Originally Posted by
Ajeh
Works pretty well, nice job ...
However, hacker that I am, there is a way to trick it on going to a products_info page by changing the URL cPath ...
Interesting enough, removing the cPath and just using the products_id IS protected ...
Something to play with:
/index.php?main_page=product_info&cPath=69&products_id=186 <-- blocked
/index.php?main_page=product_info&cPath=2&products_id=186 <-- sneaks in
Granted you have to really want to get in there and are not a "good" customer ... so, this might not be worth the hassel to try to fix ... otherwise, somewhere you may need one more check that evil is not being committed ...
Plugged the security hole.
File /includes/templates/MY_TEMPLATE/templates/tpl_product_info_display.php amended to this:
Code:
[ file header here]
<?php
/**
* CATEGORY_RESTRICTION - find corresponding master category for the current product
*/
$products_id_to_block = $_GET['products_id'];
global $db;
$sql = "select master_categories_id from " . TABLE_PRODUCTS . " where products_id = :productID:";
$sql = $db->bindVars($sql, ':productID:', $products_id_to_block, 'integer');
$result = $db->Execute($sql);
if ($result->RecordCount() > 0) {
echo '(used for testing purposes): Master Category ID = ' . $result->fields['master_categories_id'];
} else {
echo 'Sorry, no record found for product number ' . $products_id_to_block;
}
if (!$_SESSION['customer_id'] && !$_SESSION['customers_privileges'] > 0 && in_array($result->fields['master_categories_id'],explode(',', CATEGORY_RESTRICTION_LOGIN_CATEGORY)) ) {
//echo ' - this product should be blocked !!';
echo TEXT_ILLEGAL_ACCESS ;
} else { // bof CATEGORY_RESTRICTION - OPEN ACCESS
.... orginal body of the file
.... then at the bottom added after
<!--bof Form close-->
<?php
} // eof CATEGORY_RESTRICTION - OPEN ACCESS
?>
</div>
Thanks again for pointing this out Ajeh!
Bookmarks