NodsDorf Posted June 19, 2012 Share Posted June 19, 2012 We just had a couple orders get charged (Auth.net) but not added to the OSC order history, while that is something I seen happen many times before with PayPal, I have never seen it happen with Auth.net. The only odd thing about this was the customer had a company name like Bob"s Restoration, in which he used the double quote > " < instead of the single quote > ' <. I scanned my last 3 years worth of customers an not a single other case of a person using the " in the company name nor do we show any other charges not able to be matched with orders, the only commonality is that both the orders were the same customer, both had the company name with the double quote in it. I have to wonder, has anybody seen this happen before due tot he double quote? Link to comment Share on other sites More sharing options...
dailce Posted June 19, 2012 Share Posted June 19, 2012 If the double quotes is causing the error you should just add a php function to strip away the quotes from the field prior to using it. str_replace('"', "", $string); Link to comment Share on other sites More sharing options...
NodsDorf Posted June 20, 2012 Author Share Posted June 20, 2012 Hi llchy, thanks for the comment. I'm just not sure that is the case, I am able to process a test order with a company name that contains a " using the Payment At Store option. I guess I need to run a credit card through Auth.net with a company name containing a quote to be sure the " is the problem. I was asking just to see if others had noticed this a potential issue. Link to comment Share on other sites More sharing options...
NodsDorf Posted June 20, 2012 Author Share Posted June 20, 2012 Just wanted to confirm this as a bug: If a customer has a double quote in there company name the order will still be processed at auth.net but will not generate an order at your store. Today: I ran our credit card using Company Name Containing a " once again the payment was accepted by Auth.net but we received no order, and the checkout_payment.php throws an error. This of course will likely cause the customer to try again, getting charged yet again with no order. It could potentially make your company look very bad once a person sees these charges posted to their credit cards. I'll post a fix as soon as I confirm one. Link to comment Share on other sites More sharing options...
Jack_mcs Posted June 20, 2012 Share Posted June 20, 2012 It's not a bug, just incorrect code. You need to add the addslashes function to wherever that name is being loaded into the database like, addslashes($product_info['products_name']) Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
NodsDorf Posted June 21, 2012 Author Share Posted June 21, 2012 One could argue it is a bug since it has nothing to do with anything I changed from the vanilla 2.3.1 code. Here is the stock code.... create_account.php & address_book_process.php if (ACCOUNT_COMPANY == 'true') $company = tep_db_prepare_input($HTTP_POST_VARS['company']); Which calls this function includes/functions/database.php function tep_db_prepare_input($string) { if (is_string($string)) { return trim(tep_sanitize_string(stripslashes($string))); } elseif (is_array($string)) { reset($string); while (list($key, $value) = each($string)) { $string[$key] = tep_db_prepare_input($value); } return $string; } else { return $string; } } Which also calls this function includes/functions/general.php function tep_sanitize_string($string) { $patterns = array ('/ +/','/[<>]/'); $replace = array (' ', '_'); return preg_replace($patterns, $replace, trim($string)); } There is no vanilla removal of the " that I can see. Link to comment Share on other sites More sharing options...
burt Posted June 21, 2012 Share Posted June 21, 2012 Try adding htmlspecialchars, I am not sure how that would affect other things. return trim(tep_sanitize_string(stripslashes(htmlspecialchars($string)))); If what happens when paying with auth.net does not happen when paying COD (for example), then the issue is with auth (or the auth module), not the core code of osc surely? Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.