Text only | Text with Images

VirtueMart Forum

VirtueMart 2 + 3 + 4 => Virtuemart Development and bug reports => Topic started by: serapol on July 01, 2012, 13:18:34 PM

Title: CRITICAL BUG. In shopper email order sent login vendor (Virtuemart 2.0.8)
Post by: serapol on July 01, 2012, 13:18:34 PM
I noticed that the letter of the order for the buyer sent unnecessary information Vendor. Sent to the Vendor username. This is a security breach.

The devil is in the file administrator/components/com_virtuemart/models/userfields.php on line 369. You need to add one more parameter in the condition

It was
Code Select

if(VmConfig::get('oncheckout_show_register',1) and $type=='BT'){

It must be
Code Select

if(VmConfig::get('oncheckout_show_register',1) and $type=='BT' and $layoutName != 'mail'){


If you do not add the following will not be carrying out the condition of the array respectively, and do not leave the registration data vendor.
Title: Re: CRITICAL BUG. In shopper email order sent login vendor (Virtuemart 2.0.8)
Post by: Milbo on July 01, 2012, 15:37:23 PM
Interesting method to solve this

we relase this evening a version A, with another solution to solve it. thx
Title: Re: CRITICAL BUG. In shopper email order sent login vendor (Virtuemart 2.0.8)
Post by: serapol on July 01, 2012, 18:58:56 PM
You can of course and on the other. For example, in the condition on line 387 to add a new restriction

Code Select

if(((!$register or $type =='ST') and $layoutName !='edit') or $layoutName == 'mail'){


I tried to solve quickly and easily, because the already running this version on the main site.

In general, everything works fine  :)

If something suddenly caught, be sure to write
Text only | Text with Images