jka

The existing PayFlow Link extension does not work. We will be willing to pay for the development or enhancement of the existing extension or a new one. The Payflow link extension should support "Transparent ReDirect". 1. Info: https://www.paypalobjects.com/webstatic/en_US/developer/docs/pdf/paypal_transparent_redirect.pdf 2. Examples flow of hosted flow logic https://developer.paypal.com/docs/classic/payflow/integration-guide/#configuring-hosted-checkout-pages

Thanks BSmither, Yes, we want it to be the same behavior as a successful transaction . Will add this line of code and check what shakes out. The "To Review" is really a Credit Card status for the merchant. To the user/purchaser the order has been received. If the merchant goes to the Fraud Detection Suite and sees that its a questionable transaction, then the merchant can always cancel the order. The problem is more to do with the user still sitting on the credit card input page.

I had posted to an existing thread last week. Today I submitted an order in the system on behalf of my customer. the result received from Authorize.net is 4|1|253 bSmither had given us a fix for 1.3 version and then Al had updated to 1.4 with fixes. Since then, the behavior is not as expected. Please see screenshot attached. It shows order received but still still on the credit card form page. How can we mimic the same behavior as 1|1|1 for 4|1|253

We have updated to 1.1.4 for the last couple of months. The status from AIM with "4 1 253" works fine now with the custom message from Authorize.net. However here is the issue, unlike when the status is "1" where its gets redirected to a Order Complete page, in this case of "4", it displays the message properly etc adds to pending order. However it still sits on the credit card form page. Customers that get a "4" (Fraud Detection Suite) from Authorize, get the order received in pending status on the screen with the CC form below. They end up entering the card info again and sometimes we get 2-3 authorizations. How can change the behavior of "4" similar to "1" and take them away from the CC input screen.

SSL Version NSS/3.28.4

The AIM method stopped working since this past weekend. When we contacted Authorize.net they say its probably related to disabling TLS 1.0 and 1.1. We had this issues with UPS module and have the latest cURL ... curl --version curl 7.57.0 (x86_64-redhat-linux-gnu) libcurl/7.57.0 NSS/3.28.4 zlib/1.2.7 libpsl/0.7.0 (+libicu/50.1.2) libssh2/1.8.0 nghttp2/1.21.1 Release-Date: 2017-11-29 In the transaction logs its a cURL timeout cURL Error (28): Connection timed out after 15000 milliseconds The UPS module started working fine once we updated cURL and we have also disable TLS1.0 and 1.1 Any hardcoding on the Authorize.net module??

Hello Bsmither, I tried a few other random numbers but somehow 23 seemed invoke that coupon. We disabled that coupon for now. Not sure if there are others. Any nibbles on what you found or to fix?

A good customer called this morning and pointed an issue on the website. So, by default the store calculates Tax before checkout. This customer tried to put in a negative $$ value of the tax in the coupon code box. Say $23 in the coupon section. This brought him a discount from an existing coupon from 2 yrs back (which was still active) and gave him a big discount. The displayed coupon is a Alphanumeric coupon and not sure how entering 23 into the coupon code invoked that coupon?? How do we fix this? Not sure if just entering a random numeric number by the customer brings out previous coupons or even current ones. Thanks.

Thanks BSmither. I will take a look at it. I have purchased a few of the shipping modules in the past and its probably one of them.

We have the Free Shipping extension configured and in the process, we removed HI and AK from United States Zones. Now on the flip side, a customer from HI is not able to get shipping rates as HI missing from the list of states in the drop-down. Any pointers in fixing this without impacting free shipping.

Absolutely. I also went ahead and updated to the latest OpenSSL version too. We all assumed that updating php takes care of cURL but obviously not the case. In fact we had to download the cURL libraries independently of Plesk. The normal Yum stuff didnt work.

Thanks. The server is PCI-DSS compliant with only TLS1.2 permitted by the webserver as well as A+ result from SSLlabs test. The cURL libraries are not part of Plesk and hence it wasnt on the radar whenever the server is automatically updated.

We went ahead and did a cURL library update to the latest version 7.57 and its fixed now. Everything is back up and running. Thanks.

BSmither, Just the user.class? not the cubecart.class?

BSmither et-all. We are on 6.1.12, however would like to address the security issue with database class php. Can we just copy that file alone from 6.1.13 and patch it into 6.1.12?