[ljcom] r9313: LJSUP-6517: Vulnerability with Firebug a...
Committer: gariev
LJSUP-6517: Vulnerability with Firebug allows users to get free paid timeU branches/r67.1/cgi-bin/LJ/Widget/Shop/PaidAccount.pm
Modified: branches/r67.1/cgi-bin/LJ/Widget/Shop/PaidAccount.pm
===================================================================
--- branches/r67.1/cgi-bin/LJ/Widget/Shop/PaidAccount.pm 2010-08-05 08:32:51 UTC (rev 9312)
+++ branches/r67.1/cgi-bin/LJ/Widget/Shop/PaidAccount.pm 2010-08-05 16:18:26 UTC (rev 9313)
@@ -219,6 +219,13 @@
unless $paid_item;
$paid_item->calculate_price($is_gift, $cart);
+
+ ## LJSUP-6517
+ ## Vulnerability with Firebug allows users to get free paid time
+ unless ($paid_item->{'amt'}>0) {
+ $self->raise_errors("Unable to calculate item price");
+ }
+
unless ($paid_item->can_belong_to($cart, \@errs, \@warns, 'additem')) {
$self->raise_errors(@errs) if @errs;