Merge branch 'develop'

samberrry · samberrry · commit ab40d42078bd · 2021-12-04T18:13:57.000-06:00
diff --git a/controllers/front/address.php b/controllers/front/address.php
@@ -135,6 +135,15 @@ protected function processDeleteRequest()
             $this->context->language->id
         );
 
+        if ($address->id_customer != $this->context->customer->id) {
+            $this->ajaxRender(json_encode([
+                'success' => true,
+                'code' => 301,
+                'message' => "There is not such address"
+            ]));
+            die;
+        }
+
         if ($address->id) {
             if (!$address->deleted){
                 $address->deleted = true;
diff --git a/controllers/front/orderhistory.php b/controllers/front/orderhistory.php
@@ -34,24 +34,33 @@ protected function processGetRequest()
 
             //there is a duplication of code but a prevention of new object creation too
             $order = new Order($id_order, $this->context->language->id);
-            $order_to_display = (new OrderPresenter())->present($order);
+            if (Validate::isLoadedObject($order) && $order->id_customer == $this->context->customer->id){
+                $order_to_display = (new OrderPresenter())->present($order);
 
-            if (Tools::isEmpty($id_order) or !Validate::isLoadedObject($order)) {
+                if (Tools::isEmpty($id_order) or !Validate::isLoadedObject($order)) {
 
+                    $this->ajaxRender(json_encode([
+                        'success' => true,
+                        'code' => 404,
+                        'message' => 'order not found'
+                    ]));
+                    die;
+                } else {
+
+                    $this->ajaxRender(json_encode([
+                        'success' => true,
+                        'code' => 200,
+                        'psdata' => $order_to_display
+                    ]));
+                    die;
+                }
+            }else{
                 $this->ajaxRender(json_encode([
-                    'success' => true,
+                    'success' => false,
                     'code' => 404,
                     'message' => 'order not found'
                 ]));
                 die;
-            } else {
-
-                $this->ajaxRender(json_encode([
-                    'success' => true,
-                    'code' => 200,
-                    'psdata' => $order_to_display
-                ]));
-                die;
             }
         }
         
