View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0000443 | OXID eShop (all versions) | 4.04. Security | public | 2008-12-10 15:36 | 2008-12-15 19:46 |
| Reporter | Roman_Felger | Assigned To | |||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | resolved | Resolution | won't fix | ||
| Summary | 0000443: unsecure link to review in order confirmation mail | ||||
| Description | link to review products contains userid. e.g. http://demoshop.oxid-esales.com/professional-edition/index.php?shp=oxbaseshop&anid=1940&cl=review&reviewuserid=eff7e721f4d7d417218302369bfc7d64 | ||||
| Tags | No tags attached. | ||||
| Theme | |||||
| Browser | All | ||||
| PHP Version | 5.2.6 | ||||
| Database Version | 5.0.33 | ||||
|
|
Reminder sent to: dainius.bigelis, ralf_trapp There is a functionality, that user from order confirmation mail per link will be redirected to shop to write reviews without loggin. For this funktionality we need userid. Should we remove userid? Than user will be redirected to shop, but to write reviews he must loggin. Or should we leave it as it is? |
|
|
As it's no security issue and you have to login with your password: We leave it as it is. |
