Yep, things like these really make me wish for an automated WP patch-on-updates solution like https://github.com/cweagans/composer-patches/ but for pure WP diffs.
Hey @nothin7 , were you able to generate the source map file to fix this issue? If so, how did you do it?
Thread Starter
Zade
(@nothin7)
@eddivalen Not sure what you’re talking about. Did somebody say that the authors won’t be simply adding a space to that CSS file and I have to generate a source map file instead?
@gabrielfuentes Could you please refrain from marking this ticket “Resolved” until you have added a single space to that CSS file?
Oh, sorry, I thought you fixed the issue by generating the source map with the space you mentioned. I just wanted to know if you were able to do it.
As for the developers, it seems this isn’t a priority for them since it’s been a while since the issue was opened.
Thread Starter
Zade
(@nothin7)
@eddivalen I still don’t understand why there’s any talk of “generating the source map”. The fix is to edit a CSS file that improperly comments out a reference to another file (a .map file), because while:
/* #this */
is a comment that’s ignored,
/*#this */
isn’t because there is no space between “/*” and “#”. But edits to plugin files are overwritten when the plugin is updated. So the plugin authors need to make this change to the CSS file so the fixed file gets published to the WordPress repository.
Yeah, these guys are clueless. I have opened a ticket about this, the last response was quite lengthy and tried to say that it was either because of my theme or because of minification I was running. That’s not the case. The problem is in the embedded asset that they ship which is the file at:
/plugins/woocommerce-gateway-paypal-powered-by-braintree/vendor/skyverge/wc-plugin-framework/woocommerce/payment-gateway/assets/css/frontend/sv-wc-payment-gateway-payment-form.min.css
Hi Alex @noahjose (and everyone interested in learning more),
As mentioned in #8350291, the development team is aware of this issue, and we’ve previously flagged your fix for them to update. They’re aware of this forum thread and the number of users asking for this fix, so we’re hopeful that they’ll be able to address this within the next update.
Thanks!
-OP
This is still a problem that is tripping my IDS and causing all sorts of havoc. Please fix.
Thread Starter
Zade
(@nothin7)
@omarfpg As stated above, could you (and your entire team) please refrain from marking this ticket “Resolved” until you have added a single space to that CSS file? This is not resolved, so marking it as such is dishonest, and it makes your customers think you are no longer concerned about this. If you think about it, it would be faster to type one space in one file than to type yet another response in this thread, notifying everybody that is following and wasting even more time. So do the right thing for all of us, including you. Otherwise I guess we can all look for a more supported payment gateway. Thanks 🙂
Hi there @nothin7, thanks for reaching back 👋
Just to reiterate, the development team are aware of this issue, and we’ve previously flagged your fix for them to update it.
We’ve noted this forum thread once more to the developers, so that they may understand the scope of the issue that you are experiencing.
That said, while the support team and the development team are in constant communication, they are different teams. Also, each one has their procedures in place. As such, this thread was due to be marked as resolved at some point in time, due to inactivity – as the required actions here have already been taken.
We’re hopeful that they’ll be able to address this within the next update.
I trust this provides clarity. 🙂
Still suffering from this bug on production sites. When will this fix be put into the plugin?
Thread Starter
Zade
(@nothin7)
@galapogos01 I went ahead and changed the status back to “not resolved”, and I’ll try to keep doing so until these guys get their shit together. However, I HIGHLY recommend you ditch this plugin, because I traced a pattern of velocity attacks on my server (hosting ~100 sites) to all (and only) the sites where this plugin was enabled. See https://wordpress.org/support/topic/beware-of-velocity-attacks-failed-orders-with-this-plugin/
@anastas10s I understand that, from your perspective, “the required actions here have already been taken”. However, this is my support thread, and I wholeheartedly disagree. A problem is “resolved” when it no longer exists. If you want to take the required action, do whatever it takes to add a single space to ONE file. You can keep telling me that you’ve done your part, but actions speak louder than words, and it is clear that this request is being ignored. I try to be polite, but this is just pathetic. If you can’t find the spacebar, I gotchu! Look at the bottom row of your keyboard, and press down on the widest key until you feel resistance. Let’s be excellent to each other, shall we?
@nothin7 Thank you. I have had similar problems with the idiotic support team closing my tickets before resolution (see https://wordpress.org/support/topic/broken-script-dependencies-leads-to-error-on-pdp/ — this is still a problem but I can’t re-open it).
Your link is dead (someone probably deleted your thread), but I have had similar issues with multiple fraud attempts one one order with the Braintree payment gateway plugin. Their excuse was it’s a WordPress flaw and they will not fix it. My workaround is a captcha (which has other side effects & conversion impacts). If you have a better option for Braintree/Paypal I’d like to hear it.
Thread Starter
Zade
(@nothin7)
@galapogos01 it looks like my review link is live again, somehow it was showing 5 stars so I corrected that. Just in case I’ll copy it below:
Three years ago, @patrickhs reported that this plugin has “non-existent fraud protection”, and apparently this hasn’t changed.
I manage over 100 WordPress sites, and only three of them get hit with velocity attacks, where scammers will use your site to test stolen credit cards, generating hundreds of failed orders (last attack was over 5,000 attempts). I spent countless hours trying various anti-spam plugins and writing various scripts, until I finally discovered a pattern: These are the only sites using Braintree for WooCommerce Payment Gateway. Clearly this plugin suffers from an unpatched vulnerability because somehow a Guest user had five charges approved for the same order, all different card numbers, preceded by hundreds of failed attempts (each attempt generating an order note, about one second apart). Another order showed a failed attempt after the successful payment. That’s not how WooCommerce works, especially when your Checkout page has a reCAPTCHA. You can’t pass reCAPTCHAs that quickly, and you can’t (successfully) pay for the same order twice; that’d be a new order. So essentially this plugin is an invitation for hackers to bypass the Checkout interface and make order attempts programmatically.
Also, the latest update (3.1.7) destroys the credit card field styling (and, in turn, customers’ trust). I’m glad I noticed that right away.
Combining that with the fact that I reported a bug (“sv-wc-payment-gateway-payment-form.min.css.map error”) over a year ago that could be resolved by adding a single space to a file—and they still haven’t fixed it—I no longer trust Braintree and have begun switching everyone to WooPayments. First impressions of WooPayments are great, setup is a breeze, and my Checkout pages are now more user-friendly in multiple ways.
If only there was an award for The Most Incompetent WordPress Plugin Developer.
