Details
-
Type:
Bug
-
Status: Done/Fixed
-
Priority:
Major
-
Resolution: Fixed/Completed
-
Affects Version/s: 4.4.2
-
Component/s: CiviContribute
-
Labels:None
Description
See http://forum.civicrm.org/index.php/topic,31942
CRM_Core_Payment.php::subscriptionURL() fails to add a checksum to the URL in certain cases. This URL is sent to a contact who is making a recurring payment etc. It is sent to the contact via email and allows them temporary access to cancel/edit the contribution/membership.
Currently the only time a checksum is added is if the userID stored in the Session is zero (an anonymous user).
But this doesn't work when the URL is being generated in a Job. When a Job is invoked via CLI the Job requires a user context for permissioning. In this case the userID is non-zero, but different to the contactID associated with the contribution.
(I suspect this issue also affects back-office people generating the email on behalf of a contact.)
The fix is ...
1) Add a checksum if the $contactId and $userId are different
2) Calculate the $contactId even in the case where the $userId is non-zero
3) Refactor the code using switch statements and comments to improve readability