Jump to content

Grr @ last security update..

Featured Replies

Posted

After using the recent security update (replacing payment gateway files) i had complaints that after payment users had not been promoted to v.i.p group as set in the sub package.. it worked fine b4 the sec update.. after two complaints i manually added the transactions and uploaded the old paypal_gateway file.. the next sub went through fine and updated the users group.. so am gussing the prob is with the new paypal gw file??

PS with the updated file it also didn't add the payment data to my db..

There is a slight issue with the subscription manager update that will be addressed in 2.3.2. It affects users with recurring subscriptions only, from what I have seen - if a user purchased a subscription before the update, then when Paypal sends the renewal payment notification to your site it doesn't have the new "key" and is flagged (the user is not auto-promoted). We will update this for 2.3.2, but in the mean time if you are affected, I'd just revert the files.

The biggest "problem" this could cause is that someone could pay you to demote you. Given that you can easily update your account in phpmyadmin, it's a rather minor issue in the grand scheme of things. And at least this issue requires someone to give you money!

Ok I understand. Thanks for your reply ;-)

Actually Brandon this is not true. It does it even with new subscriptions. I canceled a subscription on my site and had them start a new one and the same thing happened.

There is a slight issue with the subscription manager update that will be addressed in 2.3.2. It affects users with recurring subscriptions only, from what I have seen


nah.. its affecting one time payments too :(

I found PayPal isn't sending back arbitrary parameters. I've fixed it for 2.3.2 (and tested it - my wife hates those 10 or so .01 transactions she ends up getting emails for when I'm testing).

Brandon,

You're acting suspiciously human here recently. You okay?

:P

I've got the same problem with my site. This happened after I upgraded from v2.2.2 to v2.3.1. What file(s) did you replace to get the payment gateway to work again?

Thx

It's sources/classes/paymentgateways/class_paypal.php from the original 2.3.0 or 2.3.1 release

Submit a ticket if you need the file.

  • 2 weeks later...

This has not been fixed on 2.3.2 same problem still here.

I did address (AND test) this in 2.3.2 - if you're still having this exact problem you should submit a ticket. It indeed was addressed in the latest update.

Archived

This topic is now archived and is closed to further replies.

Recently Browsing 0

  • No registered users viewing this page.