View Issue Details

Jump to Notes
IDProjectCategoryView StatusDate SubmittedLast Update
0005091OXID eShop (all versions)4.04. Securitypublic2013-04-30 11:442014-07-29 13:06
Reporterfcos Assigned To 
PriorityhighSeverityminorReproducibilityalways
Status resolvedResolutionfixed 
Product Version4.6.5 revision 49955 
Target Version4.7.14 / 5.0.14Fixed in Version4.9.0_5.2.0_beta1 
Summary0005091: Newsletter force_sid=x
DescriptionIf you subscribe for an newsletter with no active session, the doubleoptin mail has force_sid=x, this cause some critical problem like changed user baskets...

seems like it should be fixed in https://bugs.oxid-esales.com/view.php?id=1610
but i can reproduce always

has anyone an hotfix for this?
TagsNo tags attached.
ThemeAll
BrowserAll
PHP Versionany
Database Versionany

Relationships

related to 0001610 resolvedalfonsas_cirtautas URL params with "sid" in name are interpreted as session ID and replaced with "sid=x" automatically 

Activities

fcos

2013-04-30 11:57

reporter   ~0008648

ok found and hotfix,
change the [{$subscribeLink}] to
[{$oViewConf->getCurrentHomeDir()}]?cl=newsletter&fnc=addme&uid=[{$user->oxuser__oxid->value}]

but it would be good if you fix this

mantas.vaitkunas

2014-07-29 11:48

reporter   ~0010039

Now sid is not replaced by "sid=x", but it's removed from link.