Donation form should have nonce verification.

[emgk]

Issue Overview

It seems like donation form missing nonce verification, we have global JS variable give_global_vars.checkout_nonce but not passing anywhere when submitting donation form.

Expected Behavior

• Donation form should have nonce verification to prevent to get hacked.

Current Behavior

• Don't find nonce verification in donation creating processing.

Todos

• Tests
• Documentation

WordPress Environment

``` ### WordPress Environment ###

Home URL: http://localhost/givefortest/18
Site URL: http://localhost/givefortest/18
WP Version: 4.9.1
WP Multisite: –
WP Memory Limit: 256 MB
WP Debug Mode: ✔
WP Cron: ✔
Language: en_US
Permalink Structure: /%year%/%monthnum%/%day%/%postname%/
Show on Front: posts
Table Prefix Length: 3
Table Prefix Status: Acceptable
Admin AJAX: Inaccessible
Registered Post Statuses: publish, future, draft, pending, private, trash, auto-draft, inherit, refunded, failed, revoked, cancelled, abandoned, processing, preapproval

Server Environment

Hosting Provider: DBH: localhost, SRV: localhost
TLS Connection: Connection uses TLS 1.2
TLS Connection: Probably Okay
Server Info: Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/7.0.18
PHP Version: 7.0.18
PHP Post Max Size: 8 MB
PHP Time Limit: 0
PHP Max Input Vars: 1000
PHP Max Upload Size: 2 MB
cURL Version: 7.51.0, OpenSSL/1.0.2j
SUHOSIN Installed: –
Default Timezone is UTC: ✔
fsockopen/cURL: ✔
SoapClient: ❌ Your server does not have the SoapClient class enabled - some gateway plugins which use SOAP may not work as expected.
DOMDocument: ✔
gzip: ✔
GD Graphics Library: ✔
Multibyte String: ✔
Remote Post: ✔
Remote Get: ✔

Give Configuration

Give Version: 1.8.19
Database Updates: All DB Updates Completed.
Upgraded From: –
Test Mode: Enabled
Currency Code: USD
Currency Position: Before
Decimal Separator: .
Thousands Separator: ,
Success Page: http://localhost/givefortest/18/donation-confirmation/
Failure Page: http://localhost/givefortest/18/donation-failed/
Donation History Page: http://localhost/givefortest/18/donation-history/
Give Forms Slug: /donations/
Enabled Payment Gateways: Test Donation, Offline Donation
Default Payment Gateway: Offline Donation
PayPal IPN Verification: Enabled
PayPal IPN Notifications: N/A
Admin Email Notifications: Enabled
Donor Email Access: Enabled

Session Configuration

Give Use Sessions: Enabled
Session: Disabled

Active Give Add-ons

Give - Stripe Gateway: ❌ Unlicensed – by WordImpress – 1.5.1

Other Active Plugins

Inactive Plugins

Akismet Anti-Spam: by Automattic – 4.0.1
Give - Fee Recovery: by WordImpress – 1.3.4
Hello Dolly: by Matt Mullenweg – 1.6

Theme

Name: Twenty Seventeen
Version: 1.4
Author URL: https://wordpress.org/
Child Theme: No – If you're modifying Give on a parent theme you didn't build personally, then we recommend using a child theme. See: How to Create a Child Theme

</details>

[DevinWalker]

The nonce should be renamed to donation_form_nonce and checked at form validation.

[raftaar1191]

This Nonce should be used when changing the Country in the Billing Details Section

[ravinderk]

@emgk Create a general function for nonce validation which we can use anywhere in donation form processing.

function give_verify_donation_form_nonce(){}