enupal / stripe

Allows customers sign up for recurring and one-time payments with Stripe, perfect for orders, donations, subscriptions, and events. Create simple payment forms in seconds easily without coding. For Craft CMS
https://enupal.com/craft-plugins/stripe-payments/
Other
33 stars 19 forks source link

The "customAmount" field minimum should be validated server side #326

Closed tomfischerNL closed 1 year ago

tomfischerNL commented 1 year ago

Description

When I create a payment form with a minimum "one time custom payment amount", and I insert an minimum price, it is possible to remove the min attr in the browser with the console. This needs to be validated server side, not the customAmount, but the minimum amount.

Steps to reproduce

1) If I set a minimum of 100 USD (see attachment) Schermafbeelding 2022-12-23 om 17 23 21

2) I can remove the min attr in the browser, and put in 1 dollar as amount, and submit the form Schermafbeelding 2022-12-23 om 17 27 16

Additional info

andrelopez commented 1 year ago

Hi @tomfischerNL We just released Stripe Payments v5.0.9 with a fix for this issue. Thanks for reporting

tomfischerNL commented 1 year ago

Hi @andrelopez, thanks for fixing this bug so quickly!