Hi. I have another gripe with the paypal “button” establishment. I have been using a beautiful looking widget from paypal labs, which requires you to login to your paypal account so the widget you create links to your account data. I recently found “odd” things happening to my widget. i.e., you MUST instal ONLY a remotely hosted image in your widget, you can’t host it at paypal, and yet my widget image was being changed beyond my control.
I used a url from Photobucket, and the image always worked well. Then, I decided to change the image, update it. All worked well. Couple of days later, to my surprise, the OLD image is back. I cleared my cache, the old image was still back. I logged into paypal labs and checked my widget – the url was there for the right pic, but the wrong image was showing up.
To remedy this, I was forced to make a new widget from scratch with the new image on the new url. All worked fine. Couple of weeks later, I decided I didn’t like that image, I would change it. I logged into paypal labs only to find (a) I was indeed auto-logged into my paypal account at the same time, but (b) oddly, “not” having access to my new widget, so I could not change the url to change the picture.
I solved the problem using Photobucket. I logged in there and BROKE the existing url by moving the widget pic to a different directory. I then uploaded a new image to the old directory, and gave it the name of the old image so the url in my paypal widget that I could not access to change, was now updated by changing the image in Photobucket. Cleared my cache, the new pic showed up fine in my paypal widget.
24 hours later, I was surprised to find the “old” picture back in my same paypal widget in the same site where it had always been embedded. I checked the site; if this was a cache problem, why had no other web site changes been affected? I cleared the cache a few times, no luck, still the wrong old pic in my paypal widget. I rebooted, cleared the cache again, no change. Wrong (old) picture in the widget.
I logged into paypal to check the image. THIS TIME, I could not access my widget account despite being in actual fact logged in.
Now, I logged into Photobucket. The new image was still on the url which I had originally fed into my paypal widget. The old image was still in the different directory I had moved it to. No way the old image could show up in my widget.
Now, just to prove a point, I deleted the old image from Photobucket, so there is no possibility of its showing up by accident in my paypal widget. Cleared the cache a few times again. No change, paypal widget still the OLD image which I had first moved to another directory, breaking the url, and had now deleted.
Pictures CANNOT show up in these widgets unless you install them with a url. So, how was this OLD image still showing up, but NOT the new one on the correct url? If clearing the cache repeatedly had no effect at all, then someone else has to be hosting my OLD image and somehow remotely overriding the correct url in order to show the old image instead of the new one.
Given this kind of a problem with the paypal labs widget, I wouldn’t trust it to handle my money. I have therefore removed it from my web site. Which is too bad, because it’s a beautiful flash widget, nicest on the internet.
However, it seems to me the code is also a problem. This widget appears to completely encode your paypal ID and data in a way that you can’t identify what this script actually contains. For all I know, someone could remotely seize this script and redirect incoming donations, if they can fool around and redirect my images. This is the paypal labs widget script, for anyone who’s interested in playing with it:
<object type='application/x-shockwave-flash' data='https://giving.paypallabs.com/flash/badge.swf' width='205' height='350' id='badge2afdeb70d78b012ebb15000d60d4c902' align='middle'>
<param name='allowScriptAccess' value='always' />
<param name='allowNetworking' value='all' />
<param name='movie' value='https://giving.paypallabs.com/flash/badge.swf' />
<param name='quality' value='high' />
<param name='bgcolor' value='#FFFFFF' />
<param name='wmode' value='transparent' />
<param name='FlashVars' value='Id=2afdeb70d78b012ebb15000d60d4c902'/>
<embed src='https://giving.paypallabs.com/flash/badge.swf' FlashVars='Id=2afdeb70d78b012ebb15000d60d4c902' quality='high' bgcolor='#FFFFFF' wmode='transparent' width='205' height='350' Id='badge2afdeb70d78b012ebb15000d60d4c902' align='middle' allowScriptAccess='always' allowNetworking='all' type='application/x-shockwave-flash' pluginspage='https://www.macromedia.com/go/getflashplayer'></embed>
</object>
The sign-up site for these widgets is here:
h t t p s : / / giving.paypallabs.com/authenticate/review
And this is their email:
[email protected]
I would be very curious to hear what anyone who knows scripts has to say about this odd state of affairs.
