Opened 8 years ago

Closed 8 years ago

#85 closed Neues Feature (fixed)

/inc/xtc_collect_posts.inc.php Parameter Übergabe ändern

Reported by: web28 Owned by: GTB
Priority: normal Milestone: modified-shop-2.0.0.0
Component: Admin Version: 1.06

Description

Die Parameter sollten aus Sicherheistgründen nur mit dem Sprachkonstantennamen übergeben werden!

Beispiel 1:

xtc_redirect(xtc_href_link(FILENAME_SHOPPING_CART, 'info=1&info_message=REDEEMED_COUPON', 'NONSSL'));

Beispiel 2 mit zusaätliche Parameter

xtc_redirect(xtc_href_link(FILENAME_SHOPPING_CART, 'info=1&info_message=REDEEMED_AMOUNT&add_info='.urlencode($xtPrice->xtcFormat($gv_amount,true,0,true)), 'NONSSL'));

Und in shopping_cart.php einlesen mit:

$smarty->assign('info_message', constant($_GET['info_message']). (isset($_GET['add_info'])? strip_tags(urldecode($_GET['add_info'])): ''));





Attachments (0)

Change History (2)

comment:1 Changed 8 years ago by Tomcraft

fixed in r5416

comment:2 Changed 8 years ago by Tomcraft

  • Resolution set to fixed
  • Status changed from new to closed

Add Comment

Modify Ticket

Action
as closed
The resolution will be deleted. Next status will be 'reopened'
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.