Community Support Forums

by **cdlambden** » October 20th, 2011, 10:27 pm

Hi, I have created a Google Checkout button in pro, but there's no ability to encode the url. They could easily edit the price in the url and pay 1 cent for your product. How can I encode the url/button so they can't do that? Thanks!

by **Eduan** » October 20th, 2011, 10:37 pm

You could try to have PayPal encrypt your buttons: WP Admin -> s2Member -> PayPal Options -> Account Details -> Enable Button Encryption.

Hope this helps.

P.S. Remember to report back.

by **cdlambden** » October 21st, 2011, 7:00 am

Hi, I tried that and the url still isn't encrypted. Thanks.

by **cdlambden** » October 22nd, 2011, 9:35 am

Any updates on this? It's a pretty big vulnerability if they can just change the payment amout in the url and still get access. Thanks.

by **cdlambden** » October 23rd, 2011, 11:10 am

Would there be some way to manually encode the url? Would Google URL shortener work? Thanks!

by **Jason Caldwell** » October 23rd, 2011, 1:00 pm

Yes, please see this thread regarding this vulnerability:
viewtopic.php?f=4&t=15232&p=41707#p41707

Encoding your Google checkout URL produced by s2Member would make it more difficult, but it won't prevent this vulnerability entirely, because it would still be possible to tamper with the variables before being redirected to Google Checkout. So ... more difficult, yes. A long-term solution, no.

We are currently working to address this in a future release of s2Member.
viewtopic.php?f=4&t=15232&p=41707#p41707

Community Support Forums

Encoded Google Checkout Button

Encoded Google Checkout Button

Re: Encoded Google Checkout Button

Re: Encoded Google Checkout Button

Re: Encoded Google Checkout Button

Re: Encoded Google Checkout Button

Re: Encoded Google Checkout Button

Who is online