[interchange-cvs] interchange - heins modified
dist/standard/etc/mail_receipt
interchange-cvs at icdevgroup.org
interchange-cvs at icdevgroup.org
Tue May 9 08:32:27 EDT 2006
User: heins
Date: 2006-05-09 12:32:27 GMT
Modified: dist/standard/etc Tag: STABLE_5_4-branch mail_receipt
Log:
* Fix minor security hole of exposing admin's session ID when they
enter an order for a user.
Revision Changes Path
No revision
No revision
1.1.1.1.2.1 +6 -2 interchange/dist/standard/etc/mail_receipt
rev 1.1.1.1.2.1, prev_rev 1.1.1.1
Index: mail_receipt
===================================================================
RCS file: /var/cvs/interchange/dist/standard/etc/mail_receipt,v
retrieving revision 1.1.1.1
retrieving revision 1.1.1.1.2.1
diff -u -r1.1.1.1 -r1.1.1.1.2.1
--- mail_receipt 25 Apr 2004 17:07:49 -0000 1.1.1.1
+++ mail_receipt 9 May 2006 12:32:27 -0000 1.1.1.1.2.1
@@ -47,7 +47,9 @@
[/row][/if-item-data][/if-item-data]
[if-item-param pay_cert_code]
[row 120]
- [column width=82]URL:[area href="pay_cert/redeem"
+ [column width=82]URL:[area
+ no-session=1
+ href="pay_cert/redeem"
form="
pay_cert_code=[item-param pay_cert_code]
pay_cert_check=[item-param pay_cert_check]
@@ -97,7 +99,9 @@
Always reference your order number when calling for a status.[if !session logged_in]
Or you can check status via this URL:
- [area form='
+ [area
+ no-session=1
+ form='
[scratch mv_autocreate]
mv_click=Login
mv_todo=return
More information about the interchange-cvs
mailing list