WP Overnight
Forum Replies Created
-
Hello @amfleurs wordpress.org does not allow us to support our paid extensions via these forums for the free plugin, but if you send us an email at support@wpovernight.com we’ll do our best to help you with this!
It seems that something happened to all these orders at the same time: 2021-04-09 08:18:17.
Could you tell us exactly, step by step, what happened at that time? Did you change the status of the order in bulk? Creating the PDF in bulk (via the “Bulk actions” dropdown which I assume you are referring to as “Group action” earlier, is that correct?) wouldn’t cause duplicates because it’s a serial process, so there must be another process triggering concurrent generation of the documents. Is there a third party application linked to WooCommerce via the API that performs bulk actions? Or are you using another bulk action?
Are you using any custom code that would request the invoice number somewhere else (for example inside the email text or subject?) Or are you changing the order status programmatically?I’m very sorry about that, That’s quite serious indeed. Following the information you shared with us by email, these invoices seem to be stored in a location that is not governed by our plugin, following this pattern:
http://yoursite.com/wp-content/uploads/wp-offload-ses/xxxxxxxxx/invoice-xxxxxxxx.pdf
This is stored in a folder fromwp-offload-ses, and that folder appears to be an open dir that you can browse:
http://yoursite.com/wp-content/uploads/wp-offload-ses/In fact, the whole
uploadsfolder for that site is an open dir:http://yoursite.com/wp-content/uploads/
Meaning that all files on the site can be browsed (and downloaded) without requiring any keys.You can also see that the folder that the PDF Invoice plugin does use for temporary files, is properly protected:
http://yoursite.com/wp-content/uploads/wpo_wcpdf/attachments/
Our plugin places anindex.phpas well as an.htaccessfile inside the folder which prevents it from being browsable by someone trying their luck. This is a backup measure we put into place in case the server has not been configured to block browsing files (like yours).Your first step should be to contact your host and tell them to disable these folder indexes.
Next, you will want to contact Google and ask them to remove all these indexed results.And as bad as it is, I think officially you may need to report this as a data leak, at least to the affected customers. Some of the invoices seem to be from European customers and they would be covered by GDPR.
I understand that it’s an extremely unpleasant situation (to put it mildly), I hope that with the above information you can close this quickly.
Best of luck!Forum: Plugins
In reply to: [PDF Invoices & Packing Slips for WooCommerce] please update DomPdfdue to PHP version compatibility we can not update the bundled dompdf at the moment (0.8.6 requires 7.1+ and we currently still support 5.6).
However, the pdf engine is pluggable, so I have just released a small extension that will allow you to use the latest (or any custom version) without worrying about updates:
https://github.com/wpovernight/woocommerce-pdf-ips-dompdf-latest/releases/tag/v1.0.0Hope that helps!
Forum: Plugins
In reply to: [Payment Gateway using Mollie for Easy Digital Downloads] Fatal errorI’m sorry about that. This could happen if there is another plugin on your site running a version of the Guzzle library that is not compatible with the version of Guzzle used in the Mollie plugin.
Could you install this version instead to see if that resolves the issue?
https://we.tl/t-3RwkUrSDKjForum: Plugins
In reply to: [PDF Invoices & Packing Slips for WooCommerce] blurry amount on product addonI’m afraid that won’t help much, it’s clear what the issue with the output is (currency character not rendered correctly), but if you can answer those 3 questions we may be able to find why it is is not rendered correctly
Hi! Yes, that would be helpful. If you can send an email to support@wpovernight.com we’ll do our best to help resolve this issue. Thanks!
Forum: Plugins
In reply to: [PDF Invoices & Packing Slips for WooCommerce] Preview Edits to templatesAdditionally, if you set the plugin to “Open the PDF in a new browser tab”, you can simply keep one test order open an refresh the tab every time (in combination with the test mode setting mentioned above).