Re: OpenCart 1.5.1.1 Bug Thread

Post by jcsmithy » Sun Jul 31, 2011 1:04 am

File:

Code: Select all

admin/model/sale/order.php
Line 110 : AddOrder function

Full Query:

Code: Select all

$this->db->query("INSERT INTO " . DB_PREFIX . "order SET invoice_no = '" . (int)$invoice_no . "', invoice_prefix = '" . $this->db->escape($this->config->get('config_invoice_prefix')) . "', store_id = '" . (int)$data['store_id'] . "', store_name = '" . $this->db->escape($store_name) . "', store_url = '" . $this->db->escape($store_url) . "', customer_id = '" . (int)$data['customer_id'] . "', customer_group_id = '" . (int)$customer_group_id . "', firstname = '" . $this->db->escape($data['firstname']) . "', lastname = '" . $this->db->escape($data['lastname']) . "', email = '" . $this->db->escape($data['email']) . "', telephone = '" . $this->db->escape($data['telephone']) . "', fax = '" . $this->db->escape($data['fax']) . "', shipping_firstname = '" . $this->db->escape($data['shipping_firstname']) . "', shipping_lastname = '" . $this->db->escape($data['shipping_lastname']) . "',  shipping_company = '" . $this->db->escape($data['shipping_company']) . "', shipping_address_1 = '" . $this->db->escape($data['shipping_address_1']) . "', shipping_address_2 = '" . $this->db->escape($data['shipping_address_2']) . "', shipping_city = '" . $this->db->escape($data['shipping_city']) . "', shipping_postcode = '" . $this->db->escape($data['shipping_postcode']) . "', shipping_country = '" . $this->db->escape($shipping_country) . "', shipping_country_id = '" . (int)$data['shipping_country_id'] . "', shipping_zone = '" . $this->db->escape($shipping_zone) . ", shipping_zone_id = '" . (int)$data['shipping_zone_id'] . "', shipping_address_format = '" . $this->db->escape($shipping_address_format) . "', shipping_method = '" . $this->db->escape($data['shipping_method']) . "', payment_firstname = '" . $this->db->escape($data['payment_firstname']) . "', payment_lastname = '" . $this->db->escape($data['payment_lastname']) . "', payment_company = '" . $this->db->escape($data['payment_company']) . "', payment_address_1 = '" . $this->db->escape($data['payment_address_1']) . "', payment_address_2 = '" . $this->db->escape($data['payment_address_2']) . "', payment_city = '" . $this->db->escape($data['payment_city']) . "', payment_postcode = '" . $this->db->escape($data['payment_postcode']) . "', payment_country = '" . $this->db->escape($payment_country) . "', payment_country_id = '" . (int)$data['payment_country_id'] . "', payment_zone = '" . $this->db->escape($payment_zone) . "', payment_zone_id = '" . (int)$data['payment_zone_id'] . "', payment_address_format = '" . $this->db->escape($payment_address_format) . "', payment_method = '" . $this->db->escape($data['payment_method']) . "', comment = '" . $this->db->escape($data['comment']) . "', total = '" . (float)$total . "', order_status_id = '" . (int)$data['order_status_id'] . "', affiliate_id  = '" . (int)$data['affiliate_id'] . "', language_id = '" . (int)$data['affiliate_id'] . "', currency_id = '" . $this->db->escape($this->config->get('config_currency')) . "', currency_code = '" . $this->db->escape($currency_code) . "', currency_value = '" . (float)$currency_value . "', date_added = NOW(), date_modified = NOW()");
Problem Part:

Code: Select all

language_id = '" . (int)$data['affiliate_id'] . "'
jcsmithy
Active Member
Posts
372
Joined
Fri Oct 01, 2010 9:54 pm
Top

Re: OpenCart 1.5.1.1 Bug Thread

Post by Daniel » Sun Jul 31, 2011 12:30 pm

this is still a work in progress.

OpenCart®
Project Owner & Developer.

User avatar
Daniel
Administrator
Posts
5627
Joined
Fri Nov 03, 2006 6:57 pm
Top

Re: OpenCart 1.5.1.1 Bug Thread

Post by emq » Sun Jul 31, 2011 6:53 pm

I'm not quite sure, but it looks like the reward points are not subtracted from customer's account after use

edit: just tried again - worked fine, except in order detail I see option to 'remove points' from the latest order (that I just made with using all the points I had) instead of 'add'

edit2: well, after removing the points and adding them again I see the problem - all previous points that I used were added again plus the one from current order. It's hard for me to explain so please check it by yourself maybe.
emq
Newbie
Posts
9
Joined
Tue Jan 04, 2011 6:42 pm
Top

Re: OpenCart 1.5.1.1 Bug Thread

Post by i2Paq » Sun Jul 31, 2011 9:06 pm

Using 1.5.1.1, clean install and only the Dutch language added.

Goto: Configuration -> Setting ->
Then: Select Store for edit:
Goto: General Tab ->
You will see that the Store Url setting is missing.

BUG tracker.

Hmm, it has been moved to the \admin\config.php which is the most obvious location.

Norman in 't Veldt
Moderator OpenCart Forums
_________________ READ and Search BEFORE POSTING _________________

Our FREE search: Find your answer FAST!.

[How to] BTW + Verzend + betaal setup.

User avatar
i2Paq
Global Moderator
Posts
12244
Joined
Mon Nov 09, 2009 7:00 pm
Location - Winkel - The Netherlands
Top

Re: OpenCart 1.5.1.1 Bug Thread

Post by Xsecrets » Sun Jul 31, 2011 10:33 pm

i2Paq wrote:Using 1.5.1.1, clean install and only the Dutch language added.

Goto: Configuration -> Setting ->
Then: Select Store for edit:
Goto: General Tab ->
You will see that the Store Url setting is missing.

BUG tracker.

Hmm, it has been moved to the \admin\config.php which is the most obvious location.
actually the admin/config.php has always had it in there. The one that used to be in the settings got moved back into the root config.php file.

OpenCart commercial mods and development http://spotonsolutions.net
Layered Navigation
Shipment Tracking
Vehicle Year/Make/Model Filter

Xsecrets
Guru Member
Posts
5017
Joined
Sun Oct 25, 2009 3:51 am
Location - FL US
Top

Re: OpenCart 1.5.1.1 Bug Thread

Post by JNeuhoff » Mon Aug 01, 2011 1:33 am

In file admin/model/sale/customer.php, in function getTotalCustomers, it misses the following filter code:

Code: Select all

		if (isset($data['filter_ip']) && !is_null($data['filter_ip'])) {
			$implode[] = "customer_id IN (SELECT customer_id FROM " . DB_PREFIX . "customer_ip WHERE ip = '" . $this->db->escape($data['filter_ip']) . "')";
		}
This makes sure that function getTotalCustomers always returns the same number of customers as in getCustomers when using the filter_ip.

While we are at it: In function getCustomers, the sort_data

Code: Select all

		$sort_data = array(
			'name',
			'c.email',
			'customer_group',
			'c.status',
			'c.ip',
			'c.date_added'
		);
should be replaced with:

Code: Select all

		$sort_data = array(
			'name',
			'c.email',
			'customer_group',
			'c.status',
			'c.approved',
			'c.ip',
			'c.date_added'
		);

Export/Import Tool * SpamBot Buster * Unused Images Manager * Instant Option Price Calculator * Number Option * Google Tag Manager * Survey Plus * OpenTwig

User avatar
JNeuhoff
Guru Member
Posts
7450
Joined
Wed Dec 05, 2007 3:38 am
Top

Re: OpenCart 1.5.1.1 Bug Thread

Post by incan » Mon Aug 01, 2011 4:06 pm

Thanks for adding the ´Select All / Unselect All´ in user group! :) :)
Please, can you also add this function in ´backup / Restore´ in next version?
incan
Active Member
Posts
234
Joined
Fri May 28, 2010 5:53 pm
Top

Paypal controller security hole

Post by israelshirk » Tue Aug 02, 2011 7:37 am

This allows one to spoof Paypal's verification, in controller/payment/pp_standard, function callback() :

Code: Select all

[b]if ((strcmp($response, 'VERIFIED') == 0 || strcmp($response, 'UNVERIFIED') == 0) && isset($this->request->post['payment_status'])) {[/b]
Paypal returns UNVERIFIED, but we still process the order as if it was VERIFIED. Works in the wild, you just spoof the encryption of $this->request->post['custom']. Pretty darn simple to exploit too.

When it gets an UNVERIFIED back from paypal, it needs to exit immediately. I don't have time to check whether it works in other paypal methods.

Seems like it goes pretty far back in the opencart version history as well. Hope this doesn't cause too many headaches.
israelshirk
Newbie
Posts
2
Joined
Tue Aug 02, 2011 7:21 am
Top

Re: Paypal controller security hole

Post by Daniel » Tue Aug 02, 2011 8:07 pm

israelshirk wrote:This allows one to spoof Paypal's verification, in controller/payment/pp_standard, function callback() :

Code: Select all

[b]if ((strcmp($response, 'VERIFIED') == 0 || strcmp($response, 'UNVERIFIED') == 0) && isset($this->request->post['payment_status'])) {[/b]
Paypal returns UNVERIFIED, but we still process the order as if it was VERIFIED. Works in the wild, you just spoof the encryption of $this->request->post['custom']. Pretty darn simple to exploit too.

When it gets an UNVERIFIED back from paypal, it needs to exit immediately. I don't have time to check whether it works in other paypal methods.

Seems like it goes pretty far back in the opencart version history as well. Hope this doesn't cause too many headaches.

the order goes through but it does not reach the completed order status. it goes to the default store status.

OpenCart®
Project Owner & Developer.

User avatar
Daniel
Administrator
Posts
5627
Joined
Fri Nov 03, 2006 6:57 pm
Top

Re: Paypal controller security hole

Post by israelshirk » Wed Aug 03, 2011 12:46 am

the order goes through but it does not reach the completed order status. it goes to the default store status.
There's a pretty wide degree of variability here. Then it's dependent on store configuration, the amount of modification done to fulfillment, and whether other (custom) controllers know to check for this.
israelshirk
Newbie
Posts
2
Joined
Tue Aug 02, 2011 7:21 am
Top

BUG: Notice: Undefined variable:....

Post by Remmes » Wed Aug 03, 2011 3:34 am

Hello,

Clean install: When not logged in as a customer, after ordering, opening the 'view your order'-link in the confirmation email, will results in:

Notice: Undefined variable: order_id in /home/remk0/public_html/asystems.nl/opencart/catalog/controller/account/order.php on line 110Warning: Cannot modify header information - headers already sent by (output started at /home/remk0/public_html/asystems.nl/opencart/index.php:100) in /home/remk0/public_html/asystems.nl/opencart/system/engine/controller.php on line 28Warning: Cannot modify header information - headers already sent by (output started at /home/remk0/public_html/asystems.nl/opencart/index.php:100) in /home/remk0/public_html/asystems.nl/opencart/system/engine/controller.php on line 29
and nothing else on the screen.

When you are logged in as a customer, the link works just fine and you'll see your order on the screen. ???

Reinstalled again, still the same problem. so i guess it's a bug then...
Last edited by Remmes on Wed Aug 03, 2011 7:07 pm, edited 2 times in total.
Remmes
Newbie
Posts
4
Joined
Wed Aug 03, 2011 3:24 am
Top

Re: OpenCart 1.5.1.1 Bug Thread

Post by Robert1 » Wed Aug 03, 2011 9:37 am

Found bug the first time goto make a product it creates a special for that product that takes $90 off the value of the product every time I create a new product and save it. Once It's saved and I goto edit and remove the special then it works.
Robert1
Newbie
Posts
2
Joined
Fri Jun 03, 2011 3:37 am
Top

Re: OpenCart 1.5.1.1 Bug Thread

Post by i2Paq » Wed Aug 03, 2011 1:00 pm

Robert1 wrote:Found bug the first time goto make a product it creates a special for that product that takes $90 off the value of the product every time I create a new product and save it. Once It's saved and I goto edit and remove the special then it works.
You have an older version, probably 1.5.x and updated to 1.5.1.1 as this has already been fixt.
Next time please read the Bug topics that belong to your version and read the BUG forum.

Norman in 't Veldt
Moderator OpenCart Forums
_________________ READ and Search BEFORE POSTING _________________

Our FREE search: Find your answer FAST!.

[How to] BTW + Verzend + betaal setup.

User avatar
i2Paq
Global Moderator
Posts
12244
Joined
Mon Nov 09, 2009 7:00 pm
Location - Winkel - The Netherlands
Top

Re: OpenCart 1.5.1.1 Bug Thread

Post by Simplicity » Wed Aug 03, 2011 8:38 pm

What's the best practice to track bugs for Opencart? It's still a mystery for me ::)
Q posts all (almost) bug fixes in the first message of corresponding version, what about v1.5.1 (and other 1.5.x)? Where should average Joe look for it? SVN is for devs only, right? ::)
Simplicity
New member
Posts
49
Joined
Fri Mar 11, 2011 6:26 am
Top

Re: OpenCart 1.5.1.1 Bug Thread

Post by Daniel » Wed Aug 03, 2011 9:27 pm

the mods are welcome to alter my post. i don;t have time to keep updating it. i'm heavy deep into coding the order editor.

OpenCart®
Project Owner & Developer.

User avatar
Daniel
Administrator
Posts
5627
Joined
Fri Nov 03, 2006 6:57 pm
Top

Re: OpenCart 1.5.1.1 Bug Thread

Post by Simplicity » Wed Aug 03, 2011 9:42 pm

Daniel wrote:the mods are welcome to alter my post. i don;t have time to keep updating it. i'm heavy deep into coding the order editor.
No problem with that. Do your stuff, I'll wait for some regular people who will share their view how to keep track on all bug fixes ;) Should I use SVN and is it always 100% accurate? Thank you ;)
Simplicity
New member
Posts
49
Joined
Fri Mar 11, 2011 6:26 am
Top

Re: BUG: Notice: Undefined variable:....

Post by i2Paq » Thu Aug 04, 2011 3:36 am

Remmes wrote:opening the 'view your order'-link in the confirmation email
What version of OpenCart as 1.5.1.1 does not have this link when ordering via Guest Checkout.

Norman in 't Veldt
Moderator OpenCart Forums
_________________ READ and Search BEFORE POSTING _________________

Our FREE search: Find your answer FAST!.

[How to] BTW + Verzend + betaal setup.

User avatar
i2Paq
Global Moderator
Posts
12244
Joined
Mon Nov 09, 2009 7:00 pm
Location - Winkel - The Netherlands
Top

Re: OpenCart 1.5.1.1 Bug Thread

Post by marcelwoo » Fri Aug 05, 2011 9:24 am

When you click on the "affiliate" link on the order detail page, you will be redirected to a page saying "Permission Denied".
I have double checked and made sure that user permission has been assigned for my user group.
check the screenshot.
affiliate_bug01.png

affiliate_bug01.png (26.94 KiB) Viewed 6107 times

affiliate_bug02.png

affiliate_bug02.png (14.3 KiB) Viewed 6107 times

"We help each other to grow". That's the opencart community!

All free mods
Home Based Ebay business Opportunity(not ads)

User avatar
marcelwoo
Active Member
Posts
287
Joined
Tue Mar 29, 2011 1:45 am
Top

Re: OpenCart 1.5.1.1 Bug Thread

Post by fido-x » Fri Aug 05, 2011 12:44 pm

marcelwoo wrote:When you click on the "affiliate" link on the order detail page, you will be redirected to a page saying "Permission Denied".
I have double checked and made sure that user permission has been assigned for my user group.
There's a "typo" on line 1257 of "admin/controller/sale/order.php":

Code: Select all

$this->data['affiliate'] = $this->url->link('sale/affliate/update', 'token=' . $this->session->data['token'] . '&affiliate_id=' . $order_info['affiliate_id'], 'SSL'); 
Should be:

Code: Select all

$this->data['affiliate'] = $this->url->link('sale/affiliate/update', 'token=' . $this->session->data['token'] . '&affiliate_id=' . $order_info['affiliate_id'], 'SSL'); 

Image
Modules for OpenCart 2.3.0.2
Homepage Module [Free - since OpenCart 0.7.7]
Multistore Extensions
Store Manager Multi-Vendor/Multi-Store management tool

If you're not living on the edge ... you're taking up too much space!

User avatar
fido-x
Expert Member
Posts
2644
Joined
Sat Jun 28, 2008 1:09 am
Location - Tasmania, Australia
Top

Re: OpenCart 1.5.1.1 Bug Thread

Post by opencartisalright » Fri Aug 05, 2011 5:09 pm

Maybe this is an unfinished feature, but what is the point of the "Generate Invoice No." Link in the admin panel on the order details page? Because an invoice ID is already automatically generated and clicking the Generate link doesn't do anything (it's not actually linked to anything). So I'm assuming this is a "coming soon" feature, correct?
opencartisalright
Active Member
Posts
371
Joined
Mon Feb 21, 2011 4:09 am
Top
Locked
Return to “Bug Reports”
Who is online

Users browsing this forum: No registered users and 21 guests