[interchange-cvs] interchange - heins modified dist/standard/etc/mail_receipt

interchange-cvs at icdevgroup.org interchange-cvs at icdevgroup.org
Tue May 9 08:32:27 EDT 2006


User:      heins
Date:      2006-05-09 12:32:27 GMT
Modified:  dist/standard/etc Tag: STABLE_5_4-branch mail_receipt
Log:
* Fix minor security hole of exposing admin's session ID when they
  enter an order for a user.

Revision  Changes    Path
No                   revision



No                   revision



1.1.1.1.2.1 +6 -2      interchange/dist/standard/etc/mail_receipt


rev 1.1.1.1.2.1, prev_rev 1.1.1.1
Index: mail_receipt
===================================================================
RCS file: /var/cvs/interchange/dist/standard/etc/mail_receipt,v
retrieving revision 1.1.1.1
retrieving revision 1.1.1.1.2.1
diff -u -r1.1.1.1 -r1.1.1.1.2.1
--- mail_receipt	25 Apr 2004 17:07:49 -0000	1.1.1.1
+++ mail_receipt	9 May 2006 12:32:27 -0000	1.1.1.1.2.1
@@ -47,7 +47,9 @@
 [/row][/if-item-data][/if-item-data]
 [if-item-param pay_cert_code]
 [row 120]
-	[column width=82]URL:[area href="pay_cert/redeem"
+	[column width=82]URL:[area
+						  no-session=1
+						  href="pay_cert/redeem"
 						  form="
 						  	pay_cert_code=[item-param pay_cert_code]
 						  	pay_cert_check=[item-param pay_cert_check]
@@ -97,7 +99,9 @@
 Always reference your order number when calling for a status.[if !session logged_in]
 Or you can check status via this URL:
 
-   [area form='
+   [area
+   		no-session=1
+   		form='
             [scratch mv_autocreate]
             mv_click=Login
             mv_todo=return








More information about the interchange-cvs mailing list