Jump to content



Member Since 08 Nov 2008
Offline Last Active May 02 2022 02:11 AM

Topics I've Started

Important Notice About Ez Squarepay Addon

20 March 2022 - 07:38 PM

Square (squareup.com) has deprecated the API used by the Squarepay addon.  We believe existing customers will be able to utilize the current API but we do not know for how long.  We expect you will be able to utilize the current addon for several more months allowing you time to make adjustments.


New customers will not be able to obtain a new "access key" using the original API.  Hence you will NOT be able to create new payment methods using this addon.


We have reviewed the new API.  Given the changes in place that require user-approval of all charges, key feature provided by this addon are no longer capable.  Given that these restrictions are only applicable in EU/UK environments, we find that impacting all other customers with these changes is a poor choice by Square. 


Some of the changes in the new API are:

+ you would not be able to add amounts to an order via the admin panel given that customers will need to provide a code from an email to complete any charge process.


+ checkout requires the user to enter an authentication code that would be sent in email.  We believe this will drive your conversions down. 


Unfortunately, we suggest you either find a different vendor for the Square payment method or switch payment providers.  We have no plans at this time of releasing a new addon that uses the new API.


If you have concerns about the impact this may have on your business, we suggest you contact Square customer support.  We apologize for this inconvenience.  But demands for cs-cart production add-ons no longer support a business model that is profitable.

Csrf On Post Failure

03 May 2021 - 03:23 AM

I'm sure I'm doing/not_doing something but for the life of me, can't find it.

I have an addon  where vendor_multivendor.post.php permissions are true for the controller.

When I try to post the form, it's generating the csrf error message and redirecting to the vendor.php page.


In inspecting with the browser, it is not passing a security_hash in the request data.  I'm not sure what JS triggers adding the security_hash to the POSTed data.  I've double checked and I'm doing things the same way I have in countless other addons.


The form has a total of about 20 variables.  The max_post_data is set to 150M and the max_input_vars is set to 10000.


I think I need a new set of eyes or suggestions on what to check.  Getting brain-fuzzy at this point.

Conditional Script Loading In Checkout

03 April 2021 - 10:11 PM

I have a payment method that needs to load a

<script src="blahblah"....

I have it setup as

<script class="cm-ajax-force" data-no-defer src="blahblah"...

I have this inside of a div that is loaded when a payment processor is selected (other than the default).

However, the script tag is never loaded unless the page is refreshed when the payment method is selected.

The core is removing this tag and I need to know how to have it NOT do so.  


I had hoped the combination of class="cm-ajax-force" and data-no-defer would have had cs-cart leave this alone.


Is there an attribute or micro-class I can use to have it left alone?


I'd just load it at the top except that I need to look at the processor_params to see if it's production or sandbox mode to load the appropriate script. src.


Any help is greatly appreciated.  With scripts, there's so much that goes on behind the scenes, it's hard to keep track of.