All Activity
This stream auto-updates
- Past hour
-
I couldn't find that, but since I've already changed it back I don't think it will help.
- Today
-
emilyrichrx joined the community
-
FYI: I have seen comments regarding phpMyAdmin that if clicking in the cell with the encoded data you want to see, the cell will show a drop-down that allows the user to select base64_decode.
- Yesterday
-
The obsolete emails were showing in the Contact Us admin settings but I have already changed them to [email protected] I see the Contact form in phpMyAdmin but I don't know how to decode the array.
-
Are the obsolete email addresses in the Contact Us admin settings form still showing as the obsolete ones? If so, use phpMyAdmin (or similar) to examine the database table CubeCart_config. Find the row for Contact_Form. Have phpMyAdmin decode the 'array' value. Are the emails shown here the same obsolete ones?
-
" You said you did not change the skin setting? But was the setting actually changed? " Yes the skin was actually changed in admin. No databases were restored.
-
The trap looks for (in addition to the registration form being used) the LAST letter being uppercase (not giving any consideration to the other letters) and the same letter for both first and last names. The admin cannot disable a skin. If the name of an installed skin is known, a URL can be constructed to have that session (based on cookies) switch to it. This can happen even if the admin, in Store Settings, Layout tab, 'Allow skin to be changed', has been set to "Yes, Logged-in admin only". However, this is session-based. I cannot conceive of how a drive-by visitor can change the skin across all sessions. You said you did not change the skin setting? But was the setting actually changed? And, you also say Contact Us settings have reverted to what they were at some point in time in the past? I would ask if your hosting provider restored some of your database from a backup.
-
I just posted this to another topic but thought I should start a new one. I just got a registered customer with the same three letter first and last name in all caps from singapore. What is your trap Brian? I know this won't make sense and I've been told in the past this is not possible but it has happened again. I went to look at my webstore this morning and it was showing and old skin that I still have uploaded. I DID NOT CHANGE THE SETTINGS IN ADMIN. Also, in checking my email log the above customer had used the contact form and sent it to the following departments: General Inquiry - International Shipping Quote - Questions about a product. I have long ago deleted those email accounts and moved all emails sent from the contact form to [email protected] blah. In looking at the store settings these old email addresses are showing which I had changed all of them to [email protected] I still have the departments. I don't know if the two are connected but I'd like to figure out what is going on.
-
There are some (non-specific non-legal advice) articles found from a shallow search. Basically, if the card/voucher is 'single-purpose', meaning that what it can only be redeemed for is a specific single product or service, VAT is collected with the sale of the card. Consuming the service then depletes the balance on the card. This is because the tax rate is known at all times. The tricky part is to not tax that single-purpose consumption of the card's balance. A 'multi-purpose' card can be redeemed for anything, and if some things are VAT taxed at different rates (books versus jewelry), VAT is not known at all times, cannot be collected with the sale of the card, and so must be collected when the card is redeemed. (Again, consult with your local/federal taxing authorities.)
-
I just got a registered customer with the same three letter first and last name in all caps from singapore. What is your trap Brian? I know this won't make sense and I've been told in the past this is not possible but it has happened again. I went to look at my webstore this morning and it was showing and old skin that I still have uploaded. I DID NOT CHANGE THE SETTINGS IN ADMIN. Also, in checking my email log the above customer had used the contact form and sent it to the following departments: General Inquiry - International Shipping Quote - Questions about a product. I have long ago deleted those email accounts and moved all emails sent from the contact form to [email protected] blah. In looking at the store settings these old email addresses are showing which I had changed all of them to [email protected] I still have the departments. I don't know if the two are connected but I'd like to figure out what is going on.
-
(Looking at CC628) In admin, Gift Cards, the admin can choose the Tax Type. Please experiment with setting this to Tax Exempt. (Depends on your local tax laws.)
-
I raised this maybe 2 years ago. There is something not quite right with gift cards. I don't recall exactly what, but something along the lines that the person buying the gift card is charged VAT, and then the customer spending the gift card is also charged VAT. Or maybe the customer buys a gift card, is charged VAT, and the spending value is now reduced. eg: £20 gift voucher bought, but the spending value is reduced to £16.00 due to the vat portion. The recipient, comes to spend his £16.00 and is charged VAT on top. Like I say, I don't recall exactly what the problem was, but it was enough for me to not bother implimenting it. It needs some experimentation and looking at.
-
As far as I'm aware, this has to be done at server level using php ini editor, and adding the line ' disable_functions = show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open ' Whether or not one can do this at a user level, I'm not sure. ?? As for creating dangerous functions. I guess when PHP was being developed, these functions were not considered dangerous, but over the years, as software develops, and hackers learn of work arounds and vulnerabilities, software becomes less safe. Windows 7 a prime example. Incidentally, these functions are not CubeCart functions, these are PHP server software functions. I disabled these in my PHP. ini, and up to press I've seen no problems with functionality.
-
Some are more dangerous than others in that list and all have some legitimate use. Much depends on whether the server is dedicated or shared with multiple users and how good the rest of the server security is
-
I'm sure you don't have the answer but why did you create a dangerous function? Better not do it right?
-
PHP documentation warns of the eval() function being dangerous. Actually, I have found statements in the Smarty template system that use PHP's eval().
-
Anywhere in the PHP.INI file, add the directive. Then restart PHP (or the web server, whatever). https://www.php.net/manual/en/ini.core.php#ini.disable-functions If you do not have access to the main PHP.INI file, then please consult your hosting provider.
-
hello, silly question but how do we do it?
-
There is no CubeCart function or third party module that use these functions - they should all be disabled as they are a MAJOR security risk
- Last week
-
computershop21 joined the community
-
CubeCart core code does not use those PHP functions. However, it is unknown (to me) whether any third-party modules - especially code that has been ionCube encoded or otherwise obfuscated - use these functions.
-
Thank you so much for helping me out with this issue. I have corrected it now.
-
security checks Request to delete this : exec, system, passthru, popen, proc_open, shell_exec I didn't delete anything because I don't know how to do it
-
Hi, Can someone please help me with an issue. If I use gift cards the customer can choose an amount but at checkout there is VAT added to the amount. If I create a promotional code the voucher gets deducted from the price before VAT. and not from the total . All item prices are marked as VAT included. How can I sell Vouchers for an amount VAT included, or how can promo code vouchers be deducted from the total sum including VAT ?
-
Tusker joined the community
-
Security advisor on my server suggests: You should consider disabling commonly abused php functions, e.g.: disable_functions = show_source, system, shell_exec, passthru, exec, popen, proc_open Some client web scripts may break with some of these functions disabled, so you may have to remove them from this list: Are all these safe to remove as far as Cubecart V6 goes.
-
Tillock Watson joined the community
-
The first instance is the Card Capture gateway changing the order status to Processing - which sends an email to the customer. The second instance is the Card Capture gateway having its module settings enabled for sending a confirmation email. In the Card Capture module settings page, it is apparent that you have the setting for "Update order status to "Processing" on capture?" enabled, even though you do not know if the card can be transacted. That's up to you, of course. It is also apparent that you have the setting for "Send order confirmation email?" enabled, as if, since the order should stay at pending until transacted, you wish to have CubeCart send an email summarizing the order. (CubeCart does not send an email to the customer on orders that are Pending.)
-
Deprecated: Function create_function() is deprecated in
bsmither replied to Amar's topic in Install & Upgrade Support
Welcome Amar! Glad to see you made it to the forums. We would say that you are running a version of CubeCart that is several versions old, and running it in a newer version of PHP. Please see: https://forums.cubecart.com/topic/55625-php-version/?tab=comments#comment-241075
