Open martyspain opened 1 week ago
Fixed for the next release. To get this early, run composer require verbb/wishlist:"dev-craft-4 as 2.0.11"
.
@engram-design Thanks for the quick response! Will this be merged into the Craft 5 version as well? I'm just in the process of migrating and I believe this bug applies there too.
Fixed for the next release. To get this early, run composer require verbb/wishlist:"dev-craft-5 as 3.0.0"
.
Describe the bug
POST requests to
wishlists/lists/update
from logged-in users who are trying to update their lists are always throwing a 403 Forbidden error, even when the user has permissions to manage that list type and they are the owner of that list.I've done a bit of debugging and it seems to be this code in the
src/controllers/ListsController.php
class that's the culprit (starts at line 520):I don't 100% understand what's being checked here, but it always fails at this point because the existing list that belongs to the user has a different
sessionId
value to what's returned fromCraft::$app->getSession()->get('wishlist_list')
. This means that users can't update or delete their own lists.Steps to reproduce
Craft CMS version
4.10.3
Plugin version
2.0.11
Multi-site?
No
Additional context
No response