Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.Related to this issue here: http://drupal.org/node/373492
In uc_credit.module, the hidden form value "$form['sescrd']" passed an encrypted, serialized value. When that value has quotes, it breaks the form value.
Simply adding base64_encode before the value, and then base64_decode when you read the value will fix this issue.
| Comment | File | Size | Author |
|---|---|---|---|
| #13 | 394876.base64.2.x.patch | 984 bytes | cha0s |
| #8 | 394876.form_payment_details_data_base64.2.x.patch | 985 bytes | cha0s |
| #6 | 394876.form_sescrd_base64.2.x.patch | 2.23 KB | cha0s |
| #6 | 394876.form_sescrd_base64.1.x.patch | 1.94 KB | cha0s |
| #2 | 394876.form_sescrd_base64.2.x.patch | 1.37 KB | cha0s |
Comments
Comment #1
rszrama CreditAttribution: rszrama commentedComment #2
cha0s CreditAttribution: cha0s commentedDoes this patch fix it for you, BDuell?
Side note to dev: Why are we using $_POST['sescrd'] instead of the $form_state value?
Will backport as soon as patch is finished.
P.S. Status was set to patch (code needs review) but I didn't see an attachment. Was that a booboo?
Comment #3
rszrama CreditAttribution: rszrama commentedThanks for the patch, cha0s. Will have to look into why I used $_POST. I think it has to do with where/when I am cleaning that data out of the session so CC data doesn't stick around any longer than it has to. Re: the status, yeah, it was posted up as "fixed" and I moved it back to needs review so someone else could review the proposal. You nailed it. : )
Comment #4
rszrama CreditAttribution: rszrama commentedAs far as I can tell, this patch works. Committing now to the 2.x branch.
Comment #5
rszrama CreditAttribution: rszrama commentedComment #6
cha0s CreditAttribution: cha0s commentedGot patchies... I noticed there was another hidden form element that used sescrd, so I filled it in.
Comment #7
rszrama CreditAttribution: rszrama commentedSince I had already committed #2, the 2.x patch in #6 failed to apply. Any way we can get a patch w/ just the changes since #2?
Comment #8
cha0s CreditAttribution: cha0s commentedTry this one.
Comment #9
Island Usurper CreditAttribution: Island Usurper commentedComment #10
BDuell CreditAttribution: BDuell commentedLooks great - thanks!!!
Comment #11
rszrama CreditAttribution: rszrama commentedCommitted to both branches.
Comment #12
rszrama CreditAttribution: rszrama commentedSo, the latest patch broke things. Reverted.
Comment #13
cha0s CreditAttribution: cha0s commentedHmm, could you elaborate a bit on what broke? I tested this (well, I created a new patch, maybe things got murked up during the different patch parts...) and... I couldn't get it to break, checkout worked fine for me, as did the review form kicking you out if you refresh... etc.
Comment #14
rszrama CreditAttribution: rszrama commentedGoing back from the checkout review form to the checkout form it was losing my CC data. The payment details section that includes the CC form just had all the fields set to empty instead of pre-populated w/ the data I entered before going to review.
Comment #15
cha0s CreditAttribution: cha0s commentedSo yeah, I spent a while digging in this one and as far as I could tell, the first patch actually makes the second patch unnecessary. So, I think this issue is fixed.