always save original $data to $_source #3054
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Hi @nick-sun-balance, thanks for the report and the contribution. This looks to be the same as #2984, and we have made some changes which should resolve the issue for now. I'm going to close the ticket, but if you still find the same problem on the develop branch, please go ahead and re-open it and we'll take a look. |
magento-team
pushed a commit
that referenced
this pull request
Sep 18, 2018
[TSG] Backporting for 2.2 (pr41) (2.2.6)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Environment:
OS: Ubuntu 14.04
Web server: Nginx 1.9.7
PHP version: 7.0.2 (as FPM)
Issue:
Braintree payment method cannot be used during checkout.
More details:
When using "Braintree" as payment method, the javascript object "window.checkoutConfig.payment.braintree" has no value for "clientToken" which will result the payment method not visible on checkout page plus a javascript error.
After further investigation, the reason has been located at:
File:
lib/internal/Magento/Framework/App/Config/Data.php
In "__construct", passed parameter "$data" has been manipulated after being passed to "process" method of "$processor" object especially values which should be kept as "encrypted" for the "$_source" property.
These values include but not limited to:
"$data['payment']['braintree']['public_key']"
Making calls to "var_dump($data['payment']['braintree']['public_key']);" before and after "$processor->process($data);" will see different values.
The result is that the value of "payment/braintree/public_key" being passed from data table "core_config_data" to "frontend" usage has been decrypted TWICE (due to values are passed through base -> website -> store as "scope"). So the curl request sent to Braintree will result a "401" error (unauthorised) due to wrong keys have been passed.
The code change I composed could not be the best solution but has been local tested and it works. Please advise if a better solution should be applied.
Thanks Magento team!