cancel
Showing results for 
Search instead for 
Did you mean: 

Issue with merging quote items after login, after applying SUPEE-7405

Issue with merging quote items after login, after applying SUPEE-7405

After applying SUPEE-7405 on several websites (CE 1.9.1.0, 1.9.2.1) , we have noticed that the following record appeared in var/log/exception.log file 

2016-02-25T08:32:44+00:00 ERR (3):
exception 'Exception' with message 'Error during unserialization' in lib/Unserialize/Parser.php:59
Stack trace:
#0 app/code/core/Mage/Core/Helper/UnserializeArray.php(44): Unserialize_Parser->unserialize('270')
#1 app/code/core/Mage/Sales/Model/Quote/Item.php(501): Mage_Core_Helper_UnserializeArray->unserialize('270')
#2 app/code/core/Mage/Sales/Model/Quote.php(1759): Mage_Sales_Model_Quote_Item->compare(Object(Mage_Sales_Model_Quote_Item))
#3 app/code/core/Mage/Checkout/Model/Session.php(216): Mage_Sales_Model_Quote->merge(Object(Mage_Sales_Model_Quote))
#4 app/code/core/Mage/Checkout/Model/Observer.php(44): Mage_Checkout_Model_Session->loadCustomerQuote()
#5 app/code/core/Mage/Core/Model/App.php(1339): Mage_Checkout_Model_Observer->loadCustomerQuote(Object(Varien_Event_Observer))
#6 app/code/core/Mage/Core/Model/App.php(1318): Mage_Core_Model_App->_callObserverMethod(Object(Mage_Checkout_Model_Observer), 'loadCustomerQuo...', Object(Varien_Event_Observer))
#7 app/Mage.php(448): Mage_Core_Model_App->dispatchEvent('customer_login', Array)
#8 app/code/core/Mage/Customer/Model/Session.php(225): Mage::dispatchEvent('customer_login', Array)
#9 app/code/core/Mage/Customer/Model/Session.php(215): Mage_Customer_Model_Session->setCustomerAsLoggedIn(Object(Mage_Customer_Model_Customer))
#10 app/code/core/Mage/Customer/controllers/AccountController.php(158): Mage_Customer_Model_Session->login('login', 'password')
#11 app/code/core/Mage/Core/Controller/Varien/Action.php(418): Mage_Customer_AccountController->loginPostAction()
#12 app/code/core/Mage/Core/Controller/Varien/Router/Standard.php(254): Mage_Core_Controller_Varien_Action->dispatch('loginPost')
#13 app/code/core/Mage/Core/Controller/Varien/Front.php(172): Mage_Core_Controller_Varien_Router_Standard->match(Object(Mage_Core_Controller_Request_Http))
#14 app/code/core/Mage/Core/Model/App.php(354): Mage_Core_Controller_Varien_Front->dispatch()
#15 app/Mage.php(684): Mage_Core_Model_App->run(Array)
#16 index.php(87): Mage::run('', 'store')
#17 {main}

 

The main problem is that it shows the customer's login and password here:

Mage_Customer_Model_Session->login('login', 'password')

 

Did somebody encounter this issue? Would be very grateful if you share how to fix it. Furthermore, here is the steps how to reproduce it:

  • Log in
  • add simple product with custom options to the cart;
  • log out;
  • add the same product with the same options to the cart;
  • log in again.
    After that appears the records in the exception.log.

Thanks!

 

 

3 REPLIES 3

Re: Issue with merging quote items after login, after applying SUPEE-7405

Hi @RealVictory

 

You are absolutely correct following exception message is logged in the exception log 

exception 'Exception' with message 'Error during unserialization' in lib/Unserialize/Parser.php:59

 when we does as mentioned by you.

 

If you are not aware Magento has released SUPEE-7405 v1.1  patch to fix this. Once you apply this patch you should not face this issue again.

 

Official documentation states:

 

Cart Merge Patch (SUPEE-7978)

Carts with identical items now merge correctly. Previously, when a cart with one item was merged with another cart that contained the same item, Magento did not merge the cart totals correctly.The cart now includes only one item, and the total is correct.

 

Please read this  Updates to Recent Magento Security Release

 

 

---
Problem Solved Click Accept as Solution!:Magento Community India Forum

Re: Issue with merging quote items after login, after applying SUPEE-7405

Hi,

 

has anyone been able to solve this yet?

 

I don't think SUPEE-7405 v1.1 fixes the "Error during unserialization" issue as suggested by muk_t. At least not for us. Looking at the patch contents there is nothing really that looks like it would apply to (un)serialization.

 

The issue seems to be that Magento tries to unserialize options that are not serialized in the first place. Although, I did not have the time to investigate the details.

 

Also, I'm with RealVictory on that I think it's quite a bad idea to include plain text username and password in the stack trace!

 

 

Re: Issue with merging quote items after login, after applying SUPEE-7405

Known Magento Patch fail introduced by SUPEE-7405 v1.0 and not fixed in SUPEE-7405 v1.1 either.

https://www.atwix.com/magento/supee-7405-cart-merge-error-fix/

 

Basically Magento fails to check if something is Serialized before trying to Unserialze it and then dumps a stack trace containing in plaintext, the user's login name and password. Sweet move! And this is why you do not enable showing stack traces as viewable output on live sites with live data.