Wootickets allows users to purchase tixs without the password for Private Events

  • Post date

Home Forums Ticket Products Event Tickets Plus Wootickets allows users to purchase tixs without the password for Private Events

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • April 19, 2013 at 12:55 am #46283
    Mike
    Participant

    I found a flaw in your ticketing. When an event is set to private, the ticketing form shows up below the password fold, thus allowing users to purchase tickets without having the private event’s password. This is a major security flaw for private events, as it would allow unauthorized users to purchase tickets and skip the password authorization.

    April 19, 2013 at 7:44 am #46302
    Barry
    Member

    Hi Mike,

    Thanks for reporting that: a fairly straightforward solution is to find the code at the start of the tickets.php template:

    <?php global $woocommerce; ?>

    And change it to:

    <?php
    global $woocommerce;
    if (post_password_required()) return;
    ?>

    Remember that this would ideally be handled within a template override (a copy of tickets.php contained within an events directory inside your theme) – you can read more on that in our themer’s guide and we have a specific tutorial covering template overrides.

    So hopefully that offers you an interim solution, meanwhile I’ll talk to the team and see what we can do here.

    May 10, 2013 at 8:57 am #48171
    Barry
    Member

    Some further improvements with regards to private event posts are coming in The Events Calendar 3.0. For the time being though I will close this thread.

  • Author
    Posts
Viewing 3 posts - 1 through 3 (of 3 total)
  • The topic ‘Wootickets allows users to purchase tixs without the password for Private Events’ is closed to new replies.