Vulnerability in EPiServer.Forms
Anyone help me to give the details of the below error:
" Order ID or hash cannot be empty"
I am getting this error after the EPiServer commerce version update in to 9.21.
The error is appear after the sucessfull paypal payment action, steps are
* After clicking place order, the page redirected to the pay pal page
* After paypal payment confirmation again redirected to the merchant site
* The page landing in to my commerce site URL (here I got the error " Order ID or hash cannot be empty" )
I am using "Diagram.EPiServerCms.Commerce.Payment.PayPal (version 0.2)" for PayPal method
That is most likely due to the order ID in the PayPalTemplate.aspx being empty.
Here is a link to the source code of that page which you can add to your project to debug further: https://dl.dropboxusercontent.com/u/541404/PayPalTemplate.zip
Rename the file, add to your project, and set default to true in the template descriptor attribute. Then you can attach to inspect futher.
Also, I would recommend grabbing the source the provider from http://world.episerver.com/download/Items/Episerver-Commerce/episerver-commerce-9-payment-providers/ and remove that package, as we no longer support it.