New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Control if customer is the owner of the selected order in contact form #9126

Merged
merged 1 commit into from Jun 5, 2018

Conversation

Projects
None yet
5 participants
@PierreRambaud
Contributor

PierreRambaud commented May 25, 2018

Questions Answers
Branch? 1.6.1.x
Description? Control if customer is the owner of the selected order in contact form
Type? bug fix
Category? FO
BC breaks? no
Deprecations? no
Fixed ticket? http://forge.prestashop.com/browse/BOOM-4362
How to test? Try to set an order id that is not owned by the customer (selected by his address) in contact form.

This change is Reviewable

@prestonBot prestonBot added the 1.6.1.x label May 25, 2018

@okom3pom

This comment has been minimized.

Contributor

okom3pom commented May 25, 2018

Thank's

@PierreRambaud

This comment has been minimized.

Contributor

PierreRambaud commented May 25, 2018

@okom3pom Sorry for the delay, I was fighting with 1.6 on a recent debian install ^^ 1.7 is really easier to configure for me :)

@PierreRambaud PierreRambaud added the Bug label May 25, 2018

* Check if customer select his order.
*/
if (!empty($id_order)) {
$order = new Order($id_order);

This comment has been minimized.

@eternoendless

eternoendless May 28, 2018

Member

What happens if the order doesn't exist?

This comment has been minimized.

@PierreRambaud

PierreRambaud May 28, 2018

Contributor

Order information are empty. No error, and $order->id_customer will return null.

This comment has been minimized.

@PierreRambaud

PierreRambaud May 28, 2018

Contributor

I try with injecting 9999 maybe someone can try too :)

This comment has been minimized.

@eternoendless
*/
if (!empty($id_order)) {
$order = new Order($id_order);
$id_order = (int) $order->id_customer === (int) $customer->id ? $id_order : 0;

This comment has been minimized.

@eternoendless

eternoendless May 28, 2018

Member

Be aware that this:

(int) $order->id_customer === (int) $customer->id

Is basically equivalent to doing this:

$order->id_customer == $customer->id

This comment has been minimized.

@PierreRambaud

PierreRambaud May 28, 2018

Contributor

Even if I'm agree with you, I prefer cast to integer because it's an id =)

@eternoendless eternoendless added this to the 1.6.1.20 milestone May 28, 2018

@marionf marionf added QA ✔️ and removed waiting for QA labels May 28, 2018

@eternoendless

This comment has been minimized.

Member

eternoendless commented Jun 5, 2018

Thank you @PierreRambaud

@eternoendless eternoendless merged commit bd60531 into PrestaShop:1.6.1.x Jun 5, 2018

2 checks passed

Codacy/PR Quality Review Up to standards. A positive pull request.
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details

@PierreRambaud PierreRambaud deleted the PierreRambaud:fix/boom-4362 branch Jun 5, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment