If the order id in the link of Invoice PDF is changed by the customer, then the customer is able to view other customers invoice as well.
For example:
If a person wants to view the order details and invoice, by clicking the "Print Invoice" it opens up in a new tab as the below framed link.
https://www.abc.com/index.php?dispatch=orders.print_invoice&order_id=100001
And if the person changes the last part of the URL i.e the order id to 100002 then the next order invoice is view-able.
How to fix this error?
Give a solution guys?