Any chance of adding hidden fields with validator rule password

WPPizza – A Restaurant Plugin for WordPress Support General Support Any chance of adding hidden fields with validator rule password

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • 3 January, 2020 at 4:50 pm #46113
    Thorvaldur Sveinsson
    Participant

      I have been having trouble with closing the submit order form from dishonest people submitting via the browser console thus bypassing my payment gateway (and claiming successfully to have had a gift certificate). I managed to stop it by adding a hidden input to the form and making it required but then I had to remove the :hidden selector from the ignore option in scripts.min.js to have the hidden input noticed by the validator. It would be really nice to have the option of adding a hidden input with keyword that would match a validator rule.

      3 January, 2020 at 5:28 pm #46114
      Olly
      Admin & Mod

        instead of messing around with hidden fields – which anyone can manipulate anyway (though it depends on what exactly you are doing with it of course) it strikes me like a much better idea to disallow submission of non-enabled gateways in the first place. This should most definitely happen server side.

        looking at it in a bit more detail, i can see how one could change from STRIPE for example to COD , and I will certainly fix this as a matter of priority asap.
        However, if someone submits a COD order and you have not enabled anything other than one particular credit card gateway, I would have thought you would know that someone has messed around with things and should ignore the order so am not quite sure how someone can successfully claim to have a gift certificate (i dont even know where this “gift certificate” comes from ….)

        that said, it’s somewhat abstract , so if you can give me a walkthrough on your site as how people claim for some gift certificates as well as manipulate the checkout process i would be most interested.

        3 January, 2020 at 5:37 pm #46115
        Olly
        Admin & Mod

          PS: please mark any reply as private

          3 January, 2020 at 7:19 pm #46116
          Olly
          Admin & Mod

            As of wppizza 3.10.7 noone should be able to use a gateway that is not enabled in your backend , no matter how much they try to tamper with the frontend

            of course, if you – or anyone else for that matter – still experiences this , i want to to know about it !!

            (I’m kind of surprised myself that i overlooked this possibility for so long to be honest. But better late than never I guess…..)

            4 January, 2020 at 2:04 pm #46123
            Thorvaldur Sveinsson
            Participant
              This reply has been marked as private.
              4 January, 2020 at 2:30 pm #46124
              Olly
              Admin & Mod

                as it turns out – looking at that site – your problem has nothing to do with any of this .
                It is simply due to the order page being cached (or perhaps – less likely though – some php session problem)

                If I clear my cache and go directly to your orderpage (https://yoursite.tld/pantanir/) without ever having put anything into the cart, i STILL get items from some previous / other users.
                the order page must not ever be cached
                https://docs.wp-pizza.com/getting-started/?section=setup
                https://docs.wp-pizza.com/faqs/?section=using-a-cache-plugin

                i would also suggest you update wppizza to the latest version (3.10.7) which addresses a few other potential issue

                4 January, 2020 at 2:37 pm #46125
                Olly
                Admin & Mod
                  This reply has been marked as private.
                • Author
                  Posts
                Viewing 7 posts - 1 through 7 (of 7 total)
                • The topic ‘Any chance of adding hidden fields with validator rule password’ is closed to new replies.