View Issue Details

Jump to Notes
IDProjectCategoryView StatusDate SubmittedLast Update
0007910module PayPal Checkoutmodule PayPal checkout - subpublic2026-03-13 11:502026-03-19 14:26
ReporterSpritje Assigned To 
PrioritynormalSeverityminorReproducibilityhave not tried
Status resolvedResolutionfixed 
Product Version2.8.0 / 3.7.0 
Target Version2.8.1 / 3.7.1Fixed in Version2.8.1 / 3.7.1 
Summary0007910: Incorrect / missing ?? fallback for $_POST parameters
DescriptionThe files OrderController.php and ProxyController.php contain code that manually sets $_POST parameters before calling execute().

Error 1: Missing ?? fallback in checkAgbTop
// BUGGY
$_POST[“ord_agb”] = (int)filter_var($_POST[“checkAgbTop”], FILTER_VALIDATE_BOOLEAN);
// CORRECT
$_POST[“ord_agb”] = (int)filter_var($_POST[“checkAgbTop”] ?? false, FILTER_VALIDATE_BOOLEAN);

Error 2: Bug in oxserviceproductsagreement
The bug (oxserviceproductsagreement reads from oxdownloadableproductsagreement) causes the following:
 - the consent for the service products checkbox always adopts the value of the downloadable products checkbox, regardless of what the customer has clicked
 - validateTermsAndConditions() consequently checks incorrect values

// BUGGY — incorrectly reads “oxdownloadableproductsagreement” instead of “oxserviceproductsagreement”
$_POST[“oxserviceproductsagreement”] = (int)filter_var($_POST[“oxdownloadableproductsagreement”], FILTER_VALIDATE_BOOLEAN);
// CORRECT
$_POST[“oxserviceproductsagreement”] = (int)filter_var($_POST[“oxserviceproductsagreement”] ?? false, FILTER_VALIDATE_BOOLEAN);

Also Fallback for
$_POST['oxdownloadableproductsagreement'] = (int)filter_var($_POST['oxdownloadableproductsagreement'], FILTER_VALIDATE_BOOLEAN);
Additional InformationSource:
https://github.com/OXID-eSales/paypal-module/blob/b-6.3.x/src/Controller/OrderController.php#L259
https://github.com/OXID-eSales/paypal-module/blob/b-6.3.x/src/Controller/ProxyController.php#L515

TagsNo tags attached.

Activities

QA

2026-03-13 12:13

administrator   ~0018425

QA - ES -