Magento - Is this a security bug? - Programming Questions - eCommerce Software for Growth

Log In

Username or Email

Password:

Forgot Password

or
Register

Skip to site navigation »
Skip to main content »
Skip to footer content »

Magento Forum

Is this a security bug?

stereotomy Total Posts: 28 Joined: 2008-02-10 Ignore user	after adding some items to my cart, i navigate to the “mysite/checkout/onepage/success” page and it says the order is complete. i see the order at the admin panel. am i missing something??????
	Posted: July 31 2008 \| top

mzentrale Total Posts: 731 Joined: 2007-12-06 Stuttgart, Germany Ignore user	Hi, which version are you using? Are you logged i or guest? I cant confirm this. cheers stefan Signature mzentrale \| eCommerce - eBusiness Agentur für eCommerce Beratung, Entwicklung & Marketing. Magento™ Silver Partner ----
	Posted: July 31 2008 \| top \| # 1

stereotomy Total Posts: 28 Joined: 2008-02-10 Ignore user	hi stefan, - i am using 1.1.1. - shopping as guest as said, the issue is very obvious. my site is at http://www.xxxxxxx.com/english (pm me please) you may want to see for yourself too. i am confused. thanks.
	Posted: July 31 2008 \| top \| # 2

mzentrale Total Posts: 731 Joined: 2007-12-06 Stuttgart, Germany Ignore user	Hi, i can confirm this behavior in shop /english, in your default shop (without english) there is no problem, so it seems its a really hard bug in multistore funkction of magento! Please write a bug report! Cheers Stefan Signature mzentrale \| eCommerce - eBusiness Agentur für eCommerce Beratung, Entwicklung & Marketing. Magento™ Silver Partner ----
	Posted: July 31 2008 \| top \| # 3

stereotomy Total Posts: 28 Joined: 2008-02-10 Ignore user	thanks, I will. and actually i have edited my original post, I dont want people to place phantom orders at my website
	Posted: July 31 2008 \| top \| # 4

Michael Total Posts: 826 Joined: 2007-08-31 Ignore user	Hi guys, I’m not able to get the order placed on the site (I know the real link). Can you please describe the detailed steps how to reproduce this ? Thank you, Michael
	Posted: July 31 2008 \| top \| # 5

mzentrale Total Posts: 731 Joined: 2007-12-06 Stuttgart, Germany Ignore user	Hi, in shop http://www.foo.de/english: i add a product to the cart - in store “english” - and than i called http://www.foo.de/english/onepage/checkout/succes without checkout process. I was redirected to the empty cart. Done as guest. in shop http://www.foo.de (i think its default), i also added a product to cart and called http://www.foo.de/onepage/checkout/success without checkout process and was redirected to normal card which contains the added product. Its not my shop, i only tested it. Hope that helps, maybe its useful to have access to adminpanel to check configuration. Cheers Stefan Signature mzentrale \| eCommerce - eBusiness Agentur für eCommerce Beratung, Entwicklung & Marketing. Magento™ Silver Partner ----
	Posted: July 31 2008 \| top \| # 6

CreedFeed Total Posts: 74 Joined: 2007-08-31 Milwaukee, WI Ignore user	I tried duplicating this on an install of 1.1.1 I have and going directly to the checkout/onepage/success simply redirected me to checkout/cart with the items in my cart displaying. Signature -Steve Quake 1 Resurrection
	Posted: July 31 2008 \| top \| # 7

Michael Total Posts: 826 Joined: 2007-08-31 Ignore user	i also added a product to cart and called http://www.foo.de/onepage/checkout/success without checkout process and was redirected to normal card which contains the added product. I don’t see any bug here. It should redirect to shopping cart if no valid data was submitted to this page, and it does redirect. Did I miss anything ?
	Posted: August 1 2008 \| top \| # 8

mzentrale Total Posts: 731 Joined: 2007-12-06 Stuttgart, Germany Ignore user	Hi, can you pm me the url? Cheers Signature mzentrale \| eCommerce - eBusiness Agentur für eCommerce Beratung, Entwicklung & Marketing. Magento™ Silver Partner ----
	Posted: August 1 2008 \| top \| # 9

Magento Community

Magento Community

Back to top

What happened to the sales_quote_* tables in v1.1.1?

Add a "Add New" button to backend module