The Commerce Webform Order webform handler allows to reference different entity types with different identifiers (either UUID, variation_id, SKU). The query in \Drupal\commerce_webform_order\Plugin\WebformHandler\CommerceWebformOrderHandler::loadEntityValue() then tries to load the referenced entity by all these different properties. This may result in the incorrect product added to the cart, since MySQL casts a UUID string to an INT.
Assume the following data:
commerce_product_variation:
commerce_product_variation__field_data:
and execute the query:
SELECT commerce_product_variation.variation_id
FROM
commerce_product_variation base_table
LEFT JOIN commerce_product_variation ON commerce_product_variation.variation_id = base_table.variation_id
LEFT JOIN commerce_product_variation_field_data commerce_product_variation_field_data ON commerce_product_variation_field_data.variation_id = base_table.variation_id
WHERE (commerce_product_variation.uuid LIKE "214abdb0-cc1e-4f67-bbb9-3e6e2a604bdf" ESCAPE '\\') or (commerce_product_variation_field_data.variation_id = "214abdb0-cc1e-4f67-bbb9-3e6e2a604bdf")
This will find the product with variation_id 214 instead of 1080:
Apply the conditional entity loading from the configuration form to \Drupal\commerce_webform_order\Plugin\WebformHandler\CommerceWebformOrderHandler::loadEntityValue() :
Check if the value is a valid UUID: assume it is a UUID
Check if the value is numeric: assume it is a variation_id
Else: assume it is a SKU
None
None
None
Needs work
3.0
Code
@idebr, thanks for debugging and working on this issue.
I've added a comment on the PR itself; I think we should address the issue from there.