Describe the bug
PayPal access denied error during checkout with products titles containing HTML <a> tags. It seems to trigger when using more than 1 attribute on the <a> tag, while containing the href attribute. If the <a> tags only attribute is href then the error does not seem to trigger, but adding a second attribute triggers it. An <a> tag not containing the href does not seem to trigger the error.
To Reproduce
Steps to reproduce the behavior:
Create new product with title such as Product name <a href="#test" style="color: red;">HTML Tag</a>
Add the product to cart and proceed to checkout
Checkout with PayPal
See error
Screenshots
Expected behavior
To proceed to PayPal checkout successfully
Isolating the problem (mark completed items with an [x]):
[x] I have deactivated other plugins and confirmed this bug occurs when only WooCommerce plugin is active.
[x] This bug happens with a default WordPress theme active, or Storefront.
[x] I can reproduce this bug consistently using the steps above.
WordPress Environment
`
### WordPress Environment ###
WordPress address (URL): http://sandbox.local
Site address (URL): http://sandbox.local
WC Version: 3.6.0
Log Directory Writable: ✔
WP Version: ❌ 5.1-RC1-44745 - There is a newer version of WordPress available (5.1.1)
WP Multisite: –
WP Memory Limit: 256 MB
WP Debug Mode: ✔
WP Cron: ✔
Language: en_US
External object cache: –
### Server Environment ###
Server Info: nginx/1.13.12
PHP Version: 7.0.29-1+ubuntu14.04.1+deb.sury.org+1 - We recommend using PHP version 7.2 or above for greater performance and security. How to update your PHP version
PHP Post Max Size: 1 GB
PHP Time Limit: 30
PHP Max Input Vars: 1000
cURL Version: 7.35.0
OpenSSL/1.0.1f
SUHOSIN Installed: –
MySQL Version: 5.5.5-10.1.32-MariaDB-1~trusty
Max Upload Size: 1 GB
Default Timezone is UTC: ✔
fsockopen/cURL: ✔
SoapClient: ✔
DOMDocument: ✔
GZip: ✔
Multibyte String: ✔
Remote Post: ✔
Remote Get: ✔
### Database ###
WC Database Version: 3.5.4
WC Database Prefix: wp_
MaxMind GeoIP Database: ✔
Total Database Size: 38.72MB
Database Data Size: 25.28MB
Database Index Size: 13.44MB
wp_woocommerce_sessions: Data: 0.02MB + Index: 0.02MB + Engine InnoDB
wp_woocommerce_api_keys: Data: 0.02MB + Index: 0.03MB + Engine InnoDB
wp_woocommerce_attribute_taxonomies: Data: 0.02MB + Index: 0.02MB + Engine InnoDB
wp_woocommerce_downloadable_product_permissions: Data: 0.02MB + Index: 0.05MB + Engine InnoDB
wp_woocommerce_order_items: Data: 0.02MB + Index: 0.02MB + Engine InnoDB
wp_woocommerce_order_itemmeta: Data: 0.02MB + Index: 0.03MB + Engine InnoDB
wp_woocommerce_tax_rates: Data: 0.02MB + Index: 0.06MB + Engine InnoDB
wp_woocommerce_tax_rate_locations: Data: 0.02MB + Index: 0.03MB + Engine InnoDB
wp_woocommerce_shipping_zones: Data: 0.02MB + Index: 0.00MB + Engine InnoDB
wp_woocommerce_shipping_zone_locations: Data: 0.02MB + Index: 0.03MB + Engine InnoDB
wp_woocommerce_shipping_zone_methods: Data: 0.02MB + Index: 0.00MB + Engine InnoDB
wp_woocommerce_payment_tokens: Data: 0.02MB + Index: 0.02MB + Engine InnoDB
wp_woocommerce_payment_tokenmeta: Data: 0.02MB + Index: 0.03MB + Engine InnoDB
wp_woocommerce_log: Data: 0.02MB + Index: 0.02MB + Engine InnoDB
wp_commentmeta: Data: 0.02MB + Index: 0.03MB + Engine InnoDB
wp_comments: Data: 0.02MB + Index: 0.09MB + Engine InnoDB
wp_edd_commissionmeta: Data: 0.02MB + Index: 0.03MB + Engine InnoDB
wp_edd_commissions: Data: 0.02MB + Index: 0.09MB + Engine InnoDB
wp_edd_customermeta: Data: 0.02MB + Index: 0.03MB + Engine InnoDB
wp_edd_customers: Data: 0.02MB + Index: 0.03MB + Engine InnoDB
wp_email_log: Data: 0.02MB + Index: 0.00MB + Engine InnoDB
wp_facetwp_index: Data: 0.02MB + Index: 0.05MB + Engine InnoDB
wp_fes_vendors: Data: 0.02MB + Index: 0.03MB + Engine InnoDB
wp_gf_draft_submissions: Data: 0.02MB + Index: 0.02MB + Engine InnoDB
wp_gf_entry: Data: 0.02MB + Index: 0.03MB + Engine InnoDB
wp_gf_entry_meta: Data: 0.02MB + Index: 0.05MB + Engine InnoDB
wp_gf_entry_notes: Data: 0.02MB + Index: 0.03MB + Engine InnoDB
wp_gf_form: Data: 0.02MB + Index: 0.00MB + Engine InnoDB
wp_gf_form_meta: Data: 0.05MB + Index: 0.00MB + Engine InnoDB
wp_gf_form_revisions: Data: 0.02MB + Index: 0.03MB + Engine InnoDB
wp_gf_form_view: Data: 0.02MB + Index: 0.03MB + Engine InnoDB
wp_links: Data: 0.02MB + Index: 0.02MB + Engine InnoDB
wp_mphb_sync_logs: Data: 0.02MB + Index: 0.00MB + Engine InnoDB
wp_mphb_sync_queue: Data: 0.02MB + Index: 0.00MB + Engine InnoDB
wp_mphb_sync_stats: Data: 0.02MB + Index: 0.00MB + Engine InnoDB
wp_options: Data: 2.05MB + Index: 0.05MB + Engine InnoDB
wp_postmeta: Data: 9.52MB + Index: 5.03MB + Engine InnoDB
wp_posts: Data: 7.52MB + Index: 3.78MB + Engine InnoDB
wp_rcp_discounts: Data: 0.02MB + Index: 0.00MB + Engine InnoDB
wp_rcp_limits: Data: 0.02MB + Index: 0.00MB + Engine InnoDB
wp_rcp_payments: Data: 0.02MB + Index: 0.08MB + Engine InnoDB
wp_rcp_payment_meta: Data: 0.02MB + Index: 0.03MB + Engine InnoDB
wp_rcp_subscription_level_meta: Data: 0.02MB + Index: 0.03MB + Engine InnoDB
wp_restrict_content_pro: Data: 0.02MB + Index: 0.03MB + Engine InnoDB
wp_termmeta: Data: 0.20MB + Index: 0.22MB + Engine InnoDB
wp_terms: Data: 0.19MB + Index: 0.22MB + Engine InnoDB
wp_term_relationships: Data: 4.52MB + Index: 2.52MB + Engine InnoDB
wp_term_taxonomy: Data: 0.20MB + Index: 0.22MB + Engine InnoDB
wp_usermeta: Data: 0.02MB + Index: 0.03MB + Engine InnoDB
wp_users: Data: 0.02MB + Index: 0.05MB + Engine InnoDB
wp_vtprd_purchase_log: Data: 0.09MB + Index: 0.02MB + Engine InnoDB
wp_vtprd_purchase_log_product: Data: 0.02MB + Index: 0.02MB + Engine InnoDB
wp_vtprd_purchase_log_product_rule: Data: 0.02MB + Index: 0.02MB + Engine InnoDB
wp_wc_download_log: Data: 0.02MB + Index: 0.03MB + Engine InnoDB
wp_wc_product_meta_lookup: Data: 0.02MB + Index: 0.09MB + Engine InnoDB
wp_wc_webhooks: Data: 0.02MB + Index: 0.02MB + Engine InnoDB
### Post Type Counts ###
acf-field: 20
acf-field-group: 2
attachment: 8224
download: 1
edd-checkout-fields: 1
event_magic_tickets: 1
fes-forms: 15
job_listing: 4
leadpage: 2
nav_menu_item: 9
page: 36
post: 5
product: 8218
product_variation: 9
revision: 16
scheduled-action: 2
shop_coupon: 2
shop_order: 7
vtprd-rule: 2
### Security ###
Secure connection (HTTPS): ❌
Your store is not using HTTPS. Learn more about HTTPS and SSL Certificates.
Hide errors from visitors: ✔
### Active Plugins (19) ###
Gravity Forms: by rocketgenius – 2.4.3
Email Log: by Sudar – 2.2.5
FacetWP: by FacetWP
LLC – 3.3.1
Gutenberg Post Grid Block: by Seattle Web Co. –
Hotel Booking Lite: by MotoPress – 3.3.0
VarkTech Pricing Deals for WooCommerce: by Vark – 2.0.0.7 – Not tested with the active version of WooCommerce
Restrict Content Pro - View Limits: by David Jensen – 1.0.0
Transients Manager: by Pippin Williamson – 1.7.5
User Role Editor: by Vladimir Garagulya – 4.49
User Switching: by John Blackbourn & contributors – 1.4.1
WooCommerce Cart PDF: by Seattle Web Co. – 1.0.3 – Not tested with the active version of WooCommerce
WooCommerce - Restrict Content Pro Level Pricing: by David Jensen – 1.0.4 – Not tested with the active version of WooCommerce
Widget CSS Classes: by C.M. Kendrick – 1.5.3
WooCommerce Order Product Count: by David Jensen – 1.3.1 – Not tested with the active version of WooCommerce
WooCommerce Product Generator: by itthinx – 1.1.1 – Not tested with the active version of WooCommerce
WooCommerce TM Extra Product Options: by themeComplete – 4.7.1 – Not tested with the active version of WooCommerce
WooCommerce: by Automattic – 3.7.0-dev
WordPress Beta Tester: by Peter Westwood – 1.2.6
WP Featherlight: by Cipher – 1.3.0
### Inactive Plugins (42) ###
Advanced Cron Manager: by BracketSpace – 2.3.6
Advanced Custom Fields PRO: by Elliot Condon – 5.7.4
Akismet Anti-Spam: by Automattic – 4.1.1
Booster for WooCommerce: by Algoritmika Ltd – 4.2.0 – Not tested with the active version of WooCommerce
Broadcast Beat - Lead Manager: by David Jensen – 1.0.2
Classic Editor: by WordPress Contributors – 1.4
Easy Digital Downloads: by Easy Digital Downloads – 2.9.11
Easy Digital Downloads - Blocks: by Easy Digital Downloads – 1.0.1
Easy Digital Downloads - Checkout Fields Manager: by Easy Digital Downloads – 2.1.6
Easy Digital Downloads - Commissions: by Easy Digital Downloads – 3.4.7
Easy Digital Downloads - Favorites: by Easy Digital Downloads – 1.0.8
Easy Digital Downloads - Frontend Submissions: by Easy Digital Downloads – 2.6.3
Easy Digital Downloads - Message: by Easy Digital Downloads – 1.2
Easy Digital Downloads - PayPal Adaptive Payments: by Easy Digital Downloads
LLC – 1.3.4
Easy Digital Downloads - Recommended Products: by Easy Digital Downloads – 1.2.12
Easy Digital Downloads - Related Downloads: by Isabel Castillo – 1.7.1
Easy Digital Downloads - Reviews: by Easy Digital Downloads – 2.1.10
Easy Digital Downloads - Wish Lists: by Easy Digital Downloads – 1.1.7
EDD Download Images: by Andrew Munro
Sumobi – 1.2
Embed Any Document: by Awsm Innovations – 2.4.1
FooEvents Admin PDF Tickets: by David Jensen – 1.0.0
FooEvents Custom Attendee Fields: by FooEvents – 1.2.1
FooEvents for WooCommerce: by FooEvents – 1.7.9 – Not tested with the active version of WooCommerce
FooEvents Multi-Day: by FooEvents – 1.1.5
FooEvents PDF Tickets: by FooEvents – 1.4.5
Hello Dolly: by Matt Mullenweg – 1.7
Jetpack by WordPress.com: by Automattic – 7.0
Kirki Toolkit: by Aristeides Stathopoulos – 3.0.35.3
Query Monitor: by John Blackbourn & contributors – 3.2.2
Restrict Content Pro: by Restrict Content Pro Team – 2.9.11
Restrict Content Pro - Profile Fields: by David Jensen – 1.0.0
Stackable - Gutenberg Blocks: by Gambit Technologies
Inc – 1.12.1
WooCommerce - Instant Product Search: by Seattle Web Co. – 1.0.0 – Not tested with the active version of WooCommerce
WooCommerce Beta Tester: by Mike Jolley – 1.0.3 – Not tested with the active version of WooCommerce
WooCommerce PayPal Checkout Gateway: by WooCommerce – 1.6.9 – Not tested with the active version of WooCommerce
WooCommerce Services: by Automattic – 1.18.0 – Not tested with the active version of WooCommerce
WooCommerce Square: by WooCommerce – 1.0.35 – Not tested with the active version of WooCommerce
WooCommerce Stripe Gateway: by WooCommerce – 4.1.14 – Not tested with the active version of WooCommerce
WooCommerce Subscriptions: by Prospress Inc. – 2.4.5 – Not tested with the active version of WooCommerce
WordPress Importer: by wordpressdotorg – 0.6.4
WP Job Manager: by Automattic – 1.32.1
WP Job Manager - JobAdder: by David Jensen – 1.0.0
### Settings ###
API Enabled: ✔
Force SSL: –
Currency: USD ($)
Currency Position: left
Thousand Separator: ,
Decimal Separator: .
Number of Decimals: 2
Taxonomies: Product Types: external (external)
grouped (grouped)
simple (simple)
subscription (subscription)
variable (variable)
variable subscription (variable-subscription)
Taxonomies: Product Visibility: exclude-from-catalog (exclude-from-catalog)
exclude-from-search (exclude-from-search)
featured (featured)
outofstock (outofstock)
rated-1 (rated-1)
rated-2 (rated-2)
rated-3 (rated-3)
rated-4 (rated-4)
rated-5 (rated-5)
Connected to WooCommerce.com: ✔
### WC Pages ###
Shop base: #9 - /shop/
Cart: #10 - /cart/
Checkout: #11 - /checkout/
My account: #12 - /my-account/
Terms and conditions: ❌ Page not set
### Theme ###
Name: Excelerate child
Version: 1.0.0
Author URL: https://seattlewebco.com
Child Theme: ✔
Parent Theme Name: Excelerate
Parent Theme Version: 1.0.0
Parent Theme Author URL: https://seattlewebco.com
WooCommerce Support: ✔
### Templates ###
Overrides: /srv/www/sandbox.local/public_html/wp-content/plugins/woocommerce-tm-extra-product-options/templates/cart/cart-item-data.php
### Action Scheduler ###
Complete: 1
Oldest: 2019-04-12 14:45:35 -0400
Newest: 2019-04-12 14:45:35 -0400
Pending: 1
Oldest: 2019-04-19 14:45:35 -0400
Newest: 2019-04-19 14:45:35 -0400
Canceled: 0
Oldest: –
Newest: –
In-progress: 0
Oldest: –
Newest: –
Failed: 0
Oldest: –
Newest: –
`
Describe the bug PayPal access denied error during checkout with products titles containing HTML
<a>
tags. It seems to trigger when using more than 1 attribute on the<a>
tag, while containing thehref
attribute. If the<a>
tags only attribute ishref
then the error does not seem to trigger, but adding a second attribute triggers it. An<a>
tag not containing thehref
does not seem to trigger the error.To Reproduce Steps to reproduce the behavior:
Product name <a href="#test" style="color: red;">HTML Tag</a>
Screenshots
Expected behavior To proceed to PayPal checkout successfully
Isolating the problem (mark completed items with an [x]):
WordPress Environment