If a user clicks the "update" link in their recurring fees table, then decides not to make any changes and clicks Cancel instead of Update, they get access denied because the cancel link redirects to the admin view of recurring fees, not back to the user view. This is with the authorize.net handler, the URL in question is like the following:
example.com/user/226/recurring/44/update/authorizenet_cim?destination=user/226/recurring-fees
Here's how I resolved it in uc_recurring.uc_authorizenet.inc around lines 140-147:
$form['submit'] = array(
'#type' => 'submit',
'#value' => t('Update'),
// '#suffix' => l(t('Cancel'), 'admin/store/orders/recurring/view/fee/' . $rfid),
'#suffix' => l(t('Cancel'), $_SERVER['HTTP_REFERER']),
);
Any thoughts? I'm afraid I haven't figured out how to make a functional patch yet...
Comment | File | Size | Author |
---|---|---|---|
#3 | cancel_charge-#1353762-#3.patch | 919 bytes | JohnMatta |
Comments
Comment #1
mcarbone CreditAttribution: mcarbone commentedI'm actually finding that cancel URLs are broken throughout the code (when charging, when editing a recurring fee, etc.), and often mistakenly are using request_uri() instead of $_SERVER['HTTP_REFERER']. But I'm also finding that $_SERVER['HTTP_REFERER'] doesn't always play nicely with the overlay module.
Comment #2
phen CreditAttribution: phen commentedAccording to the php manual, we shouldn't necessarily be using HTTP_REFERER either, so I guess a more robust solution is required.
(from http://php.net/manual/en/reserved.variables.server.php)
Comment #3
JohnMatta CreditAttribution: JohnMatta commentedI used the Using $_SERVER['HTTP_REFERER'] the cancel after charge button works when on page, but closes the overlay otherwise, instead of partial path or complete error page