Security Token 13 labeled as Unknown but used
Hi:
Security Token 13 is labeled as Unknown on the SQL file (so, unused). We used it for fine graining some access rights but just discovered that it's hard coded for some purposes on:
- CounterSales.php (lines 746, 792 and 845)
- SelectOrderItems.php (lines 1339, 1387, 1427)
Seems that the use is for price security issues.
So:
a) If it's used for Price Security issues, token 12 is already set up for this use, and hardcoded somewhere else, so 13 should be changed by 12.
b) If the use is different form existing token 12, then token 13 should be labelled accordingly on the SQL file.
Changing /upgrading security tokens should also have a clear warning on the update database script, as it might affect existing installations.
Regards,
Pak Ricard
|