View Issue Details

IDProjectCategoryView StatusLast Update
0005560OXID eShop (all versions)2.3. Extensions (modules, themes)public2015-02-25 18:08
Reportermartinwegele 
PrioritylowSeverityfeatureReproducibilityhave not tried
Status assignedResolutionopen 
Product Version 
Target VersionFixed in Version 
Summary0005560: API data must not contain blanks
DescriptionI am not sure whether this is a bug or a feature request:
Users usually do copy & paste to insert their API data in the module's settings tab. It seems that there is no check of the inserted data performed.
Now with copy & paste e.g. from html-pages it happens very often that you also copy some (hidden?) blank spaces at the beginning or at the end e.g. of the signature. Now if you try to do a checkout with PayPal it will throw this error message as a response: "Security header is not valid" meaning your API data is incorrect.
If you check the data now in the input field of the module's settings you cannot see the additional blank spaces easily. Using the PayPal log you can see it, but that would not be necessary if the module would do a simple trim() on these config values, e.g. at this place:
https://github.com/OXID-eSales/paypal/blob/b-dev/source/modules/oe/oepaypal/core/oepaypalconfig.php#L498
What do you think?
TagsNo tags attached.
ThemeAzure
BrowserAll
PHP Versionany
MySQL Versionany

Activities

FibreFoX

2014-09-04 13:50

reporter   ~0010129

I would see this as a feature, because it "sanitizes" the mistake from the shop-admin.

But modules should do their best to help users, so i totally agree to use trim() here.

martinwegele

2014-09-29 10:09

reporter   ~0010193

Last edited: 2014-09-29 10:09

View 2 revisions

Since 5.2.0 / 4.9.0 (using PayPal module version 3.2.0) this issue might be even more difficult to debug: http://wiki.oxidforge.org/Downloads/4.9.0_5.2.0#Password_field_added_to_modules_metadata