Home Forums WC Vendors Pro Support Edit others products & security.

NOTICE: We've Moved to a Ticket System for Support

As of August 31, 2017 (12am EST) our support forums will be retired (read-only), and we will be moving to a support ticket system.  This will allow us to better organize and answer support requests, and provide a more personalized experience as we assist our customers.

For the time being, we will leave our forums open for reading and learning while we work on creating a more robust Knowledge Base for everyone to use.

If you are a WC Vendors Pro customer please open a support ticket here. 

If you are a WC Vendors user please open a support ticket on the Wordpress.org forums.

The information on this forum is outdated and in most instances no longer relevant. Please be sure to check our documentation for the most up to date information.

https://docs.wcvendors.com/

Thank you to all of our customers!

 

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • #16123
    Stephen
    Participant

    The capabilities allow for submitting live products & editing published products: ‘can_submit_live_products’ & ‘can_edit_published_products’ capabilities.

    Bit there’s nothing in the way of a vendor editing another vendors products. Worse still, if that product is edited it’s ownership changes and not shows up in the new owners product list!

    Bit of a security breach. Easy enough to do by just adding /edit/xxx to a product in the dashboard.

    Thanks.

    #16127
    WC Vendors Support
    Participant

    Interesting. Thanks for that. We’ll have that patched up immediately for v1.1.1.

    #16158
    WC Vendors Support
    Participant

    All fixed. It was just a typo. You can fix this immediately by editing:

    public/class-wcvendors-pro-dashboard.php

    and changing line #317 from:

    case 'products':

    to:

    case 'product':

    …and this will be included in v1.1.1, as well by default.

    #16161
    Stephen
    Participant

    Thanks. Though I’ll have to change the droids message! 🙂

    #16171
    Jamie
    Keymaster

    Hi Stephen,

    Thanks for finding this, I’ll update the permission.php template to something sensible for the next release so you don’t have to override that template 🙂

    cheers,

    Jamie.

Viewing 5 posts - 1 through 5 (of 5 total)
  • The forum ‘WC Vendors Pro Support’ is closed to new topics and replies.
This website uses cookies to ensure you get the best experience on our website.