Possible To Pay Voided Invoice

[Jonathan]

After an invoice is voided, if a one time payment link has been emailed out, it's still possible to "pay" this invoice which is voided using the one time payment link.

 

This results in confusion if this happens after an order has been placed, no paid for some time, canceled out by admins, the customer then pays and wonders why their service wasn't setup.

 

If a one time payment link is tied to what should be an unpayable invoice, an error should be displayed instead of allowing payment.  It's allowed even if the account is marked fraud which can pose an issue as well.

[Paul]

Thanks! CORE-2210

[Jonathon]

I have created a quick fix for it

 

core file -> /app/models/invoices.php

public function verifyPayHash($client_id, $invoice_id, $hash) {
       $h = $this->systemHash('c=' . $client_id . '|i=' . $invoice_id);

       $invoice_check = $this->get($invoice_id);
       if(!is_null($invoice_check) && $invoice_check->status === 'void')
            return false;

       return substr($h, -16) == $hash;
}

This will prevent voided invoices from using the email link

May be able to get the invoice status via the getMeta  but did not test.

 

Function is located at the bottom of the file

[Jonathan]

Cool!  Might have to give this a shot.