News:

Support the VirtueMart project and become a member

Main Menu

Reading plugin params incorrect

Started by Anna_Bolika, May 03, 2023, 14:53:06 PM

Previous topic - Next topic

Anna_Bolika

Hi
We made a own payment plugin that works well since a few years.
One of the plugin parameter is a API key, like 'sP8h9aYoC1i4wwKlcgopLsIW0vpKM79nus02iU7naRw='
(usually with an equal sign at the end, similar to base64)

But as the bindParameterable() function has changed (after VM in administrator/components/com_virtuemart/helpers/vmtable.php, retrieving this parameter works no longer.

This

$item = explode('=', $item);
$key = $item[0];
unset($item[0]);

if(isset($varsToPushParam[$key][1])) {
        $item = implode('=', $item);
$item = json_decode($item);


changed to that


$item = explode('=', $param);
$key = $item[0];
      if(isset($item[1])){
$value = $item[1];


Before the first entry of $item ($item[0]) was taken as the param name and the rest was imploded again as the value (in case there was a equal sign).
Now $item[0] is still the param name, but $item[1] is the value, no matter if a $item[2] exists.

Not only that a param with an equal sign in it (Application key, base64String, passwords...) now gets truncated, with this changes, the new call on
$item = vmJsApi::safe_json_decode($value,false);
returns null and this emptys the parameter complete.

Are you sure this is an improvement? I don't think so, because now I have to read this parameter direct in my plugin with an extra database query.
Any thoughts or opinions on it?

Thanks
Roger