View Single Post
  #18  
Old 01-10-2014, 09:03 AM
  cflsystems's Avatar 
cflsystems cflsystems is offline
 

Veteran
  
Join Date: Apr 2007
Posts: 14,190
 

Default Re: Confirmed Bug - Customers Can't Pay partially with Gift Certificate

Quote:
Originally Posted by ambal
Do not apply this patch if nothing is broken!!! Use it if you see the same trouble in your X-Cart shop and you really suffer from it.

Alex does this means the patch is for specific XC or server configuration? So is this a bug in XC or X-Payments or the Connector?
Are we to take this as workaround patch or as an official fix?

Also looking at the code

Code:
+ if (!empty($userinfo['id'])) { + $where = 'userid = "' . addslashes($userinfo['id']) .'"'; + } elseif(!empty($userinfo['email'])) { + $where = 'email = "' . addslashes($userinfo['email']) .'"'; + } else { + return; + }

Why addslashes($userinfo['id'])?

userid is integer, always, would be better to ensure it is integer instead of escaping characters. I think you should revise this.
__________________
Steve Stoyanov
CFLSystems.com
Web Development
Reply With Quote