lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix #17743 - token was hashed with membersubscription

Browse Source 
#Fix #17743 - token was hashed with membersubscription

for retro-compatibility we must try to hash token wth both "membre" ans "membersubscription" to verify unique secure key d'or member
This commit is contained in:
daraelmin 2021-06-04 23:14:31 +02:00 committed by GitHub
parent 0147ffa737
commit c94946b934
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
htdocs/public/payment/newpayment.php
View File

@ -281,6 +281,9 @@ if (!empty($conf->global->PAYMENT_SECURITY_TOKEN)) {
if (!empty($conf->global->PAYMENT_SECURITY_TOKEN_UNIQUE)) {
if ($tmpsource && $REF) {
$token = dol_hash($conf->global->PAYMENT_SECURITY_TOKEN.$tmpsource.$REF, 2); // Use the source in the hash to avoid duplicates if the references are identical
if ($SECUREKEY != $token) {
$token = dol_hash($conf->global->PAYMENT_SECURITY_TOKEN.$source.$REF, 2); // for retro-compatibility (token may have been hashed with membersubscription in external module)
}
} else {
$token = dol_hash($conf->global->PAYMENT_SECURITY_TOKEN, 2);
}