCH
  • Release Date: 20th October 2013


Case #3431 - Resolved SQL error in getting ticket departments
Case #2566 - Resolved admin clients list displaying duplicates in certain conditions


Case #3246 - Enforce privilege bounds for ticket actions
Case #3426 - Additional CSRF Protection Added to Product Configuration
Case #3232 - Added additional input validation to SQL numeric manipulation routines

Version 5.1.11

  • Release Type: SECURITY PATCH
  • Release Date: 18th October 2013


Case #3100 - Remove exposure of SQL from user interface
Case #3364 - Additional validation on user IP
Case #3425 - Potential SQL Injection Fix
Case #3428 - Added password verification requirement to admin user management operations
Case #3430 - Potential SQL Injection Fix

Version 5.1.10

  • Release Type: SECURITY PATCH
  • Release Date: 3rd October 2013


Case 3353 - Add sanitization for pre-formatted AES_Encrypt in queries

Version 5.1.9

  • Release Date: 26th July 2013

Bug Fixes

Case #2949 -  Bad function name "db_escaoe_string"
Case #2950 - Invalid token on Mass Mailer steps
Case #2951 - Fix for PayPal callback returning HTTP 406 error on no amount
Case #2953 - Duplicate admin log entries upon login
Case #2955 - Invalid Entity Requested for Support Page/Module
Case #2960 - Improve installer logic
Case #2963 - Additional Domain Fields not saving input
Case #2965 - Correct SQL statement for Ticket Escalations Cron routine
Case #2967 - Domain registrar module command not running via order accept routine
Case #2974 - Fix for invoices with a zero total not being auto set to paid on generation
Case #2975 - Fix for Calendar Entry Type Checkboxes not retaining selection
Case #2977 - Calendar Entries Missing Addon Name for Predefined Addons

Version 5.1.8

  • Release Type: SECURITY PATCH
  • Release Date: 23rd July 2013


Case #2755 - Audit & Code refactor backport

Version 5.1.7

  • Release Type: SECURITY PATCH
  • Release Date: 16th May 2013


Case #2620 - Improved sanitization in client area

Version 5.1.6

  • Release Type: SECURITY PATCH
  • Release Date: 23rd April 2013


  1. Details to be released in due course

Version 5.1.5

  • Release Type: MAINTENANCE
  • Release Date: 15th March 2013

Bug Fixes

  1. Added CSRF Token Management User Configurable Settings to General Settings > Security

Version 5.1.4

  • Release Type: SECURITY PATCH
  • Release Date: 12th March 2013


  1. Details to be released in due course

Version 5.1.3

  • Release Type: SECURITY PATCH
  • Release Date: 3rd December 2012


  1. Update for Google Checkout Module

Version 5.1.2

  • Release Type: STABLE
  • Release Date: 6th July 2012

Admin Area

  1. Added pagination and separation of Active/Expired promotions to admin promotions management page
  2. Admin Area Blend Template Styling Refresh
  3. Admin homepage widgets updated with new graphs, improved system overview & new calendar widget
  4. Implemented more lightweight rich text editor solution
  5. Implemented new calendar with enhanced functionality and improved interface
  6. Improved validation in tax rules to ensure state specific rules are not created without a country
  7. Updated addon management for services that lists addons on service, and avoids popup
  8. Various miscellaneous admin interface updates and improvements
  9. When duplicating an existing promo code, number of uses updated to reset to zero
  10. New color picker implemented for custom ticket/order statuses & client groups to offer a wider range of options


  1. Added setting for determining where affiliate withdrawal requests go
  2. Added the ability to assign manual commissions to an affiliate on demand
  3. Update to make one off commission amounts clearer to users


  1. Added GetClientsAddons API Function
  2. Added MaxMind Fraud Check API Function
  3. Fix for UpgradeProduct API which was failing under certain conditions
  4. UpdateClient API additional fields support added
  5. Various other updates, fixes & tweaks


  1. Auto recalculate on save feature will now include promotion discount
  2. Update to invoices created on demand to auto set due date x days in the future
  3. Update to not send CC Expiry Notices to clients with no active products/services
  4. Updates to Credit Logging to also record when and where credits get applied
  5. CC Info Popup updated to make remote token storage clearer & display token IDs to admins
  6. Added support for payment gateways to display informational messages to admins/staff

Client Area

  1. Add Funds Process updated to convert min/max amounts to clients currency when not default
  2. Added addon status display to products addons tab in default template
  3. Added invoice balance column to default template client area homepage
  4. Added multi-currency selection to client registration page
  5. Added RSS Feed link to Network Issues page
  6. Added the ability to make signup fields optional (address)
  7. Ajaxified Server Status Page to Improve Page Loads, particularly if a server is down
  8. Contacts dropdown was showing up empty on bulk domain edit
  9. Default Template HTML Fixes & Improvements
  10. Homepage updated to only display domain search fields when domain registration/transfers are enabled
  11. Modified KB search to search current category and below only
  12. Update to auto gateway redirect submissions to use jQuery
  13. Updated default template to Bootstrap 2.0.3 release
  14. Updates to all module specific output/login buttons to use customisable language strings
  15. WHOIS Service Unavailable Error Message made more user friendly


  1. Added "Global" option to Notes which makes them show up in clients summary, orders, products and tickets
  2. Added additional alert confirmation steps to all mass action buttons admin side that don't already have them
  3. Added Custom Fields URL/Link Option for creating clickable links
  4. Added Maintenance Mode Redirect URL Option to compliment message display
  5. Admin interface enhancements to preserve list filters when performing mass actions
  6. Cancellation Requests admin email notification updated to contain type (Immediate/End of Period)
  7. Implemented new dynamic color picker to offer a wider range of color choices for custom statuses and client groups
  8. Language File Translations Updates & Improvements
  9. Update to prevent modules such as the Licensing Addon & SSL Modules from generating passwords on products when not needed
  10. Updated CC Expiry Year dropdown menus to display years up to 2025
  11. Updated jQuery to latest release version
  12. WHOIS Server Updates


  1. Added the ability to order domain addons on demand from the client area (ID Protection, DNS Management & Email Forwarding)
  2. Added confirmation message display upon bulk management action
  3. Added function to duplicate an existing TLD to streamline adding new TLDs/Pricing
  4. Added Grouped Domain Notices whereby clients will receive only 1 combined email if multiple domains are nearing expiry
  5. All new and improved domain syncronisation cron process
  6. Domain sync notify only option for those who don't want automated changes
  7. Domain unlocked warning notice removed from TLDs that don't support it such as .UK
  8. Domain Validation not being strict enough on special characters when IDN Domains are enabled
  9. Enom: Added support for resending transfer approval email & cancelling of orders
  10. ResellerClub: Added support for resending transfer approval email, cancelling a transfer & deleting domains
  11. Update to Domain Expiry Reminders to handle no expiry date better
  12. Upon cancelling a domain where it was already invoiced for renewal and included a promotion, invoice was not being cancelled


  1. Implemented MaxMind BIN Verification for CC Checkouts

Payment Gateways

  1. 2CheckOut: Fix for passing over name & address in recurring profile creations
  2. Created new module for Payza/AlertPay
  3. GoCardless Module Added allowing for UK Direct Debit Processing
  4. Google Checkout: Added fuller descriptions that include all line items to address Google's requirements
  5. New Token Modules for SagePay (UK) and eWay (AU)
  6. PayPal Module updated to log new FEEREFUNDAMT from API Calls when present
  7. Quantum Vault: Added more user friendly error message for when no remote profile exists
  8. WorldPay FuturePay Migration from Custom Field Storage to Dedicated Token Field
  9. WorldPay: Payment URL Updates


  1. Affiliates: CalcAffiliateCommission
  2. Contacts: ContactDetailsValidation
  3. Products: AdminProductConfigFields
  4. Quotes: QuoteCreated, QuoteStatusChange
  5. Shopping Cart: ShoppingCartValidateDomain, ShoppingCartValidateDomainsConfig, OrderProductPricingOverride, OrderAddonPricingOverride & OrderDomainPricingOverride + CartTotalAdjustment
  6. Support: TicketDepartmentChange


  1. Added additional token gateway functionality to support remote card entry via iFrame
  2. Added Invoice Subscription ID field available in emails to both Client Area & PDF Invoice Templates
  3. Added protection against product pricing being updated based on a zero exchange rate
  4. Added support for bandwidth overage billing in units of GB & TB in addition to MB
  5. Added the ability to search invoices by line item description
  6. Added the ability to translate Hours and Client Discount line items on invoices
  7. Auto grow text area for invoice line items disabled for invoices with over 30 line items as it was causing browser to become unstable
  8. Update to invoice refund confirmation email to remove balance line
  9. Updated admin side send email dropdown menu to not include
  10. Updated invoice and ticket urls included in emails to use SSL prefix when available

Licensing Addon

  1. Added auto issueing of owned license support & update addons upon upgrade to a license product that requires it
  2. Added automatic trimming to all allowed location input (domain, ip & directory)
  3. Added column sorting to licenses list
  4. Added support for multiple allowed directories
  5. Update to client area license management output to use language file variables


  1. Added GSP-Panel Game/Voice Hosting Module
  2. Added MediaCP module to replace previous CastControl offering
  3. Added ResellerClub SSL Provisioning Module
  4. cPanel module fix for Reseller ACL List being applied on upgrades
  5. cPanel/WHM Import Tool updated to take into account all server usernames for package prefixes
  6. Enom TRUSTe: Updates to auto create required custom field and re-style client area output
  7. Heart Internet: Update to not show new password input fields since Heart's API doesn't support it
  8. VPS.Net: Brand New Re-worked Module with additional functionality including backup management, more power control options, and updated graphing


  1. Added new promotion option for having promotion remain through upgrades
  2. Added real-time admin order process summary/totals display
  3. Added support for defining and assigning orders to custom statuses to help with tracking more complex order provisioning processes
  4. Added the ability for staff to be able to add notes to an order for staff view only
  5. Added the ability to select a contact to be used for domain registrations in admin order process
  6. Admin order process modified to ignore promo rules/requirements and apply whatever discount admin selects
  7. Domain TLD Specific Fields added to admin order process
  8. Quick Promo Creation feature added to admin order process
  9. Update to configurable options to assume minimum quantity for starting from pricing display
  10. Updated both admin and client order processes to default to clients payment method


  1. Added ability to "retire" products and hide them from admin area lists
  2. Update to dropdowns to display products without group names to accommodate longer names better
  3. Updated admin upgrade/downgrade process to default to current billing cycle

Project Management

  1. Added conditional project management addon link to client area
  2. Updated client area templates for latest bootstrap revisions
  3. API Functions added for 3rd party integrations
  4. Various Bug Fixes


  1. Added ability to View Quote PDF within browser rather than Download
  2. Added client area page quotes listing and viewing pages
  3. Added support for quote filenames to be customised via language files
  4. Added support for adding complex products to quotes that include configurable options

Domain Registrars

  1. .AU Specific Extra Field Requirements Added
  2. Added additional hook functionality to domains management page that registrar modules can take advantage of
  3. Enom: Added ability to auto enable ID Protection when a transfer completes for transfer orders
  4. Enom: Added additional required fields for .AM support
  5. Update to EPP Code Handling on Transfers
  6. New Configuration Page Created
  7. Nominet: Updates for Multi-Year Registrations & Renewals
  8. Registrar Modules dropdown menus throughout system updated to only display active modules
  9. ResellerClub Update for .ES Transfers where RC requires "False" for successful for EPP validation
  10. ResellerClub: Various TLD specific requirements added & updated + other updates
  11. Update to allow enabling/disabling of Registrar Modules which restricts registrar modules dropdown to just active modules


  1. Added sort by Date Paid option to PDF Batch Export
  2. Major Updates to Reporting Core to add support for reports consisting of both data & charts
  3. New Reports Added: New Customers, Income by Product, Clients by Country & Direct Debit Processing List


  1. Added email confirmation step to admin password reset process
  2. SQL Injection Fix (Re Patch Issued on 29th May)
  3. Stronger Cookie Verification Hashing Implemented
  4. New admin permissions added for attempting cc captures & generating invoices actions

Support Tools

  1. Added a free text entry email CC option when opening tickets from within the admin area
  2. Added a tab for quick viewing a clients other tickets
  3. Added customisable email template for ticket flagging notification
  4. Added javascript time pcker for network issues
  5. Added new master admin permission for allowing to view tickets even outside departments assignment when visiting via direct link
  6. Added support for BB code [b] [i] [u] in ticket messages
  7. Added the ability for admins to edit the original message in support tickets (previously was replies only)
  8. Added the ability to define custom ticket mask formats
  9. Added ticket flag notification email to be sent when flag is set via an escalation rule
  10. Added Ticket ID to Flag Notification Email for easier reference
  11. New & improved knowledgebase auto suggestions logic engine
  12. Update to iWHMCS and aWHMCS iPhone & Android Apps to support automated client merge fields
  13. Updates to RSS Feeds Syntax

Bug Fixes

  1. Admin Login as Client using clients language setting as opposed to admins
  2. Auto currency updating was interfering with and losing new domain slabs pricing
  3. Awaiting Tickets Reply Count in Admin Area Blend Template not adhering to custom awaiting reply status settings
  4. Client area Default Payment Method setting was not allowing clients to go back to None
  5. Client Area Domains List missing styling for cancelled status
  6. Client Due Invoices Balance Merge Field not working in certain conditions
  7. Credit Cards Expiry Date wasn't staying selected on validation failure during checkout
  8. Data feeds were still referencing old file path in example codes
  9. Deleting an admin was leaving client notes created by that admin unviewable
  10. Disabling Auto Renew for domains in bulk is not updating/removing from open invoices
  11. Domains 5th Nameserver value not being passed through correctly on validation failure
  12. Editing of ticket reply including attachments was leading to attachments text included
  13. Emails to contacts were not adhering to clients language setting
  14. Generating prorata invoice and changing due date from client summary page was not applying payment method change until after invoicing
  15. Google Analytics Integration was generating an query syntax error upon checkout
  16. Hidden flag not being saved when initially adding a new download
  17. Performing a mass action on filtered results in ticket list was not returning to filtered results
  18. POP3 Import process not detecting inline image attachments correctly
  19. Post vars to a page were contaminating Local API requests for some function calls
  20. Product assigned downloads giving an invalid link error when accessed directly from downloads directory
  21. Quote Convert to Invoice radio buttons not toggling correctly
  22. Replaced hardcoded language strings in client area template files to use language file vars
  23. Status script not performing function exists check correctly
  24. TPPInternet Domain Registrar Sync failing upon invalid date response
  25. Update to intelli-search to auto restart session from cookies when present if page has been idle for some time

Version 5.1.1

  • Release Date: 15th June 2012

Version 5.1.0

  • Release Type: BETA
  • Release Date: 11th May 2012