Questions about Payment Form extension

BUG: Unpublished Forms Accessible

  • thirdsun
  • Topic Author
  • Offline
  • Senior Member
  • Senior Member
More
13 years 6 months ago #9245 by thirdsun
BUG: Unpublished Forms Accessible was created by thirdsun
It appears even though a form is unpublished, it can still be accessed directly. Someone found our form through a google search, and was able to do a transaction, even though the form was not published. I had to unpublish the payment plugin to disable the possibility of another submission, but the form still appears.

Please Log in or Create an account to join the conversation.

More
13 years 6 months ago #9312 by Tuan Pham Ngoc
Replied by Tuan Pham Ngoc on topic Re: BUG: Unpublished Forms Accessible
Hi

I am sorry for lately response on this issue . I confirm this issue and will work on it on tomorrow morning to get it fixed . I will update you when this post as soon as the issue fixed .

Regards,

Tuan

Please Log in or Create an account to join the conversation.

More
13 years 6 months ago #9578 by oldandfat
Replied by oldandfat on topic Re: BUG: Unpublished Forms Accessible
Dear Thirdsun

I recently discovered this situation as well. When our event sold out I marked the online registration menu entry as unpublished and created a new item linked to an article saying that we were sold out. Much to my surprise someone still registered, but the email I got was "off" and when I checked Payments management, there was no record. I assumed the person had faked the email. Later when I looked at the actual payments table I found the record was there with an event code of 0. (Typical Tuan, he doesn't clean up the database.) So then I though the registrant had hacked my site. I found that I could alter the last number in the URL (the Joomla "item id" from the menu page) and a wierd version of the form came up. Then I recalled that I had created hyperlinks from other menu items to the registration form, and sure enough these were still going to the form. So I changed the item id ... and that didn't correct it. It wasn't until I used cut and paste on the complete, correct URL that I got it to branch to the correct menu item.

I think this is a Joomla issue. When you create a menu item, it "exists" and supports you as a developer being able to get to it to do modifications (development work). The publish/unpublish doesn't remove the code, it just attempts to disable it. Maybe Tuan didn't do it right, maybe this is a basic bug in Joomla. Someone can either blunder on to the correct URL, follow an old hyperlink, find it with a search engine, etc. and still get there. I set the security on the old page to "special" to make it hard for any but a small group to reach it and I made sure I didn't have any old hyperlinks that someone could easily click. The item still exists, and can still be reached under the right circumstances. I want to keep the page for my reference. To absolutely lock the door, you need to delete the page and empty the menu trash.

Regards,
Dave Sause
oldandfat@cox.net

Please Log in or Create an account to join the conversation.

More
13 years 5 months ago #9771 by Tuan Pham Ngoc
Replied by Tuan Pham Ngoc on topic Re: BUG: Unpublished Forms Accessible
Hi

Finally I have time to work on this small issue . It was fixed, please see joomdonation.com/index.php?option=com_ku...iew&catid=55&id=9770 .

Please download latest version of the extension and update to your site to get this issue solved.

Regards,

Tuan

Please Log in or Create an account to join the conversation.

Moderators: Tuan Pham Ngoc