Privacy issue Invoice Manager Issue

0
I have a question about the direct pay possibility. The 'Pay Now' button brings me to "../?option=com_invoices&view=payment&id=6"

When you change the payment id in the browser you are able to scroll through all the payments, also from other users, which is very undesirable of course.

Is there a way to avoid this?

Thanks in advance for your answer!
Responses (5)
  • Accepted Answer

    Tuesday, November 24 2020, 08:23 AM - #Permalink
    0
    Could you give me at least some sort of answer? I paid for support as well, didn't I?
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, November 24 2020, 10:06 AM - #Permalink
    0
    hello!

    I'm so sorry for the delay, I missed this.

    the reson for this is that the payment page is "open" so the payment processors (paypal, stripe) can reach the endpoint to confirm the payment. (so it can't be a "protected" endpoint)

    we're working to include a security token to be passed to the payment platforms, so the page can't be reached just by changing the ID in the URL.
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, November 24 2020, 04:30 PM - #Permalink
    0
    Thanks Germinal! When will the release of that update be released approximately?
    The reply is currently minimized Show
  • Accepted Answer

    Friday, November 27 2020, 11:23 AM - #Permalink
    0
    I can't say exactly... hopefully a few weeks.
    The reply is currently minimized Show
  • Accepted Answer

    Friday, November 27 2020, 11:35 AM - #Permalink
    0
    Okay, thank you. Take care!
    The reply is currently minimized Show
Your Reply