Community Support Forums

[workit]

hey guys,

i was testing s2member plugin and found the following problem:

1. generate a button code (for example: one time access, 20 dollar charge)
2. insert the shortcode on the website
3. when you now open the website and view the source code you will find the price for the product in the line

Code: Select all

<input type="hidden" name="amount" value="20">


4. you can now manipulate the amount value to 1 or any other amount ...
5. press the button
6. paypal will open with the amount you entered
7. proceed and s2member will accept that payment .....

ok i guess nobody with a sane mind would do this with his paypal account ... but is there any possibility to deny payments with wrong amounts? the should be some counterechecks by s2member

[Eduan]

You could try to have PayPal encrypt your buttons: WP Admin -> s2Member -> PayPal Options -> Account Details -> Enable Button Encryption.

Hope this helps.
P.S. Remember to report back.

[workit]

Thanx for that hint, encryption works perfectly! should better be the default setting.

the only disadvantage is that shortcodes don't work it you like to sell something by external pages or in a multipress setup.

[Eduan]

Great, glad to be able to help.
Anything else you need just ask.