TalkPTC

The MarketPlace => Development and Support => Aurora Security Fixes => Topic started by: Ayman on July 26, 2012, 07:26:31 AM

Title: Security Fix : Members/account_pay.php
Post by: Ayman on July 26, 2012, 07:26:31 AM

- Reason For The Fix :
> Will help in preventing purchases of lots of credits with zero account funds

- Fix Steps :

> Open This File In Your Cpanel : Members/account_pay.php .

> Find This Line :

Code: [Select]

$sql=$Db1->query("SELECT * FROM orders WHERE order_id='$order_id'");

> Add Before It :

Code: [Select]

$order_id = mysql_real_escape_string($_REQUEST['order_id']);

> So Final Code Should Be Like This :

Code: [Select]

$order_id = mysql_real_escape_string($_REQUEST['order_id']);
$order=$Db1->query_first("SELECT * FROM orders WHERE order_id='{$order_id}'");


( You Are Not Allowed To Copy This Fix Without Mentioning TalkPTC As Your Source )

Title: Re: Security Fix : Members/account_pay.php
Post by: posbuxdotcom on January 03, 2013, 01:36:13 AM

Thanks Admin, this fix.  :-bd

Title: Re: Security Fix : Members/account_pay.php
Post by: YED on March 21, 2014, 11:05:56 AM

This is fine for MRV script?

However thanks admin!! :D

Title: Re: Security Fix : Members/account_pay.php
Post by: Ayman on April 01, 2014, 12:35:01 AM

Quote from: YED on March 21, 2014, 11:05:56 AM

This is fine for MRV script?

However thanks admin!! :D

It will depend on your mrv version

Versions prior to 5.8 aren't encrypted so it's possible to add this fix to it , But 5.8 and after are encrypted so wont be possible to do that in it