OK, the extra ampersand is a result of the following code (/includes/YOURADMIN/orders.php, line 927:
Code:
case 'delete':
$heading[] = array('text' => '<strong>' . TEXT_INFO_HEADING_DELETE_ORDER . '</strong>');
$contents = array('form' => zen_draw_form('orders', FILENAME_ORDERS, zen_get_all_get_params(array('oID', 'action')) . '&action=deleteconfirm', 'post', '', true) . zen_draw_hidden_field('oID', $oInfo->orders_id));
Remove the highlighted ampersand and the <form> is properly rendered ... but still does not delete the order.
The problem is that the oID is being sent via POST, but the header portion of orders.php is still looking for it sent via GET (starting at line 34):
Code:
$action = (isset($_GET['action']) ? $_GET['action'] : '');
$order_exists = false;
if (isset($_GET['oID']) && trim($_GET['oID']) == '') unset($_GET['oID']);
if ($action == 'edit' && !isset($_GET['oID'])) $action = '';
if (isset($_GET['oID'])) {
$oID = zen_db_prepare_input(trim($_GET['oID']));
$orders = $db->Execute("select orders_id from " . TABLE_ORDERS . "
where orders_id = '" . (int)$oID . "'");
$order_exists = true;
if ($orders->RecordCount() <= 0) {
$order_exists = false;
if ($action != '') $messageStack->add_session(ERROR_ORDER_DOES_NOT_EXIST . ' ' . $oID, 'error');
zen_redirect(zen_href_link(FILENAME_ORDERS, zen_get_all_get_params(array('oID', 'action')), 'NONSSL'));
}
}
if (zen_not_null($action) && $order_exists == true) {
Since the oID is being sent via POST, the variable $order_exists is never set to true so no processing is performed.
Bookmarks