Jonathan Posted June 3, 2016 Report Share Posted June 3, 2016 After an invoice is voided, if a one time payment link has been emailed out, it's still possible to "pay" this invoice which is voided using the one time payment link. This results in confusion if this happens after an order has been placed, no paid for some time, canceled out by admins, the customer then pays and wonders why their service wasn't setup. If a one time payment link is tied to what should be an unpayable invoice, an error should be displayed instead of allowing payment. It's allowed even if the account is marked fraud which can pose an issue as well. Michael and Joseph H 2 Quote Link to comment Share on other sites More sharing options...
Paul Posted June 3, 2016 Report Share Posted June 3, 2016 Thanks! CORE-2210 Michael 1 Quote Link to comment Share on other sites More sharing options...
Jonathon Posted June 8, 2016 Report Share Posted June 8, 2016 I have created a quick fix for it core file -> /app/models/invoices.php public function verifyPayHash($client_id, $invoice_id, $hash) { $h = $this->systemHash('c=' . $client_id . '|i=' . $invoice_id); $invoice_check = $this->get($invoice_id); if(!is_null($invoice_check) && $invoice_check->status === 'void') return false; return substr($h, -16) == $hash; } This will prevent voided invoices from using the email link May be able to get the invoice status via the getMeta but did not test. Function is located at the bottom of the file Michael and Blesta Addons 2 Quote Link to comment Share on other sites More sharing options...
Jonathan Posted June 13, 2016 Author Report Share Posted June 13, 2016 Cool! Might have to give this a shot. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.