An admin on another site that is using the mysidia script informed me of this bug.

If a user puts in 0.5 as an item quantity in the shops, they pay half price but get the full item. This bug can be severely exploited if users were to find out.

Just a little love tap to see if this is being looked into or anything?

Open class_itemshop.php

Under the purchase function where you see the else replace this:

else {
$item->quantity = $mysidia->input->post("quantity");


with this:

else {
$item->quantity = (int) $mysidia->input->post("quantity");


For good measure open class_stockitem.php and replace line 37, which is this:

if(empty($quantity)) $quantity = $mysidia->input->post("quantity");


with this:

if(empty($quantity)) $quantity = (int) $mysidia->input->post("quantity");


This is only a partial fix. It will continue to display the wrong values to the user, but should correctly charge them now.

Ahhh thank you thank you! <33