Jump to content

Grr @ last security update..


Guest tidyhost

Recommended Posts

After using the recent security update (replacing payment gateway files) i had complaints that after payment users had not been promoted to v.i.p group as set in the sub package.. it worked fine b4 the sec update.. after two complaints i manually added the transactions and uploaded the old paypal_gateway file.. the next sub went through fine and updated the users group.. so am gussing the prob is with the new paypal gw file??

PS with the updated file it also didn't add the payment data to my db..

Link to comment
Share on other sites

There is a slight issue with the subscription manager update that will be addressed in 2.3.2. It affects users with recurring subscriptions only, from what I have seen - if a user purchased a subscription before the update, then when Paypal sends the renewal payment notification to your site it doesn't have the new "key" and is flagged (the user is not auto-promoted). We will update this for 2.3.2, but in the mean time if you are affected, I'd just revert the files.

The biggest "problem" this could cause is that someone could pay you to demote you. Given that you can easily update your account in phpmyadmin, it's a rather minor issue in the grand scheme of things. And at least this issue requires someone to give you money!

Link to comment
Share on other sites

  • 2 weeks later...

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...