Jump to content


  • Posts

  • Joined

  • Last visited

Recent Profile Visitors

2,793 profile views

romank's Achievements


Newbie (1/14)



  1. In hopes to track this bug, I am now logging every single failed Catalogue->getProductData() call (as its called in Order->_orderAddProduct()) and I have found out that sometimes the Catalogue->getProductData()'s first param, $product_id (array or integer accepted) is not supplied at all, its just empty/false. When looking at the order_summary serialized basket data for the order, I see this: s:32:"5c87354b7ab4a7d3cd421b963b0439e5";a:2:{s:8:"quantity";i:14;s:16:"total_price_each";i:0;} s:32:"54bd8e1d9cce8ca858b333e1fae18a6a";a:2:{s:8:"quantity";i:42;s:16:"total_price_each";i:0;} s:32:"7b6bae8bbc657d771c065e7bc6536bff";a:2:{s:8:"quantity";i:4;s:16:"total_price_each";i:0;} s:32:"04ebeede6c0048226bca995ffa6e19cf";a:2:{s:8:"quantity";i:26;s:16:"total_price_each";i:0;} s:32:"d1886335d8aff15ddc9fbccb125ca283";a:2:{s:8:"quantity";i:7;s:16:"total_price_each";i:0;} s:32:"b7a886bdebbeeee9cfe4ac748e1679e7";a:2:{s:8:"quantity";i:5;s:16:"total_price_each";i:0;} The product_id key and all the data are missing. So at some point between the customer happily shopping and having the items in this basket and placing an order, the basket data gets corrupted and the basket contents actually doesnt contain the product ID. Unbelievable. Will try to set up more logs, any advice appreciated.
  2. Hi, just bumping this post in hopes someone might know what the issue/fix is.
  3. Nothing in the error logs in the CubeCart admin, or on the server?
  4. I am afraid the $PRODUCTS variable in content.category.php does not include the information about options for individual products. You will have to make use of the class.catalogue.productassign hook and load the information about the options for each product, using the Catalogue::getProductOptions() method. If you are not a programmer, I am available as a freelance developer if you need this done.
  5. I tried to look through the pile of the closed issues on Github, but only found one semi-relevant issue, regarding sale prices changing between the day of the order placement and actual payment. Nothing about the inventory items being different and the total not matching. Have you encountered this bug personally on one of your stores, @bsmither? I have also tried looking at the code and following the order retrieval logic, but cant seem to spot anything clearly wrong. Its a shame I cant really find any more information on this, as its a very serious bug, costing the client money.
  6. Hi, I have a specific question. We are running a heavily modded version of the CubeCart 5.2.1. It is not possible to update the website due to the amount of changes we have done to the code - and before you say it, yes - I realize this means the issue I am asking about could have been caused by the changes I have made - even though I doubt it. Recently we had few issues about subtotals of the orders being incorrect and customers paying less than they should have. This is all the information and evidence I have regarding the latest occurrence: The customer places an order The customer does not proceed to the payment, the order status is Pending Up until this point, the basket data saved in the order_summary (and other log I have set up for other reasons) and the subtotal match I see multiple Pending status records in the order history, assuming the customer went back to the website, possibly retrieved the order and did.. something for half an hour: http://prntscr.com/i5vwd9 Finally the order is paid for, with the inventory being slightly different (more items than there were during the original order placement) but without the subtotal changing So even though the order is now worth more than €500, the customer has paid the original amount, which is around €400 We have a mod that adds a free gift to the order inventory if your subtotal exceeds a certain amount. This gift is always the last item in the inventory - however for this order, the sequence of the inventory items is following: Items that match the original subtotal Gift Items that have probably been added later, and dont account into the subtotal and havent been paid for This happens very rarely and the large amount of orders on our website works just fine. When I try to do it from the customer point of view and cheat the system in any way, I am unable to do so. Whenever I place an order, log out, log in, retrieve and update, the subtotal is always correct. So ultimately, my question is: Ever since 5.2.1 to this point, was there ever a bug that caused this to happen and was fixed on some of the versions after 5.2.1? Or does anyone have an idea what could be causing this and how to fix it? Thank you in advance for any feedback, I realize its a specific question regarding obsolete and modded version.
  7. I guess it all boils down to these lines in gateway.inc.php $cart_order_id = sanitizeVar($_SESSION['cart_order_id']); $skipEmail = true; $order->orderStatus(6,$_SESSION['cart_order_id'], $force = false, $skipEmail); $order->deleteOrder($_SESSION['cart_order_id']); Gotta take a payment for an order, better delete it and recreate with totally different billing information, even thought nobody asked me to do it. Makes sense. Hats off to the developer who wrote this, I have never seen a worse piece of logic and code in my entire life. Question is, do I bother fixing this by not deleting the order and stop the insert from being run twice, or would that break even more things in this amazingly written piece of software?
  8. Hi, a client of mine is running a CubeCart 4 website, using PayPal Pro as the checkout module. We have found out that if I go through the cart and enter [email protected] as my e-mail account, then pay using my paypal account which is registered on [email protected] account, both the customer e-mail and the order summary e-mail is changed to [email protected] Is this a feature? Can anyone please point me to a line/method I should change so the e-mail remains unchanged? Loads of customers are complaining about not receiving the order confirmation, as it gets delivered to their paypal e-mail, which they might not even be using daily. I went through the paypal module, order class and gateway include file but cant find the exact place where this happens.
  9. Desperate update from me. When I var_dump my $_GET somewhere in the catalogue.class.php just before the sorting goes to effect, I actually see this: ["sort[price]"]=> string(3) "ASC" When I dump my $_REQUEST, I see this: ["sort"]=> array(1) { ["price"]=> string(3) "ASC" } So clearly somewhere around the way, stuff goes very wrong and turns an array and a value into a string!!! Even when I bypass cleanGlobals(), the result is still the same. It is absolutely beyond me where and why and how this is happening and in top of it - how come the $_REQUEST array is kept intact. (Here, shamelessly presenting my disgusting temporary fix:) if (isset($_REQUEST['sort'])) { $_GET['sort'] = $_REQUEST['sort']; } if (isset($_REQUEST['search'])) { $_GET['search'] = $_REQUEST['search']; }
  10. I have not, here it is: CubeCart Version 5.2.1 PHP Version 5.4.43 MySQL Version 50548
  11. I am using version 5.2.1. I am positive this has worked flawlessly for past few years/months, just noticed it recently in the error log. If everything seems ordinary, do you please have any idea what else might be wrong?
  12. This is bringing some strange stuff - I did what you asked and I also print out the entire $data from the _clean() method. After ONE click on the website, I get two records in the error log: [11-Mar-2016 22:16:18 UTC] PHP Warning: Security Warning: Illegal array key GET "sort[price]" was detected and was removed. Entire array: Array ( [seo_path] => xxx [_a] => category [sort[price]] => ASC ) URL: /xxx.html?_a=category&sort[price]=ASC in /home/tradeloc/public_html/classes/sanitize.class.php on line 89 [11-Mar-2016 22:16:18 UTC] PHP Warning: Security Warning: Illegal array key REQUEST "sort[price]" was detected and was removed. Entire array: Array ( [seo_path] => xxx [_a] => category [sort] => Array ( [price] => ASC ) [__utma] => 131230282.703056860.1409656154.1457728420.1457732214.320 [__utmz] => 131230282.1452426433.205.5.utmcsr=3.basecamp.com|utmccn=(referral)|utmcmd=referral|utmcct=/ [member_id] => 0 [pass_hash] => 0 [ipsconnect_e230f3ddfa042ff09c509581fffca84a] => 0 [_ga] => GA1.3.830321126.1432714418 [whoson] => 862-1453479549677 [__atuvc] => 0|6,10|7,0|8,0|9,4|10 [__utmc] => 131230282 [__utmb] => 131230282.13.10.1457732214 [PHPSESSID] => df805f0c08297498cf65f529bccc7a75 [__utmt] => 1 [sort[price]] => ASC ) URL: /xxx.html?_a=category&sort[price]=ASC in /home/tradeloc/public_html/classes/sanitize.class.php on line 89 So it seems there is a redirect or something? Is this standard behavior?
  13. I dont have cache enabled, but I have cleared it anyway, to no avail. This is the html of the sort select: <form action="xxx" method="post"> <select name="sort" class="listSelect auto_submit dropDown textbox"> <option value="">-- Please Select --</option> <option value="name|DESC" >Name (Z-A)</option> <option value="name|ASC" >Name (A-Z)</option> <option value="date_added|DESC" >Date Added (Newest First)</option> <option value="date_added|ASC" >Date Added (Oldest First)</option> <option value="price|DESC" >Price (High-Low)</option> <option value="price|ASC" >Price (Low-High)</option> </select> </form> and this is the $SORTING variable from the smarty debug window: Smarty_Variable Object (3) ->value = Array (6) 0 => Array (5) name => "Name" field => "name" order => "DESC" direction => "Z-A" selected => "" 1 => Array (5) name => "Name" field => "name" order => "ASC" direction => "A-Z" selected => "" 2 => Array (5) name => "Date Added" field => "date_added" order => "DESC" direction => "Newest First" selected => "" 3 => Array (5) name => "Date Added" field => "date_added" order => "ASC" direction => "Oldest First" selected => "" 4 => Array (5) name => "Price" field => "price" order => "DESC" direction => "High-Low" selected => "" 5 => Array (5) name => "Price" field => "price" order => "ASC" direction => "Low-High" selected => "" ->nocache = false ->scope = "file:templates/content.category.php" When I enable CC debug, there are no errors/warnings apart from the one mentioned above: Security Warning: Illegal array key "sort[price]" was detected and was removed. I am very close to adjusting the regular expression so the sort[price] would pass, because I am running out of ideas and everything seem to be in order apart from the damn sanitize issue
  14. Hi bsmither, was hoping you would come to help! I have figured out the process where it makes the pipe separated value into an array key and value, just like you explained, but couldnt figure out why is it failing the preg in the _clean() method anyway. This is my template file: <div class="select_list align_right margintop30"> <form action="{$VAL_SELF}" method="post"> <select name="sort" class="listSelect auto_submit dropDown textbox"> <option value="">{$LANG.form.please_select}</option> {foreach from=$SORTING item=sort} <option value="{$sort.field}|{$sort.order}" {$sort.selected}>{$sort.name} ({$sort.direction})</option> {/foreach} </select> </form> </div> This is the piece of code from the Cubecart::_category() method which splits the pipe and makes it an array: <?php $query = array(); if (isset($_POST['sort'])) { list($field, $order) = explode('|', $_POST['sort']); $query['sort'][$field] = $order; if (isset($_GET['search'])) { foreach ($_GET['search'] as $key => $value) { $query['search'][$key] = $value; } } } ?> I have noticed more things in the error log: [11-Mar-2016 16:19:51 UTC] PHP Warning: Security Warning: Illegal array key "$" was detected and was removed. in /home/xxx/public_html/classes/sanitize.class.php on line 89 [11-Mar-2016 16:20:07 UTC] PHP Warning: Security Warning: Illegal array key "search[keywords]" was detected and was removed. in /home/xxx/public_html/classes/sanitize.class.php on line 89 I downloaded the latest CC 5 and looked into the files (sanitize class, cubecart class, category template) but the code really seems identical. I simply dont understand what has happened that makes legit variables like sort and search fail the sanitize process.
  15. Meanwhile the search parameters works perfectly. search[keywords]=test I honestly dont understand how come search[] is allowed but somehow sort[] is suddenly getting stripped.
  • Create New...