Sales Syntax Live Help 3.7.5

5 January 2026

Sales Syntax Live Help version 3.7.5 is now available (major release).

Upgrading to Sales Syntax Live Help 3.7.5

What's New in Sales Syntax Live Help 3.7.5

• Finalized the “local embeds only” policy from 3.7.x clarifying that every Crafty Syntax deploy must host its own tracking assets to meet 2025 privacy baselines.
  
• Removed the last obfuscated powered-by tag hiding in `livehelp_js.php`; the credit line now appears as a normal HTML anchor so auditors (and operators) can see exactly what ships in the bundle.
  
• Added a trailing `csrepeat_()` invocation to `livehelp_js.php` so the floating help icon re-checks operator presence and swaps artwork even after the visitor widget has been idle—most noticeable when the operator drops offline mid-session.
  
• Repacked the 3.7.5 ZIP to include the clean powered-by link plus the extra refresh call; anyone who grabbed the first 3.7.4 build on 2025‑11‑12 should download the updated archive dated late 2025‑11‑12 or newer.
  

• Reissued the 3.7.3 codebase under the restored **Crafty Syntax** brand; binaries now publish as `crafty_syntax-3.7.4.zip`.
  
• Updated headers, about boxes, installer copy, and powered-by strings to read “Crafty Syntax 3.7.4 (formerly Sales Syntax 3.7.3).”
  
• Refreshed the default login branding: swapped the package logo (`images/logo.png`) and updated `login.php` artwork/labels to show the Crafty Syntax identity.
  
• Restored the `2025_modern/operator.jpg` asset that was missing from the 3.7.3 package so the modern theme displays correctly in 3.7.4.
  
• Corrected the quick-upgrade path in `setup.php` to open a database connection before updating `livehelp_config.version`, ensuring the script actually writes `3.7.4` during the drop-in upgrade.
  
• Generated fresh MD5/SHA256 checksums for both the rebranded package and the archived Sales Syntax bundle so operators can verify integrity.
  
• Documented the rename across `public/what_was_crafty_syntax.php`, `public/crafty_syntax_evolved.php`, and the Crafty Syntax changelog alias.
  
• Notified auto-installer partners (Fantastico, Softaculous, Installatron) that the package is a branding update only—no schema or code changes.
  

• Removed the legacy `offset` column from fresh installs so `setup.php` no longer creates or references the misspelled field that broke MySQL import checks.
  
• Added a tolerant loader for existing databases: if a config row still exposes `offest`, the runtime maps it to `offset` on the fly and falls back to PHP’s active timezone when neither value is present.
  
• Replaced the admin “time offset” dropdown with a read-only notice that shows either the preserved legacy value or the resolved timezone identifier, avoiding undefined-index warnings during upgrades.
  
• Mirrored the fixes into the redistributed `/public/salessyntax` snapshot so hosted customers and LUPOPEDIA deployments stay aligned.
  
• Tightened the HTML embed generator (`htmltags.php`) to display a same-domain placement notice, preventing remote-site integration issues uncovered during shared-host testing.
  
• Tracking now requires local embeds only. To align with 2025 privacy expectations, remote cross-domain tracking was removed in 3.7.x. All installations must use relative paths on the host domain so visitors are not tracked on third-party sites.
  
• Sanitized mobile/iPhone settings updates (`cellphone`, `sessiontimeout`) with `filter_sql` so chat operators cannot inject SQL through the quick settings forms.
  
• Escaped the `see` parameter in `admin_connect.php` before injecting it into the XMLHTTP redirect URL, closing the reflected XSS the legacy admin widget relied on.
  
• Hardened `setup.php` redisplays by wrapping installer inputs in `cslh_escape`/`rawurlencode` and swapping the column-existence checks over to shared-host-friendly `SHOW COLUMNS` queries.
  
• Added `scripts/security_sweep.py` so maintainers can automatically flag risky patterns (`eval`, dynamic includes, raw `$_REQUEST`, unescaped `$UNTRUSTED` output) before shipping future patches.
  
• Completed fresh-install and upgrade validation on Windows (XAMPP) and Linux shared hosts to confirm timezone fallbacks, security fixes, and language loader updates behave consistently.
  
• Restored operator desktop cues: `admin_users_refresh.php` now escalates focus through nested frames (window.parent.bottomof → parent → top → self) before falling back to an alert, and wraps HTML5/EMBED chat sounds with autoplay-promise catches so operators hear the bell even when browsers block background playback.
  
• Standardized all “powered by” links to `https://lupopedia.com/?utm_source=poweredby&utm_campaign=poweredby`, removing obfuscation and legacy domains so embeds point at the LUPOPEDIA hub.
  
• Fixed `leavemessage.php` mail delivery: corrected the status update query, ensured department contact emails are honored, and fall back to `owner_email` so contact alerts always send when visitors leave a message.
  

• Rebased the working tree on the original 3.7.1 payload (`public/salessyntax/`) so all new fixes start from the shipped, unmodified theme.
  
• Retired the legacy `filter_html()` sanitizer and swapped every call site to native escaping helpers (`cslh_escape`, `htmlspecialchars`, `rawurlencode`) to eliminate double-sanitization flags raised by Installatron.
  
• Modernized the visitor typing beacon in `livehelp.php` (and mirrored scripts) to prefer `fetch`/`XMLHttpRequest` while keeping the `<img>`/`GETForm` fallbacks for browsers stuck in 2005.
  
• Removed obsolete upgrade prompts (`pp.gif`, `gopro.png`, “Go Pro” copy) now that unbranded features ship by default.
  
• Updated footer credits across operator/admin pages to read: `Sales Syntax Live Help 2003 - 2025 ( a product of Lupopedia LLC )`.
  
• Added an opt-in `2025_modern` theme (responsive layout, flex-based header/footer, refreshed offline/connecting screens) without disturbing existing templates.
  
• Mobile and iPhone operator consoles now submit chats through modern `fetch` with `GETForm2` fallback, keeping the `postmessage` workflow intact for legacy browsers.
  
• Logged the remediation plan in `plan_for_sales_syntax_3_7_2.md` so future patches stay aligned with Installatron requirements.
  
• Introduced hosted documentation stubs (`howto`, `qa`, `updates`) and new public landing pages (`account.php`, `support.php`, `directory.php`, `members.php`). Added an operator-facing notice on `scratch.php` explaining why the 3.7.2 release preserves the 2012-era UI (to keep diff baselines intact) and how LUPOPEDIA 1.0.0 will layer in modern tooling plus AI-driven migration of community customizations.
  
• Refreshed `javascript/xmlhttp.js` to use a shared `fetch` wrapper with automatic fallbacks to the legacy `GETForm` helpers, keeping polling/typing scripts functional on older browsers while modern installs run via `fetch`.
  
• Packaging/testing: preparing the clean 3.7.2 ZIP and verifying shared-host installs with the modernized AJAX pathways.
  
• Updated configuration helpers so generated URLs drop the domain entirely (always relative paths). This avoids mixed-content issues—legacy installs that were `http://` now call AJAX endpoints over the current scheme (`https://` when needed) without breaking.
  

• Hardened every public visitor entry point (`livehelp.php`, `user_connect.php`, `user_chat_*`, `user_top.php`, `user_qa.php`) to reuse already-sanitized department/tab/offset integers before building redirects, query strings, or embedded JavaScript.
  
• Sanitized visitor-supplied hidden fields in lost-password and chat-color forms so remote widgets and password-reset flows cannot inject markup when rendered off-site.
  
• Refreshed the powered-by link in `livehelp_js.php`, allowing brand swaps to point directly to LUPOPEDIA while preserving the optional creditline toggle.
  
• Expanded the session fingerprinting ladder (`get_ipaddress`) to honor modern proxy/CDN headers, preferring public IPs and falling back safely so legacy installs maintain tracking accuracy.
  
• Packaged the release as the LUPOPEDIA migration baseline: the core now ships with the full Sales Syntax codebase, layered-pop-up heritage, and 3.7.1 security posture.
  
• Added LUPOPEDIA-side scaffolding: `livehelps` parent table (Migration 1071), CSV export guidance, and updated public docs (`public/crafty_syntax_evolved.php`, `public/what_was_crafty_syntax.php`) so operators understand the upgrade path.