bpost Shipping manager bpost Shipping Manager is a service offered by bpost, allowing your customer to chose their preferred delivery method when ordering in your webshop. The following delivery methods are currently supported: Delivery at home or at the office Delivery in a pick-up point or postal office Delivery in a parcel locker When activated and correctly installed, this module also allows you to completely integrate the bpost administration into your webshop. This means that orders are automatically added to the bpost portal. Furthermore, if enabled, it is possible to generate your labels and tracking codes directly from the Prestashop order admin page. No more hassle and 100% transparent!
bpostshm's Introduction
bpostshm's People
bpostshm's Issues
GLOBAL: Unecessary comments ?
There's a lot of commented section all over the module. I think it could be cleaned up a little bit to make the code more readable and cleaner:
Here's a list (maybe not exaushtive) of the ones I could found while reviewing:
bpostshlm.php:
https://github.com/PrestaShop/bpostshm/blob/master/bpostshm.php#L103
https://github.com/PrestaShop/bpostshm/blob/master/bpostshm.php#L108
https://github.com/PrestaShop/bpostshm/blob/master/bpostshm.php#L266
...
(Other lines where I found comments that could be removed)
313/338-449
695/760-769/791/832-870
876/916-919/930/939-941
998-999/1073/1084-1085
1166/1168/1187/1201-1202
1228/1259
AdminOrdersBpost.php:
https://github.com/PrestaShop/bpostshm/blob/master/AdminOrdersBpost.php#L97-118
https://github.com/PrestaShop/bpostshm/blob/master/AdminOrdersBpost.php#L203-207
https://github.com/PrestaShop/bpostshm/blob/master/AdminOrdersBpost.php#L526
...
(Other lines where I found comments that could be removed)
617-624/661-663/674
686/700/728-736
849-851/1085
1.6.0.11 Validate Order Warnings
Hi @Stigmi,
When I validate my order, two little php warnings come to my error log, here they are :
[23-Feb-2015 17:49:29 Europe/Paris] PHP Notice: Undefined index: company in /Users/tchauviere/www/prestashop_16011/modules/bpostshm/classes/Service.php on line 316
[23-Feb-2015 17:49:29 Europe/Paris] PHP Notice: Undefined index: company in /Users/tchauviere/www/prestashop_16011/modules/bpostshm/classes/Service.php on line 316
Delivery point selection not working with SSL
Hello,
When Prestashop is set to have SSL enable, but not on all pages, the order confirmation process is secured by SSL.
But the bpostshm module does not consider this. When you have to select a delivery point (either @bpost or @24/7), the module opens a fancybox that calls to non-HTTPS elements. Browser security policy will block all these calls.
So this module is mostly non-working with HTTPS-enabled Prestashops.
Functionnal testing review
Hi @Stigmi,
Please find below the list of little bugs I found while I was doing functionnals tests on your module with latest commits:
Functionnal Test Review:
Translate module description + carrier names & description
Hi,
It seems impossible to have the description of the carrier module translated (we need support from 1.4 to 1.6). Same goes for the name and description of the carriers.
Is there a special trick or workaround to fix this or is this a permanent issue?
Thank you
Cannot commit on fork
Hello,
We would like to commit the new 1.21 version but we did not manage to do so.
commands:
git checkout -b newdev
git push origin newdev
full error:
remote: Permission to PrestaShop/bpostshm.git denied to [email protected].
fatal: unable to access 'https://github.com/PrestaShop/bpostshm.git/': The requested URL returned error: 403
Could you tell us where/how we are supposed to commit the upgrade?
Thank you
bpostshm.php enhancements
Here are some few enhancements that can be done to improve module stability:
- https://github.com/PrestaShop/bpostshm/blob/master/bpostshm.php#L223:
Please use Tools::file_exists_cache() instead of file_exists - https://github.com/PrestaShop/bpostshm/blob/master/bpostshm.php#L257:
Cast $group['id_group']; into (int) - https://github.com/PrestaShop/bpostshm/blob/master/bpostshm.php#L263-264
https://github.com/PrestaShop/bpostshm/blob/master/bpostshm.php#L452
$id_carrier is not cast to (int)
Once you have done “new Carrier()”, please check if the object is well loaded with “Validate::isLoadedObject($carrier)” and add error message if needed - https://github.com/PrestaShop/bpostshm/blob/master/bpostshm.php#L271-277:
Cast “$lang_fields['name'];” to (string)
Cast “$carrier->save()” to (int) - https://github.com/PrestaShop/bpostshm/blob/master/bpostshm.php#L302
Missing double (int) cast “if ($country->id_zone != $id_zone_be)” - https://github.com/PrestaShop/bpostshm/blob/master/bpostshm.php#L478:
OrderState::getOrderStates($this->context->language->id);
Missing (int) cast + Method can return false since it depends of the result of a Db::getInstance()->executeS(); you should verify that $order_states is the array you expect and add error message if needed - https://github.com/PrestaShop/bpostshm/blob/master/bpostshm.php#L487:
$id_order_state is not cast to (int)
Once you have done “new OrderState()”, please check if the object is well loaded with “Validate::isLoadedObject($order_state)” and add error message if needed - https://github.com/PrestaShop/bpostshm/blob/master/bpostshm.php#L645:
$id_tab is not cast to (int)
Once you have done “new Tab()”, please check if the object is well loaded with “Validate::isLoadedObject($id_tab)” and add error message if needed - https://github.com/PrestaShop/bpostshm/blob/master/bpostshm.php#L662:
Consider using Tools::copy instead of copy() - https://github.com/PrestaShop/bpostshm/blob/master/bpostshm.php#L824-828:
Maybe here you could use constants to make the code more readable. - https://github.com/PrestaShop/bpostshm/blob/master/bpostshm.php#L885-889:
You should check the return value of object->save() method and display errors if needed - https://github.com/PrestaShop/bpostshm/blob/master/bpostshm.php#L1098:
Once you have done “new Address()”, please check if the object is well loaded with “Validate::isLoadedObject($delivery_address)” and skip to the next iteration if required - https://github.com/PrestaShop/bpostshm/blob/master/bpostshm.php#L1275/1277:
(int) cast missing - https://github.com/PrestaShop/bpostshm/blob/master/bpostshm.php#L1405-1411:
getOrderShippingCostExternal() method empty and unsued, remove it if unecessary
Bug country settings with multiple language availables
If the shop has multiple language activated, you will have an array instead of a string here:
https://github.com/PrestaShop/bpostshm/blob/master/bpostshm.php#L876
And this will cause the following:
The workaround is to do the following:
$country = new Country((int)$id_country, (int)$this->context->employee->id_lang);
AdminOrdersBpost.php enhancements
- https://github.com/PrestaShop/bpostshm/blob/master/AdminOrdersBpost.php#L15-19:
This verification is not required, since this file should never be called when running on 1.5+ - https://github.com/PrestaShop/bpostshm/blob/master/AdminOrdersBpost.php#L1144-1152:
PHP doc should before method declaration, not inside - https://github.com/PrestaShop/bpostshm/blob/master/AdminOrdersBpost.php#L1142-1276
Method displayListContent():
As a general comment, you will need to refactorize this part.
You have too much html in this method, please use templates and smarty to make it more readable and clear.
In another hand, please use “backward_compatiblity” to access globals you set at the begining of this method via $this->context;
Cant select any carrier on checkout process
Error instead of warning box ?
"exit" statement in install() method
You cant use exit statement here:
https://github.com/PrestaShop/bpostshm/blob/master/bpostshm.php#L124-125
It would lead to a blank page if merchant doesnt have curl on his server.
The good way is to do somehting like this:
if (!extension_loaded(‘curl’))
{
$this->_errors[] = $this->l('This module requires CURL to work properly');
return false;
}
This way a merchant fallback on module page and an error message is displayed.
1.6.0.11 install warnings
Potential privacy issue
Hello,
The folder http://YOUR-PRESTA/modules/bpostshm/pdf/ is not protected. It contains all generated stickers with addresses of clients.
You should at least add an empty index.php file in the folder, but even then the filename structure is pretty easy to guess. Filenames should be obfuscated or every query should be checked against credentials (using .htaccess?).
Code enabling you to track the Prestashop stores
Bonjour,
Pour faire suite à mes emails, bpost m’a remonté cette demande obligatoire formulée par PrestaShop pour leur module et je ne sais pas quoi en faire :
“In order to scale the benefits of our partnership, you need to track every Prestashop merchant account (even if they did'nt use the landing page because we will promote your on brochures, conferences, via our Telesales, etc. so all merchants will not necessarily know about the landing page).
In the module itself, you have to insert a code enabling you to track the Prestashop stores.”
Pourrais-je avoir des précisions sur ce qui est attendu ?
Merci
"bpost" admin tab wording
Bug when saving zone configuration
security review
Unsafe unserialize call
/AdminOrdersBpost.php:1079 $value = unserialize($value);
Replace serialize/unserialize call with json_encode/json_decode
Unsafe include
/controllers/admin/AdminOrdersBpost.php:308
/AdminOrdersBpost.php:254
check
Unsafe SQL
/classes/Service.php:1272 $iso_list array_map + pSQL
/classes/lib/Ps/OrderBpost.php:153 $reference add pSQL
/classes/lib/Ps/OrderBpost.php:221, 252, 306 intval()
/AdminOrdersBpost.php:98 $id_bpost_carriers array_map + intval
/controllers/admin/AdminOrdersBpost.php:105 $id_bpost_carriers array_map + intval
Potential XSS
Escape using Tools::safeOutput()
/AdminOrdersBpost.php
:1086 $value[0]
(isCleanHtml may not protect a variable without html displayed in an attribute)
:1088 $value[1]
:934,1026,1029,1184,1197,1203 $current_index
:937,995,1027,1030,1185,1199,1205 $token
:571 $option (please recheck because it may break something if $option contains html)
/controllers/admin/AdminOrdersBpost.php
:668 $option (please recheck because it may break something if $option contains html)
Escape with smarty |escape
/views/templates/front/lightbox-point-list.tpl
:13 postcode
:15 city
/views/templates/front/lightbox-at-247.tpl
:47 remove 'javascript' argument of escape call
:52 gender->id gender->name
:59 firstname
:64 lastname
:69 street
:74 number
:79 postal_code
:84 locality
:89 birthday
:94 email
:99 mobile_phone
:106 $_language['lang'] $_language['name']
/views/templates/admin/settings.tpl
:24 error
:87 account_id_account
:99 account_passphrase
:111 account_api_url
:208 opt['title']
/views/templates/admin/orders_bpost/helpers/list/list_action_option.tpl
:8 href|urldecode
:9 disabled
/views/templates/admin/orders_bpost/helpers/list/list_content.tpl
most of the variables aren't escaped, please escape them all
example line 3 : id="tr_{$id_category}{$tr.$identifier}{if isset($tr.position['position'])}{$tr.position['position']}{else}0{/if}
escape id_category, $tr.$identifier and $tr.position['position']
/views/templates/admin/orders_bpost/helpers/list/list_footer.tpl
:14
:61
:83 $list_id $value
:88
:156
:157
:190 $reload_href in comment : "All smarty escape attempts FAIL!!" did you try escape:'javascript' ?
:230 replace escape with escape:'javascript'
:231 replace escape with escape:'javascript'
:460 escape:'javascript'
/views/templates/admin/orders_bpost/helpers/list/list_footer14.tpl
remove if deprecated file, otherwise, escape all call to <?php echo with Tools::safeOutput
/views/templates/admin/orders_bpost/helpers/list/list_header.tpl
13 escape:'javascript'
14 escape:'javascript'
23 escape:'javascript'
24 escape:'javascript'
32 escape:'javascript'
33 escape:'javascript'
66
135 $currentIndex $identifier
137 $currentIndex $identifier
173 $key
193 params.filter_key key params.width
243 escape:'javascript'
250 to 262 replace all escape with escape:'javascript'
290
293
301
307
309
330 to 381 replace all escape with escape:'javascript'
385
389
396
420 identifier list_id
423 identifier list_id
468
475
480 to 502 replace all escape with escape:'javascript'
506
510
516
Correct remainings Validator issues
Hi,
I re uploaded the module on PrestaShop's Validator, and you still have a couple of things to correct.
All sections reports needs to be fixed (mainly "Standards") except for "Structure" since putting your folders js/css/img into views' folder is valid.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.