News:

You may pay someone to create your store, or you visit our seminar and become a professional yourself with the silver certification

Main Menu

Why are the database credentials in cart object?

Started by fmarton, March 24, 2020, 12:29:54 PM

Previous topic - Next topic

fmarton

Hello Friends,
Can anyone tell me what is the reason for including clear text database username, name and password in the cart object?
(along with the logged in user's salted password)
using VirtueMart 3.6.10 10211
test: print_r($this->cart);
for example at the end of /web/components/com_virtuemart/views/cart/tmpl/default_pricelist.php
Thank you,

Milbo

It is in the db object. You do a debug output.
Should I fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/

Studio 42

@fmarton
This is not the user password, but the DB password.

fmarton

Like I said, it is the database name, database username and database password,
Additionally, there is also the user's name, e-mail address and salted password there, please see attachment.

I know I'm debugging. But that's not an answer to why it should be in the cart. :)

It would be nice to know if there is a good reason for that.
Thank you all!

Studio 42

If you get Joomla user, you get the password in all cases, not only in Virtuemart.
The password is encoded.
If you mean that this is a problem, then check with Joomla team. Virtuemart only use Joomla user, it not set it.