After a successful payment, if user clicks on the "Return to merchant" button from PayPal, he is redirected to page cart/checkout/complete.
But at the same time, browser displays an unwanted scary security warning about moving to a http page from a https page.
At this point, user is forced to click whether "Continue" or "Cancel".
If user clicks "Continue", he will be then redirected to cart with message "Thank you for your order! PayPal will notify us once your payment has been processed.", and can no longer see the useful information displayed on cart/checkout/complete.

This is a major problem that can easily be fixed:
Instead of sending value 2 to PayPal for variable rm (Return Method), 1 should be sent.
This way, the "Return to merchant" button is rendered as a simple link to cart/checkout/complete and no security warning is displayed.

For information, rm=2 is only useful when you want to use POST data sent back by PayPal when returning to merchant. But page callback uc_paypal_complete does not use it at all so it makes no sense here.

#2 paypal_wps_return_warning-1535634-2.patch598 bytesanrikun
PASSED: [[SimpleTest]]: [MySQL] 2,051 pass(es). View
#1 paypal_wps_return_warning-1535634-1.patch588 bytesanrikun
PASSED: [[SimpleTest]]: [MySQL] 1,486 pass(es). View


anrikun’s picture

Assigned: anrikun » Unassigned
Status: Active » Needs review
588 bytes
PASSED: [[SimpleTest]]: [MySQL] 1,486 pass(es). View

The very simple patch:

anrikun’s picture

Version: 6.x-2.x-dev » 7.x-3.x-dev
598 bytes
PASSED: [[SimpleTest]]: [MySQL] 2,051 pass(es). View

The same big patch for 7.x-3.x :-)

longwave’s picture

Status: Needs review » Fixed

Confirmed and committed, thanks for the patches.

This may have to be revisited for #1421298: Is there any Paypal PDT support? but it's a quick fix for now.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.

Anonymous’s picture

Issue summary: View changes

Fixed a typo.