user4513 Designer Van New Zealand Lid sinds sep 2017 user4513 13 okt 2017 05:10 [13-Oct-2017 05:03:34 Pacific/Auckland] Fatal error: Could not find order in database (ID: 2) in ~/includes/controllers/ctrl_order.inc.php (Line 97) ← ~/includes/controllers/ctrl_order.inc.php (Line 9) in load() ← ~/pages/printable_order_copy.inc.php (Line 12) in __construct() ← ~/index.php (Line 35) in include() Request: GET /printable_order_copy?order_id=2&checksum=3d80c9835163ff74ff9b2ebecb28eab8&media=print HTTP/1.1 Client: 72.30.14.126 (b163.crawl.yahoo.net) User Agent: Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)
tim Founder Van Sweden Lid sinds mei 2013 tim 13 okt 2017 14:13 I have no idea why yahoo crawls private links flagged for noindex and only passed out over email. This is non of their business and I would consider this a privacy intrusion. The error message is fine.
user4513 Designer Van New Zealand Lid sinds sep 2017 user4513 16 okt 2017 01:37 i love how you change my posts and titles to suit. however sweeping under the carpet doesnt give a clean room. the message says could not find order 2 - thats because it has been deleted. so - yahoo is doing its job, searching and indexing site the point is... HOW can yahoo EVER have access to printable order copy with a checksum by a simple get request? How can they ever know the checksum? How can they crawl the entire database to get this information? This information should be locked away and only accessible by the customer, and site manager. A simple no-index is not enough protection for customers address and contact details, nor a shops sales records. Yes the error message is fine.
tim Founder Van Sweden Lid sinds mei 2013 tim 16 okt 2017 11:12 Yahoo accessed the printable link sent in a private email to the customer email address. It contains all info in the URL to direct access the link. Whoever possesses the link can view it. While accessed the order had been deleted so LiteCart logged an attempt to retrieve a deleted order. If you feel you want to require a login for viewing guests orders, you are in trouble. If all your guests have an account you can require login by sticking the command customer::require_login() inside pages/printable_order_copy.inc.php. That should not be necessary as it is checksum protected and a hacker would need some sort of brute force operation for each and every order. A big waste of time.
user4513 Designer Van New Zealand Lid sinds sep 2017 user4513 17 okt 2017 00:10 I love how litecart error reporting works not interested in login for customers viewing order. was it sent to a yahoo address?
tim Founder Van Sweden Lid sinds mei 2013 tim 17 okt 2017 02:57 I dunno. But the only way to grab this link was for Yahoo to get it from some users inbox. Unless the user posted it in some forum or something.