| Issue 151: | Quantity validation | |
| 1 person starred this issue and may be notified of changes. | Back to list |
What steps will reproduce the problem? 1. Change a product 2. Enters an invalid character like "abc" 3. There are not validation on the quantity What is the expected output? An error message. What do you see instead? The application goes to the checkout with a free product ;) What version of the product are you using? v1.0.a6 On what operating system? GNU/Linux - OpenSuse 11
Nov 29, 2008
#1
rogerpack2005
Nov 30, 2008
Hi rogerpack2005, No, in the website front-end. All sites that Ive been tested have this problem. Imagine that I bought product A and in the quantity has "a" character in "How many do you want?" input text. When I will buy the product B I will pay only for the product B! Substruct allow this and I go to checkout (e.g paypal) with two products but paying for only product B!
Dec 8, 2008
I think a simple check can be added to add_to_cart_ajax in store_controller that does a strict check for the integer-ness of the quantity entered. I don't think an error needs to be raised on invalid input, since it's harmless. See my patch for details.
Dec 8, 2008
Cool, good catch. I'll take a look @ the patch and roll in ASAP. Does the patch account for -numbers as well?
Dec 18, 2008
Negative quantities are subtracted from the cart, but it's handled more cleanly in the patch for issue 154 . (In the original patch, if there might be an item of quantity 0 in the cart). I've combined the two patches in one file, attached. |