<?xml version="1.0" encoding="utf-8"?>
<!--RSS generated by Flaimo.com RSS Builder [2026-07-02 01:00:45]-->
<rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"><channel><docs>https://bugs.oxid-esales.com/</docs><link>https://bugs.oxid-esales.com/</link><description><![CDATA[OXID eShop bugtrack - Issues]]></description><title>OXID eShop bugtrack - Issues</title><image><title>OXID eShop bugtrack - Issues</title><url>https://bugs.oxid-esales.com/images/mantis_logo.png</url><link>https://bugs.oxid-esales.com/</link><description><![CDATA[OXID eShop bugtrack - Issues]]></description></image><language>en</language><category>All Projects</category><ttl>10</ttl><dc:language>en</dc:language><sy:updatePeriod>hourly</sy:updatePeriod><sy:updateFrequency>1</sy:updateFrequency><item><title>0007972: PayPal Webhook Fehler</title><author></author><link>https://bugs.oxid-esales.com/view.php?id=7972</link><description><![CDATA[Logik-Widerspruch im Code: Das Modul wirft intern völlig korrekt eine WebhookEventRetryException (da die Bestellung zum exakten Zeitpunkt des Webhook-Eingangs wegen DB-Transaktionen/Race-Conditions noch nicht vollständig geladen werden kann).&lt;br /&gt;
&lt;br /&gt;
Fehlerhaftes HTTP-Handling: Anstatt diese Retry-Exception zu nutzen, um PayPal über einen HTTP-Statuscode 422 oder 503 mitzuteilen, dass der Request später wiederholt werden soll, fängt das Modul (oder der OXID-Core) die Exception ab und antwortet mit einem HTTP 200 OK.&lt;br /&gt;
&lt;br /&gt;
Die Folge: PayPal hakt den Webhook als &quot;erfolgreich zugestellt&quot; ab und sendet ihn nie wieder. Dem Shop fehlen dadurch dauerhaft die Zahlungs- und Bankdaten für den Rechnungskauf.]]></description><category>2.3. Extensions (modules, themes)</category><pubDate>Wed, 01 Jul 2026 17:17:42 +0200</pubDate><guid>https://bugs.oxid-esales.com/view.php?id=7972</guid><comments>https://bugs.oxid-esales.com/view.php?id=7972#bugnotes</comments></item><item><title>0007743: In case a syntax error happens while Smarty renders a plain HTML template, the already fetched output gets echoed.</title><author></author><link>https://bugs.oxid-esales.com/view.php?id=7743</link><description><![CDATA[Behind the scene the output is buffered (ob_start), but if an exception is thrown, the output gets flushed (&lt;a href=&quot;https://www.php.net/manual/en/outcontrol.output-handlers.php&quot; rel=&quot;noopener,nofollow&quot;&gt;https://www.php.net/manual/en/outcontrol.output-handlers.php&lt;/a&gt;) and displays the content. In case of the password forgot plain HTML it displays the link to change the password. This allows an attacker to change the password of any account without a notice. &lt;br /&gt;
&lt;br /&gt;
It’s necessary to have an error inside the the CMS page oxupdatepassinfoplainemail to be able to abuse the password forgot functionality. &lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Since every plain HTML template is buffered, this issue affects any plain HTML template.]]></description><category>4.04. Security</category><pubDate>Wed, 01 Jul 2026 15:11:26 +0200</pubDate><guid>https://bugs.oxid-esales.com/view.php?id=7743</guid><comments>https://bugs.oxid-esales.com/view.php?id=7743#bugnotes</comments></item><item><title>0007950: Oxobjectsrights has not complete subshop isolation or configration possibility</title><author></author><link>https://bugs.oxid-esales.com/view.php?id=7950</link><description><![CDATA[It is possible to create a rule and edit it in another sub-shop; however, the rule will continue to apply only in the original shop where it was created.]]></description><category>4.12. Subshop handling</category><pubDate>Wed, 01 Jul 2026 15:07:10 +0200</pubDate><guid>https://bugs.oxid-esales.com/view.php?id=7950</guid><comments>https://bugs.oxid-esales.com/view.php?id=7950#bugnotes</comments></item><item><title>0007969: text widget doesn't support twig codes/variables.</title><author></author><link>https://bugs.oxid-esales.com/view.php?id=7969</link><description><![CDATA[In the text widget you cannot have information like {{ oxcmp_shop.oxshops__oxname.value }}&lt;br /&gt;
the old oxcontent in plaintextmode (oxcontents__ddplaintext) still support those, but if used in text widget they get discarded.]]></description><category>module Visual CMS - sub</category><pubDate>Wed, 01 Jul 2026 13:17:41 +0200</pubDate><guid>https://bugs.oxid-esales.com/view.php?id=7969</guid><comments>https://bugs.oxid-esales.com/view.php?id=7969#bugnotes</comments></item><item><title>0007967: Double-Encoded Quotes in &lt;title&gt; Tag (Search Results Page)  - in Twig-Templates</title><author></author><link>https://bugs.oxid-esales.com/view.php?id=7967</link><description><![CDATA[FrontendController::getPageTitle() calls the private method replaceDoubleQuotesWithHTMLCharacters(), which replaces &quot; with &quot;.&lt;br /&gt;
This is a Smarty-era relic: back then the title was rendered without auto-escaping, so the entity had to be produced manually.&lt;br /&gt;
&lt;br /&gt;
Under Twig, however, the &lt;title&gt; tag (and og:title) is auto-escaped. As a result the ampersand gets encoded a second time:&lt;br /&gt;
&lt;br /&gt;
&quot; -&gt; &quot; -&gt; the browser tab literally displays &quot;.&lt;br /&gt;
&lt;br /&gt;
This is most visible on the search results page, where the title wraps the search term in double quotes (e.g. Search results for &quot;term&quot;). The &lt;h1&gt; heading is not affected, because it is built with literal quotes in the template and is therefore auto-escaped only once.]]></description><category>1.06. Search, Tags</category><pubDate>Wed, 01 Jul 2026 10:34:26 +0200</pubDate><guid>https://bugs.oxid-esales.com/view.php?id=7967</guid><comments>https://bugs.oxid-esales.com/view.php?id=7967#bugnotes</comments></item><item><title>0007968: The assignment windows do not display any data anymore</title><author></author><link>https://bugs.oxid-esales.com/view.php?id=7968</link><description><![CDATA[With &quot;assignment window&quot; i mean the small windows that open after you click something like the &quot;assign countries to a payment method&quot; or &quot;assign categories to a product&quot; buttons.&lt;br /&gt;
After we updated to Oxid metapackage-ee version 7.5 these assignment windows stop displaying any data. &lt;br /&gt;
&lt;br /&gt;
This seems to happen because the the Core/Config.php has been adjusted so that in the getConfigParam() does not call &quot;init()&quot; anymore. Instead it only calls &quot;initVars()&quot;. This makes it so that the session does not get properly initialized in the source/oxajax.php anymore. For now we fixed it ourselves by directly calling Config-&gt;init() in oxajax.php.]]></description><category>2.2. Shop settings</category><pubDate>Wed, 01 Jul 2026 09:02:55 +0200</pubDate><guid>https://bugs.oxid-esales.com/view.php?id=7968</guid><comments>https://bugs.oxid-esales.com/view.php?id=7968#bugnotes</comments></item><item><title>0007647: Allow non deprecated monolog versions ("^2.9||^3.0")</title><author></author><link>https://bugs.oxid-esales.com/view.php?id=7647</link><description><![CDATA[Some up to date php packages (e.g. from google) are dropping support for 1.x monolog dependency)&lt;br /&gt;
=&gt;&lt;br /&gt;
Your requirements could not be resolved to an installable set of packages.&lt;br /&gt;
...&lt;br /&gt;
google/apiclient[v2.15.0, ..., v2.16.0] require monolog/monolog ^2.9||^3.0 -&gt; satisfiable by monolog/monolog[2.9.0, 2.9.1, 2.9.2, 2.9.3, 3.0.0, ..., 3.6.0].&lt;br /&gt;
oxid-esales/oxideshop-metapackage-ce v6.5.2 requires monolog/monolog 1.27.1 -&gt; satisfiable by monolog/monolog[1.27.1]]]></description><category>General</category><pubDate>Wed, 01 Jul 2026 08:05:50 +0200</pubDate><guid>https://bugs.oxid-esales.com/view.php?id=7647</guid><comments>https://bugs.oxid-esales.com/view.php?id=7647#bugnotes</comments></item><item><title>0007971: Checking B2B mode differs between the module and the shop</title><author></author><link>https://bugs.oxid-esales.com/view.php?id=7971</link><description><![CDATA[In the PayPal module, the B2B mode is always checked via the shop’s basic settings: Registry::getConfig()-&gt;getConfigParam(“blShowNetPrice”).&lt;br /&gt;
&lt;br /&gt;
In the shop, the basket object has a method for checking the B2B mode: isPriceViewModeNetto().&lt;br /&gt;
&lt;br /&gt;
If you had to build a B2B module, you would overload this method. &lt;br /&gt;
However, this only makes sense if you actually use it in your module.]]></description><category>module PayPal checkout - sub</category><pubDate>Tue, 30 Jun 2026 15:27:37 +0200</pubDate><guid>https://bugs.oxid-esales.com/view.php?id=7971</guid><comments>https://bugs.oxid-esales.com/view.php?id=7971#bugnotes</comments></item><item><title>0007970: Cleaning up the use of the orphaned variable $withItems</title><author></author><link>https://bugs.oxid-esales.com/view.php?id=7970</link><description><![CDATA[Cleaning up the use of the orphaned variable $withItems&lt;br /&gt;
The two instances of $withItems:&lt;br /&gt;
- OrderRequestFactory::getRequest();&lt;br /&gt;
&lt;br /&gt;
You had already removed the usage here. If you also remove the orphaned variable, it will be less confusing.&lt;br /&gt;
&lt;br /&gt;
- PatchRequestFactory::getPurchaseUnitsPatch();&lt;br /&gt;
Here, the status is still being retrieved and actively used.]]></description><category>module PayPal checkout - sub</category><pubDate>Tue, 30 Jun 2026 15:19:24 +0200</pubDate><guid>https://bugs.oxid-esales.com/view.php?id=7970</guid><comments>https://bugs.oxid-esales.com/view.php?id=7970#bugnotes</comments></item><item><title>0007849: When Deactivating Module (e.g. PPC or Amazon) you got an exception: OXID Logger.ERROR: Template "module_main" nicht gefunden</title><author></author><link>https://bugs.oxid-esales.com/view.php?id=7849</link><description><![CDATA[Activating and deactivating each module individually works. Just not in sequence.&lt;br /&gt;
&lt;br /&gt;
This is where the error is triggered:&lt;br /&gt;
vendor/oxid-esales/oxideshop-ce/source/Core/ShopControl.php(438)&lt;br /&gt;
-&gt; protected function render($view)&lt;br /&gt;
&lt;br /&gt;
        try {&lt;br /&gt;
            $output = $renderer-&gt;renderTemplate($templateName, $viewData);&lt;br /&gt;
        } catch (\Throwable $exception) {&lt;br /&gt;
&lt;br /&gt;
It only happes when Deaktivating Module Amazon and PayPal, not Adyen.]]></description><category>General</category><pubDate>Tue, 30 Jun 2026 13:37:59 +0200</pubDate><guid>https://bugs.oxid-esales.com/view.php?id=7849</guid><comments>https://bugs.oxid-esales.com/view.php?id=7849#bugnotes</comments></item><item><title>0007936: Security: Unauthorized Account Access</title><author></author><link>https://bugs.oxid-esales.com/view.php?id=7936</link><description><![CDATA[An authentication bypass (CWE-287) in the user authentication flow of the OXID PayPal checkout module allows a remote, unauthenticated attacker to access arbitrary customer accounts.&lt;br /&gt;
&lt;pre&gt;&lt;br /&gt;
Affected versions (verified):&lt;br /&gt;
&gt;= 1.0.0,  &lt; 1.3.13&lt;br /&gt;
&gt;= 2.0.0,  &lt; 2.8.4&lt;br /&gt;
&gt;= 3.0.0,  &lt; 3.7.4&lt;br /&gt;
&lt;br /&gt;
Fixed versions:&lt;br /&gt;
&gt;= 1.4.0&lt;br /&gt;
&gt;= 2.9.0&lt;br /&gt;
&gt;= 3.8.0]]></description><category>module PayPal checkout - sub</category><pubDate>Mon, 29 Jun 2026 14:01:13 +0200</pubDate><guid>https://bugs.oxid-esales.com/view.php?id=7936</guid><comments>https://bugs.oxid-esales.com/view.php?id=7936#bugnotes</comments></item><item><title>0007961: If shop is running in Netto Mode, Stripe may charge an extra cent due to rounding differences</title><author></author><link>https://bugs.oxid-esales.com/view.php?id=7961</link><description><![CDATA[If shop is running in Netto Mode, Stripe may charge an extra cent due to rounding differences]]></description><category>module Stripe Wallet</category><pubDate>Thu, 25 Jun 2026 14:36:23 +0200</pubDate><guid>https://bugs.oxid-esales.com/view.php?id=7961</guid><comments>https://bugs.oxid-esales.com/view.php?id=7961#bugnotes</comments></item><item><title>0007954: For PayPal orders, the oxtrackcode is not saved in the oxorder table</title><author></author><link>https://bugs.oxid-esales.com/view.php?id=7954</link><description><![CDATA[If you enter the oxtrackcode in the admin panel, it is not saved in the oxorder_oxtrackcode table for PayPal orders.&lt;br /&gt;
As a result, the tracking ID is no longer displayed to the customer in the frontend -&gt; Order History.]]></description><category>module PayPal checkout - sub</category><pubDate>Thu, 25 Jun 2026 13:09:54 +0200</pubDate><guid>https://bugs.oxid-esales.com/view.php?id=7954</guid><comments>https://bugs.oxid-esales.com/view.php?id=7954#bugnotes</comments></item><item><title>0007965: Apple Pay (via the PayPal module) apparently only works with Safari</title><author></author><link>https://bugs.oxid-esales.com/view.php?id=7965</link><description><![CDATA[The Apple Pay button appears in the final step of checkout only if you're using Safari.&lt;br /&gt;
&lt;br /&gt;
According to Heise.de, however, it should work with any browser:&lt;br /&gt;
&lt;a href=&quot;https://www.heise.de/news/iOS-16-Apple-fuegt-heimlich-Apple-Pay-Unterstuetzung-fuer-andere-Browser-hinzu-7196342.html&quot; rel=&quot;noopener,nofollow&quot;&gt;https://www.heise.de/news/iOS-16-Apple-fuegt-heimlich-Apple-Pay-Unterstuetzung-fuer-andere-Browser-hinzu-7196342.html&lt;/a&gt;&lt;br /&gt;
&lt;br /&gt;
a) The module supports Apple Pay in conjunction with Firefox, Chrome, etc.&lt;br /&gt;
b) The module should not offer this payment method at all in Firefox, Chrome, etc.]]></description><category>module PayPal checkout - sub</category><pubDate>Thu, 25 Jun 2026 12:18:26 +0200</pubDate><guid>https://bugs.oxid-esales.com/view.php?id=7965</guid><comments>https://bugs.oxid-esales.com/view.php?id=7965#bugnotes</comments></item><item><title>0007960: "Shipped" status is incorrectly displayed for every non-cancelled order.</title><author></author><link>https://bugs.oxid-esales.com/view.php?id=7960</link><description><![CDATA[- Component: oxid-esales/apex-theme v3.1.0 (additionally oxid-esales/twig-theme)&lt;br /&gt;
- File/Line: tpl/page/account/order.html.twig:32 (Apex) or :26 (Wave)&lt;br /&gt;
- Error: Comparison `oxsenddate.value != &quot; - &quot;` uses spaces instead of `!= &quot;-&quot;`. `formatDBDate()` returns `'-'` (without spaces) for unshipped orders, so the condition is always true &lt;br /&gt;
- &quot;Shipped&quot; status is incorrectly displayed for every non-cancelled order.]]></description><category>Apex Theme</category><pubDate>Wed, 24 Jun 2026 08:34:30 +0200</pubDate><guid>https://bugs.oxid-esales.com/view.php?id=7960</guid><comments>https://bugs.oxid-esales.com/view.php?id=7960#bugnotes</comments></item><item><title>0007964: When attempting to pay with PayPal, a maintenance page appears in the store, likely due to a lost session</title><author></author><link>https://bugs.oxid-esales.com/view.php?id=7964</link><description><![CDATA[When attempting to pay via PayPal, a maintenance page appeared in the shop.&lt;br /&gt;
&lt;br /&gt;
The cause is likely a lost session.&lt;br /&gt;
&lt;br /&gt;
The shop (7.2.0) is using version 3.7.4 of the module. However, I can reproduce the same behavior up to version 3.8.2 RC.]]></description><category>module PayPal checkout - sub</category><pubDate>Fri, 19 Jun 2026 10:19:46 +0200</pubDate><guid>https://bugs.oxid-esales.com/view.php?id=7964</guid><comments>https://bugs.oxid-esales.com/view.php?id=7964#bugnotes</comments></item><item><title>0007934: Console Tools: oe-console commands incorrectly return exit code 0 on failure</title><author></author><link>https://bugs.oxid-esales.com/view.php?id=7934</link><description><![CDATA[Four console commands in the OXID eShop CLI (vendor/bin/oe-console) do not signal failure via the exit code. They terminate with exit code 0 (success) even though the operation failed. The error is printed to STDOUT as &lt;error&gt;...&lt;/error&gt;, but the exit code remains 0.&lt;br /&gt;
                                                                                                                                                                     &lt;br /&gt;
  This is problematic for:&lt;br /&gt;
  - CI/CD pipelines: Build scripts cannot detect failures and continue executing even when, for example, a license was not installed.&lt;br /&gt;
  - Shell scripts: Constructs like command &amp;&amp; next-step or set -e do not work reliably.                                                                              &lt;br /&gt;
  - Automation: Provisioning tools (Ansible, Docker setup scripts, Make targets) cannot handle failures correctly.&lt;br /&gt;
&lt;br /&gt;
Affected commands and code locations&lt;br /&gt;
- oe:license:add&lt;br /&gt;
- oe:module:activate&lt;br /&gt;
- oe:module:deactivate&lt;br /&gt;
- oe:setup:demodata]]></description><category>7. --- Other tools --------------</category><pubDate>Wed, 17 Jun 2026 15:15:53 +0200</pubDate><guid>https://bugs.oxid-esales.com/view.php?id=7934</guid><comments>https://bugs.oxid-esales.com/view.php?id=7934#bugnotes</comments></item><item><title>0007933: Console Tools: Incorrect output for --version</title><author></author><link>https://bugs.oxid-esales.com/view.php?id=7933</link><description><![CDATA[When running &quot;vendor/bin/oe-console --version&quot;, the command returns &quot;Console Tool&quot;. It should display the actual version number instead.]]></description><category>7. --- Other tools --------------</category><pubDate>Wed, 17 Jun 2026 15:14:21 +0200</pubDate><guid>https://bugs.oxid-esales.com/view.php?id=7933</guid><comments>https://bugs.oxid-esales.com/view.php?id=7933#bugnotes</comments></item><item><title>0007484: A translation error occurs after creating a new sub shop</title><author></author><link>https://bugs.oxid-esales.com/view.php?id=7484</link><description><![CDATA[The mall menu displays a translation key instead of the translated string.]]></description><category>4.12. Subshop handling</category><pubDate>Wed, 17 Jun 2026 15:13:05 +0200</pubDate><guid>https://bugs.oxid-esales.com/view.php?id=7484</guid><comments>https://bugs.oxid-esales.com/view.php?id=7484#bugnotes</comments></item><item><title>0007918: Misleading error message when Authorization header is stripped by Apache</title><author></author><link>https://bugs.oxid-esales.com/view.php?id=7918</link><description><![CDATA[Misleading error message when Authorization header is stripped by Apache&lt;br /&gt;
&lt;br /&gt;
When Apache strips the Authorization header before it reaches PHP (a common default configuration), all #[Logged] endpoints return:&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&quot;You need to be logged to access this field&quot;&lt;br /&gt;
This is the same error message regardless of whether:&lt;br /&gt;
&lt;br /&gt;
No token was sent&lt;br /&gt;
An invalid token was sent&lt;br /&gt;
A valid token was sent but the header was stripped by the webserver&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
The module should differentiate between:&lt;br /&gt;
&lt;br /&gt;
No Authorization header present use current anonymous fallback is acceptable&lt;br /&gt;
Authorization header present but token invalid use specific error, e.g. &quot;Invalid or expired token&quot;&lt;br /&gt;
Authorization header absent despite being expected use ideally a hint that the header may be stripped by the webserver&lt;br /&gt;
At minimum, when a Bearer token is provided but cannot be parsed (because the header was silently dropped), the error should differ from the anonymous-user case.&lt;br /&gt;
&lt;br /&gt;
Suggested Improvements&lt;br /&gt;
Documentation: Add the .htaccess RewriteRule to the installation docs as a required step for Apache environments. This is a well-known Apache/PHP issue but not obvious for OXID module developers debugging &quot;You need to be logged&quot; errors.&lt;br /&gt;
&lt;br /&gt;
Error differentiation: In RequestReader::getAuthToken(), if no Authorization header is found, check for REDIRECT_HTTP_AUTHORIZATION and HTTP_AUTHORIZATION server variables as fallback. If none are present, consider setting a flag that distinguishes &quot;no auth attempted&quot; from &quot;auth attempted but failed&quot;.&lt;br /&gt;
&lt;br /&gt;
Environment&lt;br /&gt;
OXID eShop 7.4.x&lt;br /&gt;
graphql-base 12.0.1&lt;br /&gt;
Apache with mod_rewrite (Docker SDK setup)&lt;br /&gt;
PHP-FPM]]></description><category>General</category><pubDate>Wed, 17 Jun 2026 15:08:40 +0200</pubDate><guid>https://bugs.oxid-esales.com/view.php?id=7918</guid><comments>https://bugs.oxid-esales.com/view.php?id=7918#bugnotes</comments></item><item><title>0007962: PayPal Checkout ignores paymentId when basket already contains another payment method</title><author></author><link>https://bugs.oxid-esales.com/view.php?id=7962</link><description><![CDATA[When using PayPal Checkout, the PayPal module passes the correct payment ID oscpaypal to the shop order creation process. However, if the basket already contains another payment method, for example oxidamazon, the PayPal payment ID is ignored and the order is created with the previously stored basket payment method.&lt;br /&gt;
&lt;br /&gt;
Relevant code path:&lt;br /&gt;
```&lt;br /&gt;
// vendor/oxid-solution-catalysts/paypal-module/src/Controller/AjaxPaymentController.php:109&lt;br /&gt;
&lt;br /&gt;
$paymentId = $data['paymentId'] ?? null;&lt;br /&gt;
&lt;br /&gt;
$this-&gt;orderManager-&gt;createShopOrder($paymentId);&lt;br /&gt;
```&lt;br /&gt;
&lt;br /&gt;
Inside createShopOrder(), the PayPal payment method is only set if the basket currently has no payment method assigned:&lt;br /&gt;
&lt;br /&gt;
```&lt;br /&gt;
// vendor/oxid-solution-catalysts/paypal-module/src/Service/OrderManager.php:75&lt;br /&gt;
&lt;br /&gt;
if (empty($this-&gt;basket-&gt;getPaymentId()) &amp;&amp; !empty($paymentId)) {&lt;br /&gt;
    $this-&gt;basket-&gt;setPayment($paymentId);&lt;br /&gt;
}&lt;br /&gt;
```&lt;br /&gt;
&lt;br /&gt;
If the basket already contains oxidamazon, the provided PayPal payment ID is ignored.&lt;br /&gt;
&lt;br /&gt;
The OXID order then uses the payment method directly from the basket:&lt;br /&gt;
&lt;br /&gt;
```&lt;br /&gt;
// vendor/oxid-esales/oxideshop-ce/source/Application/Model/Order.php:515&lt;br /&gt;
&lt;br /&gt;
$oUserPayment = $this-&gt;_setPayment($oBasket-&gt;getPaymentId());&lt;br /&gt;
```&lt;br /&gt;
&lt;br /&gt;
As a result, the created order contains:&lt;br /&gt;
&lt;br /&gt;
```&lt;br /&gt;
OXPAYMENTTYPE = oxidamazon&lt;br /&gt;
```&lt;br /&gt;
&lt;br /&gt;
although the customer actually completed the checkout using PayPal.&lt;br /&gt;
&lt;br /&gt;
At the same time, the PayPal Checkout flow sets a special session flag:&lt;br /&gt;
&lt;br /&gt;
```&lt;br /&gt;
// vendor/oxid-solution-catalysts/paypal-module/src/Service/OrderManager.php:82&lt;br /&gt;
&lt;br /&gt;
$session-&gt;setVariable('isPayPalPaymentCheckout', true);&lt;br /&gt;
```&lt;br /&gt;
&lt;br /&gt;
This flag causes the regular payment execution to be skipped:&lt;br /&gt;
&lt;br /&gt;
```&lt;br /&gt;
// vendor/oxid-solution-catalysts/paypal-module/src/Model/Order.php:413&lt;br /&gt;
&lt;br /&gt;
if (Registry::getSession()-&gt;getVariable('isPayPalPaymentCheckout')) {&lt;br /&gt;
    return true;&lt;br /&gt;
}&lt;br /&gt;
```&lt;br /&gt;
&lt;br /&gt;
OXID interprets this true return value as a successful payment and sets the order status to OK:&lt;br /&gt;
&lt;br /&gt;
```&lt;br /&gt;
// vendor/oxid-esales/oxideshop-ce/source/Application/Model/Order.php:552&lt;br /&gt;
&lt;br /&gt;
$this-&gt;_setOrderStatus('OK');&lt;br /&gt;
```&lt;br /&gt;
&lt;br /&gt;
Only after the OXID order has already been created, the PayPal module changes the basket payment method to PayPal:&lt;br /&gt;
&lt;br /&gt;
```&lt;br /&gt;
// vendor/oxid-solution-catalysts/paypal-module/src/Controller/AjaxPaymentController.php:130&lt;br /&gt;
&lt;br /&gt;
$this-&gt;setPayPalPaymentMethod(&lt;br /&gt;
    PayPalDefinitions::STANDARD_PAYPAL_PAYMENT_ID&lt;br /&gt;
);&lt;br /&gt;
```&lt;br /&gt;
&lt;br /&gt;
This happens too late for the already created OXID order.&lt;br /&gt;
&lt;br /&gt;
Expected behavior:&lt;br /&gt;
&lt;br /&gt;
When PayPal Checkout is used, the order should be created with the PayPal payment method, for example:&lt;br /&gt;
&lt;br /&gt;
`OXPAYMENTTYPE = oscpaypal`&lt;br /&gt;
&lt;br /&gt;
The PayPal payment ID passed to createShopOrder($paymentId) should overwrite any previously stored basket payment method for this checkout flow.&lt;br /&gt;
&lt;br /&gt;
Actual behavior:&lt;br /&gt;
&lt;br /&gt;
If the basket already contains another payment method, for example oxidamazon, the order is created with: `OXPAYMENTTYPE = oxidamazon`&lt;br /&gt;
&lt;br /&gt;
even though the customer used PayPal Checkout. The order is then marked as OK because the PayPal Checkout session flag skips the normal payment execution.&lt;br /&gt;
&lt;br /&gt;
Possible fix:&lt;br /&gt;
&lt;br /&gt;
In the PayPal Checkout flow, createShopOrder($paymentId) should set the provided payment ID whenever it is present, not only when the basket payment ID is empty.&lt;br /&gt;
&lt;br /&gt;
Current logic:&lt;br /&gt;
&lt;br /&gt;
```&lt;br /&gt;
if (empty($this-&gt;basket-&gt;getPaymentId()) &amp;&amp; !empty($paymentId)) {&lt;br /&gt;
    $this-&gt;basket-&gt;setPayment($paymentId);&lt;br /&gt;
}&lt;br /&gt;
```&lt;br /&gt;
Possible adjusted logic:&lt;br /&gt;
&lt;br /&gt;
```&lt;br /&gt;
if (!empty($paymentId)) {&lt;br /&gt;
    $this-&gt;basket-&gt;setPayment($paymentId);&lt;br /&gt;
}&lt;br /&gt;
```&lt;br /&gt;
&lt;br /&gt;
This would ensure that the order is created with the payment method actually used in the checkout.]]></description><category>General</category><pubDate>Sat, 13 Jun 2026 10:41:15 +0200</pubDate><guid>https://bugs.oxid-esales.com/view.php?id=7962</guid><comments>https://bugs.oxid-esales.com/view.php?id=7962#bugnotes</comments></item><item><title>0007963: PayPal smart button: terms-and-conditions check runs inside createOrder instead of onClick</title><author></author><link>https://bugs.oxid-esales.com/view.php?id=7963</link><description><![CDATA[On the order step (&quot;Jetzt kaufen&quot; / step 4), clicking the PayPal button without confirming the terms-and-conditions checkbox makes the PayPal popup open briefly and close again.&lt;br /&gt;
The browser console shows:&lt;br /&gt;
Uncaught Error: Expected an order id to be passed (thrown by PayPal JS SDK v5.0.556, paypal.com/smart/buttons).&lt;br /&gt;
&lt;br /&gt;
Root cause&lt;br /&gt;
The standard PayPal button (&lt;div id=&quot;oscpaypal&quot;&gt; from checkout_order_btn_submit_bottom.tpl) is rendered by standard-payment-controller.js. The terms check (checkTermsAndConditions()) exists, but it runs inside createOrder and, on failure, does a bare return; — i.e. createOrder resolves to undefined. Since the PayPal SDK opens the popup synchronously on click and only then calls createOrder, an undefined return triggers the SDK's strict order-id check, which surfaces as the visible error and a popup that closes immediately. getPayButtonSettings() defines no onClick handler, so there is no pre-flight rejection.&lt;br /&gt;
&lt;br /&gt;
Correct behaviour (existing reference)&lt;br /&gt;
Apple Pay (applepay.tpl) and Google Pay (googlepay-payment-controller.js) already perform the check before the payment flow starts — in the click handler / onClick, returning early / actions.reject() so the popup never opens.&lt;br /&gt;
&lt;br /&gt;
Affected&lt;br /&gt;
  - standard-payment-controller.js — check in createOrder instead of onClick (primary, matches the report).&lt;br /&gt;
  - acdc-payment-controller.js — same pattern (check inside order creation rather than onClick).&lt;br /&gt;
  - paymentbuttons.tpl (Express / SEPA / CC funding buttons) — no terms check at all; separate but same failure class.&lt;br /&gt;
&lt;br /&gt;
Fix direction&lt;br /&gt;
Add an onClick(data, actions) pre-check to the PayPal/ACDC button settings that calls checkTermsAndConditions(), shows READ_AND_CONFIRM_TERMS and rejects (actions.reject()) before the popup opens; keep createOrder as a safety net. Mirror the same pre-check into the funding buttons in paymentbuttons.tpl. To be fixed in the OXID 6 and OXID 7 module lines.]]></description><category>module PayPal checkout - sub</category><pubDate>Fri, 12 Jun 2026 16:11:25 +0200</pubDate><guid>https://bugs.oxid-esales.com/view.php?id=7963</guid><comments>https://bugs.oxid-esales.com/view.php?id=7963#bugnotes</comments></item><item><title>0006025: Add article to order, not article found</title><author></author><link>https://bugs.oxid-esales.com/view.php?id=6025</link><description><![CDATA[[Administer Orders] --&gt; [Orders] --&gt; [Tab: Products]&lt;br /&gt;
--&gt; search product&lt;br /&gt;
&lt;br /&gt;
The searchquery contains the fields (oxid, oxparentid) in lower case.&lt;br /&gt;
But the script expect the field in Upper Case(OXId, OXPARENTID).&lt;br /&gt;
&lt;br /&gt;
In some cases(server, php-configuration, ..) this dosn't work.&lt;br /&gt;
&lt;br /&gt;
So, please use lower case or capitals and not a mix.]]></description><category>2.6. Administer orders</category><pubDate>Fri, 12 Jun 2026 10:57:46 +0200</pubDate><guid>https://bugs.oxid-esales.com/view.php?id=6025</guid><comments>https://bugs.oxid-esales.com/view.php?id=6025#bugnotes</comments></item><item><title>0007959: The PayPal Express button disappears from the shopping cart when changes are made to the item quantity</title><author></author><link>https://bugs.oxid-esales.com/view.php?id=7959</link><description><![CDATA[If you change the quantity of an item directly in the shopping cart using the minus/plus icon, the PayPal Express button will disappear from the shopping cart.&lt;br /&gt;
&lt;br /&gt;
This issue only affects the OXID 7 version.&lt;br /&gt;
It cannot be reproduced in OXID 6.5 with v2.9.1.]]></description><category>module PayPal checkout - sub</category><pubDate>Thu, 11 Jun 2026 12:28:14 +0200</pubDate><guid>https://bugs.oxid-esales.com/view.php?id=7959</guid><comments>https://bugs.oxid-esales.com/view.php?id=7959#bugnotes</comments></item><item><title>0007893: AmazonPay Modul 2.6.x (b-6.3.x sowie b-7.0.x)</title><author></author><link>https://bugs.oxid-esales.com/view.php?id=7893</link><description><![CDATA[Wenn man in den yaml Dateien einen Leerstring einträgt, so werden keine Defaultwerte gesetzt.&lt;br /&gt;
&lt;br /&gt;
Beispiel:&lt;br /&gt;
      amazonPayCapType:&lt;br /&gt;
        type: str&lt;br /&gt;
        value: ''&lt;br /&gt;
&lt;br /&gt;
Die entsprechende Validierung des Wertes erfolgt in \OxidSolutionCatalysts\AmazonPay\Controller\Admin\ConfigController::handleSpecialFields&lt;br /&gt;
Dort wird als Validierung eine !isset($conf['amazonPayCapType']) ausgeführt.&lt;br /&gt;
&lt;br /&gt;
Diese ist jedoch bei einem Leerstring immer false, da ein Leerstring als gesetzt zählt:&lt;br /&gt;
php -r '$conf[&quot;foo&quot;] = &quot;&quot;; var_dump(!isset($conf[&quot;foo&quot;]));'&lt;br /&gt;
&lt;br /&gt;
Dadurch werden die Daten nicht korrekt gesetzt in der Configuration für AmazonPay.]]></description><category>General</category><pubDate>Thu, 11 Jun 2026 12:26:40 +0200</pubDate><guid>https://bugs.oxid-esales.com/view.php?id=7893</guid><comments>https://bugs.oxid-esales.com/view.php?id=7893#bugnotes</comments></item></channel></rss>
