lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix: Use the source in the hash to avoid duplicates if the references are identical

Browse Source 
Fix: Use sha1 + md5 for more security
This commit is contained in:
Regis Houssin 2011-09-06 06:28:18 +00:00
parent aa86b4bd3a
commit 6d8584f5ca
2 changed files with 10 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
htdocs/paypal/lib/paypal.lib.php
View File

@ -185,8 +185,8 @@ function getPaypalPaymentUrl($mode,$type,$ref='',$amount='9.99',$freetag='your_f
else
{
$out.='&securekey='.($mode?'<font color="#666666">':'');
if ($mode == 1) $out.="md5('".$conf->global->PAYPAL_SECURITY_TOKEN."'+order_ref)";
if ($mode == 0) $out.= md5($conf->global->PAYPAL_SECURITY_TOKEN.$ref);
if ($mode == 1) $out.="hash('".$conf->global->PAYPAL_SECURITY_TOKEN."' + order + order_ref)";
if ($mode == 0) $out.= dol_hash($conf->global->PAYPAL_SECURITY_TOKEN . 'order' . $ref, 2);
$out.=($mode?'</font>':'');
}
}
@ -203,8 +203,8 @@ function getPaypalPaymentUrl($mode,$type,$ref='',$amount='9.99',$freetag='your_f
else
{
$out.='&securekey='.($mode?'<font color="#666666">':'');
if ($mode == 1) $out.="md5('".$conf->global->PAYPAL_SECURITY_TOKEN."'+invoice_ref)";
if ($mode == 0) $out.= md5($conf->global->PAYPAL_SECURITY_TOKEN.$ref);
if ($mode == 1) $out.="hash('".$conf->global->PAYPAL_SECURITY_TOKEN."' + invoice + invoice_ref)";
if ($mode == 0) $out.= dol_hash($conf->global->PAYPAL_SECURITY_TOKEN . 'invoice' . $ref, 2);
$out.=($mode?'</font>':'');
}
}
@ -221,8 +221,8 @@ function getPaypalPaymentUrl($mode,$type,$ref='',$amount='9.99',$freetag='your_f
else
{
$out.='&securekey='.($mode?'<font color="#666666">':'');
if ($mode == 1) $out.="md5('".$conf->global->PAYPAL_SECURITY_TOKEN."'+contractline_ref)";
if ($mode == 0) $out.= md5($conf->global->PAYPAL_SECURITY_TOKEN.$ref);
if ($mode == 1) $out.="hash('".$conf->global->PAYPAL_SECURITY_TOKEN."' + contactline + contractline_ref)";
if ($mode == 0) $out.= dol_hash($conf->global->PAYPAL_SECURITY_TOKEN . 'contractline' . $ref, 2);
$out.=($mode?'</font>':'');
}
}
@ -239,8 +239,8 @@ function getPaypalPaymentUrl($mode,$type,$ref='',$amount='9.99',$freetag='your_f
else
{
$out.='&securekey='.($mode?'<font color="#666666">':'');
if ($mode == 1) $out.="md5('".$conf->global->PAYPAL_SECURITY_TOKEN."'+member_ref)";
if ($mode == 0) $out.= md5($conf->global->PAYPAL_SECURITY_TOKEN.$ref);
if ($mode == 1) $out.="hash('".$conf->global->PAYPAL_SECURITY_TOKEN."' + membersubscription + member_ref)";
if ($mode == 0) $out.= dol_hash($conf->global->PAYPAL_SECURITY_TOKEN . 'membersubscription' . $ref, 2);
$out.=($mode?'</font>':'');
}
}

4
htdocs/public/paypal/newpayment.php
View File

@ -144,8 +144,8 @@ if (! empty($conf->global->PAYPAL_SECURITY_TOKEN))
{
if (! empty($conf->global->PAYPAL_SECURITY_TOKEN_UNIQUE))
{
if ($REF) $token = dol_hash($conf->global->PAYPAL_SECURITY_TOKEN . $REF); // REF always defined if SOURCE is defined
else $token = dol_hash($conf->global->PAYPAL_SECURITY_TOKEN);
if ($SOURCE && $REF) $token = dol_hash($conf->global->PAYPAL_SECURITY_TOKEN . $SOURCE . $REF, 2); // Use the source in the hash to avoid duplicates if the references are identical
else $token = dol_hash($conf->global->PAYPAL_SECURITY_TOKEN, 2);
}
else
{