-
Notifications
You must be signed in to change notification settings - Fork 4.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
PayPal Standard allows the product costs to be changed before being submitted #337
Comments
Interesting. I just managed to easily reproduce it myself, all I had to do was to dynamically change the hidden price field to '0.01', using Firebug, before clicking on the final 'Confirm Order'. This will be an issue with many other payment methods, too, whenever they use hidden price fields. I think the only way to fix it is by tightening the validation in the respective callback methods, e.g. in the case of pp_standard, the catalog/controller/payment/pp_standard.php needs a stricter validation of what is being sent back to its callback method from PayPals IPN message. In particular, it has to check the total amount paid with the order total in OpenCart before regarding the order as complete. |
it is fixed the order will never reach the complete order status. just the default order status. this is the line that fixes it:
|
I just had this happen on my 1.5.4.1 store with the default PayPal standard, where the order total was $0.01 in PayPal but correct in OpenCart. I assume because the product costs are in a hidden fields, they can be changed before being submitted.
I thought this was solved in the past? Maybe at some point it reverted to an earlier version, or I'm misremembering. I haven't looked into a fix yet, but I'll let you know if I find one.
The text was updated successfully, but these errors were encountered: