Paypal button (form) no longer works

  • lppascal

    (@lppascal)


    1 year ago

    I would assume this also has to do with the security enhancements but the paypal buttons that use a form also stopped working.

Viewing 7 replies - 1 through 7 (of 7 total)
  • Plugin Author WP Darko

    (@spwebguy)

    Hi! Sorry for the inconvenience caused?, it is due to a recent security update that prevents adding scripts to backend fields to prevent any malicious code execution (just like you suspected).

    We recommend placing your script in the footer of your website or using a separate JavaScript file. You can target the button using a custom selector within the script (which is likely already the case).

    We are actively looking for an alternative, to avoid having to do the above, if you need assistance with this or have any questions,?feel free to ask us?here:?https://help.wpdarko.com/en! A dev from our team can help you get it to work! Sorry again ??

    Plugin Author WP Darko

    (@spwebguy)

    Similar thread here: https://www.ads-software.com/support/topic/paypal-buttons-not-working-in-table/

    Thread Starter lppascal

    (@lppascal)

    Only there is no javascript in the form as well it’s just a form

    https://pastebin.com/Kvqduhrv

    So the solution for me is not putting a javascript somewhere else. It seems to strip most of the form options so leaving only a table with no submit button and no text input fields.

    Thread Starter lppascal

    (@lppascal)

    Removing the table does appear to work as it just strips all form and input tags etc.

    Plugin Author WP Darko

    (@spwebguy)

    It isn’t just about JavaScript. We use wp_kses_post() to clean user input and that will strip form tags. Even when being super permissive with the allowed HTML, the PayPal button won’t show.

    More info about the dangers of user created form tags here: https://security.stackexchange.com/questions/120813/is-a-html-form-tag-more-exploitable-than-a-html-link-in-user-submitted-content

    You could argue that admins should be able to add custom JS/HTML in backend fields, unfortunately everything gets stripped for security reasons. Leaving a vulnerability issue unfixed will get our plugin reported and then closed ??.

    Plugin Author WP Darko

    (@spwebguy)

    Obviously not saying it is a great alternative at all, but using Stripe you could generate payment links that you can use in a standard buttons.

    Plugin Author WP Darko

    (@spwebguy)

    Hello,

    Good news! It should work now with v5.1.12. We have worked on a fix with the help of the nice people at WPScan. Administrators and Editors can now add unfiltered HTML to the custom button field.

    Note that you might need to publish your pricing table again (hit Publish) in order to save the snippet in your database.

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Paypal button (form) no longer works’ is closed to new replies.