Re: more problems with that POS dansie cart software!

[pjh () MCCC EDU (Pete Holsberg)]

On Fri, 14 Apr 2000, tombow wrote:

> if installing a backdoor in the cart software wasn't bad enough.. the
> whole implimentation of pricing and adding items to cart is crap..
>
> example form to add items to your cart (kindly provided on the publishers
> site using the demo cart they set up for us):
>
> *snip*
>
> <FORM METHOD=POST ACTION="http://www.dansie.net/cgi-bin/scripts/cart.pl";>
>
> Black Leather purse with leather straps<BR>
> Price: $20.00<BR>
>
> <INPUT TYPE=HIDDEN NAME=name     VALUE="Black leather purse">
> <INPUT TYPE=HIDDEN NAME=price    VALUE="20.00">
> <INPUT TYPE=HIDDEN NAME=sh       VALUE="1">  <!-- Shipping and Handling
> -->
> <INPUT TYPE=HIDDEN NAME=img      VALUE="purse.jpg">
> <INPUT TYPE=HIDDEN NAME=return   VALUE="http://www.dansie.net/demo.html";>
> <INPUT TYPE=HIDDEN NAME=custom1  VALUE="Black leather purse with leather straps">
>
> <INPUT TYPE=SUBMIT NAME="add" VALUE="Put in Shopping Cart">
> </FORM>
>
> *snip*
>
>
> a couple of quick alterations and we can now add:
>
> one piece of crap cart software..
>
> http://www.dansie.net/cgi-bin/scripts/cart.pl?name=piece+of+crap+cart+software&price=1.00&sh=1&img=purse.jpg&return=http://www.dansie.net/demo.html&custom1=my+shopping+cart+software+sucks+because+i+let+users+manipulate+crucial+variables

This occurs because the person who configured the script
failed to set "persoanl variable #66". Dansie has since
done that at www.dansie.net so that the above URL now fails
to change the shopping cart variables.

Pete