You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It seems like donation form missing nonce verification, we have global JS variable give_global_vars.checkout_nonce but not passing anywhere when submitting donation form.
Expected Behavior
Donation form should have nonce verification to prevent to get hacked.
Current Behavior
Don't find nonce verification in donation creating processing.
Hosting Provider: DBH: localhost, SRV: localhost
TLS Connection: Connection uses TLS 1.2
TLS Connection: Probably Okay
Server Info: Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/7.0.18
PHP Version: 7.0.18
PHP Post Max Size: 8 MB
PHP Time Limit: 0
PHP Max Input Vars: 1000
PHP Max Upload Size: 2 MB
cURL Version: 7.51.0, OpenSSL/1.0.2j
SUHOSIN Installed: –
Default Timezone is UTC: ✔
fsockopen/cURL: ✔
SoapClient: ❌ Your server does not have the SoapClient class enabled - some gateway plugins which use SOAP may not work as expected.
DOMDocument: ✔
gzip: ✔
GD Graphics Library: ✔
Multibyte String: ✔
Remote Post: ✔
Remote Get: ✔
Give Configuration
Give Version: 1.8.19
Database Updates: All DB Updates Completed.
Upgraded From: –
Test Mode: Enabled
Currency Code: USD
Currency Position: Before
Decimal Separator: .
Thousands Separator: ,
Success Page: http://localhost/givefortest/18/donation-confirmation/
Failure Page: http://localhost/givefortest/18/donation-failed/
Donation History Page: http://localhost/givefortest/18/donation-history/
Give Forms Slug: /donations/
Enabled Payment Gateways: Test Donation, Offline Donation
Default Payment Gateway: Offline Donation
PayPal IPN Verification: Enabled
PayPal IPN Notifications: N/A
Admin Email Notifications: Enabled
Donor Email Access: Enabled
Session Configuration
Give Use Sessions: Enabled
Session: Disabled
Active Give Add-ons
Give - Stripe Gateway: ❌ Unlicensed – by WordImpress – 1.5.1
Other Active Plugins
Inactive Plugins
Akismet Anti-Spam: by Automattic – 4.0.1
Give - Fee Recovery: by WordImpress – 1.3.4
Hello Dolly: by Matt Mullenweg – 1.6
Theme
Name: Twenty Seventeen
Version: 1.4
Author URL: https://wordpress.org/
Child Theme: No – If you're modifying Give on a parent theme you didn't build personally, then we recommend using a child theme. See: How to Create a Child Theme
</details>
The text was updated successfully, but these errors were encountered:
Issue Overview
It seems like donation form missing nonce verification, we have global JS variable
give_global_vars.checkout_nonce
but not passing anywhere when submitting donation form.Expected Behavior
Current Behavior
Todos
WordPress Environment
Home URL: http://localhost/givefortest/18
Site URL: http://localhost/givefortest/18
WP Version: 4.9.1
WP Multisite: –
WP Memory Limit: 256 MB
WP Debug Mode: ✔
WP Cron: ✔
Language: en_US
Permalink Structure: /%year%/%monthnum%/%day%/%postname%/
Show on Front: posts
Table Prefix Length: 3
Table Prefix Status: Acceptable
Admin AJAX: Inaccessible
Registered Post Statuses: publish, future, draft, pending, private, trash, auto-draft, inherit, refunded, failed, revoked, cancelled, abandoned, processing, preapproval
Server Environment
Hosting Provider: DBH: localhost, SRV: localhost
TLS Connection: Connection uses TLS 1.2
TLS Connection: Probably Okay
Server Info: Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/7.0.18
PHP Version: 7.0.18
PHP Post Max Size: 8 MB
PHP Time Limit: 0
PHP Max Input Vars: 1000
PHP Max Upload Size: 2 MB
cURL Version: 7.51.0, OpenSSL/1.0.2j
SUHOSIN Installed: –
Default Timezone is UTC: ✔
fsockopen/cURL: ✔
SoapClient: ❌ Your server does not have the SoapClient class enabled - some gateway plugins which use SOAP may not work as expected.
DOMDocument: ✔
gzip: ✔
GD Graphics Library: ✔
Multibyte String: ✔
Remote Post: ✔
Remote Get: ✔
Give Configuration
Give Version: 1.8.19
Database Updates: All DB Updates Completed.
Upgraded From: –
Test Mode: Enabled
Currency Code: USD
Currency Position: Before
Decimal Separator: .
Thousands Separator: ,
Success Page: http://localhost/givefortest/18/donation-confirmation/
Failure Page: http://localhost/givefortest/18/donation-failed/
Donation History Page: http://localhost/givefortest/18/donation-history/
Give Forms Slug: /donations/
Enabled Payment Gateways: Test Donation, Offline Donation
Default Payment Gateway: Offline Donation
PayPal IPN Verification: Enabled
PayPal IPN Notifications: N/A
Admin Email Notifications: Enabled
Donor Email Access: Enabled
Session Configuration
Give Use Sessions: Enabled
Session: Disabled
Active Give Add-ons
Give - Stripe Gateway: ❌ Unlicensed – by WordImpress – 1.5.1
Other Active Plugins
Inactive Plugins
Akismet Anti-Spam: by Automattic – 4.0.1
Give - Fee Recovery: by WordImpress – 1.3.4
Hello Dolly: by Matt Mullenweg – 1.6
Theme
Name: Twenty Seventeen
Version: 1.4
Author URL: https://wordpress.org/
Child Theme: No – If you're modifying Give on a parent theme you didn't build personally, then we recommend using a child theme. See: How to Create a Child Theme
The text was updated successfully, but these errors were encountered: