[prev in list] [next in list] [prev in thread] [next in thread]
List: osc-general
Subject: [OSC-GENERAL] Security bug: Demos show this as well - or what's the fix?
From: Charles Cotton <ccotton () twinseas ! net>
Date: 2002-05-31 16:58:16
[Download RAW message or body]
This message was sent from: General Mailing List.
<http://www.oscommerce.com/community.php/forum,1/action,read/i,30932/t,30932>
----------------------------------------------------------------
freshly downloaded version 2.1
There have been many messages posted concerning how a shopper who logs in
AFTER they put items into their cart are directed to checkout_payment.php
NONSSL.
Someone posted a fix to change:
if (@$HTTP_POST_VARS['connection'] == 'secure') {
s/b:
if (@$HTTP_POST_VARS['connection'] == 'SSL') {
this WORKS on my local RH 7.1 Linux server, but not on my remote rack
(running, alas, PLESK)
Tooling through the ONLINE DEMOS HERE AT OSCOMMERCE, I notice the demos do
NOT foward you to a secure page.
I have visited TWO demo shops and yes, I did what I was told NOT TO DO, and
have registered, but VIOLA! they didn't take credit cards!
THIS SHOULD BE IN A FAQ OR THIS IS A MAJOR SECURITY BUG!
I've played with TEP before, but I didn't have a real use for it.
I'm holding off a client now because I can't recommend this with this MAJOR
SECURITY BUG WHICH NO ONE SEEMS TO WANT TO ANSWER THE MANY PEOPLE REPORTING
IT!
PLEASE CORRECT ME!
_______________________________________________
osCommerce, General Mailing List
http://two.pairlist.net/mailman/listinfo/osc-general
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic