Al Brookbanks
-
Posts
6,609 -
Joined
-
Last visited
-
Days Won
122
Posts posted by Al Brookbanks
-
-
Add these fields to the includes/global.inc.php file with correct values. Please note that your skin may need changes if you are not using the default Foundation theme.
$glob['es_h'] = ''; // Elasticsearch host e.g. https://localhost:9200 $glob['es_u'] = ''; // Elasticserch username $glob['es_p'] = ''; // Elasticsearch password $glob['es_i'] = ''; // Elasticsearch index name $glob['es_v'] = ''; // Elasticsearch vertificate validation enum('1','0') $glob['es_c'] = ''; // Elasticsearch certificate path
The last two fields can probably remain empty.
-
Try setting the values in the includes/global.inc.php file (in most cases the last two can be ignored):
$glob['es_h'] = ''; // Elasticsearch host e.g. https://localhost:9200
$glob['es_u'] = ''; // Elasticserch username
$glob['es_p'] = ''; // Elasticsearch password
$glob['es_i'] = ''; // Elasticsearch index name
$glob['es_v'] = ''; // Elasticsearch vertificate validation enum('1','0')
$glob['es_c'] = ''; // Elasticsearch certificate path
-
-
39 minutes ago, harrisorganic said:
"If you want to you can choose to only accept payments that pass 3D secure." Thats a good idea.
Small business owners don't need the hassle of chargebacks, especially when it can be large amounts of $.
I found the checkbox for 3D secure in the Square application.
Thanks Al.
Tell me about it. CubeCart has had it's fair share of chargebacks too.
I hope you don't get more.
-
Did this transaction pass 3D secure? If so I believe it should be protected and you shouldn't be liable to chargeback fees.
Our PayPal integration has much more granular settings. If you want to you can choose to only accept payments that pass 3D secure. With that setting enabled you are never liable to chargeback fees. The square extension could have this feature added.
-
So the stock level is a red herring. Do you have Elasticsearch enabled?
We need solid steps to reproduce this.
What intrigues me is that the vast majority of stores are not prone to this. So what's different? Could there be a common setting between each store with the issue or possibly an common 3rd party extension or skin.
-
11 minutes ago, Debyink said:
it happens when someone purchases the last of a product in stock
Thanks I don't need to see the request log. I've worked with another merchant who has had this issue on rare occasions. I've spent uncountable hours trying to work out what in earth is happening.
This is a scenario that I haven't tried!! Easy to reproduce so I'll do this early next week.
Sorry about this. Terribly frustrating but if you are right then it should be something I can resolve (hopefully without too much difficulty).
-
Is the store and extension up to date?
Do we know what steps we need to take to reproduce this?
Can the customer provide any feedback as to what may have happened?
Can you contact PayPal to recover the fees for a double payment?
-
Just now, Debyink said:
I mentioned about this in June, my customers were being sent back to my store after making payment only to be advised it hadn't and then paid again which created a second new order number.
Have lost lots of £££'s because as mentioned paypal do not refund the transaction fees, not only that customers email me - annoyed I have taken payment twice, even though it's not me.
As fas as I am aware this was an uncommon issue that hasn't raised it's head since recent versions that addressed it. In particular there was a JavaScript redirect that could fail. We added a "if this page doesn't redirect click here" message to help move it along. There have been other enhancements but I can't recall what was done.
This shouldn't happen with the latest version but if it does we can't fix it without steps to reproduce the issue.
-
It's impossible to say.
-
I mean I'd need to debug this via support. I'm not sure what's gone wrong.
-
Oh dear sorry you have problems. I'm not sure what's going on here I'm afraid without a deeper look.
All good here. Hope you are well and business is good.
-
Did you clear the cache? The big orange button in the back end?
-
This is quite a good explanation https://www.adobe.com/creativecloud/file-types/image/raster/webp-file.html
-
Webp is the preferred web format now. Why don't you want this?
-
Good find Brian. You just need to upgrade @Gigi71
-
We can look at this but definitely upgrade to the latest version. We can do this whilst respecting any modifications.
If you want me to upgrade your store and fix the digital download links we can do this with technical support. More info here:
https://www.cubecart.com/technical-support
I hope we can work with you.
-
More recent versions of CubeCart will keep the old path with a permanent redirect so in theory editing the existing product should be fine. Your redirects can be managed in the Redirects & 404’s section of your back office.
-
Do you have an ES server?
-
Quote
Does that mean that CubeCart merchants without access to Elasticsearch are stuck at 6.4.10?
Not at all. This of it as just an extra (awesome) feature. Please upgrade to the latest version still there are a bunch of other bug fixes and smaller feature updates.
-
This screen isn't familiar at all? I've never seen this before let alone an order with missing gateway field value.
Is this a custom feature?
-
I've seen this before and I've spent days on end trying to reproduce it to no avail. Keep us posted.
-
Many thanks to Gen Sato from Mitsui Bussan Secure Directions, Inc. for responsibly reporting a number of security issues found in all version of CubeCart up to 6.5.3. Please note that these vulnerabilities are executable if a bad actor has authenticated into the back end of the victims store.
Vulnerabilities
- Directory traversal (any file download) - GitHub Issue #3410
- Directory traversal (deletion of arbitrary files and directories) - GitHub Issue #3409
- CSRF bypassing CSRF token checks - GitHub Issue #3408
-
OS Command Injection - This vulnerability concerns the ability for the Smarty template engine to be able to execute dangerous functions.
e.g.{system('echo ^<?php phpinfo(); > C:/xampp/htdocs/testout.php')}
No patch has been created for this vulnerability but instead we strongly recommend disabling dangerous PHP functions as recommended by our free CubeCart Security Suite. We suggest disabling the following PHP functions with your php.ini file then restarting the web server.
disable_functions = exec, system, passthru, pcntl_exec, popen, proc_open, shell_exec
This release also patches a number of other maintenance updates.
Upgrading to 6.5.3 is highly recommended. If for some reason you are unable to upgrade to this version it is possible to find the code patches for each vulnerability within each GitHub issue above. If you require help, technical support is available.
Download: CubeCart-6.5.3.zip
-
Yes it should be fine with older versions
No Elasticsearch web host! Any point upgrading to CubeCart 6.5.x or are we stuck at 6.4.10?
in Install & Upgrade Support
Posted
I use Kibana to manage this.
Create a user and pass. Assign a role to this user for all privileges on a specific index name.
I've not done it for a while so I might create the role first then the account and password.