georgenl Posted November 20, 2015 Share Posted November 20, 2015 (edited) I have disabled the Merchandise Returns functionality from my test store (PS 1.6.1.1) and even though it has been removed from the front office the URL if typed manually i.e. store.com/index.php?controller=order-follow it is still functioning. I believe that this is not right behavior since it is quite easy for somebody to figure out that the website is using Prestashop and go ahead and try different "non-available" URLs and display pages he/she is not supposed to see! I also think that there may be other pages like Merchandise Returns that even though one may have disabled them, one may be able to directly "hit" them. Is anybody else aware of this? Does anybody have a solution for that apart from going into the code and changing it? Thanks, George Edited November 20, 2015 by georgenl (see edit history) Link to comment Share on other sites More sharing options...
Recommended Posts