This is related to the following forum post:

Scenario/Steps to reproduce

  • Ubercart 2.9 using built-in CIM integration
  • Create an order as a regular customer and pay by credit card.
  • Log in as an admin and view the order that was just created
  • Verify that you can view the Credit Card Details
  • Edit the order and click the Submit changes button
  • Go back to the view tab and view the Credit Card Details. They are now blank.

What I've discovered so far
I've done some tracing through the code and have partially identified the source of the problem.

The main problem seems to be that the uc_credit.module expects that the credit card info fields to be submitted on the order edit form, but those fields are not actually output to the page.

      if (strpos($_POST['cc_number'], t('(Last 4) ')) !== 0) {
        $changes['payment_details']['cc_number'] = check_plain($_POST['cc_number']);
      else {
        $changes['payment_details']['cc_number'] = $cache['cc_number'];

Specifically, the uc_credit.module is looking for the field "cc_number" in the $_POST array. If the field doesn't exist, it still tries to parse it and end up overwriting the CC data with empty strings rather than using the data from uc_credit_cache(). I think this should be modified to also check to verify that the cc fields exist before adding them to the $changes array.

Additionally, after the credit card data is blanked out, the encryption routine that processes this data generates an invalid encryption string. So when you later load the order the $order->data field just contains the bad encryption string rather than an array of payment info. I haven't figured out why this is happening yet.

#1 uc_credit_corruption-1653310-1.patch2.8 KBshawn_smiley
PASSED: [[SimpleTest]]: [MySQL] 1,536 pass(es). View
Members fund testing for the Drupal project. Drupal Association Learn more


shawn_smiley’s picture

Status: Active » Needs review
2.8 KB
PASSED: [[SimpleTest]]: [MySQL] 1,536 pass(es). View

The issue I found was that the uc_credit.module was trying to parse the credit card info form on every submission of the order edit screen. When just updating the qty of products though, this form was not present which in turned caused the module to replace the payment info with a bunch of empty strings.

I've updated the operation 'edit-process' of uc_payment_method_credit() to perform a check to see if the credit card edit form was submitted. If the form was submitted, everything continues as normal. However, if the form was not submitted we just pass back the original payment_details array.

longwave’s picture

Status: Needs review » Fixed

Thanks for diagnosing this issue; it only occurs when credit card debug mode is disabled, so there is a simpler fix which I committed:

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.