Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-15261

ezprice datatype looses vat information if postvariable is missing

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Medium
    • Resolution: Obsolete
    • Affects Version/s: 4.1.3
    • Fix Version/s: None
    • Component/s: Legacy > Webshop
    • Labels:
      None
    • Environment:

      Operating System: Linux
      PHP Version: (please be specific, like '4.4.3' or '5.1.5')
      Database and version:
      Browser (and version):

      Description

      The ezprice datatype doesn't check if it has the necessary postvariables before setting the attributes.

      We have some users that sould only edit the description and images of the products, so we created a siteacces and design where the ezprice attribute is missing in the edit template. This meses up the vat type in the ezprice attribute. We wil add the missing infirmation in hidden fields for now, but it is not very secure as it can be modified by the user using firebug or similar tools. It would be much better if ezprice checks if it has the correct data before setting the vat info in the db.

      Suggested fix:

      // Existing fetchObjectAttributeHTTPInput
      function fetchObjectAttributeHTTPInput( $http, $base, $contentObjectAttribute )

      { $data = $http->postVariable( $base . "_data_price_" . $contentObjectAttribute->attribute( "id" ) ); $vatType = $http->postVariable( $base . '_ezprice_vat_id_' . $contentObjectAttribute->attribute( 'id' ) ); $vatExInc = $http->postVariable( $base . '_ezprice_inc_ex_vat_' . $contentObjectAttribute->attribute( 'id' ) ); $locale = eZLocale::instance(); $data = $locale->internalCurrency( $data ); $data_text = $vatType . ',' . $vatExInc; $contentObjectAttribute->setAttribute( "data_float", $data ); $contentObjectAttribute->setAttribute( 'data_text', $data_text ); return true; } // Should be something like this function fetchObjectAttributeHTTPInput( $http, $base, $contentObjectAttribute ) { if( $http->hasPostVariable( $base . "_data_price_" . $contentObjectAttribute->attribute( "id" ) ) && $http->hasPostVariable( $base . '_ezprice_vat_id_' . $contentObjectAttribute->attribute( 'id' ) ) && $http->hasPostVariable( $base . '_ezprice_inc_ex_vat_' . $contentObjectAttribute->attribute( 'id' ) ) ) }

      $data = $http->postVariable( $base . "data_price" . $contentObjectAttribute->attribute( "id" ) );
      $vatType = $http->postVariable( $base . 'ezprice_vat_id' . $contentObjectAttribute->attribute( 'id' ) );
      $vatExInc = $http->postVariable( $base . 'ezprice_inc_ex_vat' . $contentObjectAttribute->attribute( 'id' ) );
      $locale = eZLocale::instance();
      $data = $locale->internalCurrency( $data );
      $data_text = $vatType . ',' . $vatExInc;
      $contentObjectAttribute->setAttribute( "data_float", $data );
      $contentObjectAttribute->setAttribute( 'data_text', $data_text );
      return true;
      }
      }

      Steps to reproduce

      1. Create a new design
      2. Override the edit template and remove the price attribute
      3. Save a product
      4. The data_text attribute of the price attribute now contains ',' instead of '<vatType>,<vatExInc>'

        Attachments

          Activity

            People

            Assignee:
            unknown unknown
            Reporter:
            rv Ronny Vedå
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated: