New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix product information leak on the front office #8433

Merged
merged 3 commits into from Oct 23, 2017

Conversation

Projects
None yet
8 participants
@kompilorb
Contributor

kompilorb commented Oct 23, 2017

Questions Answers
Branch? 1.7.2.x
Description? leaks sensible cart product detail (wholesale price, supplier)
Type? bug fix
Category? FO
BC breaks? no
Deprecations? no
Fixed ticket? http://forge.prestashop.com/browse/BOOM-3953
How to test? View card product and product vars in template

This change is Reviewable

@eternoendless eternoendless changed the title from eaks sensible cart product detail (wholesale price, supplier) to Fix product information leak on the front office Oct 23, 2017

@codacy-bot

This comment has been minimized.

Show comment
Hide comment
@codacy-bot

codacy-bot Oct 23, 2017

Codacy Here is an overview of what got changed by this pull request:

Issues
======
- Added 3
           

Complexity increasing per file
==============================
- classes/controller/ProductListingFrontController.php  5
- classes/controller/FrontController.php  2
         

See the complete overview on Codacy

codacy-bot commented Oct 23, 2017

Codacy Here is an overview of what got changed by this pull request:

Issues
======
- Added 3
           

Complexity increasing per file
==============================
- classes/controller/ProductListingFrontController.php  5
- classes/controller/FrontController.php  2
         

See the complete overview on Codacy

@eternoendless

This comment has been minimized.

Show comment
Hide comment
@eternoendless
Member

eternoendless commented Oct 23, 2017

Thank you @kompilorb

@eternoendless eternoendless merged commit 36fb165 into PrestaShop:1.7.2.x Oct 23, 2017

1 of 2 checks passed

codacy/pr Not so good... This pull request quality could be better.
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details

@xBorderie xBorderie added this to the 1.7.2.4 milestone Oct 24, 2017

@doekia

This comment has been minimized.

Show comment
Hide comment
@doekia

doekia Oct 24, 2017

Contributor

a part from wholesale_price, why pruning off id_supplier? how this leaks any information - critical ?

Contributor

doekia commented Oct 24, 2017

a part from wholesale_price, why pruning off id_supplier? how this leaks any information - critical ?

@dave-ps

This comment has been minimized.

Show comment
Hide comment
@dave-ps

dave-ps Oct 24, 2017

Contributor

some people don't want to let people know the suppliers. Supplier not to be confused with manufacturer/brand

Contributor

dave-ps commented Oct 24, 2017

some people don't want to let people know the suppliers. Supplier not to be confused with manufacturer/brand

@doekia

This comment has been minimized.

Show comment
Hide comment
@doekia

doekia Oct 24, 2017

Contributor

an id discloses nothing about the supplier name unless you have activated the supplier url, in with case the supplier is disclosed in clear on this page. Pruning the id prevent extra processing to adopt a different view should this or that supplier is at stake? e.i: changing the shpiping delay for instance

Contributor

doekia commented Oct 24, 2017

an id discloses nothing about the supplier name unless you have activated the supplier url, in with case the supplier is disclosed in clear on this page. Pruning the id prevent extra processing to adopt a different view should this or that supplier is at stake? e.i: changing the shpiping delay for instance

@iqit-commerce

This comment has been minimized.

Show comment
Hide comment
@iqit-commerce

iqit-commerce Oct 29, 2017

Contributor

Why cover is not added to allowed propertires?! it is breaking autocomplete search. I created pr #8447 which brings it back

Contributor

iqit-commerce commented Oct 29, 2017

Why cover is not added to allowed propertires?! it is breaking autocomplete search. I created pr #8447 which brings it back

@kompilorb kompilorb deleted the kompilorb:1.7.2.x branch Nov 6, 2017

@reho

This comment has been minimized.

Show comment
Hide comment
@reho

reho Feb 22, 2018

I've checked the pull and I think there is some problem: when cleaning the cart but after used the original again in the $templateVars (line 511). There should be $cleancart instead of $this->cart_presenter->present($this->context->cart).

reho commented Feb 22, 2018

I've checked the pull and I think there is some problem: when cleaning the cart but after used the original again in the $templateVars (line 511). There should be $cleancart instead of $this->cart_presenter->present($this->context->cart).

@eternoendless

This comment has been minimized.

Show comment
Hide comment
@eternoendless

eternoendless Feb 23, 2018

Member

Fixed here: #8803

Member

eternoendless commented Feb 23, 2018

Fixed here: #8803

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment