ghost Shipment description in invoice - where is it coming from???

Started by blackrat999, October 23, 2017, 17:00:24 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

blackrat999

October 23, 2017, 17:00:24 PM Last Edit: October 24, 2017, 10:50:17 AM by blackrat999
The "shipment description" comes through to the invoice from the "shipment method" which i am familiar with.
I have an installation which is showing " FreepostStandard post (3/5 days)" on the invoice in place of what should be being shown from the shipment description and I cant find where it is coming from.
I am using Artio Invoicing but this shows on both this one and the VM invoice.
I have checked the database after deleting all the shipment methods and they all go and then when i replace one as a test i wtill get this line on the invoices.
its driving me mad - any ideas where it could be coming from please?

blackrat999

#1
October 24, 2017, 10:50:05 AM
Figured this out, after a site restore i had a sql entry that was inserting the text into a db table, no idea where that had come from !!

INSERT INTO `#__virtuemart_shipment_plg_weight_countries`  VALUES ('16', '16', 'JA8G04', '2', '<span class=\"vmshipment_name\">Freepost</span><span class=\"vmshipment_description\">Standard post (3/5 days)</span>', '........... class=\"vmshipment_name\">Free</span><span class=\"vmshipment_description\">Free Shipping</span>', '0.0000', 'KG', '0.00', '0.00', '-1', '2013-05-23 14:28:58', '0', '2013-05-23 14:28:58', '0', '0000-00-00 00:00:00', '0'), ('280', '280', '62b10164', '5', '<span class=\"vmshipment_name\">Free</span><span class=\"vmshipment_description\">Free Shipping</span>', '0.0000',

Jörgen

#2
October 24, 2017, 11:14:06 AM
Hello

In what file did You find this sql? Things just don´t appear out of thin air.

regards

Jörgen @ Kreativ Fotografi
Joomla 3.9.18
Virtuemart 3.4.x
Olympiantheme Hera (customized)
This reflects current status when viewing old post.

blackrat999

#3
October 24, 2017, 11:54:16 AM
Yes i have been doing some digging to see what it is all about, the injection itself didnt look suspicious but some of the other ones are.

I found it doing a search with Agent Ransack on a full site backup. inside
installation/sql i found 21 files site.s01.sql to site.s21.sql and the "rogue" injection was in number 20

this installation folder isnt on the server. The sql files all seem to start with an Easyblog reference

INSERT INTO `#__easyblog_trackback` VALUES ('2375', '2', '211.97.155.83', 'Hollister', 'A. M. Lyles – the manufacturer, publicis Hollister t and additiona http://fr-hollister.webpaper.co/ lly amongst the go on connections to make sure you Hollywood's original many – comes with expired located at age 89. The person was first decades un http://italia-oakley.iconosites.com/ wanted for 1928 the moment the person given out',

and this table is present in the database i am doing some experimenting with a site copy, it is looking suspicious!

blackrat999

#4
October 24, 2017, 16:53:44 PM
originally this was in an Akeeba backup restore file, amongst a load of other sql files to update components was this one that "restored" an old shipping description and then for some reason seemed to force itself onto every other shipping method, once removed from the database all is now back to normal.
Print
Go Up Pages1
User actions