[ic] - issue with mv_successpage / mv_nextpage after applying
security page
Sanjeev Topiwala
s_tops at hotmail.com
Thu Apr 1 01:23:15 EST 2004
Hi,
I applied 5.0.1 security page. My checkout page is a logged-in user page. So
when someone clicks on checkout, the login page is thrown.
The login page is from foundation, which has the following hidden parameters
ACTION="http://www.paperorigins.com/cgi-bin/paper/process.html?id=akM9rYFa&mv_pc=267"
METHOD=POST>
<INPUT TYPE=hidden NAME=mv_todo VALUE=return>
<INPUT TYPE=hidden NAME=mv_click VALUE=Login>
<INPUT TYPE=hidden NAME=mv_failpage VALUE="login">
<INPUT TYPE=hidden NAME=mv_successpage VALUE="ord/checkout">
<INPUT TYPE=hidden NAME=mv_nextpage VALUE="index">
<input type=hidden name=mv_session_id value="akM9rYFa">
This works fine, as i log in, I'm redirected to the checkout page.
Now, I tried testing the security fix by typing
http://server_url/cgi-bin/__SOME_VARIABLE__
This throws me the violation page and asks me to log in. As soon as I log
in, it throws me to the index page.
Now, after this, using this browser, if I try to do the process of checkout
again by following these steps
1. Log out
2. add item to basket
3. click on checkout
the login page is thrown again with mv_successpage set to ord/checkout, but
after the successful login for any user, it redirects me back to index page.
Is this intended functionality ? Or is this is a regression issue introduced
due to the security fix ?
Thx..
- Sanjeev
_________________________________________________________________
MSN Toolbar provides one-click access to Hotmail from any Web page – FREE
download! http://toolbar.msn.com/go/onm00200413ave/direct/01/
More information about the interchange-users
mailing list