search

impress-org / givewp

GiveWP - The #1 Donation Plugin for WordPress. Easily accept donations and fundraise using your WordPress website.
https://givewp.com/
GNU General Public License v3.0
344 stars 191 forks source link

fix(form): verify nonce when changing country #2579

Closed raftaar1191 closed 5 years ago

raftaar1191 commented 6 years ago

Issue Overview

Adding Nonce fields when changing the billing details image

Expected Behavior

Nonce Should add at the time of changing the country

Current Behavior

Not using the Nonce

Steps to Reproduce (for bugs)

  1. Create a Donation Form
  2. Select the Gateway that has billing details init.
  3. Change the billing country and see the network tab in the console in the Ajax you will see that nonce is not being passed to it

Related Issues and/or PRs

https://github.com/WordImpress/Give/issues/2568

Todos

WordPress Environment

``` ### WordPress Environment ### Home URL: http://give.local Site URL: http://give.local WP Version: 4.9.1 WP Multisite: – WP Memory Limit: 256 MB WP Debug Mode: ✔ WP Cron: ✔ Language: en_US Permalink Structure: /%postname%/ Show on Front: posts Table Prefix Length: 3 Table Prefix Status: Acceptable Admin AJAX: Inaccessible Registered Post Statuses: publish, future, draft, pending, private, trash, auto-draft, inherit, refunded, failed, revoked, cancelled, abandoned, processing, preapproval, give_subscription ### Server Environment ### Hosting Provider: DBH: localhost, SRV: give.local TLS Connection: TLS Connection: Server Info: nginx/1.10.1 PHP Version: 7.0.3 PHP Post Max Size: 1,000 MB PHP Time Limit: 900 PHP Max Input Vars: 3000 PHP Max Upload Size: 1,000 MB cURL Version: ❌ 7.38.0, OpenSSL/1.0.1t - We recommend a minimum cURL version of 7.40. SUHOSIN Installed: – MySQL Version: ❌ 5.5.55 - We recommend a minimum MySQL version of 5.6. See: WordPress Requirements Default Timezone is UTC: ✔ fsockopen/cURL: ✔ SoapClient: ✔ DOMDocument: ✔ gzip: ✔ GD Graphics Library: ✔ Multibyte String: ✔ Remote Post: ✔ Remote Get: ✔ ### Give Configuration ### Give Version: 2.0.0 Give Cache: Enabled Database Updates: All DB Updates Completed. Give Cache: Enabled Give Cache: ✔New Donation✔Donation Receipt❌New Offline Donation❌Offline Donation Instruction✔New Donor Register✔Donor Register✔Email access Upgraded From: – Test Mode: Disabled Currency Code: USD Currency Position: Before Decimal Separator: . Thousands Separator: , Success Page: http://give.local/donation-confirmation/ Failure Page: http://give.local/donation-failed/ Donation History Page: http://give.local/donation-history/ Give Forms Slug: /donations/ Enabled Payment Gateways: Stripe - ACH, Test Donation, Stripe - Credit Card Default Payment Gateway: Stripe - Credit Card PayPal IPN Verification: Enabled PayPal IPN Notifications: N/A Admin Email Notifications: Disabled Donor Email Access: Enabled ### Session Configuration ### Give Use Sessions: Enabled Session: Disabled ### Active Give Add-ons ### Give - Email Reports: ❌ Unlicensed – by WordImpress – 1.0.1 Give - Fee Recovery: ❌ Unlicensed – by WordImpress – 1.3.5 Give - Form Field Manager: ❌ Unlicensed – by WordImpress – 1.2.4 Give - Manual Donations: ❌ Unlicensed – by WordImpress – 1.2.2 Give - PDF Receipts: ❌ Unlicensed – by WordImpress – 2.2.2 Give - Recurring Donations: ❌ Unlicensed – by WordImpress – 1.5 Give - Stripe Gateway: ❌ Unlicensed – by WordImpress – 1.5.2 Give - Tributes: ❌ Unlicensed – by WordImpress – 1.3.2 ### Other Active Plugins ### Duplicate Post: by Enrico Battocchi – 3.2.1 ### Inactive Plugins ### Give - 2Checkout Gateway: by WordImpress – 1.0.2 Give - Authorize.net Gateway: by WordImpress – 1.3.2 Give - AWeber: by WordImpress – 1.0.2 Give - Braintree Gateway: by WordImpress – 1.1.1 Give - CCAvenue Gateway: by WordImpress – 1.0 Give - ConvertKit: by WordImpress – 1.0.1 Give - CSV Toolbox: by WordImpress – 1.0 Give - Display Donors: by WordImpress, LLC – 1.0 Give - Dwolla Gateway: by WordImpress – 1.1.2 Give - Form Countdown: by WordImpress – 1.0 Give - Gift Aid: by WordImpress – 1.0.0 Give - Google Analytics Donation Tracking: by WordImpress – 1.1.1 Give - iATS Payment Solutions: by WordImpress – 1.0.1 Give - Paymill Gateway: by WordImpress – 1.1 ### Theme ### Name: Twenty Sixteen Version: 1.4 Author URL: https://wordpress.org/ Child Theme: No – If you're modifying Give on a parent theme you didn't build personally, then we recommend using a child theme. See: How to Create a Child Theme ```
mikejhale commented 5 years ago

Closing as form works as expected.