Closed (fixed)
Project:
Signup Integration for Ubercart
Version:
6.x-1.x-dev
Component:
Code
Priority:
Critical
Category:
Bug report
Assigned:
Unassigned
Reporter:
Created:
22 Dec 2010 at 17:19 UTC
Updated:
1 Jul 2011 at 21:18 UTC
Jump to comment: Most recent file
Comments
Comment #1
technikh commentedchanging the status to critical as this is a serious security hole.
I see that for pending orders $_SESSION['uc_signup'] is not unset after completing the checkout.
This is causing the module to think that the previous node is also part of current order.
Can anyone please confirm this bug?
Comment #2
Mat77 commentedGetting the same bug:
I'm signing up 2 persons (one in the db, one i create the profil).
I complete the payment, users are signed up, good.
After that, i'm doing the same process.
But after i set the email addresses of the new subscriber, I can see the 2 first users info.
As TechnNikh said, it's a problem with the variable $_SESSION not being flushed after an order.
Any patch available?
Mat
Comment #3
Mat77 commentedFound a way to get rid of it :
If you're using Atos/Sips module, in uc_atos.module, Line 104:
unset($_SESSION['cart_order'], $_SESSION['do_complete']);
I just added the uc_signup session:
unset($_SESSION['cart_order'], $_SESSION['do_complete'], $_SESSION['uc_signup']);
Work for now, but I didn't test every possibilities and it's a module hack, so a real solution would be better.
Comment #4
technikh commentedMy temporary fix was,
I written a conditional action(Action: Execute custom PHP code) which triggers on "Trigger: Customer completes checkout".
The action performs this. unset($_SESSION['uc_signup']);
This fixed the problem.
is it necessary to unset these? $_SESSION['cart_order'] and $_SESSION['do_complete']
worked for now but not sure if this breaks something.
Comment #5
ezra-g commentedThanks for pointing this out. I was able to replicate this behavior, and this is definitely something we want to fix.
Purchase nid 20, pay via check:
mysql> select * from uc_signup_log;
+-----+-----+-----+------+
| oid | sid | uid | type |
+-----+-----+-----+------+
| 100 | 148 | 1 | 0 |
+-----+-----+-----+------+
1 row in set (0.00 sec)
mysql> select * from signup_log;
+-----+-----+-----+--------------------------------+-------------+-----------+----------+---------------------+
| sid | uid | nid | anon_mail | signup_time | form_data | attended | count_towards_limit |
+-----+-----+-----+--------------------------------+-------------+-----------+----------+---------------------+
| 148 | 0 | 20 | placeholder-101826@example.com | 1307026814 | a:0:{} | NULL | 1 |
+-----+-----+-----+--------------------------------+-------------+-----------+----------+---------------------+
1 row in set (0.00 sec)
Purchase nid 4, pay via credit card:
At the attendee contact form, "Please enter additional information about this attendee." displays nids 4 *and* 20 .
Checkout with the new order for nid 4:
mysql> select * from signup_log;
+-----+-----+-----+--------------------------------+-------------+-----------+----------+---------------------+
| sid | uid | nid | anon_mail | signup_time | form_data | attended | count_towards_limit |
+-----+-----+-----+--------------------------------+-------------+-----------+----------+---------------------+
| 148 | 0 | 20 | placeholder-101826@example.com | 1307026814 | a:0:{} | NULL | 1 |
| 149 | 1 | 20 | | 1307026907 | a:0:{} | NULL | 1 |
| 150 | 1 | 4 | | 1307026907 | a:0:{} | NULL | 1 |
+-----+-----+-----+--------------------------------+-------------+-----------+----------+---------------------+
3 rows in set (0.00 sec)
mysql> select * from uc_signup_log;
+-----+-----+-----+------+
| oid | sid | uid | type |
+-----+-----+-----+------+
| 100 | 148 | 1 | 0 |
| 101 | 149 | 1 | 1 |
| 101 | 150 | 1 | 1 |
+-----+-----+-----+------+
3 rows in set (0.00 sec)
Comment #6
ezra-g commentedWe need to remove the signup information from the session when checkout doesn't fail, and we need to verify that products in the session are actually present in the order.
Comment #7
ezra-g commentedComment #8
ezra-g commentedHere's a patch that in my testing corrects this issue in 2 ways: We check that all product nids in the session match product nids in the order, and we clear out the session when hook_order case 'submit' runs.
uc_signup_cart_view_form_submit() should make the data in the session more consistent with what's in the cart, but the submit handling currently in uc_signup is written to be compatible with Ubercart dev, or the upcoming 2.5 release.
It would be great to get feedback on whether this resolves the issue for you. In general, I plan to commit this.
Comment #9
ezra-g commentedThis is committed. Thanks!
http://drupalcode.org/project/uc_signup.git/commit/1867919
Comment #11
technikh commentedSimilar problem still exists with "in checkout" orders
Steps to reproduce:
1) I added quantity 2 for an event in cart. clicked on checkout.
2) signedup myself and my colleague.
3) on the checkout page(https://example.com/cart/checkout) I went back to my cart, changed the quantity to 1 and clicked checkout
4) I see myself and my colleague in "Attendee Signup Information"
so I paid once for an event and I got signedup two people.
same thing with multiple products too..
Comment #12
ezra-g commentedThanks for these steps. I will try to reproduce today.
Comment #13
ezra-g commentedI'm unable to reproduce this behavior with the latest dev version of uc_signup. Can you confirm that you're using this version?
If so, I'd like to make myself available today to see this issue in your environment. Please find me in IRC as ezra-g or use my Drupal.org contact form to get in touch.
Comment #14
ezra-g commentedAlso, please specify the version of Ubercart core that you are using.
Comment #15
technikh commentedI updated to latest uc_signup dev version and this issue got fixed.
FYI
I didn't had this issue before with beta version.
I updated to dev version on 2011-06-11 and got this bug.
Finally the latest dev version fixed it. I didn't had to update ubercart or signup module.
Comment #16
ezra-g commentedThanks for the followup - Glad that's resolved!