OXID eShop bugtrack - Issues

0007958: Missing functions on notice list in mobile view

Thu, 04 Jun 2026 10:24:08 +0200

In the mobile view it is not possible to remove items from the notice list and it is also not possible to put items from the list in the cart.

0007880: Price calculation in e-mails wrong when a % discount is applied to an order

Wed, 03 Jun 2026 17:30:47 +0200

When placing an order with an valid % discount the price calculation in e-mails is wrong.
The calculation displayed in the frontend is ok at the checkout, in the backend at the order page it is also ok.
It affects only the sent mails to customer and owner.

See attached picture.

We noticed this in our online shop with Oxid 7.2 and Apex based theme 2.0.0 but i have installed an actual shop 7.4 with Apex 3.0.2 to verify if the error still exists or if it is fixed already

0007952: oxparams context will be removed from stdUrl after update

Tue, 02 Jun 2026 17:31:22 +0200

When updating the Seo-URL of a product for a specific category, the context(cnid/mnid/vnid) will be removed from the stdUrl.
index.php?cl=details&anid=05848170643ab0deb9914566391c0c63&cnid=0f41a4463b227c437f6e6bf57b1697c4 --> index.php?cl=details&anid=05848170643ab0deb9914566391c0c63

0007957: Payment method oscpaypal - inheritance chain for markVouchers is skipped and vouchers are not properly marked as used

Tue, 02 Jun 2026 09:22:18 +0200

In the file Model/Order.php the markVouchers method is overwritten:
protected function markVouchers($oBasket, $oUser) // phpcs:ignore PSR2.Methods.MethodDeclaration.Underscore
{
$sessionPaymentId = (string) $this->getPaymentService()->getSessionPaymentId();

// Skip markVoucher if finalizeOrder is called in the proxyController.
if (PayPalDefinitions::isProxyControllerPayment($sessionPaymentId)) {
return null;
}

return parent::markVouchers($oBasket, $oUser);
}

For payment methods like "oscpaypal" this means that that vouchers are never marked as used, only ever as reserved. And any module logic that depends on the inheritance chain of that method gets skipped.

We implemented a temp fix in EventSubscriber/PayPalOrderCompletedSubscriber.php, where we call a copy-pasted version of the markVouchers method.

0007944: Vouchers in PayPal

Tue, 02 Jun 2026 09:22:18 +0200

We are currently facing an issue where vouchers are not being passed to PayPal, and the voucher is not attached to the order record following a successful checkout.
This issue occurs exclusively with the standard PayPal workflow, as it always proceeds via the following path:
if (PayPalDefinitions::isProxyControllerPayment($sessionPaymentId)) { ... }
The root cause lies in the function `\OxidSolutionCatalysts\PayPal\Model\Order::_markVouchers`. (Edited)

0007956: oxbillustidstatus stays 0, even with oxustidstatus is 1

Fri, 29 May 2026 17:24:30 +0200

EE Field oxbillustidstatus seems to be never updated to 1 in a normal workflow of register -> order.

0007955: Unfinished orders are not cleaned up

Thu, 28 May 2026 14:58:42 +0200

the function cleanUpNotFinishedOrders() in Service/OrderRepository.php gets called from the webhook. I can see custom log entries before the execution of the query in this function but not afterwards. The orders are not being canceled.

0007937: Stored XSS via SVG upload in media-library-module (executes on direct SVG URL)

Wed, 27 May 2026 10:01:25 +0200

Media library accepts `.svg` uploads without sanitization. Direct request to the stored SVG is served as `image/svg+xml`, executing embedded `