-
Posts
345 -
Joined
-
Last visited
-
Days Won
6
Content Type
Profiles
Forums
Gallery
Downloads
Articles
Store
Blogs
Posts posted by Acer
-
-
Not knowing the exact details of what you are trying to do here makes this a bit difficult.
But maybe try a fresh TB install, patch Panda then install Panda first before you do the migration...?
-
@musicmaster I recently installed Panda on a 1.3 installation and didn't encounter any issues. Same installation is now running 1.4 bleeding edge and so far no issues.
I suggest you try again and if it still doesn't work reach out to the ST themes forums for support as you should have support available after you purchased the theme. Also please post the solution here for anyone else that may encounter the same problem.
PS: from what I remember there was a patch folder for TB in the installation zip. Think you should copy it and try it.
-
1 hour ago, zen said:
ha OK sorry..
I don't sell any PS 1.7 upgrade, never did never will !!
Good man. And it's BS 1.7 bytw.
1 hour ago, zen said:I don't think it will lead anywhere if there is nobody in command, looking to improve the system, specially on front office
I totally agree with you there. Though don't get me wrong I'm grateful that TB is still running and the work that Smile and Datakick have been doing, I'm sure that all of us appreciate it. Because honestly this project in this form could've been dead already.
-
4 minutes ago, zen said:
sorry, but i don't understand your point, let me says it again :
"I installed the last version of PANDA on a PS 1.7, last version, and I was really disapointed by the demos provided for this v2 version, the V1 version for 1.6 and TB was already way too old and not maintened anymore.. but even the 2.0 version (that will never be available for TB) is so outdated that I don't think Panda is going to be a good choice for a theme, that is for PS 1.6, PS 1.7 and TB as well !! so now can you explain me what was your point about ?
Hehehe I was just being cheeky. I was pointing out that you're running BS 1.7 on that site instead of TB 😜
- 1
-
1 minute ago, zen said:
I didn't get your point, sorry ...
Like isn't it supposed to be running TB instead of BS 1.7?
-
15 minutes ago, zen said:
I recently installed it for a presta 1.7
Shouldn't this be a TB site already? 😜
-
10 hours ago, zen said:
Problem is that Panda is not supported anymore for TB and Presta 1.6.. all new demos and upgrades are for presta 1.7 only now.. and still it starts to look very old compared to new themes availables on envato for example.
Panda still runs fine and is mature. It has support in terms of tech and bug support still. It is a solid foundation and has the flexibility to match any of those themes if you have a capable front-end developer to shape it as you wish. It doesn't really need to be updated, perhaps with a new preset layout/design to match the fancy new themes, but not necessary imo. Either way, from what I can gather, it's the best paid theme for TB right now.
-
On 7/27/2022 at 8:16 PM, Euria said:
ST-Themes Panda theme is at the moment the only option which is also being updated and supported.
Panda is an excellent theme. It's extremely versatile and has a bunch of really powerful modules packaged with it. There's no need for the latest bootstrap or whatever. The theme is modern and is mobile responsive ready. On top of that it comes with great support. I've built 3 TB sites with it, customised the shit out of it and remain happy. It's a great foundation for your online store. You can shape it as you see fit.
What more do you need?
-
But how did you resolve the need for it?
-
On 12/28/2018 at 2:35 AM, led24ee said:
Hi. This one (https://addons.prestashop.com/en/sizes-units/24128-product-combination-attribute-dimensions.html) seems to be exactly what I need. Does anyone have experience with this module ?
Hi there @led24ee
So I'm interested in purchasing this module and wanted to know your experience with it?
Did you land up going with it or did you find some free alternative?
-
2 hours ago, e-com said:
Do not modify smarty.config.inc.php as recommended by PrestaShop, because it is a nonsense fix.
This patch encrypts data written to the PREFIX_smarty_cache table, preventing SQL injection attacks.
https://github.com/thirtybees/thirtybees/commit/f215fd84a59b6fee6f4eae4cae190101c926be67Does this work in TB. Can we apply verbatim?
-
Yeah I just found the code block as you mentioned before and did not go line specific. And ran the URL checker plus cleaner script as referenced in the articles you guys posted.
Thankfully my sites are clean.
Anyway, appreciate the posts. It's nice that there is still a TB community with fellow TBers 👍
On 7/22/2022 at 10:02 PM, janoo said:ThirtyBees and PS 1.6 has this code slightly different from in PS 1.7:
you can find it in "./config/smarty.config.inc.php"if (Configuration::get('PS_SMARTY_CACHING_TYPE') == 'mysql') { include(_PS_CLASS_DIR_.'/SmartyCacheResourceMysql.php'); $smarty->caching_type = 'mysql'; }
but principle is as same as in original Prestashop files v 1.6.x and 1.7.x
described in https://build.prestashop.com/news/major-security-vulnerability-on-prestashop-websites/I prefer to comment these lines, not remove at all, but it´s my decision only
Thanks again.
I'd also like to take the opportunity to thank Google Translate 😉 If it wasn't for you buddy, everything would be French for me or better, Czech. You help me make sense if it all 🙂
- 1
-
That's excellent, thanks to all involved and @Mediacom87 @janoo
The instructions and blog post from Janoo and MediaTek seems to cover everything that needs to be done to patch your TB site in this case.
And I know I'm atting @datakicklots here, but will you remove those lines for 1.4 or in a patch update please?
-
On 7/25/2022 at 9:23 AM, WBNet-Wout said:
The PrestaShop article however mentions that the attacker is able to enable using MySQL Smarty cache storage features remotely and that is why they recommend removing those lines, so that if the attacker enables it remotely it will not actually be enabled due to lacking the code for that. Unfortunately there does not seem to be any detail on how the attacker is able to enable it remotely.
See above
-
2 minutes ago, wakabayashi said:
Is there even one TB shop with an issue right now? 🤔
Do we really want to find out? Some could be compromised already and they won't know for a while
-
1 minute ago, wakabayashi said:
As Petr clearly pointed out: just deactivate the mysql cache. IMO you should anyway not use it... Are you using it?
Unfortunately security is still my weakness in coding. I understand, that there is some sql injection possibility. Prestashop seems to believe, that it happens in caching. But the fix does irritate me. There is already pSQL() in use. They just replaced it with another encrypt method.
From what we gathered it seemed that the attackers could somehow override the Smarty cache setting regardless, which means it doesn't matter that we have it on the correct setting. Unless I'm completely mistaken?
So what to do here?
-
13 hours ago, WBNet-Wout said:
PrestaShop has now made a patch available to fix the vulnerability: https://github.com/PrestaShop/PrestaShop/commit/f342765697f5f980e4c6bb537f6575bf5e657077
While we wait for @datakick
What are you guys doing to fix this on your sites? Do you know if it's possible to apply the Prestashop fix to TB in this case?
-
Any idea when we'll have a patch available for 30Bz, please @datakick?
-
3 hours ago, the.rampage.rado said:
I'm rocking this on Warehouse since it was released - I see no issues as of now.
Now for Panda...
-
On 7/1/2022 at 10:18 AM, datakick said:
That's great to hear. I have moved this to bleeding edge, will be part of 1.4.0 (to be released soon).
Fingers crossed. 🙂
Do we know how well this behaves on Warehouse and Panda themes incl. their bundled modules?
-
2 hours ago, datakick said:
I did a little more investigation.
Thisbis a chained exploit. In order for this to be dangerous, you first have to have sql injection vulnerability present in your store.
As far as we know, there is no such vulnerability in core. But there may be, of course. And any native or third party modules can have sql injection vulnerability in their code as well.
If your store is vulnerable to sql injection it is already huge issue. Attacker can update, delete, and possibly read any data in your database. They can change passwords, delete orders, or whatnot.
But if you have enabled mysql smarty cache, this problem is elevated to the stars. Attacker can insert data inside smarty cache table, and smarty library will evaluate this data as php code. Which means that attacker can run arbitrary php code in your store. That's fuc*ing scary
The fix will be quite simle. We will sign any data stored inside this table with secret that is know to php only, not stored in db. Attacker don't know the secret, so they will not be able to insert correctly signed data into the database.
Until the fix is designed, pleas go to Performance settings and ensure you are using filesystem smarty cache implementation. Do not edit core files as suggested above, please.
Thanks @datakick for the update. Please keep us posted and let us know when a patch / update has been released.
-
2 hours ago, datakick said:
Please re-read the first post of this thread. You will see image there that showcase this option -- on individual features, you can enable 'Allow multiple values' functionality.
Ah, perfect, thank you 👍
-
10 minutes ago, datakick said:
That's correct. If you migrate from 1.2, just make sure the db is migrated properly, see the first post in this thread.
Then, you can enable multiple values for individual features, and that's all.
Cool, thank you. So when you say enable multiple values for individual features I assume there's no switch or toggle for that? And that it happens automatically?
-
19 minutes ago, datakick said:
Yes
Hi @datakick
I also created this post
So just to clarify: there's nothing to activate, it's on by default?
Panda question
in English
Posted
Remember to patch Panda before you install it and try a fresh install of TB first. If it's possible to do the migration after.