Jump to content

v5.1.9 - Session variables not populated when product is added via URL


SeanP

Recommended Posts

There is a bug in 5.1.9, where the session variables for products added to the cart, via the URL, do not get populated. We have some products add themselves to the cart, via the URL, with pre-populated configurable options, and custom fields. When doing this, we have a hook that is using the session variables, for the items in the cart. This works properly in 5.1.7, but is broken in 5.1.9. This breaks a critical custom module and hook for us.

 

I have a support ticket open for this issue: YIM-645918

Link to comment
Share on other sites

This bug was confirmed by WHMCS, but I was told to upgrade to 5.2.7 to fix it. I thought the 5.1 series was still supported? Since, 5.1.x is still a supported series, and the latest security patch has introduced this issue, we need a fix for version 5.1.9.

Edited by SeanP
Link to comment
Share on other sites

So WHMCS refuses to fix their broken 5.1.9 "security patch". Even though, they have confirmed it introduced an issue that causes it to break modules (PHP session variables are not updating properly). Their EOL agreement states they still release security patches for the 5.1 series. I guess that doesn't mean working security patches. So the choice is, stay on 5.1.7 (due to 5.1.8 being broken as well) and risk a security breach, upgrade to 5.1.9 and have your modules break forcing you not to be able to conduct your business, or immediately upgrade the whole thing to 5.2.7, and be dead in the water if your critical custom modules don't work properly with that version. We all know the issues people have had with the 5.2 series, so that is a huge risk in itself.

Link to comment
Share on other sites

  • 2 weeks later...

I was able to figure out the issue. I had an extra "&" on a couple variables on the URL. This didn't affect things in 5.1.7, but broke things in 5.1.9 and 5.2.7. It must be due to the way WHMCS now interprets variables, via the URL. This was probably done to lock it down from SQL injection attempts. I guess the new versions are more strict with adding items to the cart, via URL.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated