[Product options not showing up on Cubecart 6.5.3]

Did you clear the cache? The big orange button in the back end?

[Do not change photos to webp]

This is quite a good explanation https://www.adobe.com/creativecloud/file-types/image/raster/webp-file.html

[Do not change photos to webp]

Webp is the preferred web format now. Why don't you want this?

[Pending orders and digital downloads]

Good find Brian. You just need to upgrade @Gigi71

[Pending orders and digital downloads]

We can look at this but definitely upgrade to the latest version. We can do this whilst respecting any modifications.

If you want me to upgrade your store and fix the digital download links we can do this with technical support. More info here: 

https://www.cubecart.com/technical-support

I hope we can work with you.

[Reuse existing product listings or create new ones?]

More recent versions of CubeCart will keep the old path with a permanent redirect so in theory editing the existing product should be fine. Your redirects can be managed in the Redirects & 404’s section of your back office. 

[No Elasticsearch web host! Any point upgrading to CubeCart 6.5.x or are we stuck at 6.4.10?]

Do you have an ES server?

[No Elasticsearch web host! Any point upgrading to CubeCart 6.5.x or are we stuck at 6.4.10?]

Quote

Does that mean that CubeCart merchants without access to Elasticsearch are stuck at 6.4.10?

Not at all. This of it as just an extra (awesome) feature. Please upgrade to the latest version still there are a bunch of other bug fixes and smaller feature updates. 

[PayPal Commerce OK for older versions of Cubecart 6?]

This screen isn't familiar at all? I've never seen this before let alone an order with missing gateway field value. 

Is this a custom feature?

[PayPal Commerce OK for older versions of Cubecart 6?]

I've seen this before and I've spent days on end trying to reproduce it to no avail. Keep us posted.

[CubeCart 6.5.3 Released - Security Update]

Many thanks to Gen Sato from Mitsui Bussan Secure Directions, Inc. for responsibly reporting a number of security issues found in all version of CubeCart up to 6.5.3. Please note that these vulnerabilities are executable if a bad actor has authenticated into the back end of the victims store.

Vulnerabilities

1. Directory traversal (any file download) - GitHub Issue #3410 
2. Directory traversal (deletion of arbitrary files and directories) - GitHub Issue #3409
3. CSRF bypassing CSRF token checks - GitHub Issue #3408
4. OS Command Injection - This vulnerability concerns the ability for the Smarty template engine to be able to execute dangerous functions.
   
   e.g. 

   {system('echo ^<?php phpinfo(); > C:/xampp/htdocs/testout.php')}

   No patch has been created for this vulnerability but instead we strongly recommend disabling dangerous PHP functions as recommended by our free CubeCart Security Suite. We suggest disabling the following PHP functions with your php.ini file then restarting the web server. 

   disable_functions = exec, system, passthru, pcntl_exec, popen, proc_open, shell_exec

This release also patches a number of other maintenance updates. 

Upgrading to 6.5.3 is highly recommended. If for some reason you are unable to upgrade to this version it is possible to find the code patches for each vulnerability within each GitHub issue above. If you require help, technical support is available. 

Download: CubeCart-6.5.3.zip

 

[PayPal Commerce OK for older versions of Cubecart 6?]

Yes it should be fine with older versions 

[Pagination - View All]

By design as the query could get too heavy and crash MySQL in many cases. It's not something you generally see in ecommerce stores for this exact reason. 

[Cloudflare and forum access?]

I don't really want to get involved in that. 

[Cloudflare and forum access?]

I've turned it off. Lets see howe we get on.. 

[Cloudflare and forum access?]

Annoying. Sorry about this.

[Cloudflare and forum access?]

Maybe we should turn it off. This forum software is poor at deterring spam.

[Cloudflare and forum access?]

Hmmm. Ok.

[Cloudflare and forum access?]

Yes it's probably a browser extension like AdBlock.

https://community.cloudflare.com/t/im-stuck-on-checking-a-site-that-has-cloudflare-and-its-not-mine/538699 

[Cloudflare and forum access?]

True. I've opened a support request with CloudFlare.

[Cloudflare and forum access?]

Thats exactly what this is.

[Cloudflare and forum access?]

Yes it's a pest. We are getting absolutely hammered with spam making the forums almost unusable if we turn attack mode off.

If anyone has any suggestions please let me know. 

[Languages - Blank Page]

Sorry about this. Please see https://github.com/cubecart/v6/issues/3384 

[What is the current gold standard for MySQLcollation for CC6?]

Hi Russ, I would think that's the "best choice". However I don't know to what extent it could be overkill and if version 5.2.0 requires any more of less resources or if it makes no difference. 

I wish I understood a little more. There seems to be a lot of discussion as to utf8mb4_0900_ai_ci being a solid choice. 

[Turn off mail function when using PayPal Commerce in sandbox mode?]

There has been very little resistance in general to upgrading to the new extension with our merchant base but there will always be outliers.