From c94946b934758236a82f3668ffcf969912b823a8 Mon Sep 17 00:00:00 2001
From: daraelmin <daraelmin@gmail.com>
Date: Fri, 4 Jun 2021 23:14:31 +0200
Subject: [PATCH] Fix #17743 - token was hashed with membersubscription

#Fix #17743 - token was hashed with membersubscription

for retro-compatibility we must try to hash token wth both "membre" ans "membersubscription" to verify unique secure key d'or member
---
 htdocs/public/payment/newpayment.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/htdocs/public/payment/newpayment.php b/htdocs/public/payment/newpayment.php
index 377077531ae..f19aef7f79c 100644
--- a/htdocs/public/payment/newpayment.php
+++ b/htdocs/public/payment/newpayment.php
@@ -281,6 +281,9 @@ if (!empty($conf->global->PAYMENT_SECURITY_TOKEN)) {
 	if (!empty($conf->global->PAYMENT_SECURITY_TOKEN_UNIQUE)) {
 		if ($tmpsource && $REF) {
 			$token = dol_hash($conf->global->PAYMENT_SECURITY_TOKEN.$tmpsource.$REF, 2); // Use the source in the hash to avoid duplicates if the references are identical
+			if ($SECUREKEY != $token) {
+				$token = dol_hash($conf->global->PAYMENT_SECURITY_TOKEN.$source.$REF, 2); // for retro-compatibility (token may have been hashed with membersubscription in external module)
+			}
 		} else {
 			$token = dol_hash($conf->global->PAYMENT_SECURITY_TOKEN, 2);
 		}