regression fix (v240) unable to add/activate user addresses (ecom)

exponentcms · May 20, 2017 · 8baa08d · 8baa08d
1 parent e256db4
commit 8baa08d
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 4 deletions.
diff --git a/framework/modules/addressbook/controllers/addressController.php b/framework/modules/addressbook/controllers/addressController.php
@@ -65,6 +65,11 @@ static function hasSources() {
         return false;
     }
 
+    public function __construct($src=null, $params=array()) {
+        parent::__construct($src, $params);
+        unset ($this->m_permissions['activate']);
+    }
+
     function showall() {
 //        redirect_to(array("controller"=>'address',"action"=>'myaddressbook'));
         $this->myaddressbook();
@@ -78,7 +83,7 @@ public function edit()
         $record = new address($id);
 
         // check to see if we should be editing.  You either need to be an admin, or editing own account.
-        if (!($user->isAdmin() || ($user->id == $record->user_id))) {
+        if (!($user->isAdmin() || $user->id == $record->user_id || $record->user_id === null)) {
             flash('error', gt('You do not have the proper permissions to edit this address'));
             expHistory::back();
         }
@@ -191,8 +196,12 @@ public function activate_address()
 
         $object = new stdClass();
         $object->id = $this->params['id'];
-        $db->setUniqueFlag($object, 'addresses', expString::escape($this->params['is_what']), "user_id=" . $user->id);
-        flash("message", gt("Successfully updated address."));
+        if (!($user->isAdmin() || $user->id !== $object->id)) {
+            flash("error", gt("You do not have permission to update this address."));
+        } else {
+            $db->setUniqueFlag($object, 'addresses', expString::escape($this->params['is_what']), "user_id=" . $user->id);
+            flash("message", gt("Successfully updated address."));
+        }
         expHistory::back();
     }
 

diff --git a/framework/modules/ecommerce/shippingcalculators/peritemcalculator.php b/framework/modules/ecommerce/shippingcalculators/peritemcalculator.php
@@ -52,7 +52,7 @@ public function getRates($order) {
             if (!$item->product->no_shipping)
                 $count += $item->quantity;
         }
-        $total = $count * $rate + $handling;
+        $total = $count * $rate + (int)$handling;
 	    $rates = array(
             '01'=>array(
                 'id'=>'01',