Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-15261

ezprice datatype looses vat information if postvariable is missing

    XMLWordPrintable

Details

    • Icon: Bug Bug
    • Resolution: Obsolete
    • Icon: Medium Medium
    • None
    • 4.1.3
    • Legacy > Webshop
    • None

    • Operating System: Linux
      PHP Version: (please be specific, like '4.4.3' or '5.1.5')
      Database and version:
      Browser (and version):

    Description

      The ezprice datatype doesn't check if it has the necessary postvariables before setting the attributes.

      We have some users that sould only edit the description and images of the products, so we created a siteacces and design where the ezprice attribute is missing in the edit template. This meses up the vat type in the ezprice attribute. We wil add the missing infirmation in hidden fields for now, but it is not very secure as it can be modified by the user using firebug or similar tools. It would be much better if ezprice checks if it has the correct data before setting the vat info in the db.

      Suggested fix:

      // Existing fetchObjectAttributeHTTPInput
      function fetchObjectAttributeHTTPInput( $http, $base, $contentObjectAttribute )

      { $data = $http->postVariable( $base . "_data_price_" . $contentObjectAttribute->attribute( "id" ) ); $vatType = $http->postVariable( $base . '_ezprice_vat_id_' . $contentObjectAttribute->attribute( 'id' ) ); $vatExInc = $http->postVariable( $base . '_ezprice_inc_ex_vat_' . $contentObjectAttribute->attribute( 'id' ) ); $locale = eZLocale::instance(); $data = $locale->internalCurrency( $data ); $data_text = $vatType . ',' . $vatExInc; $contentObjectAttribute->setAttribute( "data_float", $data ); $contentObjectAttribute->setAttribute( 'data_text', $data_text ); return true; } // Should be something like this function fetchObjectAttributeHTTPInput( $http, $base, $contentObjectAttribute ) { if( $http->hasPostVariable( $base . "_data_price_" . $contentObjectAttribute->attribute( "id" ) ) && $http->hasPostVariable( $base . '_ezprice_vat_id_' . $contentObjectAttribute->attribute( 'id' ) ) && $http->hasPostVariable( $base . '_ezprice_inc_ex_vat_' . $contentObjectAttribute->attribute( 'id' ) ) ) }

      $data = $http->postVariable( $base . "data_price" . $contentObjectAttribute->attribute( "id" ) );
      $vatType = $http->postVariable( $base . 'ezprice_vat_id' . $contentObjectAttribute->attribute( 'id' ) );
      $vatExInc = $http->postVariable( $base . 'ezprice_inc_ex_vat' . $contentObjectAttribute->attribute( 'id' ) );
      $locale = eZLocale::instance();
      $data = $locale->internalCurrency( $data );
      $data_text = $vatType . ',' . $vatExInc;
      $contentObjectAttribute->setAttribute( "data_float", $data );
      $contentObjectAttribute->setAttribute( 'data_text', $data_text );
      return true;
      }
      }

      Steps to reproduce

      1. Create a new design
      2. Override the edit template and remove the price attribute
      3. Save a product
      4. The data_text attribute of the price attribute now contains ',' instead of '<vatType>,<vatExInc>'

      Attachments

        Activity

          People

            unknown unknown
            c15b5f0e-f814-4746-a875-b9b4053e4364@accounts.ibexa.co Ronny Vedå
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated: