You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ofbiz.apache.org by "Christian Carlow (JIRA)" <ji...@apache.org> on 2015/04/23 21:48:38 UTC

[jira] [Commented] (OFBIZ-6295) Shoppingcart checkout shipping rules can be hacked

    [ https://issues.apache.org/jira/browse/OFBIZ-6295?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14509668#comment-14509668 ] 

Christian Carlow commented on OFBIZ-6295:
-----------------------------------------

OFBIZ-6297 and OFBIZ-6296 are related because they exhibit issues once the order is created.

> Shoppingcart checkout shipping rules can be hacked
> --------------------------------------------------
>
>                 Key: OFBIZ-6295
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-6295
>             Project: OFBiz
>          Issue Type: Bug
>          Components: order
>    Affects Versions: Trunk
>            Reporter: Christian Carlow
>
> Logic should be added to prevent someone from changing the default values of the shopping cart checkout carrier shipping method radio option value to a shipping method that isn't shown due to rules being broken.  I changed the radio option value using firebug but the order creation succeeded without any error about the shipping method rules being broken.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)