Memberships security issue?
Opened this issue · 1 comments
wnggf commented
Hello, i have set up category memberships, so only certain users can see a product category. but if your signed in as a user without that membership (you cant see the category listed on the main page, but), you can still access that category by just changing the number in the address bar - cart.php?target=category&category_id=3. by changing the id=3 to id=2 you can access it with the wrong account. am i doing something wrong?
tony-sologubov commented
Hi!
This problem is fixed in X-Cart 5. Check it out here: http://www.x-cart.com/download.html