Security Fix : Members/account_pay.php

[Ayman]

- Reason For The Fix :
> Will help in preventing purchases of lots of credits with zero account funds

- Fix Steps :

> Open This File In Your Cpanel : Members/account_pay.php .

> Find This Line :

Code: [Select]

$sql=$Db1->query("SELECT * FROM orders WHERE order_id='$order_id'");

> Add Before It :

Code: [Select]

$order_id = mysql_real_escape_string($_REQUEST['order_id']);

> So Final Code Should Be Like This :

Code: [Select]

$order_id = mysql_real_escape_string($_REQUEST['order_id']);
$order=$Db1->query_first("SELECT * FROM orders WHERE order_id='{$order_id}'");


( You Are Not Allowed To Copy This Fix Without Mentioning TalkPTC As Your Source )

[posbuxdotcom]

Thanks Admin, this fix. 

[YED]

This is fine for MRV script?

However thanks admin!!

[Ayman]

This is fine for MRV script?

However thanks admin!!

It will depend on your mrv version

Versions prior to 5.8 aren't encrypted so it's possible to add this fix to it , But 5.8 and after are encrypted so wont be possible to do that in it