View Issue Details

IDProjectCategoryView StatusLast Update
0005560OXID eShop (all versions)2.3. Extensions (modules, themes)public2022-08-16 08:38
Reportermartinwegele Assigned To 
PrioritylowSeverityfeatureReproducibilityhave not tried
Status assignedResolutionopen 
Summary0005560: API data must not contain blanks
DescriptionI am not sure whether this is a bug or a feature request:
Users usually do copy & paste to insert their API data in the module's settings tab. It seems that there is no check of the inserted data performed.
Now with copy & paste e.g. from html-pages it happens very often that you also copy some (hidden?) blank spaces at the beginning or at the end e.g. of the signature. Now if you try to do a checkout with PayPal it will throw this error message as a response: "Security header is not valid" meaning your API data is incorrect.
If you check the data now in the input field of the module's settings you cannot see the additional blank spaces easily. Using the PayPal log you can see it, but that would not be necessary if the module would do a simple trim() on these config values, e.g. at this place:
https://github.com/OXID-eSales/paypal/blob/b-dev/source/modules/oe/oepaypal/core/oepaypalconfig.php#L498
What do you think?
TagsNo tags attached.
ThemeNot defined
BrowserAll
PHP VersionNot defined
Database VersionNot defined

Activities

FibreFoX

2014-09-04 13:50

reporter   ~0010129

I would see this as a feature, because it "sanitizes" the mistake from the shop-admin.

But modules should do their best to help users, so i totally agree to use trim() here.

martinwegele

2014-09-29 10:09

reporter   ~0010193

Last edited: 2014-09-29 10:09

Since 5.2.0 / 4.9.0 (using PayPal module version 3.2.0) this issue might be even more difficult to debug: http://wiki.oxidforge.org/Downloads/4.9.0_5.2.0#Password_field_added_to_modules_metadata

SvenBrunk

2022-01-28 18:32

administrator   ~0013575

This is fixed in the upcoming PayPal module releasing later this year