You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ofbiz.apache.org by "Christian Carlow (JIRA)" <ji...@apache.org> on 2015/04/23 21:48:38 UTC
[jira] [Commented] (OFBIZ-6295) Shoppingcart checkout shipping
rules can be hacked
[ https://issues.apache.org/jira/browse/OFBIZ-6295?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14509668#comment-14509668 ]
Christian Carlow commented on OFBIZ-6295:
-----------------------------------------
OFBIZ-6297 and OFBIZ-6296 are related because they exhibit issues once the order is created.
> Shoppingcart checkout shipping rules can be hacked
> --------------------------------------------------
>
> Key: OFBIZ-6295
> URL: https://issues.apache.org/jira/browse/OFBIZ-6295
> Project: OFBiz
> Issue Type: Bug
> Components: order
> Affects Versions: Trunk
> Reporter: Christian Carlow
>
> Logic should be added to prevent someone from changing the default values of the shopping cart checkout carrier shipping method radio option value to a shipping method that isn't shown due to rules being broken. I changed the radio option value using firebug but the order creation succeeded without any error about the shipping method rules being broken.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)