Page Scanner for Buttons

[angelleye]

We'll need a tool that crawls/scans all of the site's pages/posts to look for PayPal standard buttons that are not secure. For example, a button like this...

<form target="paypal" action="https://www.sandbox.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_cart"><br />
<input type="hidden" name="business" value="sandbo_1215254764_biz@angelleye.com"><br />
<input type="hidden" name="item_name" value="Test Widget"><br />
<input type="hidden" name="amount" value="10.00"><br />
<input type="hidden" name="currency_code" value="USD"><br />
<input type="hidden" name="add" value="1"><br />
<input type="hidden" name="button_subtype" value="products"><br />
<input type="hidden" name="no_note" value="0"><br />
<input type="image" src="https://www.sandbox.paypal.com/en_US/i/btn/btn_cart_LG.gif" border="0" name="submit" alt="PayPal - The safer, easier way to pay online!"><br />
<img alt="" border="0" src="https://www.sandbox.paypal.com/en_US/i/scr/pixel.gif" width="1" height="1"><br />
</form>

This button is not secure because people could simply copy the HTML, change the field values, and then submit the form with these adjusted values and checkout that way.

So we'll just need to come up with a good way to search through page code and pull these out. Maybe find any form with an action that includes paypal.com in the value, and then also look to see if the same form has an "amount" parameter with a numeric value.

The scan should save details about all of the buttons it finds so it can return them on a report. For example, the page/post it was found on. A single scan might return 100 buttons on a report.

[nishitlangaliya]

Hi Andrew,

I have started working on this ticket. I am working on below logic .

1. Go through all the pages and post which has status publish. (Using wpdb query).
2. Filter the post which has paypal.com and 'amount' text in post_content.
3. store that posts in array to figure out which post has unsecured Paypal button.
4. Then we can manipulate that array and think about the reports template.

Let me know your suggestions and thoughts for the same.

[angelleye]

1. Yes, but let's go a step further. Let's give them options. Some people might wnat to scan only published pages, but others might want to scan all published and draft pages, for example.
2. It's not just in the post content, it would be within specific forms. I'm not sure exactly how much in depth you're thinking about that the way you've said it here. The scanner should find PayPal buttons only and make sure not to be grabbing other forms or general content which happens to refer to paypal.com and an amount.
3. Yes, some way to store all of the page/post IDs that contain an insecure button for display/report purposes. We should probably go ahead and save the report data to the database, too, so that people can look at previously run scans.
4. Yes, once we have a solid scan working with all data saved and ready to go, we can start focusing on the "look and feel" of the report itself.

[nishitlangaliya]

Hi Andrew,

Today I am done with raw functionality of paypal button scanner for all page. in that I have applied below logic.

1. scan for all publish page and post having text paypal.com.
2. filter the content having '_cart', amount for separate the unsecured button post array.
3. filter the content having '_s_xclick', and not having '_cart' and amount in content for separate the secure button post arrray.
4. simply show that post id and post url in admin side.

"Yes, but let's go a step further. Let's give them options. Some people might wnat to scan only published pages, but others might want to scan all published and draft pages, for example."

-- > We can only scan publish post because the draft version of post will not have page source so we wont have any content to filter the text. and in database it will have shortcode stored that cant be filter with keyword like paypal, _cart etc.

also you can notice the scanning takes some time to scan all pages and content that will affect the speed of scan.

I have pushed the latest code to development branch please review it and let me know your thoughts for the same.

[angelleye]

When previewing a draft post WP seems to use some sort of a temporary URL for the preview since it isn't published yet. Can't we just use that same URL for scanning the draft posts?

How did you filter the "secure" buttons? What exactly are you using to know it's secure? Also, did you only do those 2 types for the insecure buttons? We should be scanning for all PayPal button types...

http://grab.by/GjBI

[nishitlangaliya]

Hi Andrew,

I am done with finalized the post and pages that have secure and unsecured button in to content. and pushed it to development branch as well. and for draft I have tried some of the logic but I couldn't got full page source for the draft version as it is crawling source from remote it finds the page not found for the draft version.

Now I am moving to Issue-3 for the interface part.

Please review it and let me know your thoughts and suggestions for the same.

[angelleye]

Seems to be doing what I expect at this point. We'll make more adjustments, but we'll do that with separate issues.

[angelleye]

Well, I just re-scanned and I noticed something odd, so I'm re-opening this issue. Here's what I got.

So it seems to have found the 2 secure buttons as expected, but then it's showing 871 insecure buttons on a single page. that page does have 1 insecure button on it, but I'm not sure where the 871 is coming from..?? I don't think I even have 871 pages in this site total.

[nishitlangaliya]

Hi Andrew,

Functionality related bugs sorted in Issue 3 and pushed latest code uploaded to development branch.