Disabled module is still working. Feature or bug?

[connectcase]

Hi there,

 

my client used to have iDeal as payment method but decided to implement a payment provider that offers multiple services among which iDeal.

 

So obviously I disabled the iDeal plugin. But the plugin is still accessible through:

 

www.clientssite.com/modules/ideal/

 

And if I call this URL directly in my browser I can still use the plugin to pay for my order! And now I found some weird payments that make me suspect that this old URL is still in some people's browsercache.

 

So disabling a module is not enough? It needs to be completely removed?

 

Cheers,

 

Cees

[vekia]

hello

this directory contains index.php file? if so, what contents this file has?

[connectcase]

No it doesn't. The full URL with which you can pay your order (by choosing a bank from the dropdown) is:

 

www.clientssite.com/modules/ideal/payment.php

 

Removing payment.php from the filesystem gives in PHP-require-error in the BO.

 

What I have done now is put a warning in payment.php ("If you see this screen etc. etc.")

 

But I'm not sure if that'll work if the html-content of payment.php is already in people's cache. They still might see the dropdown with which they can pay.

[vekia]

this is why it works in that way,

it's a separate file not integrated with prestashop store in the way as it should be integrated.

It should be based on front office modules controllers - in this case its just a static php file :/

[connectcase]

What do you mean "not integrated"? It's an official module released by one of the biggest banks over here and it consist of somewhat more than just payment.php.

 

You mean it should somehow show a 404?

[El Patron]

TIP: If a module uses and override and in that override if it does not check if the module is enabled, then the override logic will execute.