eshop_business_sec bug

  • Resolved kitchin

    (@kitchin)


    14 years ago

    EShop has an odd bit of code in paypal.php at line 66:

    $eshopemailbus=$eshopoptions['business'];
if(isset( $eshopoptions['eshop_business_sec'] ) && $eshopoptions['eshop_business_sec'] !=''){
	$eshopemailbus=$eshopoptions['business_sec'];
	$_POST['business']=$eshopemailbus;
}
$checkid=md5($eshopemailbus.$token.number_format($pvalue,2));

    This is odd for two reasons:

    1. The conditional block is never reached because ‘eshop_business_sec’ is a typo, it should be ‘business_sec’ (see eshop-settings-extends.php)

    2. It’s not clear you ever want it to be reached. It would tell PayPal to direct the payment to the secondary email address.

    This whole business of using $_POST to carry around information is kind of crazy in my humble opinion. But if using it, why not just do this unconditionally:

    $_POST['business']=$eshopemailbus;

    (We are in the case eshopaction=’redirect’. The $_POST variable derives from the previous step, when eshopaction=’process’.)

    http://ww.wp.xz.cn/extend/plugins/eshop/

Viewing 3 replies - 1 through 3 (of 3 total)
  • esmi

    (@esmi)

    14 years ago

    We will look at this properly asap and, if there is a typo, we’ll correct it in the next update.

    Anonymous User

    (@anonymized-3085)

    14 years ago

    fixed for next release – thanks for the heads up.

    Thread Starter kitchin

    (@kitchin)

    13 years, 2 months ago

    Couldn’t find anything about “secondary” in the wiki, http://quirm.net/wiki/eshop/

    Here’s what seems to be the design for the PayPal settings in Dashboard / Settings / Paypal / Merchant Gateways.

    Main account Email address:
    * this must match your primary PayPal address.

    Secondary Email address
    * optionally, you can use one of your secondary PayPal addresses to receive the payment. Paypal will accept the payment, but its reply data will contain the primary address.

    That’s why the “Main” setting must match the Paypal primary. Otherwise, eShop classifies the transaction as “fraud.” The payment has been accepted, but eShop put the purchase in a different tab in the order viewer. The message sent to you (the business) says “Fraud…”.

    Paypal does recommend this check on its reply data, so the eShop behavior is correct. It’s just not documented, as far as I can tell.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘eshop_business_sec bug’ is closed to new replies.