richiet737 Posted March 24, 2010 Posted March 24, 2010 Hi, I have searched for an answer to this problem and I apologise if it has been covered and just ask that you point me in the right direction please. On my site, which delivers products by download, you go through the purchasing process until you get to the penultimate page that asks you to to confirm your order before sending you off to paypal to pay. If you view the source on this page you can read the return page that paypal will return you to once the transaction is complete. Cutting and pasting this php address into your browser will bypass paypal and take you to the download page where you can download without paying. Is there a way of encrypting this so that the source cannot be read. Rich
germ Posted March 24, 2010 Posted March 24, 2010 Hi, I have searched for an answer to this problem and I apologise if it has been covered and just ask that you point me in the right direction please. On my site, which delivers products by download, you go through the purchasing process until you get to the penultimate page that asks you to to confirm your order before sending you off to paypal to pay. If you view the source on this page you can read the return page that paypal will return you to once the transaction is complete. Cutting and pasting this php address into your browser will bypass paypal and take you to the download page where you can download without paying. Is there a way of encrypting this so that the source cannot be read. Rich There is a long thread about this vulnerability somewhere. As I recall (and I could be mistaken) the crux was you need to install the "Superdownload Store" contribution. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
Recommended Posts
Archived
This topic is now archived and is closed to further replies.