Security patch

We have reported this fault from day one of the patch, in a couple of versions ( we have not yet tried 5.2.2 due to reported problems from other users )

We have not had an update to this fault, expect a very poor reply from 'Mark' completing avoiding the question, and stating information about 5.2.2.

We have updated from 5.0.3 to 5.0.4. Problems we are encountering:

When a user fills out a form using their credit card details, it redirects them to the login form (logs them out).

After we applied patch on 5.1.3 and updated to 5.1.4, no payments are being credited/applied to invoices. The problem exists with paypal and 2checkout. Yesterday, I upgraded installation to 5.1.5 as per suggestion in Ticket #JBX-160812 but the problem still exists.

This is very unprofessional way to release patches.

I applied the security patch to version 4.5.3 - the day it was anounced - this completley screwed the system up with a licence error - support sorted this but the system does not work - I have not had a single new client as the domain lookup sends the user straight to a login page - I have had a ticket open for six days but can not get a reply - is there anyone out there who knows what is happening - my business is quickly going down the pan!!!!!!!!

I have had a ticket open for six days but can not get a reply - is there anyone out there who knows what is happening - my business is quickly going down the pan!!!!!!!!

What is your ticket number, please? Feel free to send it via PM if you prefer.

what is your ticket number, please? Feel free to send it via pm if you prefer.

#kgg-706684

#kgg-706684

Very sorry for the delay. Your ticket is flagged to one of our developers. We are working to get to your issue as soon as we can and we will have an update for you shortly.

Hi James,

my ticket number is #BCC-904788

Sorry but I have been waiting over 24 hours and have had a lot of new orders via credit card redirect the user back to the client area login page upon payment. This has occurred ever since upgrading from 5.0.3 to 5.0.4. I would appreciate it if you could get a developer to look into this as soon as possible.

We're having the same exact error. Authorize.net?

We have updated from 5.0.3 to 5.0.4. Problems we are encountering:

 

When a user fills out a form using their credit card details, it redirects them to the login form (logs them out).

Were using eWay, I dont believe its an issue with the payment gateway files, something has been modified with the core files with the security patch triggering this...

I updated my ticket over 24 hours ago and no response. I even opened a new one in case my responding to my original un-responded to ticket set it further back in the queue. I guess they're getting slammed with issues right now.

Sure would be nice to process new CC orders.

Certainly would be, this should be treated as high priority... we have been 3 days without properly processing CC orders due to a poorly executed WHMCS security patch that was released... this is absolutely ridiculous. I receive a response, I respond and wait 24 - 48 hours each time.

We're still 5.1.3, didn't go ahead with the upgrade yet. Is it safe to go to 5.1.5 now or are there still outstanding issues? Thanks.

I'm on 5.1.5 and it's pretty stable for me...

The patched version? I tried updating from patched 5.0.4 to 5.1.5 and then 5.22. Both resulted in an odd redirection issue when I tried to login to the admin area (redirected to the general WHM area where you can login or purchase new services).

I'm on 5.1.5 and it's pretty stable for me...

Same with us and waiting 24 hours in between support replies is not cutting it. We have over 100 licenses with WHMCS and need this resolved.

Sorry but I have been waiting over 24 hours and have had a lot of new orders via credit card redirect the user back to the client area login page upon payment. This has occurred ever since upgrading from 5.0.3 to 5.0.4. I would appreciate it if you could get a developer to look into this as soon as possible.

We've also noticed that as of Mar 22, all credit card orders that come through, remain in incomplete payment status. I have to manually run the invoice command "Attempt charge" to bill client and process order. We patched our system the day the security fix was released (I think Mar 14th?). We are also running 5.0.4 and using PSigate. PayPal appears to be unaffected by this. We need to get this resolved ASAP.

Hello,

5.2.1 doesn't appear to have this issue. PayPal IPN is being sorted for 5.x now. Updates shortly.

Where is 5.2.1? I dont see it anywhere. Can anyone tell us where v5.2.1 is? To get to 5.2.2 it says you should be running 5.2.1 but i dont see it as a download option.

Hello,

You can download the full version of 5.2.2 inside the client area downloads and upgrade from any version to 5.2.2

The 5.0.4 creditcard.php file has been modified with something causing an issue with credit card payments being accepted. It took me almost 1 week of going back and forth with WHMCS directly to realize that the staff were absolutely useless.

I received a response from one representative stating that the issue was with our "heavily modified cart" and a "sessions" variable, this was simply incorrect, we used the ?systpl variable to switch to the portal template of the cart supplied by WHMCS, guess what - the same issue occurred and we were still unable to accept credit card payments.

We created a FTP account for WHMCS as they "required" ftp access to fix this issue, we monitored their movements.

WHMCS downloaded all the hooks and modified 2 of the files by removing base64 code from them. I haven't brought this up in the ticket with WHMCS however no staff member even notified us of these changes..., luckily we had a backup and were able to compare the 2 files to see what WHMCS modified.

What frustrates me is that the staff are just putting the blame directly on our installation or our cart with no actual hard facts. Unfortunately Chris your response is what burned me the most, you stated that you used the systpl to make a payment via CC and that it worked - I then had myself and our lead WHMCS developer do the exact same thing by replacing the systpl to the "portal" which didn't actually allow the credit card payment to be processed or declined (using fake details), it just took the user back to the WHMCS login page upon completing their order.

The support supplied by the WHMCS staff is very unprofessional to say the least. The latest update has been an absolutely nightmare and has costed us lost time and money.

I have isolated the issue down to an issue with the actual 5.0.4 patch that was applied. To isolate the issue we simply applied the old 5.0.3 creditcard.php file back into the whmcs folder. We then tested a credit card payment which worked without any issues. So now were running an insecure version of the creditcard.php file thanks to WHMCS rolling out a bad patch.

Yup, looks like we are seeing the credit card issue on 5.0.4 too.. awesome. Time to send a ticket into limbo, I guess.

When placing a new credit card order, rather than processing the payment as expected the client is simply redirected to the login page (nothing is shown in the gateway log either). The new client then has to log into the client area and pay the invoice from the 'view invoice' page, or contact us for us to attempt the capture from the admin side.

I hope you get a fix for that, we have an open ticket on it with no response since the 20th.

We were given a rc 5.0.5 patch which fixed the logging out of the client, but created a new payment error.

Awaiting response/fix/update to it

Disappointment does not even come near how we feel at this time, such a shame, as you can only rate a product by the support given, as we all make mistakes, but it is how they are fixed that counts.

We need a fix for this ASAP!

Is replacing 5.0.4 creditcard.php with the same named file from version 5.0.3 still the only fix?

Also, since the patch to upgrade WHMCS from 5.0.3 to 5.0.4, the integration code token value updates with every WHMCS login. This results in domain checks, for example using the Domain Availability Lookup code to redirect to the client login page when a domain search is submitted.

I've seen others with same issue (and still do when I've checked their sites) but I can't find a fix anywhere. I've asked support 16 hours ago but no reply yet

Same issue here, no fix yet & it's been 72 hours without a response from WHMCS.