lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

FIX CSRF check when using stripe old payment methods

Browse Source
This commit is contained in:
Laurent Destailleur 2019-09-11 18:44:10 +02:00
parent 5f236fda2e
commit 6d20a656bb
1 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
htdocs/public/payment/newpayment.php
View File

@ -2249,12 +2249,19 @@ if (preg_match('/^dopayment/', $action)) // If we choosed/click on the payment
function stripeTokenHandler(token) {
// Insert the token ID into the form so it gets submitted to the server
var form = document.getElementById('payment-form');
var hiddenInput = document.createElement('input');
hiddenInput.setAttribute('type', 'hidden');
hiddenInput.setAttribute('name', 'stripeToken');
hiddenInput.setAttribute('value', token.id);
form.appendChild(hiddenInput);
var hiddenInput2 = document.createElement('input');
hiddenInput2.setAttribute('type', 'hidden');
hiddenInput2.setAttribute('name', 'token');
hiddenInput2.setAttribute('value', '<?php echo $_SESSION["newtoken"]; ?>');
form.appendChild(hiddenInput2);
// Submit the form
jQuery('#buttontopay').hide();
jQuery('#hourglasstopay').show();
@ -2266,12 +2273,19 @@ if (preg_match('/^dopayment/', $action)) // If we choosed/click on the payment
function stripeSourceHandler(source) {
// Insert the source ID into the form so it gets submitted to the server
var form = document.getElementById('payment-form');
var hiddenInput = document.createElement('input');
hiddenInput.setAttribute('type', 'hidden');
hiddenInput.setAttribute('name', 'stripeSource');
hiddenInput.setAttribute('value', source.id);
form.appendChild(hiddenInput);
var hiddenInput2 = document.createElement('input');
hiddenInput2.setAttribute('type', 'hidden');
hiddenInput2.setAttribute('name', 'token');
hiddenInput2.setAttribute('value', '<?php echo $_SESSION["newtoken"]; ?>');
form.appendChild(hiddenInput2);
// Submit the form
jQuery('#buttontopay').hide();
jQuery('#hourglasstopay').show();