[Can write to cache is not writable]

You need a space between {} and \;. @yaniv14 made the same typo.

[Lightweight Social Buttons]

As part of the work to speed up a pretty feature-rich shop, a strategy was researched to provide social buttons without loading third party resources.

This is the result:

Blog Post 2021-05-27

Works just great! And fast!

[Datenbanktabellen anlegen Fehlgeschlagen]

Zu Beginn der Installation dürfen die Tabellen noch nicht vorhanden sein. Gar keine Datenbank geht, eine leere Datenbank geht auch. Dritte Möglichkeit ist, einen anderen Prefix zu verwenden (nicht 'tb_', sondern z.B. 'tb2_').

[Feature Request Time!]

It's obviously relevant for any shop software. I think it can be solved with catalog price rules, one for each distinct VAT percentage.

[(solved) cannot upgrade from 1.1.x to 1.2.0]

I think I've got it now. thirty bees' version of Core Updater chokes when being asked to update from an unknown version, AFAIR.

Core Updater 2.0 has this issue fixed: https://github.com/merchantsedition/coreupdater/releases/tag/2.0.0 (install the .zip file manually in your back office)

This version of Core Updater comes with not two, but four channels. Channels 'thirty bees Stable' and 'thirty bees Bleeding Edge' are fed by genuine thirty bees sources, so you get a genuine thirty bees installation after updating.

[(solved) cannot upgrade from 1.1.x to 1.2.0]

This looks entirely fine. Just ignore the "current version".

[(solved) cannot upgrade from 1.1.x to 1.2.0]

Well, that's an entirely distinct error. For some reason, Core Updater tries to fetch a Bleeding Edge version 'issue-1258', which indeed doesn't exist. Which also means, libcurl works fine in this case.

I'd proceed as following:

• Switch to PHP 7.2.
• Select back office -> Preferences -> Core Updater.
• Ignore errors appearing at this point.
• Select 'Stable' in the upper menu.
• Select '1.2.0' in the second menu.
• Click 'Compare'

This should work and bring up the 'Update' button.

[(solved) cannot upgrade from 1.1.x to 1.2.0]

libcurl isn't part of the thirty bees distribution. This problem persists or goes away independently on which tb version or updater module version is installed. This has to be solved on the OS level. Did you just switch back and forth between 7.1 and 7.2, or did you actually try with the other version?

Seeing different sets of versions might be the result of different choices in the upper updater menu, 'Stable' vs. 'Bleeding Edge'.

[autocomplete attributes on username and password fields?]

Firefox (and probably Chrome, Safari, ...) has a nice built-in password storage, no need for extra modules. Works still perfectly fine.

[Feature Request Time!]

Apparently somebody was too lazy to implement automatic labels. Or considered it a good idea to put products on sale without changing the price.

[Feature Request Time!]

On 5/1/2021 at 4:17 PM, wakabayashi said:

Remove on_sale checkbox -> what is it good for?

This one is simple: it shows an 'on sale' label in product lists. If your theme doesn't feature this label, it does nothing.

 

[Recaptcha at check out?]

It's a good idea to not tell them about thirty bees, but about PrestaShop 1.6. That's the same for their purposes. If they ask you to "up"grade to 1.7: tell them about the theme being incompatible with PS 1.7.

To stop such abuse, one has to find a distinction between spammer behavior and behavior of regular customer. How do you recognize these abusers?

[Product Images]

Well, click on 'Insert/edit images', then enter or paste the image URL into the 'Source' field. One just has to resist to click on this folder icon 🙂

URL of the image should be the URL seen in front office, of course. Like https://example.com/6-Niara_large/coffee-beans.jpg

These description fields are just regular HTML; one can do everything HTML allows. Turning off HTMLPurifier in Preferences -> General helps with the more exotic cases.

[Datenbanktabellen anlegen Fehlgeschlagen]

Weder PrestaShop noch thirty bees noch Merchant's Edition sind derzeit kompatibel mit PHP 8. PHP hat uns da ein "hübsches" Ei ins Nest gelegt, indem sie eine Klasse "Attribute" zum Teil der Standarddistribution gemacht hat, die auch die Shop-Software verwendet.

Eine Lösung ist nicht offensichtlich. Gut möglich, dass es dann eine Shop-Version eigens für PHP 8 gibt, die dann jedoch mit diversen Modulen nicht klar kommt.

[Merchant's Edition v1.9.2]

On 4/13/2021 at 12:21 AM, 30knees said:

Unfortunately, I don't understand the technical intricacies about introducing code from each fork. Independent of that, I feel cooperation would be better (assuming Traumflug doesn't want to contribute to thirtybees (and Merchant's Edition) and earn his money as an established partner and contributor).

Well, you read it. All the commits were offered, which certainly counts as contribution. The response is no no no, and a lot of excuses.

At this point it's probably pointless to discuss this further. Merchants have to decide for them selfs whether they want a distribution coming with all known bug fixes or a distribution coming with only the bugfixing subset originating from thirty bees.

[Merchant's Edition v1.9.2]

14 hours ago, datakick said:

That would be too big of a hassle. I believe that we can't just cherry-pick single commit, because that would violate license agreement.

Uhm. You could just pick them and be happy. Every commit mentions the author in its description, license problem solved. Merchant's Edition takes care to keep this authorship while picking, thirty bees can certainly do the same.

Copying code from one open source project to another under compatible licenses is perfectly legal and often exercised practice.

If such practice makes you grumpy you might want to remember where you base your own work on. thirty bees inherits tens of thousands of lines of code from PrestaShop. Tens of thousands of lines of code in vendor/. Thousands of lines of code written by Michael Dekker and, well, me. Half of the recent bugfixing work was donated by users. You got all this for free.

Open source projects don't distinguish by ownership. Open source projects distinguish by distributed feature set, by target audience, by secondary services.

[Merchant's Edition v1.9.2]

A new version of Merchant's Edition was just released:

Github

Merchant’s Edition wishes you good business.

[Content security policy for TB]

Of course I know how XSS works.

24 minutes ago, datakick said:

If attacker somehow manage to inject javascript to the page that is rendered for different user [...]

This "somehow manages" simply must not happen. Neither originating from a browser, nor originating from elsewhere.

[Content security policy for TB]

2 hours ago, datakick said:

Of course they improve security. They wouldn't exists otherwise. They are not intended to stop attackers interacting with the server directly, of course.

If hackers can work around a security measure by simply accessing the server directly, this measure is pointless. Maybe that's why I don't care much about such headers and turn my attention to safety of the code instead.

That said, if these headers don't get into the way, it's fine to add them. Not too easy, because modules have a tendency to grab resources from about everywhere. Fonts, images, icons, some even call home.

[Content security policy for TB]

Setting headers doesn't improve security of a server. A browser can respect these settings, a malicious visitor would simply ignore them. To test server security, there are scripts like testssl.sh: https://testssl.sh/ Don't forget to turn off UFW DoS protection and Fail2Ban while testing, testssl.sh triggers them.

That said, these CORS requests for Core Updater still work.

[Link_rewrite not valid (on products neither carriers)]

In this screencast you edit metas and product name all the time, this doesn't matter. Only this 'URL amigable' field matters. Maybe it's simply too long.

As long as saving reports an error, it's pointless to try in front office anyways.

Also, after changing SEO preferences, reloading a product page doesn't work, because the URL of that page has changed. One has to start over at the home page and also reload that.

With these tips it shouldn't be hard to get this working. There are always these demo products where one can look at.

 

[OSL 3.0 Questions related for commercial use]

You shouldn't modify files coming with the distribution at all. First choice to tweak functionality is to use hooks, this is the most maintainable way. If this doesn't work, one can use overrides.

Common to each of these strategies is that you add files rather than modifying existing ones. Which removes the license question, you can put these files under any license you like, including "proprietary".

That said, if you fix bugs or enhance code in a way interesting for all merchants, it's always a good idea to feed them back to the project. This eases future updates a lot and gives you free maintenance for these changes.

[(solved) cannot upgrade from 1.1.x to 1.2.0]

This is apparently a well known issue elsewhere and connected to libcurl 7.69.1. Switching to an earlier or later version (in cPanel) should solve it. Note that the Curl used by PHP isn't necessarily the same as the Curl used on the command line.

https://github.com/guzzle/guzzle/issues/2617#issuecomment-674176945

[Sell product by weight, including decimals]

I fear, neither PrestaShop nor thirty bees nor Merchant's Edition support dealing with fractional quantities natively.

One can work around this by selling grams and tweaking the theme to look more convenient. Like some JavaScript on the product page to replace '1500 x 1g' with '1.5 kg'.

Another, often seen solution is to offer variants ("Combinations") of the same product in various sizes. Product "flour", then combinations with 0.5 kg, 1.0 kg, 2.5 kg, ... This is supported natively, just like distinct colors.

[Core Updater v2.0.0 by Merchant's Edition]

Core Updater v2.0.0 was just released:

Github

This Core Updater includes all features of thirty bees' Core Updater, but should not confused with it.