search

woocommerce / woocommerce

A customizable, open-source ecommerce platform built on WordPress. Build any commerce solution you can imagine.
https://woocommerce.com
9.4k stars 10.76k forks source link

PayPal Error: Access Denied product titles containing HTML #23296

Closed dkjensen closed 5 years ago

dkjensen commented 5 years ago

Describe the bug PayPal access denied error during checkout with products titles containing HTML <a> tags. It seems to trigger when using more than 1 attribute on the <a> tag, while containing the href attribute. If the <a> tags only attribute is href then the error does not seem to trigger, but adding a second attribute triggers it. An <a> tag not containing the href does not seem to trigger the error.

To Reproduce Steps to reproduce the behavior:

  1. Create new product with title such as Product name <a href="#test" style="color: red;">HTML Tag</a>
  2. Add the product to cart and proceed to checkout
  3. Checkout with PayPal
  4. See error

Screenshots Access denied

Expected behavior To proceed to PayPal checkout successfully

Isolating the problem (mark completed items with an [x]):

WordPress Environment

` ### WordPress Environment ### WordPress address (URL): http://sandbox.local Site address (URL): http://sandbox.local WC Version: 3.6.0 Log Directory Writable: ✔ WP Version: ❌ 5.1-RC1-44745 - There is a newer version of WordPress available (5.1.1) WP Multisite: – WP Memory Limit: 256 MB WP Debug Mode: ✔ WP Cron: ✔ Language: en_US External object cache: – ### Server Environment ### Server Info: nginx/1.13.12 PHP Version: 7.0.29-1+ubuntu14.04.1+deb.sury.org+1 - We recommend using PHP version 7.2 or above for greater performance and security. How to update your PHP version PHP Post Max Size: 1 GB PHP Time Limit: 30 PHP Max Input Vars: 1000 cURL Version: 7.35.0 OpenSSL/1.0.1f SUHOSIN Installed: – MySQL Version: 5.5.5-10.1.32-MariaDB-1~trusty Max Upload Size: 1 GB Default Timezone is UTC: ✔ fsockopen/cURL: ✔ SoapClient: ✔ DOMDocument: ✔ GZip: ✔ Multibyte String: ✔ Remote Post: ✔ Remote Get: ✔ ### Database ### WC Database Version: 3.5.4 WC Database Prefix: wp_ MaxMind GeoIP Database: ✔ Total Database Size: 38.72MB Database Data Size: 25.28MB Database Index Size: 13.44MB wp_woocommerce_sessions: Data: 0.02MB + Index: 0.02MB + Engine InnoDB wp_woocommerce_api_keys: Data: 0.02MB + Index: 0.03MB + Engine InnoDB wp_woocommerce_attribute_taxonomies: Data: 0.02MB + Index: 0.02MB + Engine InnoDB wp_woocommerce_downloadable_product_permissions: Data: 0.02MB + Index: 0.05MB + Engine InnoDB wp_woocommerce_order_items: Data: 0.02MB + Index: 0.02MB + Engine InnoDB wp_woocommerce_order_itemmeta: Data: 0.02MB + Index: 0.03MB + Engine InnoDB wp_woocommerce_tax_rates: Data: 0.02MB + Index: 0.06MB + Engine InnoDB wp_woocommerce_tax_rate_locations: Data: 0.02MB + Index: 0.03MB + Engine InnoDB wp_woocommerce_shipping_zones: Data: 0.02MB + Index: 0.00MB + Engine InnoDB wp_woocommerce_shipping_zone_locations: Data: 0.02MB + Index: 0.03MB + Engine InnoDB wp_woocommerce_shipping_zone_methods: Data: 0.02MB + Index: 0.00MB + Engine InnoDB wp_woocommerce_payment_tokens: Data: 0.02MB + Index: 0.02MB + Engine InnoDB wp_woocommerce_payment_tokenmeta: Data: 0.02MB + Index: 0.03MB + Engine InnoDB wp_woocommerce_log: Data: 0.02MB + Index: 0.02MB + Engine InnoDB wp_commentmeta: Data: 0.02MB + Index: 0.03MB + Engine InnoDB wp_comments: Data: 0.02MB + Index: 0.09MB + Engine InnoDB wp_edd_commissionmeta: Data: 0.02MB + Index: 0.03MB + Engine InnoDB wp_edd_commissions: Data: 0.02MB + Index: 0.09MB + Engine InnoDB wp_edd_customermeta: Data: 0.02MB + Index: 0.03MB + Engine InnoDB wp_edd_customers: Data: 0.02MB + Index: 0.03MB + Engine InnoDB wp_email_log: Data: 0.02MB + Index: 0.00MB + Engine InnoDB wp_facetwp_index: Data: 0.02MB + Index: 0.05MB + Engine InnoDB wp_fes_vendors: Data: 0.02MB + Index: 0.03MB + Engine InnoDB wp_gf_draft_submissions: Data: 0.02MB + Index: 0.02MB + Engine InnoDB wp_gf_entry: Data: 0.02MB + Index: 0.03MB + Engine InnoDB wp_gf_entry_meta: Data: 0.02MB + Index: 0.05MB + Engine InnoDB wp_gf_entry_notes: Data: 0.02MB + Index: 0.03MB + Engine InnoDB wp_gf_form: Data: 0.02MB + Index: 0.00MB + Engine InnoDB wp_gf_form_meta: Data: 0.05MB + Index: 0.00MB + Engine InnoDB wp_gf_form_revisions: Data: 0.02MB + Index: 0.03MB + Engine InnoDB wp_gf_form_view: Data: 0.02MB + Index: 0.03MB + Engine InnoDB wp_links: Data: 0.02MB + Index: 0.02MB + Engine InnoDB wp_mphb_sync_logs: Data: 0.02MB + Index: 0.00MB + Engine InnoDB wp_mphb_sync_queue: Data: 0.02MB + Index: 0.00MB + Engine InnoDB wp_mphb_sync_stats: Data: 0.02MB + Index: 0.00MB + Engine InnoDB wp_options: Data: 2.05MB + Index: 0.05MB + Engine InnoDB wp_postmeta: Data: 9.52MB + Index: 5.03MB + Engine InnoDB wp_posts: Data: 7.52MB + Index: 3.78MB + Engine InnoDB wp_rcp_discounts: Data: 0.02MB + Index: 0.00MB + Engine InnoDB wp_rcp_limits: Data: 0.02MB + Index: 0.00MB + Engine InnoDB wp_rcp_payments: Data: 0.02MB + Index: 0.08MB + Engine InnoDB wp_rcp_payment_meta: Data: 0.02MB + Index: 0.03MB + Engine InnoDB wp_rcp_subscription_level_meta: Data: 0.02MB + Index: 0.03MB + Engine InnoDB wp_restrict_content_pro: Data: 0.02MB + Index: 0.03MB + Engine InnoDB wp_termmeta: Data: 0.20MB + Index: 0.22MB + Engine InnoDB wp_terms: Data: 0.19MB + Index: 0.22MB + Engine InnoDB wp_term_relationships: Data: 4.52MB + Index: 2.52MB + Engine InnoDB wp_term_taxonomy: Data: 0.20MB + Index: 0.22MB + Engine InnoDB wp_usermeta: Data: 0.02MB + Index: 0.03MB + Engine InnoDB wp_users: Data: 0.02MB + Index: 0.05MB + Engine InnoDB wp_vtprd_purchase_log: Data: 0.09MB + Index: 0.02MB + Engine InnoDB wp_vtprd_purchase_log_product: Data: 0.02MB + Index: 0.02MB + Engine InnoDB wp_vtprd_purchase_log_product_rule: Data: 0.02MB + Index: 0.02MB + Engine InnoDB wp_wc_download_log: Data: 0.02MB + Index: 0.03MB + Engine InnoDB wp_wc_product_meta_lookup: Data: 0.02MB + Index: 0.09MB + Engine InnoDB wp_wc_webhooks: Data: 0.02MB + Index: 0.02MB + Engine InnoDB ### Post Type Counts ### acf-field: 20 acf-field-group: 2 attachment: 8224 download: 1 edd-checkout-fields: 1 event_magic_tickets: 1 fes-forms: 15 job_listing: 4 leadpage: 2 nav_menu_item: 9 page: 36 post: 5 product: 8218 product_variation: 9 revision: 16 scheduled-action: 2 shop_coupon: 2 shop_order: 7 vtprd-rule: 2 ### Security ### Secure connection (HTTPS): ❌ Your store is not using HTTPS. Learn more about HTTPS and SSL Certificates. Hide errors from visitors: ✔ ### Active Plugins (19) ### Gravity Forms: by rocketgenius – 2.4.3 Email Log: by Sudar – 2.2.5 FacetWP: by FacetWP LLC – 3.3.1 Gutenberg Post Grid Block: by Seattle Web Co. – Hotel Booking Lite: by MotoPress – 3.3.0 VarkTech Pricing Deals for WooCommerce: by Vark – 2.0.0.7 – Not tested with the active version of WooCommerce Restrict Content Pro - View Limits: by David Jensen – 1.0.0 Transients Manager: by Pippin Williamson – 1.7.5 User Role Editor: by Vladimir Garagulya – 4.49 User Switching: by John Blackbourn & contributors – 1.4.1 WooCommerce Cart PDF: by Seattle Web Co. – 1.0.3 – Not tested with the active version of WooCommerce WooCommerce - Restrict Content Pro Level Pricing: by David Jensen – 1.0.4 – Not tested with the active version of WooCommerce Widget CSS Classes: by C.M. Kendrick – 1.5.3 WooCommerce Order Product Count: by David Jensen – 1.3.1 – Not tested with the active version of WooCommerce WooCommerce Product Generator: by itthinx – 1.1.1 – Not tested with the active version of WooCommerce WooCommerce TM Extra Product Options: by themeComplete – 4.7.1 – Not tested with the active version of WooCommerce WooCommerce: by Automattic – 3.7.0-dev WordPress Beta Tester: by Peter Westwood – 1.2.6 WP Featherlight: by Cipher – 1.3.0 ### Inactive Plugins (42) ### Advanced Cron Manager: by BracketSpace – 2.3.6 Advanced Custom Fields PRO: by Elliot Condon – 5.7.4 Akismet Anti-Spam: by Automattic – 4.1.1 Booster for WooCommerce: by Algoritmika Ltd – 4.2.0 – Not tested with the active version of WooCommerce Broadcast Beat - Lead Manager: by David Jensen – 1.0.2 Classic Editor: by WordPress Contributors – 1.4 Easy Digital Downloads: by Easy Digital Downloads – 2.9.11 Easy Digital Downloads - Blocks: by Easy Digital Downloads – 1.0.1 Easy Digital Downloads - Checkout Fields Manager: by Easy Digital Downloads – 2.1.6 Easy Digital Downloads - Commissions: by Easy Digital Downloads – 3.4.7 Easy Digital Downloads - Favorites: by Easy Digital Downloads – 1.0.8 Easy Digital Downloads - Frontend Submissions: by Easy Digital Downloads – 2.6.3 Easy Digital Downloads - Message: by Easy Digital Downloads – 1.2 Easy Digital Downloads - PayPal Adaptive Payments: by Easy Digital Downloads LLC – 1.3.4 Easy Digital Downloads - Recommended Products: by Easy Digital Downloads – 1.2.12 Easy Digital Downloads - Related Downloads: by Isabel Castillo – 1.7.1 Easy Digital Downloads - Reviews: by Easy Digital Downloads – 2.1.10 Easy Digital Downloads - Wish Lists: by Easy Digital Downloads – 1.1.7 EDD Download Images: by Andrew Munro Sumobi – 1.2 Embed Any Document: by Awsm Innovations – 2.4.1 FooEvents Admin PDF Tickets: by David Jensen – 1.0.0 FooEvents Custom Attendee Fields: by FooEvents – 1.2.1 FooEvents for WooCommerce: by FooEvents – 1.7.9 – Not tested with the active version of WooCommerce FooEvents Multi-Day: by FooEvents – 1.1.5 FooEvents PDF Tickets: by FooEvents – 1.4.5 Hello Dolly: by Matt Mullenweg – 1.7 Jetpack by WordPress.com: by Automattic – 7.0 Kirki Toolkit: by Aristeides Stathopoulos – 3.0.35.3 Query Monitor: by John Blackbourn & contributors – 3.2.2 Restrict Content Pro: by Restrict Content Pro Team – 2.9.11 Restrict Content Pro - Profile Fields: by David Jensen – 1.0.0 Stackable - Gutenberg Blocks: by Gambit Technologies Inc – 1.12.1 WooCommerce - Instant Product Search: by Seattle Web Co. – 1.0.0 – Not tested with the active version of WooCommerce WooCommerce Beta Tester: by Mike Jolley – 1.0.3 – Not tested with the active version of WooCommerce WooCommerce PayPal Checkout Gateway: by WooCommerce – 1.6.9 – Not tested with the active version of WooCommerce WooCommerce Services: by Automattic – 1.18.0 – Not tested with the active version of WooCommerce WooCommerce Square: by WooCommerce – 1.0.35 – Not tested with the active version of WooCommerce WooCommerce Stripe Gateway: by WooCommerce – 4.1.14 – Not tested with the active version of WooCommerce WooCommerce Subscriptions: by Prospress Inc. – 2.4.5 – Not tested with the active version of WooCommerce WordPress Importer: by wordpressdotorg – 0.6.4 WP Job Manager: by Automattic – 1.32.1 WP Job Manager - JobAdder: by David Jensen – 1.0.0 ### Settings ### API Enabled: ✔ Force SSL: – Currency: USD ($) Currency Position: left Thousand Separator: , Decimal Separator: . Number of Decimals: 2 Taxonomies: Product Types: external (external) grouped (grouped) simple (simple) subscription (subscription) variable (variable) variable subscription (variable-subscription) Taxonomies: Product Visibility: exclude-from-catalog (exclude-from-catalog) exclude-from-search (exclude-from-search) featured (featured) outofstock (outofstock) rated-1 (rated-1) rated-2 (rated-2) rated-3 (rated-3) rated-4 (rated-4) rated-5 (rated-5) Connected to WooCommerce.com: ✔ ### WC Pages ### Shop base: #9 - /shop/ Cart: #10 - /cart/ Checkout: #11 - /checkout/ My account: #12 - /my-account/ Terms and conditions: ❌ Page not set ### Theme ### Name: Excelerate child Version: 1.0.0 Author URL: https://seattlewebco.com Child Theme: ✔ Parent Theme Name: Excelerate Parent Theme Version: 1.0.0 Parent Theme Author URL: https://seattlewebco.com WooCommerce Support: ✔ ### Templates ### Overrides: /srv/www/sandbox.local/public_html/wp-content/plugins/woocommerce-tm-extra-product-options/templates/cart/cart-item-data.php ### Action Scheduler ### Complete: 1 Oldest: 2019-04-12 14:45:35 -0400 Newest: 2019-04-12 14:45:35 -0400 Pending: 1 Oldest: 2019-04-19 14:45:35 -0400 Newest: 2019-04-19 14:45:35 -0400 Canceled: 0 Oldest: – Newest: – In-progress: 0 Oldest: – Newest: – Failed: 0 Oldest: – Newest: – `
mikejolley commented 5 years ago

See https://github.com/woocommerce/woocommerce/pull/23297