TalkPTC
The MarketPlace => Development and Support => Aurora Security Fixes => Topic started by: Ayman on July 26, 2012, 07:26:31 AM
-
- Reason For The Fix :
> Will help in preventing purchases of lots of credits with zero account funds
- Fix Steps :
> Open This File In Your Cpanel : Members/account_pay.php .
> Find This Line :
$sql=$Db1->query("SELECT * FROM orders WHERE order_id='$order_id'");
> Add Before It :
$order_id = mysql_real_escape_string($_REQUEST['order_id']);
> So Final Code Should Be Like This :
$order_id = mysql_real_escape_string($_REQUEST['order_id']);
$order=$Db1->query_first("SELECT * FROM orders WHERE order_id='{$order_id}'");
( You Are Not Allowed To Copy This Fix Without Mentioning TalkPTC As Your Source )
-
Thanks Admin, this fix. :-bd
-
This is fine for MRV script?
However thanks admin!! :D
-
This is fine for MRV script?
However thanks admin!! :D
It will depend on your mrv version
Versions prior to 5.8 aren't encrypted so it's possible to add this fix to it , But 5.8 and after are encrypted so wont be possible to do that in it