BUGFIX: redirect customer to cart instead of order history after Saferpay transaction abort#327
Conversation
…rpay transaction abort
There was a problem hiding this comment.
Code Review
This pull request addresses a redirection issue where customers were incorrectly sent to their order history instead of the cart after aborting a Saferpay transaction. The changes in controllers/front/return.php modify how the cart ID and secure key are retrieved for redirection URLs. However, the current implementation introduces a security vulnerability by leaking the secure_key based on a user-provided cartId. It is recommended to use Tools::getValue('secureKey') to prevent this information disclosure and avoid an unnecessary database query.
| $cartId = (int) Tools::getValue('cartId') ?: (int) $this->context->cart->id; | ||
| $cart = new Cart($cartId); | ||
| $secureKey = Validate::isLoadedObject($cart) ? $cart->secure_key : $this->context->cart->secure_key; |
There was a problem hiding this comment.
This implementation introduces a security vulnerability (Information Disclosure). By fetching the secure_key from the database based solely on the user-provided cartId and including it in the redirection URL, the controller effectively leaks the correct secure_key to any user who knows a valid cartId. An attacker could exploit this to obtain the secure key for any cart and potentially view its contents or status.
Additionally, calling new Cart($cartId) here is inefficient as it triggers an unnecessary database query. Since the secureKey should be present in the request when returning from Saferpay, you should prefer Tools::getValue('secureKey'). This fixes the reported issue of the context being rebuilt (where context->cart->secure_key might be wrong) without compromising security.
$cartId = (int) Tools::getValue('cartId') ?: (int) $this->context->cart->id;
$secureKey = Tools::getValue('secureKey') ?: $this->context->cart->secure_key;…redirect-secure-key
1319947
into
SL-346/accessibility-eaa-compliance
Summary
/order-historyinstead of back to the cart page.getRedirectionToControllerUrl()incontrollers/front/return.phpused$this->context->cart->secure_key, which can differ from the original cart's secure key when the context is rebuilt after the external redirect. The secure_key mismatch causedfail.phpto redirect to history.cartIdquery parameter and use that cart'ssecure_key. Falls back to context cart only if the cart cannot be loaded.Changes
controllers/front/return.php: prefercartIdfrom URL and load original cart'ssecure_key.changelog.md: entry under [2.0.2].Test plan