maltfield
Forum Replies Created
-
Forum: Fixing WordPress
In reply to: Regular Expressions in “Disallowed Comment Keys”> Try reviewing this: https://github.com/splorp/wordpress-comment-blocklist
Can you please paste at least 1 example of a regular expression from that list?
* https://raw.githubusercontent.com/splorp/wordpress-comment-blocklist/master/blacklist.txt
After quick review, I couldn’t find a single regular expression in that repo’s
blacklist.txtfileForum: Fixing WordPress
In reply to: Configure WordPress to NEVER use OPTIONS requestsAs a workaround, I found that I *can* edit these widgets from the theme -> customize -> widgets section of the site
* /wp-admin/customize.php
…which sends POST (not OPTIONS) as expected
Hi,
I would like to clarify that this *is* a bug.
The JSON, per the wordpress API, should list all of your stable versions, not just your beta/testing versions.
Following the stable version, we get a json error because no download link is provided for version 2.2.12.
Note that you do provide a link for downloading v2.1.12. You do NOT provide a link for downloading 2.2.12.
I urge you to please re-visit my woocommerce example, and how 99% of other wordpress plugins keep this file up-to-date. By not sticking to the standard, you’re breaking cli tools that can’t fetch your plugin.
See also, this changelog entry that created the /lazy-static/thumbnails/ endpoint
* https://docs.joinpeertube.org/CHANGELOG#plugins-themes-embed-rest-apis
Update: I was able to get rid of the button by manually editing
wp-content/plugins/woocommerce-gateway-stripe/includes/payment-methods/class-wc-stripe-upe-payment-gateway.php:*** 1635,1645 **** * * @return boolean */ public function is_express_checkout_enabled() { ! return $this->is_payment_request_enabled() || ! $this->is_amazon_pay_enabled() || ! $this->is_link_enabled(); } /** * Checks if the given express checkout type is enabled for the current page context. --- 1635,1646 ---- * * @return boolean */ public function is_express_checkout_enabled() { ! return false; ! //return $this->is_payment_request_enabled() || ! //$this->is_amazon_pay_enabled() || ! //$this->is_link_enabled(); } /** * Checks if the given express checkout type is enabled for the current page context.The diff above shows I just commented-out the contents of the function
is_express_checkout_enabled()and replaced it withreturn false- This reply was modified 1 month ago by maltfield. Reason: add file path
I just upgraded to v10.5.3, and I found that google play, apple pay, and stripe link are enabled.
It’s actually worse than OP, because they cannot be deactivated!
I went here: /wp-admin/admin.php?page=wc-settings&tab=checkout§ion=stripe&panel=methods
And I was successfully able to uncheck the “Link by Stripe” box and “Save Changes”. That made the stripe link (which was asking my customers for phone numbers) go away.
But, if I try to do the same for the “Apple Pay / Google Pay” option, it *shows* as being unchecked after clicking “Save Changes”. But the apple & google play buttons don’t *actually* go away on the checkout page. And if I refresh that page (/wp-admin/admin.php?page=wc-settings&tab=checkout§ion=stripe&panel=methods), then it’s shown as checked again!
I’m hoping this is just a UI bug. Can someone please tell me where this is stored in the DB, so I can manually disable Google Pay and Apple Pay? It’s a privacy risk to my customers to load these scripts from google and apple servers on my checkout page!
Forum: Plugins
In reply to: [Better Font Awesome] Software Forge (GitHub)I opened a bug report for this in the GitHub repo here:
* https://github.com/CoinPaymentsNet/plugin-woocommerce/issues/1
Forum: Fixing WordPress
In reply to: How to chill out WordPress ajax requests? (Rate limiting)I am not using plugins to extend the editor. Likely there’s a request sent every letter that I type to check to see if the word-typed-so-far is an existing tag (when adding tags to the article in the editor). Typing 100 wpm, that would be ~500 queries per minute.
Wordpress should have a mechanism to rate-limit itself so it doesn’t spam the server to the point of being malicious.
Forum: Fixing WordPress
In reply to: How to chill out WordPress ajax requests? (Rate limiting)I switch between classic and block, and I’m not 100% sure if this issue occurs always on just one of them.
However, I would prefer a solution that wraps all the wordpress functions that make external calls and rate limits them per domain..
Forum: Fixing WordPress
In reply to: How to chill out WordPress ajax requests? (Rate limiting)Stripe was not recommending it
This is not true. Stripe *does* recommend Restricted API Keys. It’s the most secure way to authenticate.
Please re-visit the document that you linked-to above:
* https://docs.stripe.com/stripe-apps/plugins/decide-migration
It recommends three possible integration types:
1. Stripe Connect
2. Stripe Apps
3. Restricted API Keys
Note, again, that the last (Restricted API Keys) is the most secure option of the three. This was confirmed by Stripe Support.
Please reconsider keeping support for the most-secure authentication method.
- This reply was modified 9 months, 4 weeks ago by maltfield.
I believe you should be able to use the standard stripe PHP libraries to support Restricted API Keys.
I confirmed with Stripe Support that Restricted API Keys are more secure than Stripe Connect, as it doesn’t risk the OAuth flow leaking the bearer credentials with the third party server (redirect_uri).
Can you please forward this request (adding Restricted API Key support) to your Security and Product teams?
Please let us know if you have an ETA for when you’ll add the more-secure auth method (Restricted API Keys) in the future.
Forum: Plugins
In reply to: [SA Hosted Checkout for WooCommerce] Support for Stripe Restricted API Keys?Great news, thanks 🙂
Can you please tell me where users can find the instructions for creating Restricted API Keys?
Specifically, we would need the list of minimum permissions that we need to grant when creating the new Restricted API Key.
- This reply was modified 10 months, 1 week ago by maltfield.