Post by jeffz2014 » Sat Dec 13, 2014 6:49 am

Version: 2.0.1.0

There are some tax systems that do have tax rate = 0%
Example - some EU VAT rates.

NOTE!
I did not test this to extensively, so I do not know, if it does not wreck havoc elsewhere in the system.
eg.: something * 0 = 0, or something/0 = error
So, if some OpenCart calculations are not "hardened" against such potential use of zero, system may run into problems.
NOTE!

Here is fix.

Go to:
admin/controller/localisation/tax_rate.php

Find and change:

Code: Select all

//find:
if (!$this->request->post['rate'])
{
	$this->error['rate'] = $this->language->get('error_rate');
}


//replace with:
if (!preg_match('/^-?(?:\d+|\d*\.\d+)$/', $this->request->post['rate']) || $this->request->post['rate']<0)
{
	$this->error['rate'] = $this->language->get('error_rate');
}
INFO:
What does replacement does:
it allows through only positive floats and zero, e.g.: 0, 0.2, 2, 4 etc.
it prevents anything like: -2, blah, -4s, 7df etc

Newbie

Posts

Joined
Tue Dec 09, 2014 6:48 am

Post by cozumel » Mon Jul 25, 2016 1:50 am

it`s working. thank you .

Newbie

Posts

Joined
Mon Jul 25, 2016 1:47 am

Post by straightlight » Mon Jul 25, 2016 8:00 pm

jeffz2014 wrote:Version: 2.0.1.0

There are some tax systems that do have tax rate = 0%
Example - some EU VAT rates.

NOTE!
I did not test this to extensively, so I do not know, if it does not wreck havoc elsewhere in the system.
eg.: something * 0 = 0, or something/0 = error
So, if some OpenCart calculations are not "hardened" against such potential use of zero, system may run into problems.
NOTE!

Here is fix.

Go to:
admin/controller/localisation/tax_rate.php

Find and change:

Code: Select all

//find:
if (!$this->request->post['rate'])
{
	$this->error['rate'] = $this->language->get('error_rate');
}


//replace with:
if (!preg_match('/^-?(?:\d+|\d*\.\d+)$/', $this->request->post['rate']) || $this->request->post['rate']<0)
{
	$this->error['rate'] = $this->language->get('error_rate');
}
INFO:
What does replacement does:
it allows through only positive floats and zero, e.g.: 0, 0.2, 2, 4 etc.
it prevents anything like: -2, blah, -4s, 7df etc
I did noticed the validation / sanitizing process around Europe versus other Countries. I helped a client a few weeks back regarding a similar case for one of my extension but you are correct though; preg_match is the right solution for this. Moving solution to the concepts section of the forum since this is not officially a bug but a more advanced validating process that may be needed on that end.

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON
Who is online

Users browsing this forum: Majestic-12 [Bot] and 17 guests