Problem/Motivation

Create a Coupon code "WHOOPS".

Apply the coupon using "WHOOPS". It works.

Apply it again, using "WHOOPS". It reports that the coupon has already been applied to the order.

Apply it again using "whoops".

Because the comparison is using the == operator a case-sensitive comparison is done and the coupon is not rejected. You can repeatedly apply the coupon. For a fixed price coupon, this can drive the price to 0 and below!

Proposed resolution

Use strcasecmp to do a case insensitive comparison. My only concern is most of the other comparisons are done using database queries, so if the backend database uses a different algorithm, we could end up with different results in other code paths.

Remaining tasks

Patch will be added after I post this and get an issue number. Just a one line change.

Comments

tomtech’s picture

Status: Active » Needs review
StatusFileSize
new621 bytes

Patch is attached to address the issue.

tomtech’s picture

StatusFileSize
new619 bytes

Sorry, typo in previous patch.

How do I screw up a one line patch? :-p

Here it is.

googletorp’s picture

Status: Needs review » Reviewed & tested by the community

Works like a charm.

pcambra’s picture

Status: Reviewed & tested by the community » Fixed

Great catch, thanks

Fixed

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.