WooCommerce/UABB error on checkout with stripe – 403 error

I have identified the problem SOMEWHERE within the bb-ultimate-addon/modules/uabb-woo-products/uabb-woo-products.php file

line 593 has this:

		check_ajax_referer( 'uabb-woo-nonce', 'security' );
		if ( ! isset( $_REQUEST['product_id'] ) ) {
			die();
		}

but commenting this out doesnt have any effect. renaming the entire file (to remove it) does, so it is something in here conflicting. I know this is not your plugin, but wanted to highlight it.

I have further identified that within the uabb-woo-products.php , line 46:

add_filter( 'nonce_user_logged_out', array( $this, 'filter_nonce_user_logged_out' ) );

which refers to the following function:

	public function filter_nonce_user_logged_out( $uid = 0, $action = '' ) {
		if ( $uid && 0 !== $uid && $action && 'add_cart_single_product_ajax' === $action ) {
			return $uid;
		}

		return 0;
	}

which in turn, refers to this function:

	public function add_cart_single_product_ajax() {
		if ( isset( $_POST['security'] ) && wp_verify_nonce( $_POST['security'], 'uabb-woo-nonce' ) ) {
			$product_id   = isset( $_POST['product_id'] ) ? sanitize_text_field( $_POST['product_id'] ) : 0;
			$variation_id = isset( $_POST['variation_id'] ) ? sanitize_text_field( $_POST['variation_id'] ) : 0;
			$quantity     = isset( $_POST['quantity'] ) ? sanitize_text_field( $_POST['quantity'] ) : 0;
		}

		if ( $variation_id ) {
			WC()->cart->add_to_cart( $product_id, $quantity, $variation_id );
		} else {
			WC()->cart->add_to_cart( $product_id, $quantity );
		}
		die();
	}

but no idea why this would not work, or even why it is invoked on checkout.

removing this filter fixes the issue, which is why it works when logged in, but not when logged out

• This reply was modified 4 years, 3 months ago by volcomjon.
• This reply was modified 4 years, 3 months ago by volcomjon.

Hi @volcomjon
Thank you for your work ??

I think the problem is the UABB is returning 0 to all actions that are not ‘add_cart_single_product_ajax’, even the user is logged or not.

Could you change the function to:

public function filter_nonce_user_logged_out( $uid, $action = '' ) {
		if ( $action && 'add_cart_single_product_ajax' === $action ) {
			return ( $uid && 0 !== $uid ) ? $uid : 0;
		}
                return $uid;
	}

and test?

I think the logic of the function is wrong. The function only must return a value for add_cart_single_product_ajax action.

• This reply was modified 4 years, 3 months ago by Oscar Gare.

@oscargare that seems to have worked – or at least the problem has gone away!

I’ll raise this with ultimate addons – thank you for looking into this, especially as its not your plugin!

Update this week from UABB….

….we have planned to release the fix in upcoming update this week

@neilgee

Thanks for keeping us updated. Appreciate it.

Ran into this exact issue on a client site. @oscargare your fix worked. Thank you.

UABB update today…

Version 1.28.4
20 Aug 2020

Fixed

    Woo-Products – Fixed Checkout page error for logged out users