Quote:
Originally Posted by ambal
Do not apply this patch if nothing is broken!!! Use it if you see the same trouble in your X-Cart shop and you really suffer from it.
|
Alex does this means the patch is for specific XC or server configuration? So is this a bug in XC or X-Payments or the Connector?
Are we to take this as workaround patch or as an official fix?
Also looking at the code
Code:
+ if (!empty($userinfo['id'])) {
+ $where = 'userid = "' . addslashes($userinfo['id']) .'"';
+ } elseif(!empty($userinfo['email'])) {
+ $where = 'email = "' . addslashes($userinfo['email']) .'"';
+ } else {
+ return;
+ }
Why addslashes($userinfo['id'])?
userid is integer, always, would be better to ensure it is integer instead of escaping characters. I think you should revise this.