Important update to AJAX requests in Easy Digital Downloads 2.9.4

Version 2.9.4 of Easy Digital Downloads includes some important updates related to a few of our templates and sections that can be customized. These updates may require changes to stores that have modified these sections. The changes, specifically were adding nonce values to actions. These nonces are now required as of version 2.9.4 and without them, critical functionality can fail. Below is a list of the nonces that were added, and the function or template files that were modified, in order to make it easier to update your changes as needed.

Template Files Changed

templates/checkout_cart.php
templates/shortcode-profile-editor.php
templates/widget-cart-item.php

Functions Changed

includes/template-functions.php

  • edd_get_purchase_link()

includes/checkout/template.php

  • edd_default_cc_address_fields()
  • edd_get_register_fields()
  • edd_get_login_fields()
  • edd_payment_mode_select()
  • edd_checkout_hidden_fields()

Debugging

In order to make this easier for store owners and theme developers to know if they are affected by these changes, we’ve forced the edd_debug_log() function to log an entry in the Easy Digital Downloads Debug Log any time a required nonce is missing.

You can view your debug log by visiting Downloads > Tools > Debug Log

Detailed Changes

Below is a list, showing the line as it previously existed, and the new line.
https://gist.github.com/cklosowski/8fa3914ca578ee1b6d10741fef4e3029

Its not often we have to make changes to these template files that would require this level of information, but when it comes to hardening the security and performance of your store, it will be necessary to review the above changes and update your stores accordingly.

25 responses... add one

Thanks god I found some information regarding the issues I’m having with EDD, I’m developing an addon and everything stopped working. Gotta get into that but I’m sure I’ll get it working soon. Anyway, why now is required a nonce? I mean I don’t get why it’s needed, everything was working perfectly without them.

Thanks!

@surce,

Nonces are a method used to help prevent malicious attempts at replays for links and forms. They are now required as an attempt to help prevent misuse of the AJAX endpoints. While things were ‘working perfectly’ without them, adding the nonces is just an extra layer of protection against the customer sessions and interacting with the cart.

You can read more about nonces within WordPress here: https://codex.wordpress.org/WordPress_Nonces

Just fixed it by adding data-nonce=”‘ . wp_create_nonce( ‘edd-add-to-cart-‘ . $eddnum ) . ‘” where $eddnum is the download ID, thank you so much family for such amazing plugin!

@Martin,

None of the hooks were changed in their naming or position, however if you were removing our hooks for some of the functions listed in the article above, and replacing it with your own hooks, you may need to review the changes and apply them. If you were simply adding more to the hooks, then you should not run into any issues.

Thank you for explaining where changes are. Very helpful.

I upgraded to 2.9.5 to but I’m not seeing Debug Log in Downloads > Tools. Does it only show if the log has something in it, or am I looking in the wrong place?

THANK YOU to Chris and EDD team for publishing this. I should have paid better attention while upgrading these important plugins and didn’t notice my checkout was broken until a customer emailed me! Luckily I got the templates resolved in under 20 minutes—totally worth it for the added security.

AJAX is the default method of handling things like Adding items to the cart. While disabling AJAX is supported it is not suggested and should only be used by developers doing custom integration.

So you do not see this setting, because it is already on.

My site was working fine before the update. I have problem with deletion of item from add to cart button. Item is only deleting from checkout page but not from add to cart icon. I have applied your updates but no luck.

I figure it out myself
replace this in functions.php
<a href="” class=”remove-item” title=””>x

with this
<a href="” class=”remove-item edd_cart_remove_item_btn” title=””>x

Hi Kalim,
Can you please advise me where do I find this function?
I checked all the functions.php in whole WP and none of them have a line x
Thank you!

@Efim

This is not something that exists in a functions.php file typically. You’d need to look through any template files that you’ve created (or your theme has) for EDD. Those would possibly be located within your theme’s folder under the folder name `edd_templates`

If you have further issues, please reach out to our support team at https://easydigitaldownloads.com/support.

Hi Chris,
Thank you for your quick reply!
I found checkout_cart.php in edd_templates folder, there are some codes containing “edd_remove…”
Unfortunately I am not that good with coding. Can I send you this file to check what should be changed to make remove button work?

Just in case here are 2 lines with remove code:

<a class="edd_cart_remove_item_btn form-control-static" href="”>

<a href="”>

Thank you very much!

It seems that cache plugins also cache the wpnonce, once the cache last for a few hours / days then it just stops adding the items to the cart and gets stuck, I’ve already set to not cache the cookie edd_items_in_cart, but if there’s no way to add items to the cart because of the nonce… I’m going to set the cache lifespan to 30 minutes to see if that solves the issue.

Back in EDD 2.9.4 we made some changes to the template files that improved the security and reliability of some key parts of interacting with the cart.

This error typically means that your checkout has been customized either by your theme or in the child theme, and hasn’t got the updates necessary to make it work yet. I would verify with Array Themes that the ‘Checkout’ theme has been updated to include the newest changes necessary. If they have, verify that your child theme hasn’t had changes made to the Gateway Selector at checkout.

In this article is a list of files we changed, if you have modified the output of any of the above, then you’ll need to make the listed changes to your child theme.

If you need further assistance, please reach out to our support team at https://easydigitaldownloads.com/support/

Hello,

Updated the files with update, but cart getting stuck after sometime like after adding 20-30 items. We have no other plugin related to caching. Please suggest the solution.

Leave a Reply

Your email address will not be published. Required fields are marked *