Igor Gariev (gariev) wrote in changelog,
Igor Gariev
gariev
changelog

[ljcom] r9313: LJSUP-6517: Vulnerability with Firebug a...

Committer: gariev
LJSUP-6517: Vulnerability with Firebug allows users to get free paid time

U   branches/r67.1/cgi-bin/LJ/Widget/Shop/PaidAccount.pm
Modified: branches/r67.1/cgi-bin/LJ/Widget/Shop/PaidAccount.pm
===================================================================
--- branches/r67.1/cgi-bin/LJ/Widget/Shop/PaidAccount.pm	2010-08-05 08:32:51 UTC (rev 9312)
+++ branches/r67.1/cgi-bin/LJ/Widget/Shop/PaidAccount.pm	2010-08-05 16:18:26 UTC (rev 9313)
@@ -219,6 +219,13 @@
         unless $paid_item;
 
     $paid_item->calculate_price($is_gift, $cart);
+    
+    ## LJSUP-6517
+    ## Vulnerability with Firebug allows users to get free paid time
+    unless ($paid_item->{'amt'}>0) {
+        $self->raise_errors("Unable to calculate item price");    
+    }
+    
     unless ($paid_item->can_belong_to($cart, \@errs, \@warns, 'additem')) {
         $self->raise_errors(@errs) if @errs;
 

Tags: gariev, ljcom, pm
Subscribe
  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

  • 0 comments