That was the first place I looked...I can't find this option anywhere. Is it the "Action Manager"? If so, then it isn't so obvious as the field would be "Tax" not "Interest", so I don't think that is the correct area...
It's definitely not the UTT Point System Settings or the UTT Store Settings.
There is a major exploit in this hack that will let users donate virtually unlimited amounts of points to themselves or other users and only be charged a minimum amount. It's a simple technique for those who know how to do it, so it's important to fix this or your currency system will be pretty much useless! It does show up in the action transaction logs, so check them for funny entries in the point column.
FIX-
In uttstore/action.donate.php, look for both instances of this line:
$_FIELDS = uttstore_globalize_fields($fields);
ADD THIS LINE AFTER:
$_FIELDS['points'] = uttpoints_number_format($_FIELDS['points']);
It's also a good idea to turn off reputation for donating points since a user can donate all their points to themselves over and over and get unlimited reputation.
There is a major exploit in this hack that will let users donate virtually unlimited amounts of points to themselves or other users and only be charged a minimum amount. It's a simple technique for those who know how to do it, so it's important to fix this or your currency system will be pretty much useless! It does show up in the action transaction logs, so check them for funny entries in the point column.
FIX-
In uttstore/action.donate.php, look for both instances of this line:
$_FIELDS = uttstore_globalize_fields($fields);
ADD THIS LINE AFTER:
$_FIELDS['points'] = uttpoints_number_format($_FIELDS['points']);
It's also a good idea to turn off reputation for donating points since a user can donate all their points to themselves over and over and get unlimited reputation.
Are you 100% positive your running the .95a files?
Are you 100% positive your running the .95a files?
I am fairlay sure we fixed this problem.
I am 100% certain this is a problem in .95a. I just re-downloaded it and put it on my site to verify.
The problem is NOT that the user can donate to themselves, but rather can put a very simple string into the "How much would you like to donate?" field and give themselves (or anyone) many more points than it should send.
For obvious reasons I won't post how here, but I will PM Zachary with details. The simple fix I mentioned in my previous post patches this major exploit.
I am 100% certain this is a problem in .95a. I just re-downloaded it and put it on my site to verify.
The problem is NOT that the user can donate to themselves, but rather can put a very simple string into the "How much would you like to donate?" field and give themselves (or anyone) many more points than it should send.
For obvious reasons I won't post how here, but I will PM Zachary with details. The simple fix I mentioned in my previous post patches this major exploit.