uc_credit_cache returns wrong payment details

I just ran into the same issue as well, but not from Views; as far as I can tell, any time two different orders are loaded in a single request we will run into this. If a save operation is called for that second order, then its cached CC details get destroyed.

I am moving this bug to Major priority due to the potential for silent data loss or corruption in customer credit card data.

I confirm this as well and I agree this is major fix. I fixed it the same way milovan posted above. Thank you milovan! Subscribed.

My understanding is that this is something that only affects you if you create a VBO or some other custom page that allows payment to be applied to multiple orders. That is not part of core Ubercart. If you want a fix to be applied for this issue, we need a real PATCH, not a gzip of some altered module file.

Attached patch fixes the issue. Unfortunately, it's not particularly elegant since we cannot simply clear the credit caches at every load like milovan's module does - this breaks compatibility with some checkout gateways as they call uc_order_load() during the same request and (reasonably) expect the payment details to be there.

However, uc_credit_cache() is not keyed by order ID and it has no clue what order it's operating on and therefore cannot attempt to refresh the caches itself. hook_uc_order() of uc_credit sets the cache initially, and so it has to be responsible for clearing it. This patch makes it remember what order was loaded last, and if that order is different than the one being loaded, flushes the credit caches before resetting them based on the loading order. This approach ensures that we don't flush caches too early for modules that call uc_order_load() on the same order multiple times in a request or during checkout.

If the patch is not suitable for upstream, I've also provided a sandbox module that achieves the same functionality here: https://www.drupal.org/sandbox/firewing1/uc_credit_cache_refresher. if this patch cannot be accepted, I'll promote that to a full module for use with modules that perform bulk order editing such as views_bulk_operations.

Marking as needs review.

I also forgot to mention in my last comment: in the D8 branch, we should introduce a $order_id parameter to uc_credit_cache() to avoid this situation entirely - we can simply key the static array by order ID and never have to worry about these collisions.

It shouldn't be a problem to put this patch in, but I'm out of town for a few weeks so that will have to wait until I get back.

For D8 we will be using Payment. That's being worked on now.

@milovan: This issue is marked as "Needs review", which means that someone in the community needs to try the patch and report back on whether or not it fixes the reported problem. See the issue queue handbook (link below) for more information about what issue statuses mean.

Since you are the one who initially reported the bug, I'm surprised you haven't tried the patch yet - or if you have tried it I'm surprised you haven't posted a comment saying whether it worked for you or not.

Terrific, this patch solved the issue on my site that was actually showing the wrong CC data to customers and on the admin/order/### view screens. Thank you very much.