One could call this a feature request - but since #560358: Cart links don't work with checkbox attributes or textfield attributes is "implemented" and closed it has to be seen as a bug report.

I can't get it to work and have to believe that for some reason part of the original patch got lost. at least this is what is suggested by comment #12 of previous issue.

CommentFileSizeAuthor
#10 uc_cart_links.diff704 bytespianomansam
#3 uc_cart_links_textfield.patch821 bytessmoothify
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

xibun’s picture

xibun CreditAttribution: xibun commented
Version: 6.x-2.x-dev » 6.x-2.3

since this feature was now officially released in v2.3 it would be nice to have it working.
-> using "Display the cart link product action when you add a product to your cart." to generate the config-string gives a string which looks fine - but then when testing it instead of the added string "Array" appears.

smoothify’s picture

smoothify CreditAttribution: smoothify commented

I get this error too, and also believe that it was due to an incomplete patch on #560358: Cart links don't work with checkbox attributes or textfield attributes.

The code from approx line 654 in uc_attribute.module is as follows:

        // Only discrete options can affect the price of an item.
        if ($attribute->display && count($attribute->options)) {
          // There may be many selected options, or just one.
          foreach ((array)$selected as $oid) {
            if ($oid > 0) {
              $options[$index] = (array)$attribute->options[$oid];
              $options[$index]['attribute'] = $name;
              $index++;
            }
          }
        }
        else {
          // Handle textfield attributes.
          $options[$index] = array(
            'attribute' => $name,
            'aid' => $aid,
            'oid' => 0,
            'name' => $selected,
            'cost' => 0,
            'price' => 0,
            'weight' => 0,
          );
        }
        $index++;

Here the $selected variable is treated as an array unless the attribute is a textfield.

I believe the best way around this is to re-instate some of TR's original patch in cart_links to check for an array.

smoothify’s picture

smoothify CreditAttribution: smoothify commented
Status: Active » Needs review
FileSize
uc_cart_links_textfield.patch821 bytes

Here is a patch that works for me with textfield attributes.

xibun’s picture

xibun CreditAttribution: xibun commented
Status: Needs review » Reviewed & tested by the community

just tested this patch - now the textfield attribute works !

one concerns though: site security! the URL can be fabricated... is the text string properly secured against SQL injection?

smoothify’s picture

smoothify CreditAttribution: smoothify commented

This patch doesn't introduce any extra security concerns as far as I can see. The uc_attribute module should be sanitizing all input whether from the url or the textfield itself.

xibun’s picture

xibun CreditAttribution: xibun commented

@smoothify: sorry I wasn't clear. the patch for me is RTBC - the concern was addressed to the Ubercart maintainer as the cart link method might bypass the normal checks.

Mr. Electronic’s picture

Mr. Electronic CreditAttribution: Mr. Electronic commented

Hi

I had the same problem as described in this bug report.

I have tested the patch and it worked correctly on Drupal 6.17 and Ubercart 2.3

Br.
Rune Christensen

xibun’s picture

xibun CreditAttribution: xibun commented
Version: 6.x-2.3 » 6.x-2.x-dev

Ubercart version 2.4 is out now... so this has to target HEAD

anyone checked the security concern? just to be clear: the patch is ok - but it opens a door and I don't know if the room behind is secured..

Lowell’s picture

Lowell CreditAttribution: Lowell commented

subscribing

thank you so much,

this patch solves the text attribute problem for me, going on 2 years old.
AND solves the latest update problem which broke the cart_links with numbers.

I've been using numbers only which caused additional limitations for me, now I can use text strings. Big time saver :-)))

I'm hoping this isn't a security problem though

pianomansam’s picture

pianomansam CreditAttribution: pianomansam commented
Status: Reviewed & tested by the community » Needs work
FileSize
uc_cart_links.diff704 bytes

Does not seem to be working in 2.4! I reworked the patch slightly and it seems to be working now. Please see attached for my version of the patch.

longwave’s picture

longwave
he/him
Primary language English
Location UK
CreditAttribution: longwave commented
Status: Needs work » Needs review
twooten’s picture

twooten CreditAttribution: twooten commented

I can confirm that the patch in comment #10 does work with Ubercart 6.x-2.4.

Thanks!

TR’s picture

TR CreditAttribution: TR commented
Status: Needs review » Fixed

I just reverted to my initial fix from http://drupal.org/node/560358#comment-2556314 . Committed the fix to both the 6.x and 7.x branches.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.