Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Race condition in cron for Scheduled-Capture (very very big sites and…

… order review enabled only).

In one cron, 250-500 orders may be processed (based on 5 minutes).
If an admin sets cron time up smaller than 5 minutes and
250-500> new transactions are made after last cron executed, it can be blocked.
Authorize cron sets up an_lastcron every time when admin/cron.php executes.
This must be set up after blocking check code.

As result, if pending orders aren't accepted with in 30 days at payment management page, they expired and users cannot enrol.
When an admin enabled order review, he is guaranteed 'Payment managers accept/deny transactions manually'.
Scheduled-Capture is designed for forgotten orders only ;)

Backported from HEAD.
  • Loading branch information...
commit 0b82096d87ae986c8c6a0781279da0c9c55d1efc 1 parent 81e8e32
ethem authored
Showing with 5 additions and 3 deletions.
  1. +5 −3 enrol/authorize/enrol.php
View
8 enrol/authorize/enrol.php
@@ -428,7 +428,8 @@ function config_form($frm)
$captureday = intval($frm->an_capture_day);
$emailexpired = intval($frm->an_emailexpired);
if ($captureday > 0 || $emailexpired > 0) {
- if ((time() - intval($mconfig->an_lastcron) > 3600 * 24)) {
+ $lastcron = get_field_sql('SELECT max(lastcron) FROM ' . $CFG->prefix . 'modules');
+ if ((time() - intval($lastcron) > 3600 * 24)) {
notify(get_string('admincronsetup', 'enrol_authorize'));
}
}
@@ -503,7 +504,8 @@ function process_config($config)
$emailexpired = ($emailexpired > 5) ? 5 : (($emailexpired < 0) ? 0 : $emailexpired);
if (!empty($reviewval) && ($captureday > 0 || $emailexpired > 0)) {
- if (time() - intval($mconfig->an_lastcron) > 3600 * 24) {
+ $lastcron = get_field_sql('SELECT max(lastcron) FROM ' . $CFG->prefix . 'modules');
+ if (time() - intval($lastcron) > 3600 * 24) {
return false;
}
}
@@ -571,7 +573,6 @@ function cron()
$settlementtime = authorize_getsettletime($timenow);
$timediff30 = $settlementtime - (30 * $oneday);
$mconfig = get_config('enrol/authorize');
- set_config('an_lastcron', $timenow, 'enrol/authorize');
mtrace("Processing authorize cron...");
@@ -601,6 +602,7 @@ function cron()
mtrace("blocked");
return;
}
+ set_config('an_lastcron', $timenow, 'enrol/authorize');
mtrace(" $ordercount orders are being processed now", ": ");
Please sign in to comment.
Something went wrong with that request. Please try again.