[v3.x - Fix] - admin/model/extension/fraud/fraudlabspro.php

[straightlight]

According to the Fraudlab's API documentation, either the order ID or the transaction ID can be used to send the feedback. However, the order ID's VARCHAR length is currently too small for the transaction ID. The current length is set to 11 while it should rather be set to 16.

[straightlight]

In catalog/model/extension/fraud/fraudlabspro.php file,

find:

fraudlabspro_reject_status_id

replace with:

fraud_fraudlabspro_reject_status_id

Note: This is also discovered on the the same file from Github's codes.

[straightlight]

Again, since the order ID or the transaction ID can be used with Fraud Labs Pro, then the getOrder method from the admin/model/extension/fraud/fraudlabspro.php file forces the sanitizing with integer while using the $order_id could be problematic. However, the addOrderHistory method does not use the integer when calling the CURLOPT_URL case from cURL.

Either the VARCHAR needs to be switched to INT(11) for the order_id field or another method below the getOrder method should be added like this:

public function getTransactionOrder($order_id) {
$query = $this->db->query("SELECT * FROM " . DB_PREFIX . "fraudlabspro WHERE order_id = '" . $this->db->escape($order_id) . "'");
return $query->row;
}

if the getOrder method returns an empty query due to an int search rather than an escape string search on the database.

The fraudlabspro_id is also indicated on the fraudlabspro database table but the CHAR length should be set to 16 if the order_id needs to be switched with an INT type of 11.

[straightlight]

admin/controller/extension/fraud/fraudlabspro.php file contains an hash generation of a maximum value length of 65536 while the error 218 of the FraudLabs Pro API returns a maximum length of 32 to generate the email hash string.

[danielkerr]

removed from core. will have extension page on opencart.com soon.