From c94946b934758236a82f3668ffcf969912b823a8 Mon Sep 17 00:00:00 2001 From: daraelmin Date: Fri, 4 Jun 2021 23:14:31 +0200 Subject: [PATCH 1/3] Fix #17743 - token was hashed with membersubscription #Fix #17743 - token was hashed with membersubscription for retro-compatibility we must try to hash token wth both "membre" ans "membersubscription" to verify unique secure key d'or member --- htdocs/public/payment/newpayment.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/htdocs/public/payment/newpayment.php b/htdocs/public/payment/newpayment.php index 377077531ae..f19aef7f79c 100644 --- a/htdocs/public/payment/newpayment.php +++ b/htdocs/public/payment/newpayment.php @@ -281,6 +281,9 @@ if (!empty($conf->global->PAYMENT_SECURITY_TOKEN)) { if (!empty($conf->global->PAYMENT_SECURITY_TOKEN_UNIQUE)) { if ($tmpsource && $REF) { $token = dol_hash($conf->global->PAYMENT_SECURITY_TOKEN.$tmpsource.$REF, 2); // Use the source in the hash to avoid duplicates if the references are identical + if ($SECUREKEY != $token) { + $token = dol_hash($conf->global->PAYMENT_SECURITY_TOKEN.$source.$REF, 2); // for retro-compatibility (token may have been hashed with membersubscription in external module) + } } else { $token = dol_hash($conf->global->PAYMENT_SECURITY_TOKEN, 2); } From 420bf440ef32c98f08a9b6c6f50284336edf93a3 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 5 Jun 2021 00:53:07 +0200 Subject: [PATCH 2/3] Update newpayment.php --- htdocs/public/payment/newpayment.php | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/htdocs/public/payment/newpayment.php b/htdocs/public/payment/newpayment.php index f19aef7f79c..a0e6a1854fd 100644 --- a/htdocs/public/payment/newpayment.php +++ b/htdocs/public/payment/newpayment.php @@ -278,11 +278,13 @@ if ($tmpsource == 'membersubscription') { } $valid = true; if (!empty($conf->global->PAYMENT_SECURITY_TOKEN)) { + $token = ''; + $tokenoldcompat = ''; if (!empty($conf->global->PAYMENT_SECURITY_TOKEN_UNIQUE)) { if ($tmpsource && $REF) { $token = dol_hash($conf->global->PAYMENT_SECURITY_TOKEN.$tmpsource.$REF, 2); // Use the source in the hash to avoid duplicates if the references are identical - if ($SECUREKEY != $token) { - $token = dol_hash($conf->global->PAYMENT_SECURITY_TOKEN.$source.$REF, 2); // for retro-compatibility (token may have been hashed with membersubscription in external module) + if ($tmpsource != $source) { + $tokenoldcompat = dol_hash($conf->global->PAYMENT_SECURITY_TOKEN.$source.$REF, 2); // for retro-compatibility (token may have been hashed with membersubscription in external module) } } else { $token = dol_hash($conf->global->PAYMENT_SECURITY_TOKEN, 2); @@ -290,7 +292,7 @@ if (!empty($conf->global->PAYMENT_SECURITY_TOKEN)) { } else { $token = $conf->global->PAYMENT_SECURITY_TOKEN; } - if ($SECUREKEY != $token) { + if ($SECUREKEY != $token && $SECUREKEY != $tokenoldcompat) { if (empty($conf->global->PAYMENT_SECURITY_ACCEPT_ANY_TOKEN)) { $valid = false; // PAYMENT_SECURITY_ACCEPT_ANY_TOKEN is for backward compatibility } else { From 246cb09ba58a02b8479d21a48f9a5916c256fa29 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 5 Jun 2021 00:56:28 +0200 Subject: [PATCH 3/3] Update newpayment.php --- htdocs/public/payment/newpayment.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/public/payment/newpayment.php b/htdocs/public/payment/newpayment.php index a0e6a1854fd..b71dd2df499 100644 --- a/htdocs/public/payment/newpayment.php +++ b/htdocs/public/payment/newpayment.php @@ -292,7 +292,7 @@ if (!empty($conf->global->PAYMENT_SECURITY_TOKEN)) { } else { $token = $conf->global->PAYMENT_SECURITY_TOKEN; } - if ($SECUREKEY != $token && $SECUREKEY != $tokenoldcompat) { + if ($SECUREKEY != $token && (empty($tokenoldcompat) || $SECUREKEY != $tokenoldcompat)) { if (empty($conf->global->PAYMENT_SECURITY_ACCEPT_ANY_TOKEN)) { $valid = false; // PAYMENT_SECURITY_ACCEPT_ANY_TOKEN is for backward compatibility } else {