| Project: | Ubercart |
| Version: | 7.x-3.x-dev |
| Component: | Payment |
| Category: | bug report |
| Priority: | major |
| Assigned: | Unassigned |
| Status: | closed (fixed) |
Issue Summary
After a successful payment, if user clicks on the "Return to merchant" button from PayPal, he is redirected to page cart/checkout/complete.
But at the same time, browser displays an unwanted scary security warning about moving to a http page from a https page.
At this point, user is forced to click whether "Continue" or "Cancel".
If user clicks "Continue", he will be then redirected to cart with message "Thank you for your order! PayPal will notify us once your payment has been processed.", and can no longer see the useful information displayed on cart/checkout/complete.
This is a major problem that can easily be fixed:
Instead of sending value 2 to PayPal for variable rm (Return Method), 1 should be sent.
This way, the "Return to merchant" button is rendered as a simple link to cart/checkout/complete and no security warning is displayed.
For information, rm=2 is only useful when you want to use POST data sent back by PayPal when returning to merchant. But page callback uc_paypal_complete does not use it at all so it makes no sense here.
Comments
#1
The very simple patch:
#2
The same big patch for 7.x-3.x :-)
#3
Confirmed and committed, thanks for the patches.
This may have to be revisited for #1421298: Is there any Paypal PDT support? but it's a quick fix for now.
#4
Automatically closed -- issue fixed for 2 weeks with no activity.