Al Brookbanks

Webp is the preferred web format now. Why don't you want this?

Good find Brian. You just need to upgrade @Gigi71

We can look at this but definitely upgrade to the latest version. We can do this whilst respecting any modifications. If you want me to upgrade your store and fix the digital download links we can do this with technical support. More info here: https://www.cubecart.com/technical-support I hope we can work with you.

More recent versions of CubeCart will keep the old path with a permanent redirect so in theory editing the existing product should be fine. Your redirects can be managed in the Redirects & 404’s section of your back office.

Do you have an ES server?

Not at all. This of it as just an extra (awesome) feature. Please upgrade to the latest version still there are a bunch of other bug fixes and smaller feature updates.

This screen isn't familiar at all? I've never seen this before let alone an order with missing gateway field value. Is this a custom feature?

I've seen this before and I've spent days on end trying to reproduce it to no avail. Keep us posted.

Many thanks to Gen Sato from Mitsui Bussan Secure Directions, Inc. for responsibly reporting a number of security issues found in all version of CubeCart up to 6.5.3. Please note that these vulnerabilities are executable if a bad actor has authenticated into the back end of the victims store. Vulnerabilities Directory traversal (any file download) - GitHub Issue #3410 Directory traversal (deletion of arbitrary files and directories) - GitHub Issue #3409 CSRF bypassing CSRF token checks - GitHub Issue #3408 OS Command Injection - This vulnerability concerns the ability for the Smarty template engine to be able to execute dangerous functions. e.g. {system('echo ^<?php phpinfo(); > C:/xampp/htdocs/testout.php')} No patch has been created for this vulnerability but instead we strongly recommend disabling dangerous PHP functions as recommended by our free CubeCart Security Suite. We suggest disabling the following PHP functions with your php.ini file then restarting the web server. disable_functions = exec, system, passthru, pcntl_exec, popen, proc_open, shell_exec This release also patches a number of other maintenance updates. Upgrading to 6.5.3 is highly recommended. If for some reason you are unable to upgrade to this version it is possible to find the code patches for each vulnerability within each GitHub issue above. If you require help, technical support is available. Download: CubeCart-6.5.3.zip

Yes it should be fine with older versions

By design as the query could get too heavy and crash MySQL in many cases. It's not something you generally see in ecommerce stores for this exact reason.

I don't really want to get involved in that.

I've turned it off. Lets see howe we get on..

Annoying. Sorry about this.

Maybe we should turn it off. This forum software is poor at deterring spam.

Hmmm. Ok.

Yes it's probably a browser extension like AdBlock. https://community.cloudflare.com/t/im-stuck-on-checking-a-site-that-has-cloudflare-and-its-not-mine/538699

True. I've opened a support request with CloudFlare.

Thats exactly what this is.

Yes it's a pest. We are getting absolutely hammered with spam making the forums almost unusable if we turn attack mode off. If anyone has any suggestions please let me know.

Sorry about this. Please see https://github.com/cubecart/v6/issues/3384

Hi Russ, I would think that's the "best choice". However I don't know to what extent it could be overkill and if version 5.2.0 requires any more of less resources or if it makes no difference. I wish I understood a little more. There seems to be a lot of discussion as to utf8mb4_0900_ai_ci being a solid choice.

There has been very little resistance in general to upgrading to the new extension with our merchant base but there will always be outliers.

Partners send a BN code across with every transaction. PayPal can see if a transaction is via CubeCart or other platform. Then the same data is sent across as PayPal Standard. I don't agree with your analogy to Henry Ford at all personally. PayPal commerce can be configured to have 3D secure on and off. Cards on and off. Pay Later messaging or or off. Express Checkout on the product detail page on and off. Apple Pay on or off etc.. The platform is adaptable. PayPal Standard also sends across the platform ID too via BN code. Essentially the data shared is pretty much identical.

Interesting. I can feed this back to PayPal. PayPal Commerce asks for more info on sign up due to what's known in the trade as KYC know your customer. In order to confirm your identity as a business and assess risk for providing card services. It's not just PayPal it's across the industry. https://www.paypal.com/c2/webapps/mpp/kyc?locale.x=en_C2 I think also a lot of these requirements are not necessarily demands of PayPal but linked organisation like Visa, MasterCard, ApplePay, Google Pay and even governmental etc...