Jump to content

Al Brookbanks

Staff
  • Posts

    6,467
  • Joined

  • Last visited

  • Days Won

    120

Posts posted by Al Brookbanks

  1. Braintree and PayPal Checkout have been discontinued and removed. Checkout was replaced with Commerce and Braintree was removed. Braintree still actually exists but PayPal are keeping it for larger organisations only. 

    Really there is just one choice. Commerce.

  2. CubeCart 6.4.4 is now available which contains an important security update. We strongly recommend upgrading to this version.

    Security Issue: Stored XSS. GitHub issue #2894

    What else is new?
    17 other issues have been resolved including a couple of minor new features such as notes for each customer and a tool to filter the product list by status (Enabled/Disabled/All).

    Release Notes:
    All our CubeCart Hosted customers on the Managed & Managed+ plans have already been proactively patched. If you are unable to upgrade to the latest version please either replace the classes/sanitize.class.php file or edit this line of code.


    Download: CubeCart-6.4.4.zip

  3. Really it's a question for PayPal but they call it an Alternative Payment Method. 

    Any payments made via an alternative payment method like SoFort (I prefer SoFart) should just go directly into the PayPal account.

    It's dynamic to the customers locations. So for example a customer in the US will see Venmo and Holland iDeal. Full list here: https://developer.paypal.com/docs/business/checkout/reference/supported-alternative-payment-methods/ 

  4. I don't think this is an issue with our integration. If it were it would be more likely that the error would show when the modal window first loads. 

    You PayPal account isn't suspended or anything is it? Maybe you can try registering under a new email address.

    The fact you can get as far as you can on paypal hosted pages it doesn't feel like a CubeCart fault. 

  5. Just now, Russell Hurst said:

    I've been using an old Cubehelper plugin for very many years to to request product reviews/testimonials. There's never been a verison upgrade and Cubehelper seems to gone off the scene a while back.

    Back in April this stopped working and we reckon that it is simply no longer compable with the latest releases for CubeCart.

    Is there anyone able to take on a commisison to overhaul/re-write the plugin to get it working again?

    Cheers,

    Russell

    I'm sure I can figure it out so long as the code isn't encrypted on the managed support service. If not I can refund.

  6. CubeCart 6.4.3 is now available which contains two important security updates. We strongly recommend upgrading to this version.

    Security Issue 1: PHPMailer (Object injection vulnerability). GitHub issue #2866
    Security Issue 2: CubeCart Session Fixation. GitHub issue #2870. Many thanks to Piyush Patil for responsible disclosure.

    What else is new?
    87 other issues have been resolved including:

    • What3Words one click setup - Our new partner API integration takes away the need to register for an API key. To enable What3words just check the box in features tab of your stores settings. 
    • Language phrases can now be searched. Thanks to @bsmither 
    • Products can now have a maximum quantity as well as minimum on add to basket. Thanks to @bsmither
    • Email log search filter. Thanks to @bsmither

    Release Notes
    If you are uncomfortable or not confident upgrading a customised store we can do this for you under our technical support & management service whilst retaining all customisations. If you really can't upgrade please;

    1. Delete the classes/PHPMailer folder and replace with the files and folders from 6.4.3
    2. Patch the following code changes from GitHub issue #2870.

    Download: CubeCart-6.4.3.zip

    • Like 1
  7. Ok so we can conclude that the session ID is getting lost. I've released 3.0.6 which keeps an audit log in the transaction logs table and uses the latest entry from there instead of relying on session data. I hope this will resolve the issue. At least if it doesn't there will be a better trail to audit.

×
×
  • Create New...