Forum Replies Created
-
Posts
-
Seem that Pattchstack already send you information regading the Vulnerability. See hereafter.
Patchstack contact email is: sander.jurgens@patchstack.intercom-mail.com
————————————————
Sander from Patchstack <sander.jurgens@patchstack.intercom-mail.com>
Hello!
They have all the vulnerability details sent to them already (we contact vendors multiple times with details to fix it).
If they fail to find the emails, they can contact the support here (this is our only official support place)I am not sure where they have turned to before..
Sander
PatchstackHi Sangita,
Please contact Patchstack for more information about the vulnerability. The information is only disclosed to those who have permission to know, in this case, you.
Hello Sangita.
I’m spending a lot of time trying to help, even though I’ve already resolved it on my end. I won’t continue here after this comment…
I’m also a developer and, regardless of the scenario and the conditions to be met, you need to check if the field is set to a value to check “is_vendor_dashboard_page”, the rest of the conditions are not important.It’s simple: is it the vendor’s dashboard page? If it is not defined in the MVX settings, it is not. And your code is returning as if it were.
Hello Sangita.
Ok, a more detailed flow:
We have our custom dashboard that replaces wp-admin for vendors and vendor staffs. However, they still have access to the front of our website when logged in. When they go to the front, all the JS files registered by our theme disappear because the MVX filter ‘mvx_frontend_enqueue_scripts’ is removing them.What is the function of this filter?
It checks if the user is located in the vendor dashboard and, if yes, it removes all added scripts by theme. Ok, makes sense.Why does the filter remove them even when the user is not in the vendor’s dashboard?
When MVX checks if the user is on the vendor’s dashboard, it returns true because the “Vendor Dashboard Field” in the MVX settings is empty or has been set to a page that no longer exists. It should return false.Solution
When checking, the code must consider whether the page actually exists or whether the field is defined in the MVX Settings.
That’s what I suggested in the last messages.Test it:
Delete the Vendor’s Dashboard page completely and go to the front logged as a Vendor.Hello Sangita. Our license has not expired. We placed the order on September 30, 2023.
About our flow: We have a custom dashboard for vendors, so we don’t use yours. Thus, when checking if the user is on the vendor’s dashboard page and this page does not exist (or is not defined in the MVX settings), the function incorrectly returns true, as if it were the vendor’s dashboard page. I added a condition to check if it isn’t empty (see image).
In my case, as this function returned true, MVX removed all scripts inserted by theme from the queue and should not behave this way.
WCMp has been promising HPOS compatibility for years (at least since 2021.
Any date to get HPOS compatibility ?Hi Sangita, I don’t want to assign a product to multiple vendors. What I mean is that to “replace” the currently assigned vendor, I need to click the “Unassign” button, the page reloads and only then I can assign a new vendor. If I were making a modification to the product, I would need to stop to wait for this reassignment.
When a vendor is assigned, all the others vendors are hidden from <select>. Why not simply be able to change the selected option in “vendor selection”, instead of going through this flow, without having to click the unassign button? Is it not possible due to some permission issue?
I understand… but wouldn’t the process of changing the product vendor (as an admin) through <select> be the same as unnasigning and assigning a new vendor?
Isn’t it easier to handle?
Hello Sangita,
We’re not using advanced frontend manager. We currently use the wp-admin.
Even if you prefer AFM, it’s worth doing this for wp-admin, as I imagine other people will use it.When saving the information, I noticed that you check the user’s permission, but not when displaying it.
I had to overwrite these lines of code.
Ok, I’ll send it.
I made a php code to auto replace the deprecated functions/shortcodes/hooks.
I don’t have access to the new modules, so they’re not there and I’ll add them as soon as I have access to pro.https://gist.github.com/victormattosvm/b22a0e02497413763586108f5996b934
We have been customers with paid version for 3 sites for a long time. This change of policy is really a problem
3 sites to 1 site and double the price. Thanks from an old customer that help debugging !Any way to let us satisfied ?
How do we get trial (option C ) to evaluate which version we need ? Sounds that we will need Pro version even if we use only few plugins.
Note that we have a production server and 2 tests servers: STAGING and HOMOLOG server. Some years ago you gave us 3 licence to allow STAGING and HOMOLOG. How do you solve STAGING and HOMOLOG now ?
IT ‘S URGENT
In fact I only named this plugin to ilustrate my question. Quite sure it wiould not be compatible as WCMp already use “packages” to split cart between sellers
we need answer and help from WCMp on this point.
Have a look at this: https://woocommerce.com/document/woocommerce-advanced-shipping-packages/
The flow should split the Vendor shipping in seperates packages, each one shipped by different shipping method.
Cart contains products of shipping class “A”, And Vendor = vendor1
Cart contains products of shipping class “B”, And Vendor = vendor1
In cart, each package have its own shipping method.
WCMp is already using packages to split shipping between sellers. This functions sounds compatible with the way WCMp works.
Please let me know.
