Consider defensive coding when retrieving order objects

  • Barry

    (@barryhughes-1)


    3 months, 2 weeks ago

    Hi! ??

    We were trying to track down a reported error with a stacktrace as follows:

    #0 /.../wp-content/plugins/woocommerce/includes/class-wc-data-store.php(159):
      Abstract_WC_Order_Data_Store_CPT->read(Object(WC_Order))

    #1 /.../wp-content/plugins/woocommerce/includes/abstracts/abstract-wc-order.php(114):
       WC_Data_Store->read(Object(WC_Order))

    #2 /.../wp-content/plugins/woo-razorpay/includes/razorpay-webhook.php(158):
       WC_Abstract_Order->__construct('3001004173')

    #3 /.../wp-content/plugins/woo-razorpay/includes/razorpay-webhook.php(103): 
       RZP_Webhook->paymentAuthorized(Array)

    #4 /.../wp-content/plugins/woo-razorpay/woo-razorpay.php(986): 
       RZP_Webhook->process()

    #5 /.../wp-includes/class-wp-hook.php(324): 
       razorpay_webhook_init('')

    We think this may come from a much older version of the RazorPay plugin, as we don’t see any direct instantiations of order objects in the current webhook class. However, I wanted to reach out as we spotted a somewhat similar problem in your current code:

    $order = wc_get_order($orderId);
    $rzpWebhookNotifiedAt = $order->get_meta('rzp_webhook_notified_at');

    This is probably fine, 99% of the time, but wc_get_order() can also return (bool) false, so there is a risk you may attempt to call a method on a boolean, which would lead to a fatal error (this could occur as the result of a race condition, in which the order is deleted by a concurrently running process).

  • You must be logged in to reply to this topic.