WordPress.org

Ready to get started?Download WordPress

Forums

eShop
[resolved] eshop_business_sec bug (4 posts)

  1. kitchin
    Member
    Posted 2 years ago #

    EShop has an odd bit of code in paypal.php at line 66:

    $eshopemailbus=$eshopoptions['business'];
    if(isset( $eshopoptions['eshop_business_sec'] ) && $eshopoptions['eshop_business_sec'] !=''){
    	$eshopemailbus=$eshopoptions['business_sec'];
    	$_POST['business']=$eshopemailbus;
    }
    $checkid=md5($eshopemailbus.$token.number_format($pvalue,2));

    This is odd for two reasons:

    1. The conditional block is never reached because 'eshop_business_sec' is a typo, it should be 'business_sec' (see eshop-settings-extends.php)

    2. It's not clear you ever want it to be reached. It would tell PayPal to direct the payment to the secondary email address.

    This whole business of using $_POST to carry around information is kind of crazy in my humble opinion. But if using it, why not just do this unconditionally:

    $_POST['business']=$eshopemailbus;

    (We are in the case eshopaction='redirect'. The $_POST variable derives from the previous step, when eshopaction='process'.)

    http://wordpress.org/extend/plugins/eshop/

  2. esmi
    Forum Moderator
    Posted 2 years ago #

    We will look at this properly asap and, if there is a typo, we'll correct it in the next update.

  3. elfin
    Moderator
    Plugin Author

    Posted 2 years ago #

    fixed for next release - thanks for the heads up.

  4. kitchin
    Member
    Posted 1 year ago #

    Couldn't find anything about "secondary" in the wiki, http://quirm.net/wiki/eshop/

    Here's what seems to be the design for the PayPal settings in Dashboard / Settings / Paypal / Merchant Gateways.

    Main account Email address:
    * this must match your primary PayPal address.

    Secondary Email address
    * optionally, you can use one of your secondary PayPal addresses to receive the payment. Paypal will accept the payment, but its reply data will contain the primary address.

    That's why the "Main" setting must match the Paypal primary. Otherwise, eShop classifies the transaction as "fraud." The payment has been accepted, but eShop put the purchase in a different tab in the order viewer. The message sent to you (the business) says "Fraud...".

    Paypal does recommend this check on its reply data, so the eShop behavior is correct. It's just not documented, as far as I can tell.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags