Mysidia Adoptables Support Forum  

Home Community Mys-Script Creative Off-Topic
Go Back   Mysidia Adoptables Support Forum > Projects > The Bug Tracker > Bug

Inputting decimal value to shop item quantity gives full item at half price Issue Tools
issueid=55 03-09-2016 11:36 PM
Member
Inputting decimal value to shop item quantity gives full item at half price

An admin on another site that is using the mysidia script informed me of this bug.

If a user puts in 0.5 as an item quantity in the shops, they pay half price but get the full item. This bug can be severely exploited if users were to find out.
Issue Details
Project The Bug Tracker
Category Unknown
Status Unconfirmed
Priority 3
Affected Version Mys v1.3.4
Fixed Version (none)
Users able to reproduce bug 2
Users unable to reproduce bug 0
Assigned Users (none)
Tags (none)

04-07-2016 02:14 AM
Member
 
Just a little love tap to see if this is being looked into or anything?
Reply
04-20-2016 10:18 PM
Member
 
Open class_itemshop.php

Under the purchase function where you see the else replace this:
PHP Code:
    else {
            
$item->quantity $mysidia->input->post("quantity"); 
with this:
PHP Code:
    else {
            
$item->quantity = (int) $mysidia->input->post("quantity"); 
For good measure open class_stockitem.php and replace line 37, which is this:
PHP Code:
if(empty($quantity)) $quantity $mysidia->input->post("quantity"); 
with this:
PHP Code:
if(empty($quantity)) $quantity = (int) $mysidia->input->post("quantity"); 
This is only a partial fix. It will continue to display the wrong values to the user, but should correctly charge them now.
Reply
04-22-2016 11:28 PM
Member
 
Ahhh thank you thank you! <33
Reply
Reply

Issue Tools
Subscribe to this issue

All times are GMT -5. The time now is 05:53 AM.

Currently Active Users: 155 (2 members and 153 guests)
Threads: 3,895, Posts: 31,005, Members: 15,448
Welcome to our newest members, laurenannedaniel.
BER





What's New?

What's Hot?

What's Popular?


Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2017, vBulletin Solutions Inc.
vBCommerce I v2.0.0 Gold ©2010, PixelFX Studios
vBCredits I v2.0.0 Gold ©2010, PixelFX Studios
Emoticons by darkmoon3636