Jonathan Posted June 3, 2016 Report Posted June 3, 2016 After an invoice is voided, if a one time payment link has been emailed out, it's still possible to "pay" this invoice which is voided using the one time payment link. This results in confusion if this happens after an order has been placed, no paid for some time, canceled out by admins, the customer then pays and wonders why their service wasn't setup. If a one time payment link is tied to what should be an unpayable invoice, an error should be displayed instead of allowing payment. It's allowed even if the account is marked fraud which can pose an issue as well. Michael and Joseph H 2 Quote
Jonathon Posted June 8, 2016 Report Posted June 8, 2016 I have created a quick fix for it core file -> /app/models/invoices.php public function verifyPayHash($client_id, $invoice_id, $hash) { $h = $this->systemHash('c=' . $client_id . '|i=' . $invoice_id); $invoice_check = $this->get($invoice_id); if(!is_null($invoice_check) && $invoice_check->status === 'void') return false; return substr($h, -16) == $hash; } This will prevent voided invoices from using the email link May be able to get the invoice status via the getMeta but did not test. Function is located at the bottom of the file Blesta Addons and Michael 2 Quote
Jonathan Posted June 13, 2016 Author Report Posted June 13, 2016 Cool! Might have to give this a shot. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.