sponna Posted January 22, 2007 Share Posted January 22, 2007 Hi, I just (a bit late) did the August security updates on a number of sites which seems to have caused a small problem with the call-back to site after the user "cancels" at Protx. Before the update, cancelling at Protx brought the user back to the appropriate place in the check-out from where they could try again. Now it just defaults to the index page. A completed order goes to the success page as expected. I've validated this across several stores (test and live protx servers). Anyone else seeing this please? Is it a session corruption issue? Not sure where to look at the moment. Thanks Dave Quote up the down escalator.......... Link to comment Share on other sites More sharing options...
marklp Posted March 22, 2007 Share Posted March 22, 2007 Did no one else have this problem? Having just applied the August 06 update to my site which will be going live shortly, I found exactly the same problem. The problem occurs because in the August 06 update, tep_session_start() is modified: function tep_session_start() { return session_start(); } now becomes: function tep_session_start() { global $HTTP_GET_VARS, $HTTP_POST_VARS, $HTTP_COOKIE_VARS; $sane_session_id = true; if (isset($HTTP_GET_VARS[tep_session_name()])) { if (preg_match('/^[a-zA-Z0-9]+$/', $HTTP_GET_VARS[tep_session_name()]) == false) { unset($HTTP_GET_VARS[tep_session_name()]); $sane_session_id = false; } } elseif (isset($HTTP_POST_VARS[tep_session_name()])) { if (preg_match('/^[a-zA-Z0-9]+$/', $HTTP_POST_VARS[tep_session_name()]) == false) { unset($HTTP_POST_VARS[tep_session_name()]); $sane_session_id = false; } } elseif (isset($HTTP_COOKIE_VARS[tep_session_name()])) { if (preg_match('/^[a-zA-Z0-9]+$/', $HTTP_COOKIE_VARS[tep_session_name()]) == false) { $session_data = session_get_cookie_params(); setcookie(tep_session_name(), '', time()-42000, $session_data['path'], $session_data['domain']); $sane_session_id = false; } } if ($sane_session_id == false) { tep_redirect(tep_href_link(FILENAME_DEFAULT, '', 'NONSSL', false)); } return session_start(); } The knock on effect is that code in protx_form.php which previously worked is now broken: if ($Status != 'OK') { tep_redirect(tep_href_link(FILENAME_CHECKOUT_PAYMENT, tep_session_name() . '=' . $HTTP_POST_VARS[tep_session_name()] . '&error_message=' . urlencode($StatusDetail), 'SSL', false, false)); } Upon inspection, $HTTP_POST_VARS[tep_session_name()] does not contain the session ID (it's an empty string). Therefore I changed the redirect to: tep_redirect(tep_href_link(FILENAME_CHECKOUT_PAYMENT, 'error_message=' . urlencode($StatusDetail), 'SSL', false, false)); And all appears to be working as it should. Can someone with a bit more knowledge of payment modules confirm that what I have done is okay? Quote Link to comment Share on other sites More sharing options...
sponna Posted July 2, 2007 Author Share Posted July 2, 2007 I can confirm that those changes are correct and work. Sorry for very late reply - just spotted this :) Thanks Quote up the down escalator.......... Link to comment Share on other sites More sharing options...
Recidivist Posted July 13, 2007 Share Posted July 13, 2007 I can confirm that those changes are correct and work. Sorry for very late reply - just spotted this :) Thanks I have just encountered this issue on the Protx test pages and not only do I see the same problem, but their test CC details don't work either. They've also yet to send me their new templates. Grrrr... Thanks for the fix. Quote Network Webcams - The IP Camera Specialists Link to comment Share on other sites More sharing options...
New 
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.