|
Inputting decimal value to shop item quantity gives full item at half price
|
03-09-2016 10:36 PM
|
 |
Member
|
|
|
Inputting decimal value to shop item quantity gives full item at half price
An admin on another site that is using the mysidia script informed me of this bug.
If a user puts in 0.5 as an item quantity in the shops, they pay half price but get the full item. This bug can be severely exploited if users were to find out.
|
|
|
Issue Details
|
|
Category Unknown
Status Unconfirmed
Priority 3
Affected Version Mys v1.3.4
Fixed Version Mys v1.3.5
Users able to reproduce bug
2
Users unable to reproduce bug
0
Assigned Users
(none)
Tags
(none)
|
|
|
04-07-2016 02:14 AM
|
|
Member
|
|
|
|
Just a little love tap to see if this is being looked into or anything?
|
|
04-20-2016 10:18 PM
|
 |
Member
|
|
|
Open class_itemshop.php
Under the purchase function where you see the else replace this:
PHP Code:
else {
$item->quantity = $mysidia->input->post("quantity");
with this:
PHP Code:
else {
$item->quantity = (int) $mysidia->input->post("quantity");
For good measure open class_stockitem.php and replace line 37, which is this:
PHP Code:
if(empty($quantity)) $quantity = $mysidia->input->post("quantity");
with this:
PHP Code:
if(empty($quantity)) $quantity = (int) $mysidia->input->post("quantity");
This is only a partial fix. It will continue to display the wrong values to the user, but should correctly charge them now. |
|
04-22-2016 11:28 PM
|
|
Member
|
|
|
|
Ahhh thank you thank you! <33
|
All times are GMT -5. The time now is 03:38 AM.
Currently Active Users: 805 (0 members and 805 guests)
Threads: 4,081, Posts: 32,029, Members: 2,016
Welcome to our newest members,
jolob.
Please Wait