Jump to content

Change language on Product Details page = Unauthorised access?


Recommended Posts

Just noticed when changing language on the Product Details page, triggers the Unauthorised Access Attempt.

 

Would be good if can get a fix so that this doesn't happen... Even better if can change the product details pages from being done via form submission and switch to using a GET var/id instead...

Link to comment
Share on other sites

  • WHMCS CEO

The reason for the ID not showing in the URL is that it makes it more apparent to the user what their Service ID is, and for small operations, a user with multiple products might find the gap isn't much between different products and therefore jump to conclusions based on that. Having it hidden behind a post avoids that for most general users who don't know how to look through the source.

 

GET requests will work if you want to edit your templates, but not sure there's anything we could do to resolve this with the post method.

 

Matt

Link to comment
Share on other sites

Might it be possible to have it stored in a session perhaps?

 

Alternatively an option to manipulate the service ID as is possible with invoice ID (which if left as default would make it just as easy to guess at business size)

 

I have modified my templates to now use a link with the ID via get, although for the reason you've mentioned a good alternative would be much better, as the usability pains with the post method can be a real pain when navigating and when you want to directly link customers to the product page etc. Which can be quite difficult to direct them to the icon, particularly the less web savvy users.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated