PDA

View Full Version : Autologon



michael_s
11-07-2008, 08:11 AM
With the current logoff.php modification the user is never able to logoff creating a potential security risk.

The programmer forgot to put the value parameter when cleaning the cookies.

These are the lines that need to be changed:
From:
setcookie('email_address', time() - 3600, $cookie_path);
setcookie('password', time() - 3600, $cookie_path);

To:
setcookie('email_address', '', time() - 3600, $cookie_path);
setcookie('password', '', time() - 3600, $cookie_path);

Please note that, obviously, they are two single quotes in each line.

I attach the corrected file only.

More... (http://addons.oscommerce.com/info/338)