php · craftcms/commerceHeads-up
craftcms/commerce: Missing minimum payment amount validation in Order::setPaymentAmount() and PaymentsController
The Order::setPaymentAmount() method and PaymentsController accept any float value without enforcing a minimum positive amount, allowing zero or negative paymen
What changed
The Order::setPaymentAmount() method and PaymentsController accept any float value without enforcing a minimum positive amount, allowing zero or negative payment amounts when partial payment is enabled.
Who it affects
Stores using craftcms/commerce with 'Allow Partial Payment on Checkout' enabled.
What to do today
Apply the remediation patch or manually add a lower-bound check on paymentAmount to ensure it is greater than 0.
The trail
Collected→
Audited→
Written→
Published