Hey guys,
I put this down as a 2nd bug as it may have been overlooked from the previous report and I figured it’d be easier to track a fix and add comments separately…
When completing an order it looks like it may be possible to pay an arbitrary amount - what happens is a request is generated to Paypal such as…
If we intercept and modify this there are a few amount fields (which I set to 0.00 in this example)and it appears to be able to let me set an arbitrary price that I want to pay on the transaction :)
I have tried to complete the payment with payment for a smaller amount and it errored - but it’s the same error I get when trying to complete a payment without any tampering and with valid info - so I can only assume that this doesnt work in staging? I tried card payments also with valid info and they too failed. So overall it’s difficult to say this bug exists because the payment code doesn’t seem to fully work, but I suspect it does :)