son caocao Posted November 15, 2017 Share Posted November 15, 2017 Hi experts, In order overview, I inject a form that doing refund for an order and the handler function is also call to admin class for authorization. But the authorization is always failed, I realize that the $GLOBAL('session') is an empty array when I tried to var_dump that inside permission function of admin class. I also tried to install my plugin in old version of cubecart like 6.1.5, its working fine and the $GLOBAL('session') having value of admin_id. Can anyone tell me what is the issue, what can I change to make it work on cubecart latest version ? Best Regards, Son Quote Link to comment Share on other sites More sharing options...
bsmither Posted November 15, 2017 Share Posted November 15, 2017 Welcome son caocao! Glad to see you made it to the forums. One of the differences between CC615 and the latest version is that a lot of XSS deterrence has been implemented. That means for many events, the correct security token needs to accompany the request. If that correct token is not there, the session will get discarded. 1 Quote Link to comment Share on other sites More sharing options...
son caocao Posted November 15, 2017 Author Share Posted November 15, 2017 Thanks @bsmither for quick reply, Can you pls guide me or better if u can give me a sample how to attach a security token into an ajax request. Actually, I cannot find any example on ajax request that attach security token for cubeCart. Best Regards, Son And also, @bsmither I have compare 2 versions 6.1.10 and 6.1.11, it got successfully run on .1.10 but not on 1.11 and having same issue that I mentioned above And the difference is in session.class.php, in 1.11 the session_prefix have change follow the ADMIN_CP. $session_prefix = CC_SSL ? 'S' : ''; if(ADMIN_CP) { $session_prefix .= '_ACP'; } Not sure what is the purpose of that changing on session_prefix Quote Link to comment Share on other sites More sharing options...
bsmither Posted November 15, 2017 Share Posted November 15, 2017 This may be the solution you are looking for:https://github.com/cubecart/v6/issues/1771 1 Quote Link to comment Share on other sites More sharing options...
son caocao Posted November 16, 2017 Author Share Posted November 16, 2017 That's really helpful, thanks a lot Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.