[not a bug] v5.1.9 - Session variables not populated when product is added via URL

[SeanP]

There is a bug in 5.1.9, where the session variables for products added to the cart, via the URL, do not get populated. We have some products add themselves to the cart, via the URL, with pre-populated configurable options, and custom fields. When doing this, we have a hook that is using the session variables, for the items in the cart. This works properly in 5.1.7, but is broken in 5.1.9. This breaks a critical custom module and hook for us.

 

I have a support ticket open for this issue: YIM-645918

[SeanP]

This bug was confirmed by WHMCS, but I was told to upgrade to 5.2.7 to fix it. I thought the 5.1 series was still supported? Since, 5.1.x is still a supported series, and the latest security patch has introduced this issue, we need a fix for version 5.1.9.

Edited August 13, 2013 by SeanP

[SeanP]

So WHMCS refuses to fix their broken 5.1.9 "security patch". Even though, they have confirmed it introduced an issue that causes it to break modules (PHP session variables are not updating properly). Their EOL agreement states they still release security patches for the 5.1 series. I guess that doesn't mean working security patches. So the choice is, stay on 5.1.7 (due to 5.1.8 being broken as well) and risk a security breach, upgrade to 5.1.9 and have your modules break forcing you not to be able to conduct your business, or immediately upgrade the whole thing to 5.2.7, and be dead in the water if your critical custom modules don't work properly with that version. We all know the issues people have had with the 5.2 series, so that is a huge risk in itself.

[Infopro]

Have you tested those custom modules of yours in the latest release to see if they actually do work or not?

[SeanP]

We are working on testing everything now.

[SeanP]

We just confirmed that this bug also exists in 5.2.7. We re-opened our support ticket ( YIM-645918 ).

Edited August 28, 2013 by SeanP

[stormy]

This bug is also affecting the upgrades for one of my products (which need custom fields) as well as our conversion tracking (we add some information via URL as well). I'm on 5.1.9.

[SeanP]

I was able to figure out the issue. I had an extra "&" on a couple variables on the URL. This didn't affect things in 5.1.7, but broke things in 5.1.9 and 5.2.7. It must be due to the way WHMCS now interprets variables, via the URL. This was probably done to lock it down from SQL injection attempts. I guess the new versions are more strict with adding items to the cart, via URL.