YET ANOTHER EasyStore Issue: Customer Order View is STILL BROKEN
Stuart Clark
I've updated to EasyStore 1.2.1 - which apparently fixes a method for GUEST accounts to view their orders... Only it doesn't!
The Option is there on the confirmation page (see: https://prnt.sc/bRYw6XNXphLr), but the significant fxxx up is that this links to /shop/myorders which IMMEDIATELY redirects to the Joomla login screen!
How exactly is a GUEST meant to log in to Joomla????
Ofi Khan
Accepted AnswerHello Stuart Clark
I have created a test order as a guest user. Here is the order view.
It looks fine. Please check it again.
Best regards
Stuart Clark
Accepted AnswerThis is ABSOLUTELY NOT FIXED
- The link on the page I showed you in the above screenshot is to /shop/my-orders - that link REQUIRES LOGIN
- If, however, I add an order number to the end of that URL - e.g. /shop/my-orders/37 - then I can view the order without logging in. HOWEVER, I CAN ALSO VIEW ANY OTHER GUEST ORDER BY SIMPLY TYPING A DIFFERENT ORDER ID
**YOU HAVE NOW ENGINEERED A PRIVACY ISSUE - ANYONE CAN FIND OUT PERSONALLY IDENTIFIABLE INFORMATION ABOUT ANY ORDER BY SIMPLY PHISHING ORDER IDs.
YOU NEED TO FIX THIS IMMEDIATELY
Ofi Khan
Accepted AnswerI got your point. I have talked to the team. They are working for a better solution that does not hamper privacy.
Stuart Clark
Accepted Answer??? There is a SERIOUS SECURITY FLAW in EasyStore at the moment, caused by JoomShaper's lax development.
RESOLVING THIS SHOULD BE YOUR FIRST PRIORITY