You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When attempting to retrieve a sale by id via the EDD REST API, and the provided id does not exist, the response should be an empty sales record, e.g.
GET /edd-api/sales/?id=1&key=xxx&token=yyy
{
"sales"=> [
{}
],
"request_speed"=>0.005464792251586914
}
Actual behavior
When attempting to retrieve a sale by id via the EDD REST API, and the provided id does not exist, the response is an empty sales record, e.g.
The get sales by id is probably expected to be a low-intensity request, and too many clients hitting the "get sales" endpoint with an id that doesn't exist can result in an inadvertent DOS attack against a large site.
See: https://github.com/easydigitaldownloads/EDD-Software-Licensing/issues/1411
Bug Report
Expected behavior
When attempting to retrieve a sale by
id
via the EDD REST API, and the provided id does not exist, the response should be an empty sales record, e.g.Actual behavior
When attempting to retrieve a sale by
id
via the EDD REST API, and the provided id does not exist, the response is an empty sales record, e.g.The get sales by id is probably expected to be a low-intensity request, and too many clients hitting the "get sales" endpoint with an id that doesn't exist can result in an inadvertent DOS attack against a large site.
Steps to reproduce the behavior
Perform a request to the REST API sales endpoint with an id that does exist, e.g.:
GET /edd-api/sales/?id=1&key=xxx&token=yyy
.The response will include an empty sales record,
Proposed Fix
The most conservative fix would seem to be we should return an empty set of sales, instead of an empty sales object.
Information:
EDD Version (or branch):
master
WordPress Version: All
The text was updated successfully, but these errors were encountered: