Jump to content



Issue Information

  • #000700

  • 0 - None Assigned

  • New

  • 2.3.4

  • -

Issue Confirmations

  • Yes (0)No (0)
Photo

New address creation is under bad required control mechanism during on the checkout controll and 7 more...

Posted by Gergely on 13 July 2014 - 15:16

Hi all,

 

Issue:

Try to fill new address form in checkout with failed data. What is happening?

 

 

The controll code in checkout_shipping_address.php

// process a new shipping address
if (tep_not_null($firstname) && tep_not_null($lastname) && tep_not_null($HTTP_POST_VARS['street_address'])) {

but there are no required controll when create a new address as used.

 

The code above means at least lastname, firstname and street_address should fill then can work the store error managment.

 

There are no information text about working mechanism so the new address registration can easy running to fail.

 

 

Development proposal

 

if customer fill at least one required field then the form fill should run under error controll.

At most 8 fields required:

- gender

- lastname

- firstname

- street

- postcode

- city

- state

- country
 

I have figured out an indirect way with a check string to do under controll on required fields exept country which is selected by default. If check string is not null then ensure the required way.

 

Should change:

  if (isset($HTTP_POST_VARS['action']) && ($HTTP_POST_VARS['action'] == 'submit') && isset($HTTP_POST_VARS['formid']) && ($HTTP_POST_VARS['formid'] == $sessiontoken)) {
// process a new shipping address
    if (tep_not_null($HTTP_POST_VARS['firstname']) && tep_not_null($HTTP_POST_VARS['lastname']) && tep_not_null($HTTP_POST_VARS['street_address'])) {
      $process = true;

      if (ACCOUNT_GENDER == 'true') $gender = tep_db_prepare_input($HTTP_POST_VARS['gender']);
      if (ACCOUNT_COMPANY == 'true') $company = tep_db_prepare_input($HTTP_POST_VARS['company']);
      $firstname = tep_db_prepare_input($HTTP_POST_VARS['firstname']);
      $lastname = tep_db_prepare_input($HTTP_POST_VARS['lastname']);
      $street_address = tep_db_prepare_input($HTTP_POST_VARS['street_address']);
      if (ACCOUNT_SUBURB == 'true') $suburb = tep_db_prepare_input($HTTP_POST_VARS['suburb']);
      $postcode = tep_db_prepare_input($HTTP_POST_VARS['postcode']);
      $city = tep_db_prepare_input($HTTP_POST_VARS['city']);
      $country = tep_db_prepare_input($HTTP_POST_VARS['country']);
      if (ACCOUNT_STATE == 'true') {
        if (isset($HTTP_POST_VARS['zone_id'])) {
          $zone_id = tep_db_prepare_input($HTTP_POST_VARS['zone_id']);
        } else {
          $zone_id = false;
        }
        $state = tep_db_prepare_input($HTTP_POST_VARS['state']);
      }

to:

  if (isset($HTTP_POST_VARS['action']) && ($HTTP_POST_VARS['action'] == 'submit') && isset($HTTP_POST_VARS['formid']) && ($HTTP_POST_VARS['formid'] == $sessiontoken)) {
      $checkString = '';

      if (ACCOUNT_GENDER == 'true') $gender = tep_db_prepare_input($HTTP_POST_VARS['gender']); $checkString .= $gender;
      if (ACCOUNT_COMPANY == 'true') $company = tep_db_prepare_input($HTTP_POST_VARS['company']);
      $firstname = tep_db_prepare_input($HTTP_POST_VARS['firstname']); $checkString .= $firstname;
      $lastname = tep_db_prepare_input($HTTP_POST_VARS['lastname']); $checkString .= $lastname;
      $street_address = tep_db_prepare_input($HTTP_POST_VARS['street_address']); $checkString .= $street_address;
      if (ACCOUNT_SUBURB == 'true') $suburb = tep_db_prepare_input($HTTP_POST_VARS['suburb']);
      $postcode = tep_db_prepare_input($HTTP_POST_VARS['postcode']); $checkString .= $postcode;
      $city = tep_db_prepare_input($HTTP_POST_VARS['city']); $checkString .= $city;
      $country = tep_db_prepare_input($HTTP_POST_VARS['country']);
      if (ACCOUNT_STATE == 'true') {
        if (isset($HTTP_POST_VARS['zone_id'])) {
          $zone_id = tep_db_prepare_input($HTTP_POST_VARS['zone_id']);
        } else {
          $zone_id = false;
        }
        $state = tep_db_prepare_input($HTTP_POST_VARS['state']); $checkString .= $state;
      }
// process a new shipping address
    if (tep_not_null($checkString)) {
      $process = true;

The mechanism ensure a better way to go under controlled form when something missing.

 

 

checkout_payment_address.php has the same critical error when try to add a new address.

 

 

 

 

Regards,

Gergely