PDA

View Full Version : Cart Quantity Security Flaw Patch



michael_s
10-02-2007, 03:02 AM
This potential security flaw was first spotted by ErollorD on the oscommerce forums.

If you already use the Quantity Controller contribution or any other that sets maximum limits to your product quantities, you probably won't need this fix.

Problem: Add an item to your cart, update the quantity to 1000000000000000
You'll notice a drastic reduce in the price!
There is probably more to this problem in the osc core, but for the time being this is a quick patch to prevent people from stealing your downloads or getting your merch for cheap.


Also posted at: http://forums.oscommerce.com/index.php?showtopic=278086

More... (http://addons.oscommerce.com/info/5451)