Friday, December 2, 2011

Avoid fraud from editing payment method through fire bug to free in magneto


Today i come across one fraud in magneto checkout page

some user can edit payment method to free payment through fire bug and if submit order it will submit and place order

we can avoid this thing

just edit code or extend this model in your local folder in Mage_Sales_Model_Service_Quote i’e


in function _validate() add this code (around 293 )

//pradeep to avoid foud from select free in fire bug
            if($qu->getPayment()->getMethod()=='free' && $qu->getGrandTotal()!=0){
                Mage::throwException($helper->__('Invalid payment method'));

so it will avoid placing order even if the subtotal is not zero in magneto

No comments:

Post a Comment