Modify

Opened 3 years ago

Closed 3 years ago

#2316 closed Bug/Fehler (fixed)

print_order.php - Warnung bei unbekannter orders_id

Reported by: web-looks.de Owned by: somebody
Priority: normal Milestone: modified-shop-2.0.8.0
Component: Shop Version: 2.0.7.2
Keywords: Cc:
Blocked By: Blocking:

Description

Log-Meldung leider nicht mehr vorhanden. Nachstellbar wenn $_GET['oID'] leer ist.

Vorschlag zur Korrektur:

/print_order.php

Suchen nach:

$oID = (int) $_GET['oID'];

Ersetzen mit:

$oID = (!empty($_GET['oID']) ? (int)$_GET['oID'] : 0);
$customer_id = (!empty($_SESSION['customer_id']) ? (int)$_SESSION['customer_id'] : (!empty($_SESSION['customer_gid']) ? (int)$_SESSION['customer_gid'] : 0));

Suchen nach:

if ((isset($_SESSION['customer_id']) && $_SESSION['customer_id'] == $order_check['customers_id']) 
    || (isset($_SESSION['customer_gid']) && $_SESSION['customer_gid'] == $order_check['customers_id'])
    ) 
{

Ersetzen mit:

if (!empty($customer_id)
	&& !empty($order_check['customers_id'])
	&& $customer_id == $order_check['customers_id']
) {

Attachments (0)

Change History (1)

comment:1 by Gerhard Waldemair, 3 years ago

Resolution: fixed
Status: newclosed

In 14817:

fix #2316 - check for valid oID in print order

Modify Ticket

Action
as closed The owner will remain somebody.
The resolution will be deleted. Next status will be 'reopened'.

Add Comment
E-mail address and name can be saved in the Preferences .
AttachmentsDescription
 
Note: See TracTickets for help on using tickets.