Couldn't find existing issue so I decide to create new one. I just quote beginning of issue found on ubercart.org site.
I'm testing our ubercart module and I can't seem to get to the review page. Every time I hit the check out button and the button of the page I get this error "To protect our customers from identity theft, credit card details are erased when a browser refreshes on the checkout review page. Please enter your card details again and re-submit the form." (...)
The problem basically occur when you accidentally leave new line (or whatever whitespace / tab/ newline/ etc.) on the end (or in the beginning) in your uc_credit.key secret file. It's really hard to spot and system doesn't give any useful information except misleading above message: "To protect our customers from ...".
So my solution is simple just trim() every whitespace from the beginning and end of the key, after loading.
Patch in attachment.
Comment | File | Size | Author |
---|---|---|---|
#10 | 1730626-credit-key-whitespace-D6.patch | 1.04 KB | longwave |
#8 | 1730626-credit-key-whitespace.patch | 1.04 KB | longwave |
ubercart-cant_get_review_page-trim-uc_credit-key.patch | 429 bytes | sobi3ch | |
Comments
Comment #1
sobi3ch CreditAttribution: sobi3ch commentedForget to set proper status..
Comment #2
TR CreditAttribution: TR commentedOK, we can do that. But how did you get whitespace in your key file? The contents are generated automatically by Ubercart, so unless you edited the file and added the whitespace this should never happen. If Ubercart is generating key files with whitespace, then we ought to do more than just trim() here, we ought to fix the key file generation code.
Comment #3
TR CreditAttribution: TR commentedComment #4
sobi3ch CreditAttribution: sobi3ch commentedHi, ok my flout. I've just copy&paste my previous uc_creadit.key, and my editor is adding for default "\n" new line character. Now I see in the code I need to provide only directory path for credit key and ubercart doing rest for me. But still it will be nice if ubercart could handle this problem automatically.
What's your thoughts?
Comment #5
longwaveRather than using trim() we should probably throw an error if the uc_credit.key file is not exactly 32 bytes long.
Comment #6
longwaveComment #7
sobi3ch CreditAttribution: sobi3ch commentedagree, I'll role path asap..
Comment #8
longwavePatch for 7.x that simplifies uc_credit_encryption_key() while adding this check.
Comment #9
longwaveCommitted to 7.x-3.x, needs porting to 6.x-2.x.
Comment #10
longwaveComment #11
longwaveCommitted to 6.x-2.x.