From 6d20a656bb69c4e0ce98bf66c722aac8684a7391 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Wed, 11 Sep 2019 18:44:10 +0200
Subject: [PATCH] FIX CSRF check when using stripe old payment methods

---
 htdocs/public/payment/newpayment.php | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/htdocs/public/payment/newpayment.php b/htdocs/public/payment/newpayment.php
index db37b15345b..4b6364ea3be 100644
--- a/htdocs/public/payment/newpayment.php
+++ b/htdocs/public/payment/newpayment.php
@@ -2249,12 +2249,19 @@ if (preg_match('/^dopayment/', $action))			// If we choosed/click on the payment
     	    function stripeTokenHandler(token) {
     	      // Insert the token ID into the form so it gets submitted to the server
     	      var form = document.getElementById('payment-form');
+
     	      var hiddenInput = document.createElement('input');
     	      hiddenInput.setAttribute('type', 'hidden');
     	      hiddenInput.setAttribute('name', 'stripeToken');
     	      hiddenInput.setAttribute('value', token.id);
     	      form.appendChild(hiddenInput);
 
+			  var hiddenInput2 = document.createElement('input');
+			  hiddenInput2.setAttribute('type', 'hidden');
+			  hiddenInput2.setAttribute('name', 'token');
+              hiddenInput2.setAttribute('value', '<?php echo $_SESSION["newtoken"]; ?>');
+			  form.appendChild(hiddenInput2);
+
     	      // Submit the form
     	      jQuery('#buttontopay').hide();
     	      jQuery('#hourglasstopay').show();
@@ -2266,12 +2273,19 @@ if (preg_match('/^dopayment/', $action))			// If we choosed/click on the payment
     		function stripeSourceHandler(source) {
     		  // Insert the source ID into the form so it gets submitted to the server
     		  var form = document.getElementById('payment-form');
+
     		  var hiddenInput = document.createElement('input');
     		  hiddenInput.setAttribute('type', 'hidden');
     		  hiddenInput.setAttribute('name', 'stripeSource');
     		  hiddenInput.setAttribute('value', source.id);
     		  form.appendChild(hiddenInput);
 
+			  var hiddenInput2 = document.createElement('input');
+			  hiddenInput2.setAttribute('type', 'hidden');
+			  hiddenInput2.setAttribute('name', 'token');
+              hiddenInput2.setAttribute('value', '<?php echo $_SESSION["newtoken"]; ?>');
+			  form.appendChild(hiddenInput2);
+
     		  // Submit the form
     	      jQuery('#buttontopay').hide();
     	      jQuery('#hourglasstopay').show();