URL error

  • Hello.

    From what I see, this plugin works by sending a parameter in the URL (?empty-cart=clearcart). This doesn’t follow the HTTP way, that says any action should be done with POST (or PUT etc). GET is only for retrieving. In other words, you should have a <form> around that button.

    A consequence is that if you have two pages open (one being the cart), then empty the cart, add new products from other page, then reload cart, will result in empty cart again.

    For some reason it doesn’t seem vulnerable to CSRF, but it’s a common case.

    Regards

    • This topic was modified 1 year, 9 months ago by nxmndr.
  • The topic ‘URL error’ is closed to new replies.