Vendors can edit other vendors bookings

Home Forums WooCommerce Bookings Integration Vendors can edit other vendors bookings

NOTICE: We've Moved to a Ticket System for Support

As of August 31, 2017 (12am EST) our support forums will be retired (read-only), and we will be moving to a support ticket system.  This will allow us to better organize and answer support requests, and provide a more personalized experience as we assist our customers.

For the time being, we will leave our forums open for reading and learning while we work on creating a more robust Knowledge Base for everyone to use.

If you are a WC Vendors Pro customer please open a support ticket here. 

If you are a WC Vendors user please open a support ticket on the Wordpress.org forums.

The information on this forum is outdated and in most instances no longer relevant. Please be sure to check our documentation for the most up to date information.

https://docs.wcvendors.com/

Thank you to all of our customers!

 

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • May 31, 2017 at 5:23 pm #66835
    Thomas
    Participant

    Hi

    From an earlier thread I can see you are fixing the bug that allows vendors to see all bookings in the calendar but are you aware that vendors can edit other vendors bookings. With the calendar bug they can access the other bookings from the calendar but they can also currently access other bookings by changing the order number e.g. 101 to 102 in the path /dashboard/wc_booking/edit/101/.

    Do you know roughly when the update to fix these issues is going to be released as this a fairly major issue.

    Thanks

    Tom

    June 2, 2017 at 3:21 am #67031
    Anna
    Member

    @intech
    Yes- this bug has been reported,and as soon as I have a fix available I will let you know. Thank you!

    July 17, 2017 at 4:13 pm #70259
    Thomas
    Participant

    Hi Anna

    Any news on when this bug is going to be fixed? The recent update doesn’t seem to have addressed this one and its a fairly major security issue if vendors can edit each others bookings.

    I’m not sure what the recent update was fixing but it also looks to have broken the calendar. I know there was an issue with vendors seeing other vendors bookings but now they can’t see their own bookings in month or day view. Is this something you are aware of?

    Thanks

    Tom

    July 20, 2017 at 1:26 am #70404
    Anna
    Member

    @intech
    Thomas,
    I’m testing this and looking into the Bookings issues motioned above and I will report back with any additional information.
    Thank you-

    July 31, 2017 at 3:12 pm #72598
    Thomas
    Participant

    Hi Anna

    Any feedback on these issues. These are the only things really holding back the site from going live and I really need a fix or a workaround for them. The most crucial one is the issue allowing people to see other peoples orders. The site is targeting the UK and the data protection laws here mean having peoples personal data easily accessible like this can lead to massive fines as well as a bad reputation.

    If you can’t lock down the vendors orders to the specific vendor, is it possible to make the order number random and complex so it can’t easily be guessed. Its not ideal but this would add some protection, at least until it can be properly sorted.

    Thanks for your help.

    Tom

  • Author
    Posts
Viewing 5 posts - 1 through 5 (of 5 total)
  • The forum ‘WooCommerce Bookings Integration’ is closed to new topics and replies.