Index: /changelog
===================================================================
--- /changelog	(revision 7583)
+++ /changelog	(revision 7584)
@@ -265,3 +265,4 @@
 - Bugfix: Korrekte Nounce ÃberprÃŒfung beim Sprung von der BestellÃŒbersicht in ein Produkt
 - Bugfix: Preisanzeige an, wenn Kundenverwaltung inaktiv, egal wie es vorher eingestellt war / Task #685
+- Bugfix: Nounce Fehler Backend Rechnungsverwaltung, Lieferschein, PayPal PLUS Stornierung/Statusaktualisierung / Task #687  
 - Feature: Produktartikel - Positionsspalte in Backend sichtbar und sortierbar
Index: /mods/wpsg_mod_paypalapi.class.php
===================================================================
--- /mods/wpsg_mod_paypalapi.class.php	(revision 7583)
+++ /mods/wpsg_mod_paypalapi.class.php	(revision 7584)
@@ -441,22 +441,21 @@
 		} // public function mail_payment()
 		
-		public function order_ajax()
-		{
-
-			$_REQUEST['edit_id'] = wpsg_sinput("key", $_REQUEST['edit_id']);
-
-			if (wpsg_isSizedString($_REQUEST['do'], 'refund'))
-			{
-			
-				$bStorno = $this->stornoOrder($_REQUEST['edit_id']);
+		public function order_ajax() {
+
+			if (!wpsg_checkInput($_REQUEST['edit_id'], WPSG_SANITIZE_INT)) throw \wpsg\Exception::getSanitizeException(); else $order_id = $_REQUEST['edit_id'];
+ 			if (!wpsg_checkInput($_REQUEST['do'], WPSG_SANITIZE_VALUES, ['refund', 'refresh'])) throw \wpsg\Exception::getSanitizeException(); else $do = $_REQUEST['do'];			
+			
+			if ($do === 'refund') {
+			
+				$bStorno = $this->stornoOrder($order_id);
 				
 				if ($bStorno === true) $this->shop->addBackendMessage(__('Zahlung erfolgreich ÃŒber die PayPal API storniert.', 'wpsg'));
 				else $this->shop->addBackendError(__('Es gab ein Problem bei der Stornierung der Zahlung ÃŒber die PayPal API. Bitte Bestellprotokoll beachten.', 'wpsg'));
 				
-				$this->shop->redirect(WPSG_URL_WP.'wp-admin/admin.php?page=wpsg-Order&action=view&edit_id='.$_REQUEST['edit_id']);
-			
-			}
-			else if (wpsg_isSizedString($_REQUEST['do'], 'refresh'))
-			{
+				$this->shop->redirect(
+					wpsg_admin_url('Order', 'view', ['edit_id' => $order_id])
+				);
+			
+			} else if ($do === 'refresh') {
 				
 				list($payment_state, $sale_state) = $this->getState($_REQUEST['edit_id']);
@@ -465,5 +464,7 @@
 				else $this->shop->addBackendMessage(wpsg_translate(__('Status der Zahlung (#1#) erfolgreich abgefragt.', 'wpsg'), $payment_state.'/'.$sale_state));
 				
-				$this->shop->redirect(WPSG_URL_WP.'wp-admin/admin.php?page=wpsg-Order&action=view&edit_id='.$_REQUEST['edit_id']);
+				$this->shop->redirect(
+					wpsg_admin_url('Order', 'view', ['edit_id' => $order_id])
+				);
 				
 			}
Index: /views/mods/mod_paypalapi/order_view_afterpayment.phtml
===================================================================
--- /views/mods/mod_paypalapi/order_view_afterpayment.phtml	(revision 7583)
+++ /views/mods/mod_paypalapi/order_view_afterpayment.phtml	(revision 7584)
@@ -15,5 +15,6 @@
 		wpsg_translate(
 			__('PaymentID [<a href="#1#">Status Aktualisieren</a>]', 'wpsg'),
-			WPSG_URL_WP.'wp-admin/admin.php?page=wpsg-Order&action=ajax&noheader=1&mod=wpsg_mod_paypalapi&do=refresh&edit_id='.$this->view['oOrder']->id
+			wpsg_admin_url('Order', 'ajax', ['noheader' => '1', 'mod' => 'wpsg_mod_paypalapi', 'do' => 'refresh', 'edit_id' => $this->view['oOrder']->id])
+			//WPSG_URL_WP.'wp-admin/admin.php?page=wpsg-Order&action=ajax&noheader=1&mod=wpsg_mod_paypalapi&do=refresh&edit_id='.$this->view['oOrder']->id
 		),
 		wpsg_translate(__('#1# (#2#)', 'wpsg'), $this->view['oOrder']->getMeta('wpsg_mod_paypalapi_paymentid'), $this->view['oOrder']->getMeta('wpsg_mod_paypalapi_paymentstate'))
