The "customAmount" field minimum should be validated server side #326

tomfischerNL · 2022-12-23T16:37:50Z

Description

When I create a payment form with a minimum "one time custom payment amount", and I insert an minimum price, it is possible to remove the min attr in the browser with the console. This needs to be validated server side, not the customAmount, but the minimum amount.

Steps to reproduce

If I set a minimum of 100 USD (see attachment)
I can remove the min attr in the browser, and put in 1 dollar as amount, and submit the form

Additional info

Craft version: 4.3.5
PHP version: 8.1.11
Database driver & version: MySQL 10.6.10
Plugin version: 5.0.8
Is SCA and Stripe Checkout enabled?:

andrelopez · 2023-01-01T14:29:05Z

Hi @tomfischerNL We just released Stripe Payments v5.0.9 with a fix for this issue. Thanks for reporting

tomfischerNL · 2023-01-02T09:48:02Z

Hi @andrelopez, thanks for fixing this bug so quickly!

andrelopez self-assigned this Dec 26, 2022

andrelopez added the bug Something isn't working label Dec 26, 2022

andrelopez added a commit that referenced this issue Jan 1, 2023

Adds validation minimum amount #326

3b369a1

andrelopez closed this as completed Jan 1, 2023

andrelopez added a commit that referenced this issue Feb 9, 2023

Adds validation min amount #326

0bdee79

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

The "customAmount" field minimum should be validated server side #326

The "customAmount" field minimum should be validated server side #326

tomfischerNL commented Dec 23, 2022

andrelopez commented Jan 1, 2023

tomfischerNL commented Jan 2, 2023

The "customAmount" field minimum should be validated server side #326

The "customAmount" field minimum should be validated server side #326

Comments

tomfischerNL commented Dec 23, 2022

Description

Steps to reproduce

Additional info

andrelopez commented Jan 1, 2023

tomfischerNL commented Jan 2, 2023