That 'fix' that swguy gave... You'll need to apply the same fix to other parts of the code that contain the
Code:
$db->Execute("insert into " . TABLE_ORDERS_STATUS_HISTORY
code call.
Just to be perfectly clear here, are you saying that these events DO NOT coincide with you (the store admin) submitting a PayPal Refund request?
If you don't know anything about trying to provide PayPal refunds, this is starting to now look like you are seeing a possible hack/exploit attempt.
But if those refunds shouldn't be going to *any* customer, then that's not fine.
This will be the case if the V1.5.1 code has this bug/problem (which may or may not be fixed in V1.5.4)
No.
No.
I had initially assumed that the events being logged would coincide with PP refunds being given, but based on these latest comments I'm assuming that this is probably some kind of exploit attempt, and for me, that changes things a lot. So much so that it is theoretically possible you may not even
want to fix this bug on the basis that the fix may turn the failed exploit into a successful one.
As for the error being triggered and logged, my thoughts are that this is caused with one of the PHP/MySQL updates that have become a lot more restrictive in what rules can be 'broken' with no ill effect (such as the ability to use a NULL where an INT is expected). IOW, developers now need to take a little bit more care about validating user inputs before using them.
Cheers
RodG