Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Bug in qcostcgi.cgi based modules


FireSlash

Recommended Posts

I just ran across this bug in the official UPS module this morning. I did a quick look at UPS Choice and it also appears to be affected, so I'm guessing this was never fixed.

 

In the Quote function, lies this segment of code.

for ($i=0; $i<$qsize; $i++) {
         list($type, $cost) = each($upsQuote[$i]);
	  if ($type=='STD') {
		  if ($std_rcd) continue;
		  else $std_rcd = true;
		};
	  if (!in_array($type, $allowed_methods)) continue;
         $methods[] = array('id' => $type,
                            'title' => $this->types[$type],
                            'cost' => ($cost + MODULE_SHIPPING_UPS_HANDLING) * $shipping_num_boxes);
       }

The problem is that "$cost" is being added to without any explicit conversion to int. Now this is NORMALLY fine, since PHP will perform this cast for you. However, if your client has placed an absurdly large order that is shipping for $1k or more, things break down. qcostcgi.cgi returns formatted values, meaning you'll be doing math on "1,000" which PHP will parse as 1.

 

For testing, here's the offending result string (Zip codes replaced)

4%1DA%12345%US%12345%US%126%148%1,007.27%14.00%1,021.27%End of Day%

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...