WordPress.org

Support

Support » Plugins and Hacks » eShop » [Resolved] eshop_business_sec bug

[Resolved] eshop_business_sec bug

  • EShop has an odd bit of code in paypal.php at line 66:

    $eshopemailbus=$eshopoptions['business'];
    if(isset( $eshopoptions['eshop_business_sec'] ) && $eshopoptions['eshop_business_sec'] !=''){
    	$eshopemailbus=$eshopoptions['business_sec'];
    	$_POST['business']=$eshopemailbus;
    }
    $checkid=md5($eshopemailbus.$token.number_format($pvalue,2));

    This is odd for two reasons:

    1. The conditional block is never reached because ‘eshop_business_sec’ is a typo, it should be ‘business_sec’ (see eshop-settings-extends.php)

    2. It’s not clear you ever want it to be reached. It would tell PayPal to direct the payment to the secondary email address.

    This whole business of using $_POST to carry around information is kind of crazy in my humble opinion. But if using it, why not just do this unconditionally:

    $_POST['business']=$eshopemailbus;

    (We are in the case eshopaction=’redirect’. The $_POST variable derives from the previous step, when eshopaction=’process’.)

    http://wordpress.org/extend/plugins/eshop/

Viewing 3 replies - 1 through 3 (of 3 total)
  • esmi

    @esmi

    Forum Moderator

    We will look at this properly asap and, if there is a typo, we’ll correct it in the next update.

    Plugin Author elfin

    @elfin

    fixed for next release – thanks for the heads up.

    Couldn’t find anything about “secondary” in the wiki, http://quirm.net/wiki/eshop/

    Here’s what seems to be the design for the PayPal settings in Dashboard / Settings / Paypal / Merchant Gateways.

    Main account Email address:
    * this must match your primary PayPal address.

    Secondary Email address
    * optionally, you can use one of your secondary PayPal addresses to receive the payment. Paypal will accept the payment, but its reply data will contain the primary address.

    That’s why the “Main” setting must match the Paypal primary. Otherwise, eShop classifies the transaction as “fraud.” The payment has been accepted, but eShop put the purchase in a different tab in the order viewer. The message sent to you (the business) says “Fraud…”.

    Paypal does recommend this check on its reply data, so the eShop behavior is correct. It’s just not documented, as far as I can tell.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘[Resolved] eshop_business_sec bug’ is closed to new replies.
Skip to toolbar