View Issue Details

IDProjectCategoryView StatusLast Update
0006939OXID eShop (all versions)1.03. Basket, checkout processpublic2019-05-07 11:23
ReporterQA 
PrioritynormalSeverityminorReproducibilityalways
Status resolvedResolutionfixed 
Product Version6.1.2 
Target VersionFixed in Version6.1.4 
Summary0006939: Payment method Direct debit no complete check of BIC. A blank character is sufficient here to recognize the form data as valid.
DescriptionIf the direct debit payment method (direct debit) is selected, BIC's details are not fully checked.
The entry of a blank character is sufficient here to recognize the form data as valid.

In vendor/oxid-esales/oxideshop-ce/source/Core/InputValidator::_validateDebitNote() spaces are removed in the _cleanDebitInformation() method.
Then the cleaned $aDebitInformation['lsblz'] is passed.
$sBankCode = $aDebitInformation['lsblz'];

Thus, when a space is entered in the BIC, the field is filled as follows:
$sBankCode = """

The following is then checked:
        if (empty($sBankCode) || $oSepaValidator->isValidBIC($sBankCode)) {
            $mxValidationResult = true;
Thus, when a space is entered in the BIC, it is recognized as valid.

Steps To Reproduce1. Add article to basket
2. Go to step 2 Direct Debit
3. Insert a blank for BIC and korrect IBAN

-> blank character is sufficient here to recognize the form data as valid
TagsNo tags attached.
ThemeNot defined
BrowserNot defined
PHP VersionNot defined
Database VersionNot defined

Activities

QA

2019-01-14 14:13

administrator   ~0012759

However, the template payment_oxiddebitnote.tpl shows that oxide treats both IBAN (BANK_ACCOUNT_NUMBER) and BIC (BANK_CODE) as mandatory (class="req", <input required="required">).
Therefore the behavior at the BIC as input of a space is to be regarded as valid a bug.

QA

2019-01-14 14:14

administrator  

iban.JPG (96,351 bytes)
iban.JPG (96,351 bytes)