FireSlash Posted May 31, 2011 Share Posted May 31, 2011 I just ran across this bug in the official UPS module this morning. I did a quick look at UPS Choice and it also appears to be affected, so I'm guessing this was never fixed. In the Quote function, lies this segment of code. for ($i=0; $i<$qsize; $i++) { list($type, $cost) = each($upsQuote[$i]); if ($type=='STD') { if ($std_rcd) continue; else $std_rcd = true; }; if (!in_array($type, $allowed_methods)) continue; $methods[] = array('id' => $type, 'title' => $this->types[$type], 'cost' => ($cost + MODULE_SHIPPING_UPS_HANDLING) * $shipping_num_boxes); } The problem is that "$cost" is being added to without any explicit conversion to int. Now this is NORMALLY fine, since PHP will perform this cast for you. However, if your client has placed an absurdly large order that is shipping for $1k or more, things break down. qcostcgi.cgi returns formatted values, meaning you'll be doing math on "1,000" which PHP will parse as 1. For testing, here's the offending result string (Zip codes replaced) 4%1DA%12345%US%12345%US%126%148%1,007.27%14.00%1,021.27%End of Day% Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.