Users with blank $wc_billing_email can see all other licenses

michelve / software-license-manager

🔐Wordpress Software License Management. Supports WooCommerce, and WP eStore.

https://epikly.com

GNU General Public License v3.0

77 stars 29 forks source link

Users with blank $wc_billing_email can see all other licenses #15

Closed trescatorce closed 4 years ago

trescatorce commented 4 years ago

At public\slm-add-menu-frontend.php (line 81)

When $wc_billing_email is without content ('') the currently validated user can see all the licenses of the other users.

I have temporarily solved this by changing line 81:

$wc_billing_email = get_user_meta(get_current_user_id(), 'billing_email', true);

$wc_billing_email = get_user_meta(get_current_user_id(), 'billing_email', true); if ($wc_billing_email == ''){ $wc_billing_email = 'noexistemail_blankemail@blankemail.noexists'; }

michelve commented 4 years ago

thanks for the report @trescatorce,

i have updated the code to fallback instead.

   // get user billing email
    $wc_billing_email = get_user_meta(get_current_user_id(), 'billing_email', true);

    // if wp billing is empty
    if ($wc_billing_email == '') {
        $get_user_info      = get_userdata(get_current_user_id());
        $wc_billing_email   = $get_user_info->user_email;
    }