Paypal orders not validating

  • Resolved mediachip

    (@mediachip)


    2 years, 6 months ago

    Hello and thank you for assisting with this email.

    My name is Vinny, I am the web admin for website https://speclialistsales.com.au

    The site utilizes Braintree Payment Gateway for Woocommerce. But in recent times we have found errors with order variables not validating:

    File path: wp-content/plugins/woo-payment-gateway/includes/abstract/abstract-class-wc-braintree-payment-gateway.php:2428

    Issue: $order variable is not validated before being used as a woocomerce order object which causes an error

    Please see attached files.

    Are you able to assist? We believe this could be an issue with the plugin itself and is causing other issues which rely on orders validating.

    Many thanks for your help!

    Vinny

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author Clayton R

    (@mrclayton)

    2 years, 6 months ago

    Hi @mediachip

    Can you explain why on your site the order-pay property contains an invalid order ID?

    That query parameter is reserved by WooCommerce and should only ever be used for an order ID.

    Kind Regards

    Thread Starter mediachip

    (@mediachip)

    2 years, 6 months ago

    Hello, thanks for your reply

    I can confirm we do not have any customization related to “order-pay“ variable;

    The fatal error mentioned before appears sporadically in our logs and we can’t associate it with specific orders;
    Overall we believe the issue is with the plugin as it does not filter the input from ‘order-pay’ and/or does not validate $order variable before calling WC order methods;

    Also here is an example of another random site (not ours) which uses the plugin and the query input is not validated properly so any url formed as the below one will crash the site (also creating a spike in resources usage , hence it becomes a possible vector for a DoS attack).
    https://www.magped.com/kasse/?order-pay=293891283902

    On top the exact same issue was discussed here 7 month ago,

    CRITICAL Uncaught Error: Call to a member function format() on bool
    and by now it seems not fixed;

    Could you pls specify timeline to fix the bug, so we can update the plugin;
    Thanks

    • This reply was modified 2 years, 6 months ago by mediachip.
    Plugin Author Clayton R

    (@mrclayton)

    2 years, 6 months ago

    On top the exact same issue was discussed here 7 month ago,

    That thread was unrelated to the issue you’re reporting. If you read that thread you will see the user’s issue was related to a subscription.

    (also creating a spike in resources usage , hence it becomes a possible vector for a DoS attack).

    Can you please explain how an exception being encountered causes a spike in resource usage? Consider that when the exception is encountered, all downstream code does not execute, which actually takes less resources. An exception thrown in a PHP request does not interfere with concurrent requests.

    Could you pls specify timeline to fix the bug, so we can update the plugin

    We’ll add additional checks in that code to prevent a PHP exception from being encountered for the case where the order-pay argument is used erroneously. It will be in the next release which will be available in a few days.

    Thanks,

    Plugin Author Clayton R

    (@mrclayton)

    2 years, 5 months ago

    Version 3.2.50 released.

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Paypal orders not validating’ is closed to new replies.