Al Brookbanks

Stripe.

Tell me about it. CubeCart has had it's fair share of chargebacks too. I hope you don't get more.

Did this transaction pass 3D secure? If so I believe it should be protected and you shouldn't be liable to chargeback fees. Our PayPal integration has much more granular settings. If you want to you can choose to only accept payments that pass 3D secure. With that setting enabled you are never liable to chargeback fees. The square extension could have this feature added.

So the stock level is a red herring. Do you have Elasticsearch enabled? We need solid steps to reproduce this. What intrigues me is that the vast majority of stores are not prone to this. So what's different? Could there be a common setting between each store with the issue or possibly an common 3rd party extension or skin.

Thanks I don't need to see the request log. I've worked with another merchant who has had this issue on rare occasions. I've spent uncountable hours trying to work out what in earth is happening. This is a scenario that I haven't tried!! Easy to reproduce so I'll do this early next week. Sorry about this. Terribly frustrating but if you are right then it should be something I can resolve (hopefully without too much difficulty).

Is the store and extension up to date? Do we know what steps we need to take to reproduce this? Can the customer provide any feedback as to what may have happened? Can you contact PayPal to recover the fees for a double payment?

As fas as I am aware this was an uncommon issue that hasn't raised it's head since recent versions that addressed it. In particular there was a JavaScript redirect that could fail. We added a "if this page doesn't redirect click here" message to help move it along. There have been other enhancements but I can't recall what was done. This shouldn't happen with the latest version but if it does we can't fix it without steps to reproduce the issue.

It's impossible to say.

I mean I'd need to debug this via support. I'm not sure what's gone wrong.

Oh dear sorry you have problems. I'm not sure what's going on here I'm afraid without a deeper look. All good here. Hope you are well and business is good.

Did you clear the cache? The big orange button in the back end?

This is quite a good explanation https://www.adobe.com/creativecloud/file-types/image/raster/webp-file.html

Webp is the preferred web format now. Why don't you want this?

Good find Brian. You just need to upgrade @Gigi71

We can look at this but definitely upgrade to the latest version. We can do this whilst respecting any modifications. If you want me to upgrade your store and fix the digital download links we can do this with technical support. More info here: https://www.cubecart.com/technical-support I hope we can work with you.

More recent versions of CubeCart will keep the old path with a permanent redirect so in theory editing the existing product should be fine. Your redirects can be managed in the Redirects & 404’s section of your back office.

Do you have an ES server?

Not at all. This of it as just an extra (awesome) feature. Please upgrade to the latest version still there are a bunch of other bug fixes and smaller feature updates.

This screen isn't familiar at all? I've never seen this before let alone an order with missing gateway field value. Is this a custom feature?

I've seen this before and I've spent days on end trying to reproduce it to no avail. Keep us posted.

Many thanks to Gen Sato from Mitsui Bussan Secure Directions, Inc. for responsibly reporting a number of security issues found in all version of CubeCart up to 6.5.3. Please note that these vulnerabilities are executable if a bad actor has authenticated into the back end of the victims store. Vulnerabilities Directory traversal (any file download) - GitHub Issue #3410 Directory traversal (deletion of arbitrary files and directories) - GitHub Issue #3409 CSRF bypassing CSRF token checks - GitHub Issue #3408 OS Command Injection - This vulnerability concerns the ability for the Smarty template engine to be able to execute dangerous functions. e.g. {system('echo ^<?php phpinfo(); > C:/xampp/htdocs/testout.php')} No patch has been created for this vulnerability but instead we strongly recommend disabling dangerous PHP functions as recommended by our free CubeCart Security Suite. We suggest disabling the following PHP functions with your php.ini file then restarting the web server. disable_functions = exec, system, passthru, pcntl_exec, popen, proc_open, shell_exec This release also patches a number of other maintenance updates. Upgrading to 6.5.3 is highly recommended. If for some reason you are unable to upgrade to this version it is possible to find the code patches for each vulnerability within each GitHub issue above. If you require help, technical support is available. Download: CubeCart-6.5.3.zip

Yes it should be fine with older versions

By design as the query could get too heavy and crash MySQL in many cases. It's not something you generally see in ecommerce stores for this exact reason.

I don't really want to get involved in that.

I've turned it off. Lets see howe we get on..