[Steempay-woo-plugin] Follow up: What went wrong, why and how it's solved within minutes
steempay·@steve-walschot·
0.000 HBD[Steempay-woo-plugin] Follow up: What went wrong, why and how it's solved within minutes
Greetings steemians!
# So it has been a bumpy ride for the [first Wordpress plugin that makes accepting STEEM/SBD](https://steemit.com/steempay/@steve-walschot/steempay-steem-s-first-woocommerce-plugin-accept-steem-sbd-on-wordpress-eur-usd-supported) possible.
https://img1.steemit.com/0x0/http://www.wpopal.com/wp-content/uploads/2015/07/woocommerce-plugin-development.jpg
## Yes! I made the first plugin ever!
After a successfull launch and good feedback, i've helped users who still had questions, and after about 5h after launch I closed the evening with this message on the #witness chat channel:
> @fyrstikken made a review of the woo plug-in. 5 star rating. Sweet! Now, my fellow witnesses, I'll go to sleep for the first time in days at a reasonable hour (23:15). Read you all tomorrow guys.
## 06:00: Waking up....
@roelandp discovered an [essential flaw](https://steemit.com/steempay/@roelandp/whitehat-report-warning-don-t-install-steempay-woo-commerce-plugin-for-now-it-s-very-beta) in my plugin. What!! How? Where? After reading trough his post I said to myself, this can't be happening! I've run at least a dozen of tests against this kind of issues? What's wrong!
## You dumb *********************** !!!!!!!
Seriously? I uploaded the wrong folder to Github?? Oh shiat! I really did upload my development folder to Github instead of the production one!
The tiny difference that made the exploit possible can be found right here:
**Dev file (used for internal testing, values to 0)**
$environment_url = ( 'https://steempay.io/payment/verify?' ) ;
$payload = array(
"payid" => $_REQUEST['payid'],
"receiver" => 'steve-walschot', // ToDo: Replace with settings
"amount" => "0", // ToDo: Replace with $wc_order->get_total()
"currency" => "0", // ToDo: Replace with $wc_order->get_order_currency()
);
**Production file (the one you should be using)**
$environment_url = ( 'https://steempay.io/payment/verify/woo?' ) ;
$payload = array(
"receiver" => $this -> receiver_id,
"amount" => $wc_order->get_total(),
"currency" => $wc_order->get_order_currency(),
'merchant_order_id' => $wc_order_id,
'output' => $this->steem_currency,
'payid' => $_REQUEST['payid']
);
## Ok guys, it's a human error
I've uploaded the wrong source to Github. How? I'm not sure. I know i've used Github for Windows and assume I simply forgot that the folder was still my dev folder. I'll take the shot for that one.
The issue was resolved within minutes but the harm had been done. @roelandp made a post warning the users not to use the plugin until this issue had been resolved. Thanks again for that one, you prevented further damage to our userbase.
My aplogies to the people that could have suffered from my lack of concentration on those last meters of the sprint towards the first Wordpress plugin.
### Just a small post to keep you all updated!👍 steve-walschot, goldmatters, juanmiguelsalas, joele, positive, fkn, elishagh1, furion, anomaly, error, joseph, jocelyn, greatness, idol, before, aaseb, peterz, nanzo-scoop, ak2020, konder08, mummyimperfect, emily-cook, sponge-bob, mineralwasser, teamsteem, brains, bingo-0, mrs.agsexplorer, boombastic, recursive2, jlufer, olesya, sakr, masteryoda, bue-witness, trogdor, bue, mini, healthcare, boy, bunny, daniel.pan, moon, helen.tan, tarindel, lichtblick, pgarcgo, funnyman, badassmother, teo, jrcornel, acidyo, smooth-e, ullikume, karen13, neoxian, taker, gregory-f, orly, yarly, yarly2, yarly3, yarly4, yarly5, yarly7, yarly10, yarly11, yarly12, jphamer1, smisi, manosteel211, oululahti, kefkius, netaterra, ibringawareness, acidpanda, recursive, oflyhigh, konstantin, tcfxyz, futurefood, deanliu, chryspano, laoyao, rossco99, boatymcboatface, theshell, cryptofunk, mark-waser, davidjkelley, digital-wisdom, ethical-ai, jwaser, bwaser, ellepdub, herpetologyguy, morgan.waser, strong-ai, fyrstikken, chinadaily, asksisk, steevc, thecryptodrive, kanoptx, steemdrive, shenanigator, bravenewcoin, biternator, unonimity, natsbats, annieb, portuguesinha, steemsports, cryptoctopus, pjheinz, expanse, orcish, venkat, nextgen2, linkback-bot-v0, michellek, steemitqa, ontofractal, steemleak, bitchplease, christoryan, the-ego-is-you, keepdoodling, thylbom, cdubendo, michelle.gent, supergoodliving, dragonslayer109, chitty, fundurian, jl777, proto, fortuner, confucius, ailo, troich, crion, wiss, gikitiki, bitcalm, coad, steema, prof, stroully, yorsens, lillianjones, jarvis, sofa, movievertigo, vive, steemo, kurtbeil, zentat, igster, johnbyrd, steemster1, thadm, igtes, thomasaustin, revelbrooks, ciao, ficholl, curpose, thermor, widell, steem1653, hitherise, bane, sharon, eavy, msjennifer, buffett, roto, steempty, dubi, nextgen6, creemej, lafilip, joachim, nextgen11, nextgen13, thebatchman, cherish, michaelmatthews, paxmagnus, futurology, abit, jackkang, thecryptofiend, mevilkingdom, picokernel, glitterfart, murh, edgeland, remlaps, thebluepanda, mstang83, applecrisp, kenny-crane, robrigo, ajvest, fleshtheworld, blueorgy, masterinvestor, psitorn, storyseeker, milank, eeks, craig-grant, strangerarray, streetstyle, kreet, derekareith, freebornangel, someguy123, r4fken, carlidos, jesta, dragosroua, michaellamden68, nabilov, baro, throw-away911, keverw, mctiller, animus, proglobyte, ervin-lemark, anduweb, walternz, bitcoiner, evgenyche, publicworker, kommienezuspadt, knircky, lovekimberleigh, judasp, seisges, erioni, klye,