Thank you prestolabels.
I have lost quite some time on this, specially due to the vulnerabilities in v1.3.2 that were publicly announced.
I use PS 1.4.8.2
This is all due to "x_invoice_num" simply comment out the checks:
/*if (!isset($_POST['x_invoice_num']))
{
Logger::addLog('Missing x_invoice_num', 4);
die('An unrecoverable error occured: Missing parameter');
}
if (!Validate::isLoadedObject($cart))
{
Logger::addLog('Cart loading failed for cart '.(int)$_POST['x_invoice_num'], 4);
die('An unrecoverable error occured with the cart '.(int)$_POST['x_invoice_num']);
}
if ($cart->id != $_POST['x_invoice_num'])
{
Logger::addLog('Conflit between cart id order and customer cart id');
die('An unrecoverable conflict error occured with the cart '.(int)$_POST['x_invoice_num']);
}
*/