Skip to content

Warning: You do not have permission to access the API! YES AGAIN NOT A DUPLICATE #9492

@hounw

Description

@hounw

What version of OpenCart are you reporting this for?

3.0.3.7

Describe the bug
Unable to edit orders due to api permissions

To Reproduce

Installed on xampp local server, tried on macos and windows.

First, changed the timezone -> unable to login...

tried setting timezone in php.ini and my.cnf -> still no login

tried alternative setting $_['session_engine'] = 'file';

SUCCESS able to login... but now it's impossible to edit an order...

tried a solution on another issue

#6783

commeting out the three lines suggested here #6783 (comment)

Doesn't work either.

Expected behavior

Being able to login to admin and editing orders

Server / Test environment (please complete the following information):

  • Local development xampp on macos with PHP Version 7.3.18/Xampp on windows php 7.4.14

Additional context

We tried the ocmod here https://www.opencart.com/index.php?route=marketplace/extension/info&extension_id=30437&filter_search=api%20error

and it works, but it completely removes a check which seems like a potential security issue (but I haven't dug in enough to know):

`

session->data['api_id'])) {]]>
<![CDATA[

		if (isset($this->session->data['me_loves_taco'])) {
		
		]]></add>
	</operation>		
</file>`

Metadata

Metadata

Assignees

No one assigned

    Labels

    target: 3.0.x.xIssues and PRs targeting the 3.0.x.x maintenance branch

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions