Jump to content

romank

Member
  • Posts

    32
  • Joined

  • Last visited

Everything posted by romank

  1. In hopes to track this bug, I am now logging every single failed Catalogue->getProductData() call (as its called in Order->_orderAddProduct()) and I have found out that sometimes the Catalogue->getProductData()'s first param, $product_id (array or integer accepted) is not supplied at all, its just empty/false. When looking at the order_summary serialized basket data for the order, I see this: s:32:"5c87354b7ab4a7d3cd421b963b0439e5";a:2:{s:8:"quantity";i:14;s:16:"total_price_each";i:0;} s:32:"54bd8e1d9cce8ca858b333e1fae18a6a";a:2:{s:8:"quantity";i:42;s:16:"total_price_each";i:0;} s:32:"7b6bae8bbc657d771c065e7bc6536bff";a:2:{s:8:"quantity";i:4;s:16:"total_price_each";i:0;} s:32:"04ebeede6c0048226bca995ffa6e19cf";a:2:{s:8:"quantity";i:26;s:16:"total_price_each";i:0;} s:32:"d1886335d8aff15ddc9fbccb125ca283";a:2:{s:8:"quantity";i:7;s:16:"total_price_each";i:0;} s:32:"b7a886bdebbeeee9cfe4ac748e1679e7";a:2:{s:8:"quantity";i:5;s:16:"total_price_each";i:0;} The product_id key and all the data are missing. So at some point between the customer happily shopping and having the items in this basket and placing an order, the basket data gets corrupted and the basket contents actually doesnt contain the product ID. Unbelievable. Will try to set up more logs, any advice appreciated.
  2. Hi, just bumping this post in hopes someone might know what the issue/fix is.
  3. Nothing in the error logs in the CubeCart admin, or on the server?
  4. I am afraid the $PRODUCTS variable in content.category.php does not include the information about options for individual products. You will have to make use of the class.catalogue.productassign hook and load the information about the options for each product, using the Catalogue::getProductOptions() method. If you are not a programmer, I am available as a freelance developer if you need this done.
  5. I tried to look through the pile of the closed issues on Github, but only found one semi-relevant issue, regarding sale prices changing between the day of the order placement and actual payment. Nothing about the inventory items being different and the total not matching. Have you encountered this bug personally on one of your stores, @bsmither? I have also tried looking at the code and following the order retrieval logic, but cant seem to spot anything clearly wrong. Its a shame I cant really find any more information on this, as its a very serious bug, costing the client money.
  6. Hi, I have a specific question. We are running a heavily modded version of the CubeCart 5.2.1. It is not possible to update the website due to the amount of changes we have done to the code - and before you say it, yes - I realize this means the issue I am asking about could have been caused by the changes I have made - even though I doubt it. Recently we had few issues about subtotals of the orders being incorrect and customers paying less than they should have. This is all the information and evidence I have regarding the latest occurrence: The customer places an order The customer does not proceed to the payment, the order status is Pending Up until this point, the basket data saved in the order_summary (and other log I have set up for other reasons) and the subtotal match I see multiple Pending status records in the order history, assuming the customer went back to the website, possibly retrieved the order and did.. something for half an hour: http://prntscr.com/i5vwd9 Finally the order is paid for, with the inventory being slightly different (more items than there were during the original order placement) but without the subtotal changing So even though the order is now worth more than €500, the customer has paid the original amount, which is around €400 We have a mod that adds a free gift to the order inventory if your subtotal exceeds a certain amount. This gift is always the last item in the inventory - however for this order, the sequence of the inventory items is following: Items that match the original subtotal Gift Items that have probably been added later, and dont account into the subtotal and havent been paid for This happens very rarely and the large amount of orders on our website works just fine. When I try to do it from the customer point of view and cheat the system in any way, I am unable to do so. Whenever I place an order, log out, log in, retrieve and update, the subtotal is always correct. So ultimately, my question is: Ever since 5.2.1 to this point, was there ever a bug that caused this to happen and was fixed on some of the versions after 5.2.1? Or does anyone have an idea what could be causing this and how to fix it? Thank you in advance for any feedback, I realize its a specific question regarding obsolete and modded version.
  7. I guess it all boils down to these lines in gateway.inc.php $cart_order_id = sanitizeVar($_SESSION['cart_order_id']); $skipEmail = true; $order->orderStatus(6,$_SESSION['cart_order_id'], $force = false, $skipEmail); $order->deleteOrder($_SESSION['cart_order_id']); Gotta take a payment for an order, better delete it and recreate with totally different billing information, even thought nobody asked me to do it. Makes sense. Hats off to the developer who wrote this, I have never seen a worse piece of logic and code in my entire life. Question is, do I bother fixing this by not deleting the order and stop the insert from being run twice, or would that break even more things in this amazingly written piece of software?
  8. Hi, a client of mine is running a CubeCart 4 website, using PayPal Pro as the checkout module. We have found out that if I go through the cart and enter [email protected] as my e-mail account, then pay using my paypal account which is registered on [email protected] account, both the customer e-mail and the order summary e-mail is changed to [email protected]. Is this a feature? Can anyone please point me to a line/method I should change so the e-mail remains unchanged? Loads of customers are complaining about not receiving the order confirmation, as it gets delivered to their paypal e-mail, which they might not even be using daily. I went through the paypal module, order class and gateway include file but cant find the exact place where this happens.
  9. Desperate update from me. When I var_dump my $_GET somewhere in the catalogue.class.php just before the sorting goes to effect, I actually see this: ["sort[price]"]=> string(3) "ASC" When I dump my $_REQUEST, I see this: ["sort"]=> array(1) { ["price"]=> string(3) "ASC" } So clearly somewhere around the way, stuff goes very wrong and turns an array and a value into a string!!! Even when I bypass cleanGlobals(), the result is still the same. It is absolutely beyond me where and why and how this is happening and in top of it - how come the $_REQUEST array is kept intact. (Here, shamelessly presenting my disgusting temporary fix:) if (isset($_REQUEST['sort'])) { $_GET['sort'] = $_REQUEST['sort']; } if (isset($_REQUEST['search'])) { $_GET['search'] = $_REQUEST['search']; }
  10. I have not, here it is: CubeCart Version 5.2.1 PHP Version 5.4.43 MySQL Version 50548
  11. I am using version 5.2.1. I am positive this has worked flawlessly for past few years/months, just noticed it recently in the error log. If everything seems ordinary, do you please have any idea what else might be wrong?
  12. This is bringing some strange stuff - I did what you asked and I also print out the entire $data from the _clean() method. After ONE click on the website, I get two records in the error log: [11-Mar-2016 22:16:18 UTC] PHP Warning: Security Warning: Illegal array key GET "sort[price]" was detected and was removed. Entire array: Array ( [seo_path] => xxx [_a] => category [sort[price]] => ASC ) URL: /xxx.html?_a=category&sort[price]=ASC in /home/tradeloc/public_html/classes/sanitize.class.php on line 89 [11-Mar-2016 22:16:18 UTC] PHP Warning: Security Warning: Illegal array key REQUEST "sort[price]" was detected and was removed. Entire array: Array ( [seo_path] => xxx [_a] => category [sort] => Array ( [price] => ASC ) [__utma] => 131230282.703056860.1409656154.1457728420.1457732214.320 [__utmz] => 131230282.1452426433.205.5.utmcsr=3.basecamp.com|utmccn=(referral)|utmcmd=referral|utmcct=/ [member_id] => 0 [pass_hash] => 0 [ipsconnect_e230f3ddfa042ff09c509581fffca84a] => 0 [_ga] => GA1.3.830321126.1432714418 [whoson] => 862-1453479549677 [__atuvc] => 0|6,10|7,0|8,0|9,4|10 [__utmc] => 131230282 [__utmb] => 131230282.13.10.1457732214 [PHPSESSID] => df805f0c08297498cf65f529bccc7a75 [__utmt] => 1 [sort[price]] => ASC ) URL: /xxx.html?_a=category&sort[price]=ASC in /home/tradeloc/public_html/classes/sanitize.class.php on line 89 So it seems there is a redirect or something? Is this standard behavior?
  13. I dont have cache enabled, but I have cleared it anyway, to no avail. This is the html of the sort select: <form action="xxx" method="post"> <select name="sort" class="listSelect auto_submit dropDown textbox"> <option value="">-- Please Select --</option> <option value="name|DESC" >Name (Z-A)</option> <option value="name|ASC" >Name (A-Z)</option> <option value="date_added|DESC" >Date Added (Newest First)</option> <option value="date_added|ASC" >Date Added (Oldest First)</option> <option value="price|DESC" >Price (High-Low)</option> <option value="price|ASC" >Price (Low-High)</option> </select> </form> and this is the $SORTING variable from the smarty debug window: Smarty_Variable Object (3) ->value = Array (6) 0 => Array (5) name => "Name" field => "name" order => "DESC" direction => "Z-A" selected => "" 1 => Array (5) name => "Name" field => "name" order => "ASC" direction => "A-Z" selected => "" 2 => Array (5) name => "Date Added" field => "date_added" order => "DESC" direction => "Newest First" selected => "" 3 => Array (5) name => "Date Added" field => "date_added" order => "ASC" direction => "Oldest First" selected => "" 4 => Array (5) name => "Price" field => "price" order => "DESC" direction => "High-Low" selected => "" 5 => Array (5) name => "Price" field => "price" order => "ASC" direction => "Low-High" selected => "" ->nocache = false ->scope = "file:templates/content.category.php" When I enable CC debug, there are no errors/warnings apart from the one mentioned above: Security Warning: Illegal array key "sort[price]" was detected and was removed. I am very close to adjusting the regular expression so the sort[price] would pass, because I am running out of ideas and everything seem to be in order apart from the damn sanitize issue
  14. Hi bsmither, was hoping you would come to help! I have figured out the process where it makes the pipe separated value into an array key and value, just like you explained, but couldnt figure out why is it failing the preg in the _clean() method anyway. This is my template file: <div class="select_list align_right margintop30"> <form action="{$VAL_SELF}" method="post"> <select name="sort" class="listSelect auto_submit dropDown textbox"> <option value="">{$LANG.form.please_select}</option> {foreach from=$SORTING item=sort} <option value="{$sort.field}|{$sort.order}" {$sort.selected}>{$sort.name} ({$sort.direction})</option> {/foreach} </select> </form> </div> This is the piece of code from the Cubecart::_category() method which splits the pipe and makes it an array: <?php $query = array(); if (isset($_POST['sort'])) { list($field, $order) = explode('|', $_POST['sort']); $query['sort'][$field] = $order; if (isset($_GET['search'])) { foreach ($_GET['search'] as $key => $value) { $query['search'][$key] = $value; } } } ?> I have noticed more things in the error log: [11-Mar-2016 16:19:51 UTC] PHP Warning: Security Warning: Illegal array key "$" was detected and was removed. in /home/xxx/public_html/classes/sanitize.class.php on line 89 [11-Mar-2016 16:20:07 UTC] PHP Warning: Security Warning: Illegal array key "search[keywords]" was detected and was removed. in /home/xxx/public_html/classes/sanitize.class.php on line 89 I downloaded the latest CC 5 and looked into the files (sanitize class, cubecart class, category template) but the code really seems identical. I simply dont understand what has happened that makes legit variables like sort and search fail the sanitize process.
  15. Meanwhile the search parameters works perfectly. search[keywords]=test I honestly dont understand how come search[] is allowed but somehow sort[] is suddenly getting stripped.
  16. For all I know, 5 and 6 are pretty much identical. Yes, turned it on, the only suspicious thing it yields is the error message I posted above.
  17. Hi keat, when I go to any category page on the front end and try to change the order of the products (by price, by name, ..) it still stays default and I get the message above. I have downloaded the latest CC 5 and compared the sanitize.class.php files, apart from some new items in the $exempt array, there is absolutely no difference. The sort[price] variable is simply getting sanitized and removed, even though its valid.
  18. Hi, I have noticed today that I cant sort the products using the select on the category page, as I am getting this error: Security Warning: Illegal array key "sort[price]" was detected and was removed. in /home/xxx/public_html/classes/sanitize.class.php on line 88 I have done loads of custom changes to my cubecart installation, but I am not aware of touching this part at all - shouldnt the sort array be somehow exempted or something?
  19. Thank you bsmither, you save the day as usual, works perfectly. Hope this thread will help also someone who might encounter the same issue in the future.
  20. Hi, I am running 5.2.1. I have always had a copyright removal key on my website, but sometime in past few days, the Powered by CubeCart has started to appear in my titles and in the footer. As instructed in the license server shutdown email and also by some posts on this forum, I have downloaded the latest v5 package and replaced the admin.php file. The admin panel is not letting me enter the copyright key, it does not get saved. Can you please tell me how to get rid of the copyright ASAP? It extremely important to me, as its corrupting my SEO. Is this something I should bring to the support site and file a ticket?
  21. So in the end it was this setting: suhosin.post.max_vars = 20000 So if you are having the same issue, make sure you change this setting, along with the usual php.ini one (max_input_vars, etc).
  22. What I have found is this, thought I doubt this is what I am looking for: Apache: LimitRequestBody, around 2Gb by default, maybe greater for 64bits, check error logs for details.PHP: post_max_size which is directly related to the POST size upload_max_filesize which may be unrelated, not sure max_input_time, if the POSt takes too long max-input-nesting-level if your data is an array with a lot of sublevels max_execution_time, but quite sure it's not that memory_limit, as you may reach a size exceding the subprocess allowed memory max_input_vars, if your data array has many elementsYou may also check the suhosin.ini settings, eg.: suhosin.post.max_value_length = 65000
  23. Hi, I have written few plugins for my clients using CubeCart. Some of them require lots and lots of inputs to be displayed on the page - the one I am currently worried about has 200 lines, with 5 inputs each (status, name, link, image, ..). When I submit the plugin page now, it takes me back to the dashboard, and I get this error: [04-Nov-2015 12:43:56 UTC] PHP Warning: Invalid Security Token in /home/xxx/public_html/classes/sanitize.class.php on line 123 So I guess the POST doesnt contain the token anymore? The max_input_vars variable is set to 100000 (yes, quite an overkill). Just to clarify, the submit still takes me to this URL: site/admin.php?_g=modules&type=plugins&module=module_name but I see the dashboard.
  24. Here is a tail (40) of a mysql error log. It goes back as 25.3. and we have had a faulty order since then, so if it was supposed to be in the log, it would be there. I can set it to a more paranoid log settings if its possible? but I dont think this is where the problem lays. root@expert [/var/lib/mysql]# tail -n 40 <my server>.err 130325 16:19:50 [Note] /usr/sbin/mysqld: ready for connections. Version: '5.1.68-cll' socket: '/var/lib/mysql/mysql.sock' port: 3306 MySQL Community Server (GPL) 130326 0:19:26 [Note] /usr/sbin/mysqld: Normal shutdown 130326 0:19:26 [Note] Event Scheduler: Purging the queue. 0 events 130326 0:19:28 InnoDB: Starting shutdown... 130326 0:19:30 InnoDB: Shutdown completed; log sequence number 0 787240369 130326 0:19:30 [Note] /usr/sbin/mysqld: Shutdown complete 130326 00:19:30 mysqld_safe mysqld from pid file /var/lib/mysql/<my server>.pid ended 130326 00:19:41 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql 130326 0:19:41 [Warning] /usr/sbin/mysqld: Option '--set-variable' is deprecated. Use --variable-name=value instead. 130326 0:19:41 [Warning] '--log_slow_queries' is deprecated and will be removed in a future release. Please use ''--slow_query_log'/'--slow_query_log_file'' instead. 130326 0:19:41 [Warning] '--safe-show-database' is deprecated and will be removed in a future release. Please use 'GRANT SHOW DATABASES' instead. 130326 0:19:41 [Note] Plugin 'FEDERATED' is disabled. 130326 0:19:41 InnoDB: Initializing buffer pool, size = 8.0M 130326 0:19:41 InnoDB: Completed initialization of buffer pool 130326 0:19:42 InnoDB: Started; log sequence number 0 787240369 130326 0:19:42 [Note] Event Scheduler: Loaded 0 events 130326 0:19:42 [Note] /usr/sbin/mysqld: ready for connections. Version: '5.1.68-cll' socket: '/var/lib/mysql/mysql.sock' port: 3306 MySQL Community Server (GPL) 130326 0:19:43 [Note] /usr/sbin/mysqld: Normal shutdown 130326 0:19:43 [Note] Event Scheduler: Purging the queue. 0 events 130326 0:19:43 InnoDB: Starting shutdown... 130326 0:19:47 InnoDB: Shutdown completed; log sequence number 0 787240369 130326 0:19:47 [Note] /usr/sbin/mysqld: Shutdown complete 130326 00:19:47 mysqld_safe mysqld from pid file /var/lib/mysql/<my server>.pid ended 130326 00:19:48 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql 130326 0:19:48 [Warning] /usr/sbin/mysqld: Option '--set-variable' is deprecated. Use --variable-name=value instead. 130326 0:19:48 [Warning] '--log_slow_queries' is deprecated and will be removed in a future release. Please use ''--slow_query_log'/'--slow_query_log_file'' instead. 130326 0:19:48 [Warning] '--safe-show-database' is deprecated and will be removed in a future release. Please use 'GRANT SHOW DATABASES' instead. 130326 0:19:48 [Note] Plugin 'FEDERATED' is disabled. 130326 0:19:48 InnoDB: Initializing buffer pool, size = 8.0M 130326 0:19:48 InnoDB: Completed initialization of buffer pool 130326 0:19:48 InnoDB: Started; log sequence number 0 787240369 130326 0:19:48 [Note] Event Scheduler: Loaded 0 events 130326 0:19:48 [Note] /usr/sbin/mysqld: ready for connections. Version: '5.1.68-cll' socket: '/var/lib/mysql/mysql.sock' port: 3306 MySQL Community Server (GPL) root@expert [/var/lib/mysql]#
  25. I can verify the orders dont show up in the Orders section. You cant really tell the order has been placed unless you search the database. When I run this code: SELECT @@GLOBAL.sql_mode I get an empty result - from what I have found, that means no mode has been set. There is no CubeCart_log in my installation, but I cant find anything in CubeCart_system_error_log nor CubeCart_admin_error_log tables. We have two 5.0.7 installations running and I just found out the issue is present also in the second installation - which we barely touched and did any mods to - meaning there really is a minimal chance that it is our fault.
×
×
  • Create New...