New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SC_Helper_Customer::sfGetCustomerData() del_flg をチェックしていない #118

Closed

seasoftjapan opened this issue Feb 3, 2017 · 1 comment

Labels

Milestone

Contributor

seasoftjapan commented Feb 3, 2017

削除済み・退会済みの情報を読み込めそう。
管理画面でハック的手法などで、本来表示されるべきでない会員情報を表示できたり、(登録まで至れると) del_flg = 0 に戻ってしまったり、意図しない動作を招きそうに思う。
sfGetCustomerDataFromId() も同様か。

Yangsin added the bug:Middle label

Yangsin added this to the eccube-2.13.6 milestone

so-amuamu modified the milestones: eccube-2.13.6, 2.17.0

so-amuamu commented Jul 31, 2018

直接的な動作への影響は無さそうですが
SC_Helper_Customer内のdel_flg条件は足して揃える方向で直しましょう

so-amuamu mentioned this issue

SC_Helper_Customer::sfGetCustomerData() 一致無しを考慮していない #117

Closed

kiy0taka closed this as completed in

60c99cc

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment