[
https://issues.apache.org/jira/browse/OFBIZ-431?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12487389
]
Scott Gray commented on OFBIZ-431:
----------------------------------
Hi Jacopo
Thanks for taking a look, but I'm afraid there's still problems:
1. Place an order for GZ-9290 and confirm the order (you should get a free Open
Gizmo with your order)
2. Edit the order and change GZ-9290 quantity to 2 (everything should work
fine, no recursion and the results look right)
3. But now edit the order again and change GZ-9290 back to 1, we should get the
same result as step but instead we get a whole pile of extra order lines
I think this is why I didn't end up submitting a patch when I had a look last
year.
> Editting Order goes recursive with promotions...
> ------------------------------------------------
>
> Key: OFBIZ-431
> URL: https://issues.apache.org/jira/browse/OFBIZ-431
> Project: OFBiz (The Open for Business Project)
> Issue Type: Bug
> Components: order
> Affects Versions: SVN trunk
> Environment: N/A - clean default
> Reporter: Ray Barlow
> Assigned To: Jacopo Cappellato
> Priority: Critical
> Attachments: 431-1.patch
>
>
> With the standard demo data raise an order for admin with 1 GZ-1000 and 1
> GZ-7000, 3 promotional products will be added to the order which is fine.
> Find and view the newly created order in the order application. Click on the
> edit link and then try to increase the order quantity of the GZ-1000 from 1
> to 2, the system will thrash away for a while and then fail with a
> transaction error, timed out.
> Once the dust has settled you can see that the party has also been sent 100
> +/-5 email notification changes, which is were I'm getting the feeling that
> recursion is the problem!
> Trying to cancel a line item can also cause the same effect, in general
> editting orders with promotions seems to cause lots of problems at the moment.
> PS: I'd advise this only gets tested on local development machines as the
> impact is quite an intense load on the server and can result in DoS style
> problems. That said I did execute this once on the "demo.dejc.com" server
> (sorry David) just to check it wasn't anything I'd changed, the admin account
> now has a lot of order change notifications (at least until the next reload
> of the site!).
> PPS: This can also be triggered via the customer facing site, when cancelling
> a line item from the order history page, bit of an exposure for live sites to
> DoS from malicious users.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
