WordPress.org
Get WordPress

Plugin Directory

Changeset 2809316


Ignore:
Timestamp:
11/02/2022 03:33:11 AM (3 years ago)
Author:
chipasia
Message:

Add checking to avoid spoofing

Location:
chip-for-woocommerce/tags/1.1.3
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • chip-for-woocommerce/tags/1.1.3/chip-for-woocommerce.php

    r2808474 r2809316  
    150150                $input = json_decode(file_get_contents('php://input'), true);
    151151                $payment_id = array_key_exists('id', $input) ? sanitize_key($input['id']) : '';
     152            }
     153
     154            // Compare payment_id with internally stored to avoid spoofing
     155            $chip_payment_id = get_post_meta( $order_id, 'chip_payment_id', true );
     156            if ($payment_id != $chip_payment_id) {
     157              $message = 'Payment ID not match with stored values';
     158              $this->log_order_info( $message, $order );
     159              exit( $message );
    152160            }
    153161
     
    433441            }
    434442
     443            // Store chip payment id for anti-spoofing
     444            update_post_meta($o_id, 'chip_payment_id', $payment['id']);
     445
    435446            WC()->session->set(
    436447              'chip_payment_id_' . $o_id,

  • chip-for-woocommerce/tags/1.1.3/readme.txt

    r2807585 r2809316  
    99License URI: http://www.gnu.org/licenses/gpl-3.0.html
    1010
    11 Cash, Card and Coin Handling Integrated Platform
     11CHIP - Cash, Card and Coin Handling Integrated Platform. Securely accept payment with CHIP for WooCommerce.
    1212
    1313== Description ==
Note: See TracChangeset for help on using the changeset viewer.