Hi,
One of my programmers pointed out that LimeLM::FindPKey() in the API seems to ignore version ID. No matter what value I pass, I get all keys for the given email address. I can even pass a completely fictitious value. Here's a simplified example of the code:
<?php require('LimeLM.php');LimeLM::SetAPIKey('[our key]');
$email = "joe.customer@gmail.com";$version_id = '130'; // or whatever$xml = new SimpleXMLElement(LimeLM::FindPKey($version_id, $email));
if ($xml['stat'] == 'ok'){ echo "<table width='100%'>"; echo "<tr><td>ID </td><td>Key</td></tr>"; foreach ($xml->pkeys->pkey as $pkey) { echo "<td>".$pkey['id']."</td>"; echo "<td>".$pkey['key']."</td>"; echo "</tr>"; } echo "</table>";}LimeLM::CleanUp();?>
I had never noticed this before. Is there something we are doing wrong on our end, or is this broken on the server? I tracked this all the way to: curl_setopt(self::$request, CURLOPT_POSTFIELDS, $post_string);... wherein $post_string looks like this: method=limelm.pkey.find&version_id=130&email=joe.customer%40gmail.com&api_key=[our actual API key]
My guess is that there is a disconnect on the server between the variable name "version_id" as it appears in the request, and the name used to refer to that value on the server? And, since that value is blank, the DB query ignores it and returns all records that match the email?
Any help is appreciated.
Cheers,-Brent
You're right, there's a bug where the product key from other versions will be retrieved (regardless of the version ID). We'll fix this ASAP.
This is not a security issue, however. That is, you can only get product keys for your company.
Thanks for spotting this, Brent.
We've fixed this. Now finding the product key only searches for keys within the chosen version id (instead of across all versions in your company).
Thanks for reporting this.
Nice!
You guys are on it. Thanks for the quick resolution.
-Brent
