Closed solverat closed 6 years ago
Hello! Thanks for this security issue. Just i was thinking about the user orders: in the front end, enduser can see his previous orders and their is a link to the products detail he ordered (if i remember well). Maybe the 404 should display an explicit message like "Product is not more in the catalog", something like that so enduser don't think this 404 is a bug/problem.
If anyone needs this, a PR would be nice. Since nothing much happens anymore with CoreShop 1, I'll close this issue.
Just to know, on CoreShop 2 how is handled product desactivation in the frontend:
Hey @Yivan
thats a good point, I'll create a separate issue for CoreShop 2. I am not sure how to handle product page for customers who already bought products though. For a short sight, they'll get a 404 as well, but we need to change this in long sight.
If a product gets disabled in backend, product::detailAction() must throw an exception.