View Issue Details

IDProjectCategoryView StatusLast Update
0006450OXID eShop (all versions)2.2. Shop settingspublic2016-07-14 14:55
Reportermatths 
PrioritynormalSeverityminorReproducibilityalways
Status acknowledgedResolutionopen 
PlatformindependentOSindependentOS Versionindependent
Product Version4.10.0 / 5.3.0 
Target VersionFixed in Version 
Summary0006450: Creation of empty fields in payments
DescriptionUsers of the OXID Admin UI tend to just hit the Enter key to save a form. When not using the "Save" button but instead hitting the Enter key, an invisible form field for the selected payment is created. This can lead to unexpected results in the frontend as the admin user can't see the fields wihtout title easily.
Steps To ReproduceGo to SHOP SETTINGS > Payment Methods > e.g. Invoice

Klick into an input field in the lower part of the screen.
Hit enter to save / submit the form.

Now click into the fields select box. You can select an "invisible" field with an empty name.
Additional InformationIn the payment_main.tpl there are two <input type="submit">.
When the user hits enter key, the browser uses the first submit input field to actually submit the form. Thus the method addField() instead of save() is called, which does not check for an empty value of oxRegistry::getConfig()->getRequestParameter("sAddField") and thus creates fields with no name which are "invisible" to the admin user, but might create visible fields in the checkout process for frontend users depending on the templates.
TagsSolution Provided
ThemeNot defined
BrowserGoogle Chrome
PHP VersionNot defined
MySQL VersionNot defined

Activities

matths

2016-07-13 15:15

reporter  

payment_main.jpg (128,875 bytes)
payment_main.jpg (128,875 bytes)

matths

2016-07-13 15:17

reporter   ~0011697

A simply workaround is to overwrite the method and checking for empty fields before adding those.

    public function addField()
    {
        $sAddField = oxRegistry::getConfig()->getRequestParameter("sAddField");
        if ($sAddField!="") {
            return parent::addField();
        }
        return $this->save();
    }

michael_keiluweit

2016-07-14 14:55

developer   ~0011699

https://github.com/OXID-eSales/oxideshop_ce/pull/434