Welcome to Zen Cart™ ...

The Zen Cart™ software is made available to you for use, additions, changes, modifications, etc. without charge, under the GNU General Public License.

While we do not charge for this software, donations are greatly appreciated each time you download a new version, to help cover the expenses of maintenance, upgrades, updates, the free support forum and the continued development of this software for your online e-commerce store.

Donations can be made at: The Zen Cart™ Team Page

We appreciate your support.
The Zen Cart™ Team

Zen Cart™ is derived from: Copyright 2003 osCommerce
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE
and is redistributable under the GNU General Public License

This software is OSI Certified Open Source Software.
OSI Certified is a certification mark of the Open Source Initiative.

CHANGELOG - List of Changed Files

For a list of files that have been changed since v1.3.9d, see the changelog-v1-3-9e.html


For added security, Zen Cart™ comes with several .htaccess files already included in various folders to help provide protection against unwanted visitors and even against mis-use of your site in the unfortunate situation of your site being hacked. These protections prevent hackers from using your site as phishing sources.

However, for these built-in protections to work, your web hosting server administrator MUST set the AllowOverride directive in the server's apache configuration (the server's master httpd.conf file) to "All" or at least ensure it includes these parameters: 'Limit Indexes'.

ie:    AllowOverride All
or:    AllowOverride Limit Indexes    

(NOTE: You must also add "Options" if uncommenting OPTIONS directives in your .htaccess files)

Without these settings, you will likely encounter "500 Internal Server Error" messages when attempting to access various parts of your site, including perhaps the zc_install installer script.

Storeowners hosting on Windows Servers using IIS instead of Apache may need to remove the .htaccess files and rework them into suitable equivalents within your IIS configuration. See Microsoft's IIS website for specific assistance.


Inside some folders is an .htaccess file that lists certain *permitted* filetypes which may be accessed. (Anything else is blocked to prevent abuse on your site).

The side-effect of this is that if you choose to use media types that are not already listed in the *permitted* list, then your visitors will not be able to see those resources.

Thus, if you are using product images that are not in the list of permitted types in your /images/.htaccess, you will need to add those types to the list.

Similarly, if you are using certain media types in music product previews, you will need to make sure those are in your /media/.htaccess

And, if you are using filetypes for downloadable products that are not already listed in your /pub/.htaccess and /download/.htaccess you will need to add those as well.

Zen Cart™ Server Requirements

MINIMUM Requirements:
PHP 4.3.2 or higher, Apache 1.3.30 and MySQL 3.23.x or higher.

RECOMMENDED Requirements:
PHP 5.3.2 or higher, Apache 2.2 or higher and MySQL 4.1 or higher.

While Zen Cart can run on Windows/IIS servers, Linux/Apache servers are recommended for best results.

Upgrade Instructions from v1.3.9a/b/c/d to 1.3.9e

If you are upgrading from Zen Cart v1.3.9a or 1.3.9b or 1.3.9c or 1.3.9d, the process is simple:
- compare all the changed files with the files on your own site... and re-apply your customizations to the new files
- upload the new files (with your customizations added) to your site
- (there are no database-updates required between v1.3.9a to v1.3.9b or v1.3.9c or v1.3.9d or v1.3.9e)

If you are upgrading from a version prior to v1.3.9a, please follow the instructions in the "how to upgrade" documentation in the /docs folder.


It is advisable to clear your browser cache and cookies after upgrading, before attempting to access your Admin section. Old admin cookies may prevent you from logging in until you clear the cache and cookies and restart the browser.

Whats New ...

The following improvements and bugfixes are included in v1.3.9e since v1.3.9d:

  • Added some missing currencies to 3D-Secure lookup facility
  • Fixed small error in /editors/.htaccess which caused some problems with TinyMCE addon
  • Fix broken whos-online cart display
  • Added removal for "%" symbols in product names when submitting details to PayPal for rare cases where it could cause a transmission error
  • improve search-query syntax to work better when large numbers of subcats are involved
  • fix issues related to incorrectly-URLencoded NOTIFYURL and RETURNURL and CANCELURL params being sent to PayPal
  • BUGS-135 - When deleting categories, the salemaker_sales table wasn't updated to reflect the removal
  • BUGSFORUM-1171 - Advanced search was failing when searching on price and from-price = to-price
  • BUGSFORUM-1279 - Line Items not sent to PayPal properly
  • BUGSFORUM-1288 - handle occasional overly-url-encoded data received back from PayPal
  • BUGSFORUM-1324 - mitigate minor/rare sql injection risk
  • BUGSFORUM-1330 - trap cases where submitted session name is illegal (helps mitigate against false-positive PCI scans)
  • BUGSFORUM-1343 - explode() expects parameter 2 to be string ... in functions_general.php line 566
  • BUGSFORUM-1353 - adjust tax group totals for shipping tax, so that it is not affected by the general ratio discounting method when include_shipping = false, and split tax lines are enabled
  • BUGSFORUM-1370 - small syntax error in rarely-used section of email code
  • BUGSFORUM-1371 - Clearing quantity field on shopping cart page should be the same as entering "0"
  • BUGSFORUM-1378 - fix small error in detection of $this_is_home_page in certain cases
  • BUGSFORUM-1362 - fix broken </td> tags in some admin input pages
  • BUGSFORUM-1355 - Authorize.Net SIM - checkout_success page doesn't show css or images because of broken base-hrefs
  • Fix missing delete from coupon_restrict when products_id or categories_id is removed
  • Fix bug where checking for additional images when switch is set to off could cause some excess server load
  • Added more order details to the $order_summary array which is passed to checkout-success
  • Change system-information lookup to check for availability of exec() function before blindly using it in case it's been disabled by server admin
  • Updated spider-detection list
  • Added PHP6 support into error-logging util
  • note: phpBB setup steps removed from the zc_install screens. One can manually set the phpBB path into configure.php by hand if needing that functionality.

Zen Cart™ Copyright 2003-2010