Discourse WP plugin blocking Paypal installation in Easy Digital Downloads WP Plugin

We discovered that the Discourse WP Plugin is causing an installation issue with the API/Webhook connection for a new version of Paypal in the Easy Digital Downloads WP Plugin (EDD).

In other words, when the Discourse WP Plugin is activate: the EDD Paypal API/Webhook won’t connect, but when Discourse is deactivated: the EDD Paypal API/Webhook connects perfectly, although reactivating Discourse disconnects the EDD Paypal API/Webhook again.

All plugins are up to date.

Here is the EDD Plugin info for reference:
PayPal Setup - Easy Digital Downloads Easy Digital Downloads – Simple eCommerce for Selling Digital Files – WordPress plugin | WordPress.org

Any help would be appreciated, thanks!

Thanks for the report. I’ll test their compatbility later this week and let you know where the issue lies.

Right on Angus, if you have any questions please let me know!

Sorry to bug you @angus, but just checking if you’ve had a chance to review this issue yet?

I’ve managed to reproduce the issue. Figuring out the cause will take longer. EDD has an internal logging system but it’s not logging anything for this operation. I’m going to continue to work on this next week. I just happen to be in the process of writing logs for WP Discourse’s own webhoook management so this work fits in with that, however it’s not straightforward, so a resolution may take a few more weeks.

The way the two plugins use webhooks is in conflict in some fashion. Keep in mind that the cause of the conflict between these two plugins could equally come from either plugin. Indeed, considering it is an operation in the EDD that is failing the logical place to debug it is actually within the EDD plugin itself, by the creators of that plugin. You should also reach out to them if you haven’t already.

Hi @angus I have some news from EDD below:

I have identified the problem in the WP Discourse plugin and I’m hoping you can send it along to the developers.

The issue is in this file:

lib/discourse-comment.php

Specifically this filter:

add_filter( ‘wp_kses_allowed_html’, array( $this, ‘extend_allowed_html’ ), 10, 2 );

By default, the array they are filtering contains this:

array (
‘align’ => true,
‘dir’ => true,
‘lang’ => true,
‘xml:lang’ => true,
‘aria-describedby’ => true,
‘aria-details’ => true,
‘aria-label’ => true,
‘aria-labelledby’ => true,
‘aria-hidden’ => true,
‘class’ => true,
‘id’ => true,
‘style’ => true,
‘title’ => true,
‘role’ => true,
‘data-*’ => true,
)

Of particular note is that last one: ‘data-*’

The WP Discourse plugin is filtering this to add their data-youtube-id attribute, but in doing so, they are unintentionally unsetting the data-* attribute. This means all other data attributes no longer work under wp_kses_post(). This is causing a problem with our PayPal code.

To be clear though: WP Discourse isn’t actually disconnecting you from PayPal; it’s just breaking the code that checks to see if you are connected. This is because we use a data attribute in our markup, and the filter in WP Discourse is stripping it out.

My recommendation to the developers would be to extend the $allowedposttags[‘div’] array instead of overwriting it.

Instead of this:
$allowedposttags[‘div’] = array(
‘class’ => true,
‘id’ => true,
‘style’ => true,
‘title’ => true,
‘role’ => true,
‘data-youtube-id’ => array(),
);

They can do this:

$allowedposttags[‘div’][‘data-youtube-id’] = array();

That resolves the issue, and should also ensure their functionality remains the same.

Fantastic. Thank you for facilitating that. I’ll prepare a fix by the end of the week. It may not get merged until next week though.

Sure thing Angus, and thank you for your attention to this issue! Please do keep me posted.

This PR addresses the underlying issue. It’ll be merged sometime in the next week or so.

Great Angus! Just checking in, as you mentioned it’d be merged in a week or so, any updates?

I don’t have the ability to merge PRs, but Simon will get to it when he can. When it’s merged your issue will be resolved.

Thanks Angus.

@simon Any idea when this PR will be merged?

Sorry for the delay on this. I should be able to get it merged later on today. I’ll respond here when that’s been done.

@JMJ The PR is now merged and WP Discourse 2.3.4 pushed to wordpress.org. I’ve confirmed that EDD is working as expected in production on WP Discourse 2.3.4.