Community Support Forums

Hi, I have created a Google Checkout button in pro, but there's no ability to encode the url. They could easily edit the price in the url and pay 1 cent for your product. How can I encode the url/button so they can't do that? Thanks!

You could try to have PayPal encrypt your buttons: WP Admin -> s2Member -> PayPal Options -> Account Details -> Enable Button Encryption.

Hope this helps.
P.S. Remember to report back.

Hi, I tried that and the url still isn't encrypted. Thanks.

Any updates on this? It's a pretty big vulnerability if they can just change the payment amout in the url and still get access. Thanks.

Would there be some way to manually encode the url? Would Google URL shortener work? Thanks!

Yes, please see this thread regarding this vulnerability:
viewtopic.php?f=4&t=15232&p=41707#p41707

Encoding your Google checkout URL produced by s2Member would make it more difficult, but it won't prevent this vulnerability entirely, because it would still be possible to tamper with the variables before being redirected to Google Checkout. So ... more difficult, yes. A long-term solution, no.

We are currently working to address this in a future release of s2Member.
viewtopic.php?f=4&t=15232&p=41707#p41707