New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[v3.x - Fix] - admin/model/extension/fraud/fraudlabspro.php #6704
Comments
In catalog/model/extension/fraud/fraudlabspro.php file, find:
replace with:
Note: This is also discovered on the the same file from Github's codes. |
Again, since the order ID or the transaction ID can be used with Fraud Labs Pro, then the getOrder method from the admin/model/extension/fraud/fraudlabspro.php file forces the sanitizing with integer while using the $order_id could be problematic. However, the addOrderHistory method does not use the integer when calling the CURLOPT_URL case from cURL. Either the VARCHAR needs to be switched to INT(11) for the order_id field or another method below the getOrder method should be added like this: public function getTransactionOrder($order_id) { if the getOrder method returns an empty query due to an int search rather than an escape string search on the database. The fraudlabspro_id is also indicated on the fraudlabspro database table but the CHAR length should be set to 16 if the order_id needs to be switched with an INT type of 11. |
admin/controller/extension/fraud/fraudlabspro.php file contains an hash generation of a maximum value length of 65536 while the error 218 of the FraudLabs Pro API returns a maximum length of 32 to generate the email hash string. |
removed from core. will have extension page on opencart.com soon. |
According to the Fraudlab's API documentation, either the order ID or the transaction ID can be used to send the feedback. However, the order ID's VARCHAR length is currently too small for the transaction ID. The current length is set to 11 while it should rather be set to 16.
The text was updated successfully, but these errors were encountered: