View Issue Details

IDProjectCategoryView StatusLast Update
0001684OXID eShop (all versions)1.01. Products (product, categories, manufacturer, promotions etc.)public2012-12-07 14:23
PriorityhighSeveritymajorReproducibilityhave not tried
Status resolvedResolutionno change required 
Product Version4.2.0 revision 23610 
Target VersionFixed in Version 
Summary0001684: review-link in order confirmation will only work in the same browser and the session-cookie is still active
DescriptionReported by Frank Knapp (egate media):


Steps to reproduce:Order a product and click on 'bewerten' in order email confirmation.

Problem:The review is ONLY saved if the review window opens in the same browser as the
order was placed AND the session-cookie is still active.
Reason:review::getReviewUserId() was not adjusted accordingly after OXID released the
review security fix.

Solution:Modify review::getReviewUserId() as follows: public function getReviewUserId()
        if ( $this->_sReviewUserId === null ) {
            $this->_sReviewUserId = false;
            // EI start
            if (oxConfig::getParameter('reviewuserid'))
                $this->_sReviewUserId = oxConfig::getParameter('reviewuserid');
       return $this->_sReviewUserId;
            // EI end
            //review user from order email
            $sReviewUser = oxConfig::getParameter( 'reviewuser' );
            $sReviewUser = ( !$sReviewUser ) ? oxConfig::getParameter( 'reviewuserid' ) :
            if ( $sReviewUser ) {
             $oUser = oxNew( 'oxuser' );
                $sReviewUserId = $oUser->getReviewUserId( $sReviewUser );
            } $oUser = $this->getUser();
            if (!$sReviewUserId && $oUser) {
                $sReviewUserId = $oUser->getId();
            $this->_sReviewUserId = $sReviewUserId;
        return $this->_sReviewUserId;

TagsRatings, Reviews
PHP Versionany
Database Versionany


related to 0003125 resolvedrimvydas_paskevicius Review link in order e-mail does not work => redirect to startpage 



2010-11-05 09:28

reporter   ~0003667

problem is back to 4.4.4


2011-02-07 10:18

reporter   ~0004078

Still got reports about valid issue in eShop 4.4.6


2011-02-07 11:36

reporter   ~0004079

Almost every release the behaviour is changed, but so far it got never really fixed. A couple times it was implemented in a way, that the user had to log in before being able to perform the review. I want to point out, that this is NOT a solution, because this way users who order without account can't perform a review at all (but also get the review link in the order mail confirmation).

I guess you have to remove the sid check when saving the review, the same way the sid check is not active for the price alert formular in the detail view.


2011-03-31 07:39

reporter   ~0004269

In 4.5.0 version the review link is removed from order confirmation emails. So this issue is no more valid and will be closed.
Thank you for your feedback and support.