[BUG] 5.0.6

[Martin]

I've started compiling a few changes and/or bugs that are in the 5.0.6 version of Interspire's Shopping Cart.

Bug still outstanding from 5.0.5:
http://www.interspired.net/forum/viewto ... p=241#p241

Also: /includes/display/SideProductAddToCart.php has gone missing which breaks a number of mods.

[Martin]

Sagepay Direct (protxvspdirect) is broken when used with 3D Secure.

EDIT: Bad mood alert on the original post...

Right... bear in mind that this took 8 hours to reverse engineer to get debug code, talk to support at SagePay (for 2 hours total) and then finally identify and test out a fix...

I say this because when you see the fix you'll fall over at how simple it is...

Open: /modules/checkout/module.protxvspdirect.php

Find:

Code: Select all

list($name, $value) = explode("=", $res);

Replace with:

Code: Select all

list($name, $value) = @explode("=", $res, 2);

The problem itself was caused by exploding on "=" removing these characters from the PaReq and 3DAuthURL variables in the initial SagePay response which are included in the values that need to be sent back, eg:

Code: Select all

PaReq=https://test.sagepay.com/mpitools/accesscontroler?action=pareq
..became...
$GLOBALS['PaReq'] = "https://test.sagepay.com/mpitools/accesscontroler?action="

instead of...
$GLOBALS['PaReq'] = "https://test.sagepay.com/mpitools/accesscontroler?action=pareq"

Sagepays system is partly to blame for a rather daft approach, but the dozy moron @ Interspire who coded this, obviously only tested it on the simulator but not on the Test or (more importantly) the Live system otherwise the problem would have been immediately obvious and fixable.

[Martin]

Updated the post above re: SagePay but just to note that the key functionality is still broken in that your customers are redirected away to SagePay to fill out the 3DSecure form before being redirected back to your site again.

Given that the whole point of SagePay Direct is that your customers never obviously leave the site this is still considered broken and needs fixing.

[Martin]

Found yet more bugs in the SagePay direct module...

Open /modules/checkout/protxvspdirect/module.protxvspdirect.php

Find:

Code: Select all

			// if status is ok , payment is successful, Or if this is a 3DSecure transaction, check 3D secure status
			if(isset($resultArray['Status']) && ($resultArray['Status'] == 'OK' || $resultArray['Status'] == 'ATTEMPTONLY')  && (!isset($resultArray['3DSecureStatus']) || $resultArray['3DSecureStatus'] == 'OK' || $resultArray['3DSecureStatus'] == 'ATTEMPTONLY')) {

Replace with:

Code: Select all

			// if status is ok , payment is successful, Or if this is a 3DSecure transaction, check 3D secure status
			$OkResponseArray = array('OK', 'ATTEMPTONLY');
			$OkResponseArray3D = array('OK', 'NOTCHECKED', 'ATTEMPTONLY');
			
			if(isset($resultArray['Status']) && in_array($resultArray['Status'], $OkResponseArray)  
				&& (!isset($resultArray['3DSecureStatus']) || in_array($resultArray['3DSecureStatus'], $OkResponseArray3D))) {

This fix deals with the scenario where 3D secure has been turned on but is not checked for certain bands... It transacted properly but the cart thinks it's got an error and goes into "Helpful" mode...

IMPORTANT:
It will still error on a Maestro card though if 3D secure is not enabled for the order value being used as Maestro requires 3Dsecure for ALL items... Need to ask SagePay if there's a way to force 3DSecure for certain cards.

[gaz]

Another bug Martin.

My product variations are broken.

Where I force people to choose an option they cannot add an item to the cart as it always alerts that they need to make a choice

[Martin]

Another bug Martin.

My product variations are broken.

Where I force people to choose an option they cannot add an item to the cart as it always alerts that they need to make a choice

I suspect you're missing a template update somewhere... I've just tried it on mine and it's worked with no problems..

[gaz]

Found the problem, was the ajaxcart mod.
Now that includes/display/SideProductAddToCart.php has gone other it's mods to the template no longer work and broke this functionality.

If anyone else gets the problem delete your custom html in your template dir and work back from the default ones.