Multiple signups granted for purchase of a single product [#1218944]

Users are able to signup two/more people with one product in the cart

Steps to reproduce:
1) I added quantity 2 for an event in cart. clicked on checkout.
2) signedup myself and my colleague.
3) on the checkout page(https://example.com/cart/checkout) I clicked Review order button.
4) on review page https://example.com/cart/checkout/review I went back to home page and then to my cart(https://example.com/cart), changed the quantity to 1 and clicked checkout
5) I see myself and my colleague in "Attendee Signup Information"

so I paid once for an event and I got signedup two people.

A video demonstration of the bug: http://www.youtube.com/watch?v=7dvEF08bxbg

Comment	File	Size	Author
#3	1218944.patch	790 bytes	ezra-g

Comments

Comment #1

ezra-g commented 14 July 2011 at 16:28

Title:

Security issue with "in checkout" orders

» Multiple signups granted for purchase of a single product

Thanks for the bug report and video.

Changing title to reflect the behavior here - It's actually unrelated to the order being "in-checkout" and only happens when the user reduces quantity of a product and submits the cart form with the "Checkout" button, rather than the "update cart" button.

I definitely want to fix this promptly. Luckily, we should be able to attach the similar submit processing to the "Checkout" button as we do on the "update cart" button.

Note, this is another issue caused by the Ubercart core API change and UC_Signup's compatibility with that change:

#1040970: Not Compatible with Ubercart 6.x-2.x-dev - Update Cart & Checkout buttons on /cart refresh page but do not work as expected.

Comment #2

technikh commented 14 July 2011 at 17:46

I had this issue partly because I was using ubercart 6.x-2.4
I don't know if there is any other issue with using uc_signup 6.x-1.0-rc2 and ubercart 6.x-2.4 hope not :)
I got this issue fixed with below changes.

for people who want to use ubercart 6.x-2.4 instead of 6.x-2.x-dev

replace
$form['#submit'][] = 'uc_signup_cart_view_form_submit';
with

$form['checkout']['#submit'][] = 'uc_signup_cart_view_form_submit';
$form['update']['#submit'][] = 'uc_signup_cart_view_form_submit';

and also update this function

function uc_signup_cart_view_form_submit($form, &$form_state) {
		$watch_msg = "in uc_signup_cart_view_form_submit";
		watchdog('uc_signup',  $watch_msg , NULL, WATCHDOG_ERROR, NULL);
  if (!empty($form_state['values']['items'])) {
    foreach ($form_state['values']['items'] as $item) {
      if ($item['remove']) {
        unset($_SESSION['uc_signup']['nids'][$item['nid']]);
      }
      if ($item['qty'] <  count($_SESSION['uc_signup']['nids'][$item['nid']])) {
        array_splice($_SESSION['uc_signup']['nids'][$item['nid']], $item['qty']);
      }
      if ($item['qty'] == 0) {
        unset($_SESSION['uc_signup']['nids'][$item['nid']]);
      }
    }
  }
}

Taken from uc_signup beta6

Comment #3

ezra-g commented 25 July 2011 at 20:56

Status:

Active

» Needs review

Status	File	Size
new	1218944.patch	790 bytes

In my testing, this patch fixes the issue by ensuring that uc_signup's form submit handler runs on the cart form when the Checkout button is used for submission, in addition to the "Update cart" button.

Comment #4

ezra-g commented 8 August 2011 at 18:43

Status:

Needs review

» Fixed

This is committed. Thanks for the report.

http://drupalcode.org/project/uc_signup.git/commit/de6b7ae

Comment #5

22 August 2011 at 18:51

Status:

Fixed

» Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.

Multiple signups granted for purchase of a single product

Comments

Comment #1

Comment #2

Comment #3

Comment #4

Comment #5

News items

Our community

Documentation

Drupal code base

Governance of community