checkout page source

[richiet737]

Hi,

I have searched for an answer to this problem and I apologise if it has been covered and just ask that you point me in the right direction please.

 

On my site, which delivers products by download, you go through the purchasing process until you get to the penultimate page that asks you to to confirm your order before sending you off to paypal to pay. If you view the source on this page you can read the return page that paypal will return you to once the transaction is complete. Cutting and pasting this php address into your browser will bypass paypal and take you to the download page where you can download without paying.

 

Is there a way of encrypting this so that the source cannot be read.

Rich

[germ]

Hi,

I have searched for an answer to this problem and I apologise if it has been covered and just ask that you point me in the right direction please.

 

On my site, which delivers products by download, you go through the purchasing process until you get to the penultimate page that asks you to to confirm your order before sending you off to paypal to pay. If you view the source on this page you can read the return page that paypal will return you to once the transaction is complete. Cutting and pasting this php address into your browser will bypass paypal and take you to the download page where you can download without paying.

 

Is there a way of encrypting this so that the source cannot be read.

Rich

There is a long thread about this vulnerability somewhere.

 

As I recall (and I could be mistaken) the crux was you need to install the "Superdownload Store" contribution.