View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0007387 | module PayPal Checkout | module PayPal checkout - sub | public | 2022-12-08 13:28 | 2022-12-14 14:31 |
| Reporter | dominik_ziegler | Assigned To | |||
| Priority | normal | Severity | major | Reproducibility | always |
| Status | resolved | Resolution | fixed | ||
| Fixed in Version | 2.2.3 / 1.2.3 | ||||
| Summary | 0007387: PayPal API returns "CANNOT_BE_ZERO_OR_NEGATIVE" for empty baskets | ||||
| Description | When the PayPal proxy controller method "createOrder" is called and the session has a basket without items, the API will return "CANNOT_BE_ZERO_OR_NEGATIVE", as no items and no other instructions are sent when creating the order with "doCreatePayPalOrder". The method "createOrder" should check if there are any items in the basket. If there are none, the API call should not be executed. Simple requests of /index.php?cl=oscpaypalproxy&fnc=createOrder&context=continue&aid=&stoken=XXXXX will trigger this API call and error. This should be prohibited, because someone could flood the server with these requests and maybe even trigger an PayPal API rate limit which will block real customers from buying via PayPal. | ||||
| Steps To Reproduce | Open /index.php?cl=oscpaypalproxy&fnc=createOrder&context=continue&aid=&stoken=XXXXX in a shop with the installed and active module. | ||||
| Additional Information | - es - | ||||
| Tags | No tags attached. | ||||
