Jump to content
Sign in to follow this  
sponna

Protx Form call-back errors after August updates

Recommended Posts

Hi,

 

I just (a bit late) did the August security updates on a number of sites which seems to have caused a small problem with the call-back to site after the user "cancels" at Protx.

 

Before the update, cancelling at Protx brought the user back to the appropriate place in the check-out from where they could try again. Now it just defaults to the index page. A completed order goes to the success page as expected. I've validated this across several stores (test and live protx servers).

 

Anyone else seeing this please? Is it a session corruption issue? Not sure where to look at the moment.

 

Thanks

Dave


up the down escalator..........

Share this post


Link to post
Share on other sites

Did no one else have this problem?

 

Having just applied the August 06 update to my site which will be going live shortly, I found exactly the same problem.

 

The problem occurs because in the August 06 update, tep_session_start() is modified:

function tep_session_start() {
 return session_start();
}

 

now becomes:

function tep_session_start() {
 global $HTTP_GET_VARS, $HTTP_POST_VARS, $HTTP_COOKIE_VARS;
 $sane_session_id = true;
 if (isset($HTTP_GET_VARS[tep_session_name()])) {
if (preg_match('/^[a-zA-Z0-9]+$/', $HTTP_GET_VARS[tep_session_name()]) == false) {
  unset($HTTP_GET_VARS[tep_session_name()]);
  $sane_session_id = false;
}
 } elseif (isset($HTTP_POST_VARS[tep_session_name()])) {
if (preg_match('/^[a-zA-Z0-9]+$/', $HTTP_POST_VARS[tep_session_name()]) == false) {
  unset($HTTP_POST_VARS[tep_session_name()]);
  $sane_session_id = false;
}
 } elseif (isset($HTTP_COOKIE_VARS[tep_session_name()])) {
if (preg_match('/^[a-zA-Z0-9]+$/', $HTTP_COOKIE_VARS[tep_session_name()]) == false) {
  $session_data = session_get_cookie_params();
  setcookie(tep_session_name(), '', time()-42000, $session_data['path'], $session_data['domain']);
  $sane_session_id = false;
}
 }
 if ($sane_session_id == false) {
tep_redirect(tep_href_link(FILENAME_DEFAULT, '', 'NONSSL', false));
 }
 return session_start();
}

 

The knock on effect is that code in protx_form.php which previously worked is now broken:

	  if ($Status != 'OK') {
	tep_redirect(tep_href_link(FILENAME_CHECKOUT_PAYMENT, tep_session_name() . '=' . $HTTP_POST_VARS[tep_session_name()] . '&error_message=' . urlencode($StatusDetail), 'SSL', false, false));
  }

 

Upon inspection, $HTTP_POST_VARS[tep_session_name()] does not contain the session ID (it's an empty string). Therefore I changed the redirect to:

tep_redirect(tep_href_link(FILENAME_CHECKOUT_PAYMENT, 'error_message=' . urlencode($StatusDetail), 'SSL', false, false));

 

And all appears to be working as it should.

 

Can someone with a bit more knowledge of payment modules confirm that what I have done is okay?

Share this post


Link to post
Share on other sites

I can confirm that those changes are correct and work.

 

Sorry for very late reply - just spotted this :)

 

Thanks


up the down escalator..........

Share this post


Link to post
Share on other sites
I can confirm that those changes are correct and work.

 

Sorry for very late reply - just spotted this :)

 

Thanks

 

I have just encountered this issue on the Protx test pages and not only do I see the same problem, but their test CC details don't work either. They've also yet to send me their new templates. Grrrr...

 

Thanks for the fix.


Network Webcams - The IP Camera Specialists

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×