Jump to content

SemperFi

Member
  • Posts

    82
  • Joined

  • Last visited

  • Days Won

    3

Posts posted by SemperFi

  1. I first encountered an issue very similar to this back in late June or early July.
    In that scenario, it was a shared server that also had Wordpress installed in the same hosting account.

    Same goes for a lot of other occurrences since then.

    The customer I am referring to in my original post however is on a truly dedicated server.
    They were only running CubeCart 6.0.6 at the time, which obviously has since been upgraded to 6.0.7.
    Given this scenario I reached out to Al and it was confirmed this was an exploit that has been patched.

    The information above is for store owners so they can (a) identify if they have been exploited and (b) how to remove the exploit.

  2. Over the weekend when upgrading a customers store, I encountered a possible code snippet exploit.
    Discussing this with Al confirmed the exploit and that it has been patched.

    Upgrading your store is the first thing that you need to do.

    However, upgrading will only stop the exploit occurring after you have upgraded your store.
    You still need to remove the exploit itself.

    To determine if your store has been exploited:
    - log into your store admin
    - click on the 'Manage Hooks' link
    - click on the 'Code Snippets' tab

    If you have something similar to this:
    admin-code-snippet.jpg
    then your store has been exploited and further action is required.

    Alternatively you can look at the 'CubeCart_code_snippet' table using a tool such as phpmyadmin to check.

    If you see something like this:
    phpmyadmin.jpg
    then once again, your store has been exploited and further action is required.

    Go ahead with deleting the code snippet.
    This can be done via your store admin or by using phpmyadmin.

    Next you need to check your '/controllers/controller.index.inc.php' file.

    If you see some code like this:
    controller.jpg
    it needs to be deleted.

    Alternatively, if you are not comfortable editing a file, simply replace it with the '/controllers/controller.index.inc.php' file from the version of CubeCart you upgraded your store to.

    Note:
    If in your file you have something similar to this:

    header("Location: http://www.your-site.com//vohair.com.html");

    you will also need to locate that file and delete it.

    When doing that you might also encounter some other similar files that should not be there.
    e.g.
    files-via-ftp.jpg

    These files also need to be deleted.

    Lastly, you will need to delete a file added to your stores '/includes/extra/' directory.
    e.g.
    code-snippet-file.jpg

    Of course if anyone requires assistance with doing this for their store, feel free to get in touch.

  3. Recently I upgraded a customers CC5 store to CC6, using the blueprint skin.
    After doing the upgrade, old recaptcha would not work as part of the checkout registration.
    As part of fixing that, I also implemented new recaptcha.
    Below is how I did that for that specific store.

    Step 1
    Backup the 'main.php' and 'content.recaptcha.php' template files for the skin you are using.

    Step 2
    Copy the 'content.recaptcha.php' and 'content.recaptcha.head.php' templates from the foundation skin to your skin.

    Step 3
    Edit your skins 'main.php' template file.
    Find This:

    </head>

    Above That Add This:

    {include file='templates/content.recaptcha.head.php'}


    Step 4
    Edit your skins 'content.recaptcha.head.php' template file.
    Replace the content with this:

    {if $RECAPTCHA==='2'}
    <script type="text/javascript">
    	var onloadCallback = function() {
    		grecaptcha.render('new_recaptcha_element', {
    			'sitekey' : '{$CONFIG.recaptcha_public_key}'
            });
    	};
    </script>
    {/if}


    Step 5
    Edit your skins 'content.recaptcha.php' template file.
    Find This:

          {if $RECAPTCHA==='2'}
          {if empty($CONFIG.recaptcha_public_key) || empty($CONFIG.recaptcha_secret_key)}
          <p>{$LANG.form.recaptcha_key_not_set}</p>
          {else}
          <div class="g-recaptcha" data-sitekey="{$CONFIG.recaptcha_public_key}"></div>
          {/if}
          {else}

    Replace That With This:

    	{if $RECAPTCHA==='2'}
    		{if empty($CONFIG.recaptcha_public_key) || empty($CONFIG.recaptcha_secret_key)}
    			<p>{$LANG.form.recaptcha_key_not_set}</p>
    		{else}
    			<div id="recaptcha" class="clearfix">
    				<strong>{$LANG.form.verify_human}</strong>
    				<div id="new_recaptcha_element" class="g-recaptcha" data-sitekey="{$CONFIG.recaptcha_public_key}"></div>
    			</div>
    			<script src='//www.google.com/recaptcha/api.js?onload=onloadCallback&render=explicit' async defer></script>
    		{/if}
    	{else}


    As noted above, these steps were done for the blueprint skin but thy should work for other CC5 skins too.

  4. 1 Can you hide products from sitemap

    2. Can you hide Category's from sitemap

    For categories, products and documents it displays those where status is set to enabled.

    The queries could be altered to also use:
    - available for purchase (products)
    - visible (categories)
    - show link to document in storefront

    In the next version, I will see what I can do about being able exclude categories/products/documents.

  5. In my (extremely limited) experience with SFWS, if he says the product is in the category "Mods", then there are edits to be made. If he says the product is in the category "Plugins", then there won't be any edits.

    That is correct.
     

    SWFS says it's on his list to be made into a true plugin.

    Done
    Demo

  6. No real need for a modification or plugin to do this.

    1. Log into the store admin.
    2. Click on export catalogue and download a CSV file.
    3. Open the file, delete all the data (leave the headers).
    4. Add the product data to be imported.
    5. Click on import catalogue.
    6. Import the CSV file from step 4.
    7. Upload the image files via FTP.
    8. Click on images (file manager section).
    9. Click the update file list tab.
    10. Set the image for each imported product.

    The only reason to use a mod/plugin would be if you wanted the image for each product to be set automatically.
    If that is the case, then feel free to get in touch.

  7. The 'Vertical Navigation Box CC6' plugin has just been updated.

    New Features
    - one box to display categories
    - one box to display site documents
    - separate templates for desktop and mobile
    - separate settings for desktop and mobile
    - mobile boxes utilize off canvas functionality

    Screenshots
    Categories Desktop
    SFWS-VNB-CC6-P-07-Store-Categories-Deskt
    Categories Desktop, Expanded
    SFWS-VNB-CC6-P-08-Store-Categories-Deskt
    Documents Desktop
    SFWS-VNB-CC6-P-09-Store-Documents-Deskto
    Categories Mobile
    SFWS-VNB-CC6-P-10-Store-Categories-Mobil
    Categories Mobile, Expanded
    SFWS-VNB-CC6-P-11-Store-Categories-Mobil
    Documents Mobile
    SFWS-VNB-CC6-P-12-Store-Documents-Mobile

    You can see it in action at my CubeCart 6 Plugins Demo Store

     

  8. Hi Atechstl,

    I believe I just answered an email you sent me regarding this.

    To hide the horizontal navigation for desktop/ medium mobile, you can replace this:
     

                <div class="row">
                   <div class="small-12 columns small-collapse">
                      {include file='templates/box.navigation.php'}
                   </div>
                </div>

    with this:
     

                <div class="row hide-for-large-up">
                   <div class="small-12 columns small-collapse">
                      {include file='templates/box.navigation.php'}
                   </div>
                </div>

    or this:
     

                <div class="row hide-for-medium-up">
                   <div class="small-12 columns small-collapse">
                      {include file='templates/box.navigation.php'}
                   </div>
                </div>

    in the '/skins/foundation/templates/main.php' file.

    Of course if you never want it displayed, the top code snippet can be removed completely.

    If you only want to remove the categories, then you could remove this:
    {$NAVIGATION_TREE}
    from the '/skins/foundation/templates/box.navigation.php' file instead.

    As I noted in my email, the vertical navigation was never intended to be displayed for mobile devices.
    Instead it simply disappears as intended.

    To display it for mobile, the ideal solution would be to add this:
    {$SFWS_VERTICAL_NAVIGATION_BOX}
    into the '/skins/foundation/templates/box.off_canvas.left.php' file.

    But currently that doesn't quite work as expected.
    It almost works, but there is issues with displaying the sub categories.

    If I get the spare time this week, I will release a new version of the plugin where this functionality works 100% correctly.

     

  9. In addition to the discussion mentioned above, I am currently working on an interesting additional solution to this kind of problem.

    I am hoping to have more information about that over the next week or so.

  10. From your announcement mentioned above:

    - your store calls home once every two weeks to validate the license key. For it to call home during a rare period of down time is exceptionally unlucky and this outage only affects a small amount of our customers.

     

    Would it not be a simple solution to implement a preliminary check into this system to prevent this issue entirely?

    i.e.

    Poll the licensing server

    Then only if a proper response is received, continue with the validation measures

  11. Previously noted here:

    OH NO! I tried 5.0.6 on our clean install site and it just installed v5.0.5 again! I thought maybe they just failed to change the name on the Setup installation page, but after it installed the Dashboard Overview still shows it as 5.0.5.

    Unfortunately I have to confirm this.

    The installer gave options to install/upgrade to 505.

    During the upgrade process, there does not appear to be any database upgrade step(s).

    Then after the upgrade, store overview states 505 still.

    Looking at the 'CubeCart_history' table, the upgrade added an entry, but it references 5.0.5.

    Looking in the '/setup/db/upgrade/' directory, there is no '5.0.6.sql' file.

    So that leaves two main questions:

    - was there meant to be database upgrades?

    - is the 506 package complete or are there issues with the package like there was with 505's release?

    A prompt response would be highly appreciated as already disappointed CC5 users are hoping this release will fix the issues they are experiencing.

  12. First of all, congratulations for getting CC5 final released :)

    When going to http://www2.cubecart.com/pricing all pricing is listed as 0.00.

    i.e.

    cc5-pricing.png

    Past that page (https://cp.cubecart.com/) all prices are back to normal.

  13. Sitedocs are stored in the database.

    If you have a databse backup also, you can view it (in any text editor) and look for where the INSERT's into Cubecart_docs occur.

    The its a case of running those INSERTS against your current database (using a tool like phpmyadmin).

    If you need a hand, feel free to just PM me :)

  14. Yes you will need to run the upgrade file (make sure you run the correct one(s).

    Alternatively, you can manually do the DB changes via a tool such as phpMyadmin if you want to do it that way.

    Once the file component is done, the admin will show 3.0.13 as the version and yes the updates available will change to no updates available.

×
×
  • Create New...