proposal security breach!
I have found another major security breach.
1. one user logs in, and enters his/her proposal amount and delivery time & logs out.
2. another user logs in - and when clicking on the project to enter his/her proposal - the amount & delivery time of the previous user is already displayed in the proposal amount & delivery time!!
considering I have switched off the feature to see other amounts, I do not want a user to see what the previous person entered!!!
this is a security issue and major bug - please fix.
and for your information - I tried it in both internet explorer & chrome - meaning its got nothing to do with the cache/cookies being saved!
the first user saved his proposal in chrome....then the next user logged in via IT and the data was displayed!
- - - Updated - - -
I just realised it displays the average proposed quote & average delivery time
can this be switched off??