1. Tyler Robinson Avatar Tyler Robinson
  2. Untitled project
  3. slm-woocommerce-addon
  4. Issues

License renewal reminder email contains every product entry and exposes all license keys

Issue #19 resolved
Mike Ott created an issue

One of my customers forwarded me an email he received from the website just now. It was a reminder to renew his license.

But the email contained a list of every instance of a product that has ever been sold that is in the database. Several hundred. Here’s a small portion….

FYI the client only has one product licensed to him.

And of course the query string in the renewal link at the end of the email exposes every license key in the database.

Is this an incompatibility with the latest version of Woo? Or something worse?

I’ve disabled the Cronjob Scheduler plugin so that no more of these emails are sent out. Will this stop any more of these notifications being sent?

Comments (14)

  3. Tyler Robinson repo owner

    I will look into this. It may be an issue with that last WooCommerce update. Thank you for letting me know.

  6. Tyler Robinson repo owner

    I just tested this myself and didn’t get what you showed. I only have two users right now with expired plugins and they are both my accounts. I ran the expire check and it sent emails to the correct email addresses with only the expired plugins for those accounts. I can’t replicate the problem you had. I’m not sure if this was an error that occurred after one of the WooCommerce updates. I am running the latest version of WooCommerce and did not get this problem.

  7. Mike Ott reporter

    Thanks Tyler. I was able to replicate it on my staging server as well.

    For now I’ll operate under assumption it as something that occurred after a Woo update. If it happens again I’ll let you know.

    Thanks for responding.

  8. Mike Ott reporter

    Issue may have been temporarily caused by a Woo update. Pending further testing on production server before marking this issue as resolved.

  9. Tyler Robinson repo owner

    It may also be a conflict with another plugin you have. Good idea to test on a production server. I would suggest creating another account for yourself with another email address and add a product or two purchased under each account. Then change the expire dates to a past date and manually running the cron job to see what you get in the emails. If you are still seeing all of them and not just for that user, then maybe disabling all non-essential plugins and trying again to see if it does the same thing.

  12. Mike Ott reporter

    Update: The issue has reappeared with another user complaining about getting the same sort of email notification.

    Seeing as some clients don’t have this problem at all, it got me thinking about the licenses in the database. Please bear with me on this…

    A while ago, long before I implemented your great plugin and before I was using Woocommerce, my customers licence keys were managed via a different solution. When I made the decision to switch to WooCommerce and use your plugin, I knew I had to somehow migrate all the existing user licenses to work with this new system. So I wrote a script that did all the heavy lifting for me which worked out great, with all the new licences created for all the existing users with all their data (name, email, company, product etc).

    But of course there is some customer information that did not exist to begin with, most notably a Unique Transaction ID. And I’ve now realised one thing the customers who brought this to my attention all have in common is they do not have a Unique Transaction ID when I view their license information. Example:

    So I’m wondering if this has something to do with the issue described. When the cron runs to send the reminder notification email, does it require a unique transaction ID exist for the license? Is this the issue?

    If so, can the plugin be modified to not send the notification email when a unique transaction ID doesn’t exist (and even better, notify the admin when this happens so it can be dealt with in a different way)? I’m not sure if this would be considered an edge case or not, or maybe it is reasonable to assume some users of your plugin might have migrated from a different eCommerce system before switching to Woo and therefore don’t have a Unique Transaction ID.

    Or maybe you have a better idea, assuming this is even the crux of the problem.

    PS: if the lack of a unique transaction ID is the issue but none of this is feasible to cater for in a plugin update, can I just slap in any value into the field to solve the problem?

  13. Mike Ott reporter

    Update:

    I believe I’ve created a band-aid fix for this issue. It’s far from perfect but it solves my unique situation, which I’ll share here just in case it helps anyone else in any way.

    Looking at the code and I realised you’ve mad provision to use renew-email-template.php if it exists in an slm-addon folder the theme directory.

    So I placed copy of renew-email-template.php in my theme directory into an slm-addon folder, and just added a condition that checks for the existence of a unique transaction ID.

    Inside the foreach loop…

    $txn_id = $values->txn_id;
if($txn_id) {

// all the other code

}

    I realise this whole situation is probably unique to me and maybe anyone else who migrated data from a different eCommerce plugin.

    Note: This solution will also prevent the customer email from showing any products that need to be licensed. I’m only implementing it to prevent the particular issue noted at the start of this thread.

    Cheers again for the excellent work on this plugin.

  15. Log in to comment
Assignee
Type
bug
Priority
critical
Status
resolved
Votes
0
Watchers
2
Jira: the preferred issue tracker for Bitbucket. Join the team!