PayPal Express cancel and return to - bug?

[greasemonkey]

Hi All, I'm using PayPal Express 3.0 on 2.3.4 and have had one small issue brought up by a customers.

 

When a customer uses the Return to "my store" link from the PayPal payment screen you are returned back to the sites shopping_cart page on SSL (example; https://ssl.oscommerce.com/demo/2/shopping_cart.php). If the customer then try's to update the quantity of products using the update button - in some browsers (firefox for one) - a security warning is received.

 

I presume this is because the update button refreshes NOSSL - which is fine because shopping_cart is not typically seen on SSL - except when returned by PayPal.

 

Confirmed this behaviour with Firefox at http://demo.oscommerce.com/index.php

 

 

Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party.

Are you sure you want to continue sending this information?

 

I realize this is not a huge issue... but thought it could be easily fixed by editing to?

      <?php echo tep_draw_form('cart_quantity', tep_href_link(FILENAME_SHOPPING_CART, 'action=update_product', 'SSL')); ?>

Although I'm no coder.... And I'm not clear what other impacts this would/could have?

Edited August 7, 2014 by greasemonkey

[Harald Ponce de Leon]

Hi Scott..

 

That's a perfectly fine fix :) Thanks for pointing it out - it will be fixed in the next release.

[♥mattjt83]

@@Harald Ponce de Leon

 

Wouldn't this cover it?

<?php echo tep_draw_form('cart_quantity', tep_href_link(FILENAME_SHOPPING_CART, 'action=update_product', $request_type)); ?>

[Harald Ponce de Leon]

That's much better. Care to create a pull request at github?

[tgely]

http://www.oscommerce.com/forums/tracker/issue-697-request-missmatch/