Contrib.social

Wrong product may be added to cart due to query by uuid OR variation_id

Open on Drupal.org β†’
Created on 23 May 2024, 11 months ago

Problem/Motivation

The Commerce Webform Order webform handler allows to reference different entity types with different identifiers (either UUID, variation_id, SKU). The query in \Drupal\commerce_webform_order\Plugin\WebformHandler\CommerceWebformOrderHandler::loadEntityValue() then tries to load the referenced entity by all these different properties. This may result in the incorrect product added to the cart, since MySQL casts a UUID string to an INT.

Steps to reproduce

Assume the following data:

commerce_product_variation:

commerce_product_variation__field_data:

and execute the query:

SELECT commerce_product_variation.variation_id
FROM
commerce_product_variation base_table
LEFT JOIN commerce_product_variation ON commerce_product_variation.variation_id = base_table.variation_id
LEFT JOIN commerce_product_variation_field_data commerce_product_variation_field_data ON commerce_product_variation_field_data.variation_id = base_table.variation_id
WHERE (commerce_product_variation.uuid LIKE "214abdb0-cc1e-4f67-bbb9-3e6e2a604bdf" ESCAPE '\\') or (commerce_product_variation_field_data.variation_id = "214abdb0-cc1e-4f67-bbb9-3e6e2a604bdf")

This will find the product with variation_id 214 instead of 1080

Proposed resolution

Apply the conditional entity loading from the configuration form to \Drupal\commerce_webform_order\Plugin\WebformHandler\CommerceWebformOrderHandler::loadEntityValue() :
Check if the value is a valid UUID: assume it is a UUID
Check if the value is numeric: assume it is a variation_id
Else: assume it is a SKU

Remaining tasks

  1. Write a patch
  2. Review
  3. Commit

User interface changes

None

API changes

None

Data model changes

None

πŸ› Bug report
Status

Active

Version

3.0

Component

Code

Created by

πŸ‡³πŸ‡±Netherlands idebr

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Merge Requests

Comments & Activities

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024