Security token issue

Hi there @threemind,

Great troubleshooting here! There is obviously a conflict between PayPal Express Checkout and your third-party plugin.

I’d recommend reaching out to the plugin’s authors for further troubleshooting.

I’ll also leave this thread open for another week in case someone has the same problem and can chime in.

Cheers!

Hi there @treibalen,

I have already contacted in the first instance the plugin developers, plugin included in the WP theme developed by the same developers of privacy plugin, they suggested me before identifying the conflict with plugins, at the same time I wrote to you about the issue, which I repeat only occurs when user is public and not logged on.

The php script that saves user privacy preferences, if the user is logged in, we save consent to user meta, also when it’s public it should save the consents off and on in a cookie.

Which setup of your plugin WooCommerce PayPal Checkout Payment Gateway could not allow the cookie to be saved for reasons (if I understood correctly) token security?

This is the php code for public user and user logged in,
if anyone can help understand what’s wrong:

/**
	 * Update the user allowed types of consent.
	 * If the user is logged in, we also save consent to user meta.
	 */
	public function update_privacy_preferences() {
		if ( ! isset( $_POST[ 'update-privacy-preferences-nonce' ] ) || ! wp_verify_nonce( sanitize_key( $_POST[ 'update-privacy-preferences-nonce' ] ), 'uncode-privacy-update_privacy_preferences' ) ) {
			wp_die( esc_html__( 'We could not verify the the security token. Please try again.', 'uncode-privacy' ) );
		}

		$consents_default_on_list = array_map( 'sanitize_text_field', (array) $_POST[ 'consents_default_on_list' ] );
		$consents                 = array_map( 'sanitize_text_field', (array) $_POST[ 'user_consents' ] );
		$consents_to_save         = array();

		// First save all consents that are on by default to off (if unchecked)
		foreach ( $consents_default_on_list as $consents_on ) {
			if ( ! in_array( $consents_on, $consents ) ) {
				$consents_to_save[] = $consents_on . '-off';
			}
		}

		// Then save the other consents
		foreach ( $consents as $consent_id ) {
			if ( in_array( $consent_id, $consents_default_on_list ) ) {
				$consents_to_save[] = $consent_id . '-on';
			} else {
				$consents_to_save[] = $consent_id;
			}
		}

		$consents_as_json = json_encode( $consents_to_save );

		setcookie( "uncode_privacy[consent_types]", $consents_as_json, time() + YEAR_IN_SECONDS, "/" );

		if ( is_user_logged_in() ) {
			$user = wp_get_current_user();

			if ( ! empty( $consents_to_save ) ) {
				delete_user_meta( $user->ID, 'uncode_privacy_consents' );

				foreach ( $consents_to_save as $consent ) {
					$consent = sanitize_text_field( wp_unslash( $consent ) );
					add_user_meta( $user->ID, 'uncode_privacy_consents', $consent );
				}
			}
		}

		wp_safe_redirect( esc_url_raw( wp_get_referer() ) );
		exit;
	}
}

endif;

Thanks in advance for support.

Hi there @threemind,

Thank you for getting back to us!

That would be a challenge to help with. You would have to know more on when that code is triggered, but that would be for the plugin author to troubleshoot.

We can’t really see enough from that code to determine why it’s failing the check. From what we can see some of the $_POST values aren’t set. But on first glance, we don’t see how PayPal Express would be adjusting those.

I’m going to leave the thread open for a bit to see if anyone is able to chime in to help you out.

I can also recommend the following places for more development-oriented questions:

1. WooCommerce Slack Community: https://woocommerce.com/community-slack/
2. Advanced WooCommerce group on Facebook: https://www.facebook.com/groups/advanced.woocommerce/

Cheers!

Hi there @threemind,

We haven’t heard back from you in a while, so I’m going to mark this as resolved – if you have any further questions, you can start a new thread.