News:

You may pay someone to create your store, or you visit our seminar and become a professional yourself with the silver certification

Main Menu

ghost Shipment description in invoice - where is it coming from???

Started by blackrat999, October 23, 2017, 17:00:24 PM

Previous topic - Next topic

blackrat999

The "shipment description" comes through to the invoice from the "shipment method" which i am familiar with.
I have an installation which is showing " FreepostStandard post (3/5 days)" on the invoice in place of what should be being shown from the shipment description and I cant find where it is coming from.
I am using Artio Invoicing but this shows on both this one and the VM invoice.
I have checked the database after deleting all the shipment methods and they all go and then when i replace one as a test i wtill get this line on the invoices.
its driving me mad - any ideas where it could be coming from please?


blackrat999

Figured this out, after a site restore i had a sql entry that was inserting the text into a db table, no idea where that had come from !!

INSERT INTO `#__virtuemart_shipment_plg_weight_countries`  VALUES ('16', '16', 'JA8G04', '2', '<span class=\"vmshipment_name\">Freepost</span><span class=\"vmshipment_description\">Standard post (3/5 days)</span>', '........... class=\"vmshipment_name\">Free</span><span class=\"vmshipment_description\">Free Shipping</span>', '0.0000', 'KG', '0.00', '0.00', '-1', '2013-05-23 14:28:58', '0', '2013-05-23 14:28:58', '0', '0000-00-00 00:00:00', '0'), ('280', '280', '62b10164', '5', '<span class=\"vmshipment_name\">Free</span><span class=\"vmshipment_description\">Free Shipping</span>', '0.0000',

Jörgen

Hello

In what file did You find this sql? Things just don´t appear out of thin air.

regards

Jörgen @ Kreativ Fotografi
Joomla 3.9.18
Virtuemart 3.4.x
Olympiantheme Hera (customized)
This reflects current status when viewing old post.

blackrat999

Yes i have been doing some digging to see what it is all about, the injection itself didnt look suspicious but some of the other ones are.

I found it doing a search with Agent Ransack on a full site backup. inside
installation/sql i found 21 files site.s01.sql to site.s21.sql and the "rogue" injection was in number 20

this installation folder isnt on the server. The sql files all seem to start with an Easyblog reference

INSERT INTO `#__easyblog_trackback` VALUES ('2375', '2', '211.97.155.83', 'Hollister', 'A. M. Lyles – the manufacturer, publicis Hollister t and additiona http://fr-hollister.webpaper.co/ lly amongst the go on connections to make sure you Hollywood's original many – comes with expired located at age 89. The person was first decades un http://italia-oakley.iconosites.com/ wanted for 1928 the moment the person given out',

and this table is present in the database i am doing some experimenting with a site copy, it is looking suspicious!

blackrat999

originally this was in an Akeeba backup restore file, amongst a load of other sql files to update components was this one that "restored" an old shipping description and then for some reason seemed to force itself onto every other shipping method, once removed from the database all is now back to normal.