as per my searches, all in-commerce installs from 5.0.1 feature a new
security, an .htaccess in in-commerce/units.
This .htaccess is just a "deny from all", and thus all payments done
via gateways can't escape the "incomplete" state, as the notify script
isn't reachable from front.
I propose to add an exclude for notify_scripts directory.
Phil.
--
You received this message because you are subscribed to the Google Groups "In-Portal Bugs Team" group.
To post to this group, send email to in-port...@googlegroups.com.
To unsubscribe from this group, send email to in-portal-bug...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/in-portal-bugs?hl=en.
Unauthorized access to payment processing files could lead to security
problem, if someone try to POST infos about orders, isn't it? That's
why I would prefer to have a exclude, or a .htaccess for notify
scripts directory, up to you ^-^
And the "you are not allowed to perform this action" is still here
when we are back on the website to display the checkout success page.
More info: user is logged off when I see this page.
p.
On 15 mar, 21:28, Alexander Obuhovich <aik.b...@gmail.com> wrote:
> Maybe that .htaccess rule should be inverted to allow from all
>
>
>
> On Mon, Mar 15, 2010 at 9:30 PM, Phil <p...@domicilis.biz> wrote:
> > Additionnally, when I de-activate the .htaccess, I obtain a "you are
> > not authorized to perform this action" message when I clic on "return
> > to store" button in gateway window, while the payment correctly
> > appears in "To Ship" tab.
>
> > On 15 mar, 20:22, Phil <p...@domicilis.biz> wrote:
> > > Hello guys,
>
> > > as per my searches, all in-commerce installs from 5.0.1 feature a new
> > > security, an .htaccess in in-commerce/units.
>
> > > This .htaccess is just a "deny from all", and thus all payments done
> > > via gateways can't escape the "incomplete" state, as the notify script
> > > isn't reachable from front.
>
> > > I propose to add an exclude for notify_scripts directory.
>
> > > Phil.
>
> > --
> > You received this message because you are subscribed to the Google Groups
> > "In-Portal Bugs Team" group.
> > To post to this group, send email to in-port...@googlegroups.com.
> > To unsubscribe from this group, send email to
> > in-portal-bug...@googlegroups.com<in-portal-bugs%2Bunsu...@googlegroups.com>
To unsubscribe from this group, send email to in-portal-bug...@googlegroups.com.
here is the resume:
- when "deny from all" is setup in unit folder :
- orders succesfully paid stays as incomplete (and cart isn't emptied)
- customer have a "thank you for your order" message (checkout_success tpl)
- when there is NO htaccess in unit folder :
- orders paid are processed and are in "to ship" state (and cart is emptied)
- customer are logged out, and surely because of that, customer
have a "you are not allowed to perform this action" message
(in-commerce/no_permission.html?next_template=in-commerce/checkout/checkout_success)
instead of checkout success page
Do you have an in-commerce install to do your own tests? The result
should be the same using all type of gateways, as it seems to be a
problem after GW action.
I can provide you an access to live website to test this if you don't
have a test install.
Phil.
2010/3/16 Dmitry Andrejev <dand...@gmail.com>:
2010/3/16 Dmitry Andrejev <dand...@gmail.com>: