prestashopcorp / chronopost Goto Github PK

I registered a phone number in "Sender Informations" of module setting, but when I'm editing a new Chronopost slip, the phone number doesn't appear in the pdf file on "e-chronopass" page under chronopost logo (please see attachment).

Is it a general bug or only for me ?

Order status are not displayed in AdminExportChronopost pane :

The following comments concern the whole project:

• Even if the module is used in only one country, its content must be written in English and then translated in French. It will allow the community to understand (and maybe reuse your code) what you have written.
  • $this->l(...) must be added on the text to translate
• AdminTabs have been deprecated from PS 1.5. We are now using ModuleAdminController. Please convert AdminBordereauChronopost, AdminExportChronopostand AdminImportChronopost by moving them in chronopost/controllers/admin/ and make them extending ModuleAdminController.
• Style inline is forbidden, declaration different from style="display:none" should be moved in your CSS file.
• HTML code must not be generated in your controllers, but in smarty files. Please move this code in new .tpl files.

When trying to install module on Prestashop 1.7.6 its giving the error

http://prntscr.com/okpbz9

Hi,
From recently, I found incompatibility between Chronopost and Lengow modules. Lengow imports orders from marketplaces (like Amazon, Fnac…) to Prestashop. With other carriers there is no problem, but with Chronopost when I'm generating waybill (or "LT"), status auto-change to "Shipped" (or "Expédié"), generating invoice and a duplicated payment is created. Sum up :

Direct website order + Chronopost = OK
Lengow import order + Chronopost = ERROR (duplicate payment, cf picture)
Lengow import order + Other carrier = OK

Fortunately, Lengow module is free and findable on addons Prestashop store, but I'm not enough familiarized with Prestashop classes and methods to find where and what's going bad. Any help is welcome ;)

If we change the carrier details in admin, the carrier id changes.
Module config values are updated, than fine ( chronopost.php#L514 ) but there is now problem while viewing a command to print the waybill (l'étiquette a imprimer et coller quoi! ;) ), we can no more print it in previous order because isChrono now return false.

QuickCost webservice is called even if it's disabled in module configuration.

Call graph for "getOrderShippingCost" when enabled :

Call graph for "getOrderShippingCost" when disabled :

The method "QuickcostServiceWSService->calculate" is called in both case.

Please add a way to know when it's Chronopost that changes order's status :

The following comment are for chronopost.php:

• function preInstall(): you should check if soap is loaded before calling parent::install() and add an error message if false.
• function uninstall(): Don't you want to check for the first one if the deletion returns true ?

        $tab = new Tab(Tab::getIdFromClassName('AdminExportChronopost'));
        $tab->delete();

• Unused function errorStatus()
• hookNewOrder():
  • In this function (and the others too), you should check if the objects are properly loaded from the database with Validate::isLoadedObject(<object>). It can be adresses, orders, customers etc.
• hookBackOfficeHeader(): Instead of defining a html code with JS calling immediately another PHP page, you could directly call a new function and improve your overall execution time ! You just have to move the content of async/updateTracking.php to a new function of chronopost.php and call it in this hook when necessary.
• hookHeader(): Because this module will be used only from PS 1.5, this could would be enough:
  $controller = Tools::getValue('controller');
• hookTop(): Regarding your need, this hooks seems to be a duplicate of hookExtraCarrier() and can be removed
• hookAdminOrder(): As said before, you should check if the order, is properly loaded with Validate::isLoadedObject()
• HTML code must not be generated in controllers. The following functions must see their HTML content moved in tpl files:
  • _generateChronoForm()
  • _dayField()
  • _hourField()
  • _minuteField()
  • getContent()
  • displayForm()
• getContent(): The success message must be displayed with Modules::displayConfirmation(...)
• displayForm(): Do not create a database table everytime the merchant tries to load the settings page ! This part must be done in the function install()

When you need CSS and JS on the page, you should include them with addJS and addCSS functions:
This file should be removed: https://github.com/PrestaShop/chronopost/blob/fa7ad762f5c0b586245a86e5eb5bcace615107e1/views/templates/hook/header.tpl

And should should get these lines in the function hookHeader():

$this->context->controller->addJs('https://maps.google.com/maps/api/js?sensor=false');
$this->context->controller->addJs($this->_path.'js/chronorelais.js');
[...]
$this->context->controller->addCSS($this->_path.'css/chronorelais.css');

Doing this way will remove a Google Maps API conflict with the other carrier modules.

Add the {order_name} variable in place of {id_order} for email templates.

Ex : It's better to have "Your order VBQTZWFMR" that "Your order n°4"

Hi,

Before we send this module to the security validation, I would appreciate that you take a look at the validator results when you send the module, there are comments which can be easily fixed.

At the same time, can you have a look at the settings page (typically when you install the module). You inserted too many quotes which makes smarty crash.

Thanks

Sometimes, when delivery address is wrong, map of relay points is not displayed.

A javascript error appears :

Hi,
Everybody knows it : Prestashop does not allow to change of carrier after order. And sometimes, Prestashop (or customer) don't choose right carrier. But it can't be changed.

In my case, Chronopost was selected in place of Colissimo. And to give at customer the good tracking number, I wrote "colissmo 8L93165536828", well. But tracking number isn't tested by chronopost module during update to see if it's a correct Chronopost's tracking number and give me a log full of errors (like joined file) !

Tracking number is recovered at line 35 in updateTracking.php in "$fb" variable. Is there a way to test if this variable contain a correct chronopost tracking number ? And if not (if contain a space character for exemple), don't try to parse it ?
log-chronopost-tracking-error.txt

Thank you.

Hi,

Thanks for the credentials, I can now test the module properly. :)

• On the latest versions of PrestaShop 1.6 & 1.5, I have just found that the map for pickup points is displayed two times.
  
• Changing the postcode brings the following JavaScript issue:
  
  (By the way, you should the result of ldata.length, because this property is not cached).
• Can you please remove all these console.log which are executed everytime I click on another carrier ?

Hello,

Since today, we can't edit labels. Error HTTP 500, with these détails :

FastCGI: server "cgi-bin/php7-fcgi" stderr: PHP message: PHP Fatal error: SOAP-ERROR: Encoding: object has no 'ltAImprimerParChronopost' property in modules/chronopost/libraries/ShippingServiceWSService.php on line 416, referer: https://wwww.xxxx.fr/adminxxxx/index.php?controller=AdminOrders&id_order=xxxx

FastCGI: server "cgi-bin/php7-fcgi" stderr: #0 ...../modules/chronopost/libraries/ShippingServiceWSService.php(416): SoapClient->__soapCall('shipping', Array, Array), referer: https://wwww.xxxx.fr/adminxxxx/index.php?controller=AdminOrders&id_order=27591&vieworder&token=d2f85d3a97fc688e62e34dc85c93df42

On AdminOrders interface, when clicking on the button "Edit labels".

Thanks for your help.

Regards,

While I'm waiting for the credentials of a test account, can you please add a marketing content at the top of the settings page ?

It is always useful for the merchant to know what the module can do, how he can configure it etc.

BTW, how the Customer informations could be used ? All the shipments will be sent to the same address ?

Due to a bug with the core of PrestaShop, using ps_version_compliancy that include PS 1.5* in its range will cause crashes.
The line should be removed.

Also you define MIN_VERSION and MAX_VERSION but they were not used for the ps_version_compliancy.

To follow PrestaShop core updates, I suggest you use the PS_VERSION constant to check the max version instead of trying to use '1.7' (hardcoded).

Hi,

On a fresh install prestashop 1.6.1.4
I have some issue to display Chrono Classique & Chrono Express on Front (for client) if these carriers are not setted free on Back.

The console shows just :
Google Maps API warning: NoApiKeys https://developers.google.com/maps/documentation/javascript/error-messages#no-api-keys
util.js:212 Google Maps API warning: SensorNotRequired https://developers.google.com/maps/documentation/javascript/error-messages#sensor-not-required

This behaviour is normal ?

Many thanks

• async/nblt.php: The content of this file sohuld be moved in a function of chronopost.php and then called before the view generation, not with an ajax call.
• async/storePointRelais.php: Missing (int) in the SQL request
• js/json2.min.js: Is this library still used ?
• libraries/AdminChronopost.php:
  • It is not related to a library !
  • Should be an ModuleAdminController now
  • HTML code must be moved in a tpl file
• The content of /mails/en/ is not in English.
• Regarding the content of AdminImportChronopost.php, the future controller should also have the content of async/ImportExport.php in different functions.

Some problems are coming when editing several Chonopost's LT (waybills) :
1 - If I'm editing 2 LT, it give me 2 packages 1 of 1. But it must give : Package 1 of 2 and Package 2 of 2
2 - Weight of : 0,00 kg is not good. If customer buys 2 products of 9 kg and I'm editing 2 LT, they must give : Package 1 of 2 Weight 09,00 KG + Package 2 of 2 Weight 09,00 KG
3 - A same product bought two times is considered like one parcel but Chronopost don't want this, they want one waybill by product. That's why if 2 LT are edited, in "Transport" tab, 2 lines must be added, one for each tracking number and weight of each product.

Cases 1 and 2 :

Cases 3 :

On tracking page of Chronopost website, is there a way to change the "Solution Prestashop" event expeditor for the name of the shop for example ? (cf picture) The customer does'nt care whose ecommerce solution edits LT.

Please see screenshot taken on a site with One Page Checkout:

In AdminOrders interface of a Chronopost order, when I press "Print LT" button (Edition de l'étiquette Chronopost), LT is generated and give me a tracking number (sample : XY518954908FR).

I want to print this LT from another computer. I go to AdminExportChronopost interface, found the right order, but it give me a LT with a new tracking number : XY518993115FR. Why ? How can I retrieve the first LT ?

SQL injection

/chronopost/async/storePointRelais.php:20 Tools::getValue('relaisID')
/chronopost/chronopost.php:540 $params['cart']->id
/chronopost/chronopost.php:713 $a->postcode $c->iso_code
/chronopost/chronopost.php:758 $a->postcode $c->iso_code
/chronopost/chronopost.php:766 $a->postcode $c->iso_code
/chronopost/generateBordereau.php:90 $orders
/chronopost/postSkybill.php:336 to 342 escape all variables

XSS

/chronopost/views/templates/hook/chronorelais.tpl:15 to 23 in <script></script>, replace |escape:'html' by |escape:'javascript'

Missing ownership check

/chronopost/async/storePointRelais.php:20
No check if current user own edited cartID. It's possible to change the relaisID of any cartID without authentication.