lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix: use "securekey" instead "token"

Browse Source 
Fix: check secure key if defined
This commit is contained in:
Regis Houssin 2011-05-03 10:19:47 +00:00
parent 7eaa8c7ebf
commit 3dbd183e66
2 changed files with 36 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/paypal/admin/paypal.php
View File

@ -215,7 +215,7 @@ print '</div>';
print '<br><br>'; print '<br><br>';
$token=''; $token='';
if (! empty($conf->global->PAYPAL_SECURITY_TOKEN)) $token='&token='.md5($conf->global->PAYPAL_SECURITY_TOKEN); if (! empty($conf->global->PAYPAL_SECURITY_TOKEN)) $token='&securekey='.md5($conf->global->PAYPAL_SECURITY_TOKEN);
// Url list // Url list
print '<u>'.$langs->trans("FollowingUrlAreAvailableToMakePayments").':</u><br>'; print '<u>'.$langs->trans("FollowingUrlAreAvailableToMakePayments").':</u><br>';

47
htdocs/public/paypal/newpayment.php
View File

@ -1,7 +1,7 @@
<?php <?php
/* Copyright (C) 2001-2002 Rodolphe Quiedeville <rodolphe@quiedeville.org> /* Copyright (C) 2001-2002 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2006-2010 Laurent Destailleur <eldy@users.sourceforge.net> * Copyright (C) 2006-2011 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2009 Regis Houssin <regis@dolibarr.fr> * Copyright (C) 2009-2011 Regis Houssin <regis@dolibarr.fr>
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
@ -55,7 +55,6 @@ $langs->load("paypal");
// tag (a free text, required if type is empty) // tag (a free text, required if type is empty)
// currency (iso code) // currency (iso code)
$ref=GETPOST('ref','alpha');
$suffix=GETPOST("suffix",'alpha'); $suffix=GETPOST("suffix",'alpha');
$amount=price2num(GETPOST("amount")); $amount=price2num(GETPOST("amount"));
if (! GETPOST("currency",'alpha')) $currency=$conf->global->MAIN_MONNAIE; if (! GETPOST("currency",'alpha')) $currency=$conf->global->MAIN_MONNAIE;
@ -84,20 +83,38 @@ $urlwithouturlroot=preg_replace('/'.preg_quote(DOL_URL_ROOT,'/').'$/i','',$dolib
$urlok=$urlwithouturlroot.DOL_URL_ROOT.'/public/paypal/paymentok.php?'; $urlok=$urlwithouturlroot.DOL_URL_ROOT.'/public/paypal/paymentok.php?';
$urlko=$urlwithouturlroot.DOL_URL_ROOT.'/public/paypal/paymentko.php?'; $urlko=$urlwithouturlroot.DOL_URL_ROOT.'/public/paypal/paymentko.php?';
// Complete urls // Complete urls for post treatment
$SOURCE=GETPOST("source",'alpha');
$ref=$REF=GETPOST('ref','alpha');
$TAG=GETPOST("tag",'alpha'); $TAG=GETPOST("tag",'alpha');
$FULLTAG=GETPOST("fulltag",'alpha'); // fulltag is tag with more informations $FULLTAG=GETPOST("fulltag",'alpha'); // fulltag is tag with more informations
$SECUREKEY=GETPOST("securekey",'alpha'); // Secure key
if (!empty($TAG)) if (! empty($SOURCE))
{
$urlok.='source='.urlencode($SOURCE).'&';
$urlko.='source='.urlencode($SOURCE).'&';
}
if (! empty($REF))
{
$urlok.='ref='.urlencode($REF).'&';
$urlko.='ref='.urlencode($REF).'&';
}
if (! empty($TAG))
{ {
$urlok.='tag='.urlencode($TAG).'&'; $urlok.='tag='.urlencode($TAG).'&';
$urlko.='tag='.urlencode($TAG).'&'; $urlko.='tag='.urlencode($TAG).'&';
} }
if (!empty($FULLTAG)) if (! empty($FULLTAG))
{ {
$urlok.='fulltag='.urlencode($FULLTAG).'&'; $urlok.='fulltag='.urlencode($FULLTAG).'&';
$urlko.='fulltag='.urlencode($FULLTAG).'&'; $urlko.='fulltag='.urlencode($FULLTAG).'&';
} }
if (! empty($SECUREKEY))
{
$urlok.='securekey='.urlencode($SECUREKEY).'&';
$urlko.='securekey='.urlencode($SECUREKEY).'&';
}
$urlok=preg_replace('/&$/','',$urlok); // Remove last & $urlok=preg_replace('/&$/','',$urlok); // Remove last &
$urlko=preg_replace('/&$/','',$urlko); // Remove last & $urlko=preg_replace('/&$/','',$urlko); // Remove last &
@ -282,7 +299,13 @@ $found=false;
$error=0; $error=0;
$var=false; $var=false;
// Check security token
$valid=true;
if (! empty($conf->global->PAYPAL_SECURITY_TOKEN) )
{
$token = md5($conf->global->PAYPAL_SECURITY_TOKEN . $ref);
if ($SECUREKEY != $token) $valid=false;
}
// Free payment // Free payment
if (! GETPOST("source")) if (! GETPOST("source"))
@ -334,7 +357,7 @@ if (! GETPOST("source"))
// Payment on customer order // Payment on customer order
if (GETPOST("source") == 'order') if (GETPOST("source") == 'order' && $valid)
{ {
$found=true; $found=true;
$langs->load("orders"); $langs->load("orders");
@ -443,7 +466,7 @@ if (GETPOST("source") == 'order')
// Payment on customer invoice // Payment on customer invoice
if (GETPOST("source") == 'invoice') if (GETPOST("source") == 'invoice' && $valid)
{ {
$found=true; $found=true;
$langs->load("bills"); $langs->load("bills");
@ -551,7 +574,7 @@ if (GETPOST("source") == 'invoice')
} }
// Payment on contract line // Payment on contract line
if (GETPOST("source") == 'contractline') if (GETPOST("source") == 'contractline' && $valid)
{ {
$found=true; $found=true;
$langs->load("contracts"); $langs->load("contracts");
@ -748,7 +771,7 @@ if (GETPOST("source") == 'contractline')
} }
// Payment on member subscription // Payment on member subscription
if (GETPOST("source") == 'membersubscription') if (GETPOST("source") == 'membersubscription' && $valid)
{ {
$found=true; $found=true;
$langs->load("members"); $langs->load("members");