lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update newpayment.php

Browse Source
This commit is contained in:
Laurent Destailleur 2021-06-05 00:53:07 +02:00 committed by GitHub
parent c94946b934
commit 420bf440ef
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
htdocs/public/payment/newpayment.php
View File

@ -278,11 +278,13 @@ if ($tmpsource == 'membersubscription') {
}
$valid = true;
if (!empty($conf->global->PAYMENT_SECURITY_TOKEN)) {
$token = '';
$tokenoldcompat = '';
if (!empty($conf->global->PAYMENT_SECURITY_TOKEN_UNIQUE)) {
if ($tmpsource && $REF) {
$token = dol_hash($conf->global->PAYMENT_SECURITY_TOKEN.$tmpsource.$REF, 2); // Use the source in the hash to avoid duplicates if the references are identical
if ($SECUREKEY != $token) {
$token = dol_hash($conf->global->PAYMENT_SECURITY_TOKEN.$source.$REF, 2); // for retro-compatibility (token may have been hashed with membersubscription in external module)
if ($tmpsource != $source) {
$tokenoldcompat = dol_hash($conf->global->PAYMENT_SECURITY_TOKEN.$source.$REF, 2); // for retro-compatibility (token may have been hashed with membersubscription in external module)
}
} else {
$token = dol_hash($conf->global->PAYMENT_SECURITY_TOKEN, 2);
@ -290,7 +292,7 @@ if (!empty($conf->global->PAYMENT_SECURITY_TOKEN)) {
} else {
$token = $conf->global->PAYMENT_SECURITY_TOKEN;
}
if ($SECUREKEY != $token) {
if ($SECUREKEY != $token && $SECUREKEY != $tokenoldcompat) {
if (empty($conf->global->PAYMENT_SECURITY_ACCEPT_ANY_TOKEN)) {
$valid = false; // PAYMENT_SECURITY_ACCEPT_ANY_TOKEN is for backward compatibility
} else {