Community Add-Ons

Easier method IMO.

edit catalog/includes/application_top.php

find

case 'update_product' : ...


find this line in that section

$cart->add_cart($HTTP_POST_VARS['products_id'][$i], $HTTP_POST_VARS['cart_quantity'][$i], $attributes, false);


and add above it

if ((int)$HTTP_POST_VARS['cart_quantity'][$i] > 9999999) {
$HTTP_POST_VARS['cart_quantity'][$i] = 9999999;
}

change the first 9999999 to the maximum amount allowed... any value over that will automatically be set to the second 9999999 maximum amount..

file included contains only this text.

insaini

Great contribution to plug a valid hole.

The code added in v1.9 missed a comma (').

The Attachment contains the updated code

This potential security flaw was first spotted by ErollorD on the oscommerce forums.

If you already use the Quantity Controller contribution or any other that sets maximum limits to your product quantities, you probably won't need this fix.

Problem: Add an item to your cart, update the quantity to 1000000000000000
You'll notice a drastic reduce in the price!
There is probably more to this problem in the osc core, but for the time being this is a quick patch to prevent people from stealing your downloads or getting your merch for cheap.


Also posted at: http://forums.oscommerce.com/index.php?showtopic=278086