Changing Gift Membership Link Generates New Code

cabbii · 6 March 2018 03:12

I’m working on getting gift memberships working on my site - it’s really the last hurdle to get S2Member going. I’m an S2Member Pro user. I’ve setup the purchase page using the following shortcode:

[s2Member-Pro-Stripe-Form sp=“1” ids=“6802” exp=“2” desc=“Gift membership” cc=“USD” ra=“0.50” coupon="" accept_coupons=“0” default_country_code=“US” captcha=“0” /]

And the specific page code is the following:

[s2Member-Gift-Codes discount=“100%” quantity=“1” /]

When I make the purchase it gives me a link to follow directly on the page as well as in an email. The links take me to the page that generates the gift code.

There are two issues:

The link I get on the page is different than the one sent in email - this results in 2 different gift codes getting generated (!!!) - This happens even if I’m not logged in.
If I take either of these 2 links and change the last character, it will also generate a new code. (!!!)

So basically, with a single purchase of a gift membership you can generate a bunch of usable codes. This is clearly not acceptable.

Here’s an example of one of these links:
https://[mysite]/gift-membership/?s2member_sp_access=ZGVmNTAyMDA2YWQxNzU3YzExZTBlYTAwNHDlNDI1M2FiMjgxZjVlYzZkMDNjMzIyYzc3YjcyMDJlZDMxNzdkYmY1YjMyZGY3OWI3ZGYwZDk5YWVmYjRjNDM4NzQ2YWI0ZmY2ZDY4NjY5MGRjZjQzNDU4NDFmZDZmNWYzOTUwZTBkODRhYzYwODkxYWU1YTFhN2JkMTZlYjU0ZWI4ZdfSHmE0OWVmNDAwMzA2YzcwYzFiNDI3MTZiZDg1NGJlNTljZGJmZGRlZjY5ZTkxNDc5OGNiMjlhOWEzMWUzN2Q2NmE3Y2ZiZTljZWE0YmIxZTg3Mzc1MTBmYTk1NjZiN2U5YmRkMGZjOGVkZDg

Changing the “g” at the end to an “h”, or any other letter coming after “g” will generate new gift codes.

I’m hoping I’m doing something wrong.

Can anyone help here?

Thanks!
Shawn

cabbii · 19 March 2018 14:52

Is anyone else using this feature? Unless I’m doing something very wrong, it seems like this is essentially a vulnerability for anyone using gift codes and specific page purchases.

totld · 4 April 2018 02:27

I’m trying to troubleshoot something else gift-code related and came across this post…thought I’d try it out.

Changing the final letter of an expanded link (as you wrote above, not the TinyURL) does the exact same thing for me.

So yes I would consider this a vulnerability unless we’ve both botched something in our gift code setup, but I can’t see anything wrong with mine and have been using s2m shortcodes for over 2 years now. I would love to know what’s going on there.

FYI it seems like currently the only real way to get a response from the developers (if you’re lucky) is to submit a bug via github, which takes basically trying the whole thing out again on a clean WP install (no other plugins, up-to-date, default theme).

cabbii · 4 April 2018 14:10

Good to hear I’m not crazy. Now, in order to reproduce it, I need a clean install on a dedicated site with s2Member pro since it’s a pro feature. How the heck does that work? I have to buy another license??

totld · 5 April 2018 06:05

A great question that I don’t have the answer to!

I would suggest at least posting this as a bug on github, and maybe someone will get back to you with better info than I can. I’m just another user with some problems using gift codes haha.