Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.A race condition is possible when a POST request for uc_paypal/ipn/%uc_order arrives around the same time as a customer's GET request for cart/checkout/complete.
The IPN request fails with a 500 error, after logging the IPN as received. Therefore, the repeat IPN attempt will not actually be processed, an "IPN transaction ID has been processed before" notice will be logged, and the order will remain stuck in "Pending" status despite being fully paid.
The 500 error is due to PDOException: SQLSTATE[23000]: Integrity constraint violation: 1062 Duplicate entry for key 'name': INSERT INTO {users} (uid, name, pass, mail, created, status, init) ... Both of these requests call uc_cart_complete_sale(), which calls uc_cart_complete_sale_account() where the user_save() happens.
A potential solution would be to catch an exception thrown by user_save, and look for the pre-existing user account again.
| Comment | File | Size | Author |
|---|---|---|---|
| #2 | ubercart-race-condition-2887923.patch | 958 bytes | mfb |
| |||
Comments
Comment #2
mfbComment #3
TR CreditAttribution: TR commentedPlease review the patch in #2884536: Add a lock to improve prevention of double order completion (race condition) and post your findings there.