WordPress.org
Get WordPress

Plugin Directory

Changeset 2904623


Ignore:
Timestamp:
04/26/2023 02:33:23 PM (3 years ago)
Author:
integrationdevpaytm
Message:

Security updates

Location:
paytm-payments/trunk
Files:
12 added
1 deleted
5 edited

Legend:

Unmodified
Added
Removed

  • paytm-payments/trunk/class.paytm.php

    r2834199 r2904623  
    1919        $invertLogo = isset($getPaytmSetting['invertLogo'])?$getPaytmSetting['invertLogo']:"0";
    2020        if ($invertLogo == 1) {
    21             $this->icon= esc_url(plugin_dir_url(__FILE__) ."assets/".PaytmConstants::PLUGIN_VERSION_FOLDER."/images/paytm_logo_invert.svg");
    22         } else {
    23             $this->icon= esc_url(plugin_dir_url(__FILE__) ."assets/".PaytmConstants::PLUGIN_VERSION_FOLDER."/images/paytm_logo_paymodes.svg");
     21            $this->icon= esc_url("https://staticpg.paytm.in/pg_plugins_logo/paytm_logo_invert.svg");
     22        } else {
     23            $this->icon= esc_url("https://staticpg.paytm.in/pg_plugins_logo/paytm_logo_paymodes.svg");
    2424        }
    2525        $this->has_fields= false;
     
    5050        }
    5151        add_action('woocommerce_receipt_' . $this->id, array($this, 'receipt_page'));
    52         if (is_admin() ) {
    53             wp_enqueue_style('paytmadminWoopayment', plugin_dir_url(__FILE__) . 'assets/'.PaytmConstants::PLUGIN_VERSION_FOLDER.'/css/admin/paytm-payments.css', array(), time(), '');
    54         }
    55 
    56         if (!is_admin() ) {
    57             wp_enqueue_script('paytm-script', plugin_dir_url(__FILE__) . 'assets/'.PaytmConstants::PLUGIN_VERSION_FOLDER.'/js/paytm-payments.js', array('jquery'), time(), true);
    58         }
    5952    }
    6053
     
    729722    if ($_POST['environment'] == 0) {
    730723        $url = PaytmConstants::WEBHOOK_STAGING_URL;
    731         $clientId = PaytmConstants::WEBHOOK_STAGING_CLIENTID;
    732         $key = base64_decode(PaytmConstants::WEBHOOK_STAGING_KEY);
    733724    } else {
    734725        $url = PaytmConstants::WEBHOOK_PRODUCTION_URL;
    735         $clientId = PaytmConstants::WEBHOOK_PRODUCTION_CLIENTID;
    736         $key = base64_decode(PaytmConstants::WEBHOOK_PRODUCTION_KEY);
    737     }
    738         $environment = sanitize_text_field($_POST['environment']);
    739         $jwtToken = PaytmHelper::createJWTToken($key, $clientId, $environment);
     726    }
     727        $environment = sanitize_text_field($_POST['environment']);     
    740728        $mid = sanitize_text_field($_POST['mid']);
     729        $mkey = sanitize_text_field($_POST['mkey']);
    741730        if ($_POST['is_webhook']==1) {
    742             $webhookUrl = sanitize_text_field($_POST['webhookUrl']);
     731           $webhookUrl = sanitize_text_field($_POST['webhookUrl']);
    743732        } else {
    744733            $webhookUrl = esc_url("https://www.dummyUrl.com"); //set this when unchecked
    745734        }
    746 
    747         $curl = curl_init();
    748 
    749         curl_setopt_array(
    750             $curl, array(
    751                 CURLOPT_URL => $url.'api/v1/merchant/putMerchantInfo',
    752                 CURLOPT_RETURNTRANSFER => true,
    753                 CURLOPT_ENCODING => '',
    754                 CURLOPT_MAXREDIRS => 10,
    755                 CURLOPT_TIMEOUT => 0,
    756                 CURLOPT_FOLLOWLOCATION => true,
    757                 CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
    758                 CURLOPT_CUSTOMREQUEST => 'PUT',
    759                 CURLOPT_POSTFIELDS =>'{
    760                     "mid": "'.$mid.'",
    761                     "queryParam": "notificationUrls",
    762                     "paymentNotificationUrl": "'.$webhookUrl.'"
    763                 }',
    764                 CURLOPT_HTTPHEADER => array(
    765                     'x-client-token: '.$jwtToken.'',
    766                     'Content-Type: application/json',
    767                     'x-client-id: '.$clientId.''
    768                 ),
    769             )
    770         );
    771 
    772         $response = curl_exec($curl);
    773 
    774         $res = json_decode($response);
    775     if (isset($res->success)) {
     735        $paytmParams = array(
     736            "mid"       => $mid,
     737            "queryParam" => "notificationUrls",
     738            "paymentNotificationUrl" => $webhookUrl
     739           
     740          );
     741        $checksum = PaytmChecksum::generateSignature(json_encode($paytmParams, JSON_UNESCAPED_SLASHES), $mkey);
     742        $res= PaytmHelper::executecUrl($url.'api/v1/external/putMerchantInfo', $paytmParams, $method ='PUT',['x-checksum'=>$checksum]);
     743   // print_r($res);
     744        if (isset($res['success'])) {
    776745        $message = true;
    777746        $success = $response;
    778747        $showMsg = false;
    779     } elseif (isset($res->E_400)) {
     748    } elseif (isset($res['E_400'])) {
    780749        $message = "Your webhook has already been configured";
    781750        $success = $response;
     
    793762function paytm_enqueue_script()
    794763{   
     764        wp_enqueue_style('paytmadminWoopayment', plugin_dir_url(__FILE__) . 'assets/'.PaytmConstants::PLUGIN_VERSION_FOLDER.'/css/admin/paytm-payments.css', array(), time(), '');   
    795765        wp_enqueue_script('paytm-script', plugin_dir_url(__FILE__) . 'assets/'.PaytmConstants::PLUGIN_VERSION_FOLDER.'/js/admin/paytm-payments.js', array('jquery'), time(), true);
    796766}
    797 add_action('admin_enqueue_scripts', 'paytm_enqueue_script');
     767
     768if (current_user_can( 'manage_options' ) && isset( $_GET['page'] ) && $_GET['page'] === 'wc-settings' ) {
     769    add_action('admin_enqueue_scripts', 'paytm_enqueue_script');
     770}

  • paytm-payments/trunk/includes/PaytmConstants.php

    r2833893 r2904623  
    2424    CONST TIMEOUT= 10;
    2525
    26     CONST LAST_UPDATED= "20221214";
    27     CONST PLUGIN_VERSION= "2.7.7";
    28     CONST PLUGIN_VERSION_FOLDER= "277";
     26    CONST LAST_UPDATED= "20230426";
     27    CONST PLUGIN_VERSION= "2.7.9";
     28    CONST PLUGIN_VERSION_FOLDER= "279";
    2929
    3030    CONST CUSTOM_CALLBACK_URL= "";
     
    6666    CONST ERROR_CURL_WARNING= "Your server is unable to connect with us. Please contact to Paytm Support.";
    6767
    68     CONST WEBHOOK_STAGING_URL= "https://boss-stage.paytm.in/";
    69     CONST WEBHOOK_STAGING_KEY               = 'DSqy6pGOhBR9CUhUFQygzlkG1+x66C6zV+M8bnGiwpEH+MvNsWmaJLirjxMVpRH+9c9XjZxse+wSYuNYmkG4uA==';
    70     CONST WEBHOOK_STAGING_CLIENTID          = '54b88dbc-fdd0-4f6f-af09-4ee76e90135a';
    71    
    72     CONST WEBHOOK_PRODUCTION_URL= "https://boss-ext.paytm.in/";
    73     CONST WEBHOOK_PRODUCTION_KEY            = 'jF5tDDCJ8/bRot8X5DAGVHiC+KwW9SQuckYya12NZ2/EWVBhU7Cj45A4lOSvo797uJ4M3LB5mTjiC0nhDYKZGg==';
    74     CONST WEBHOOK_PRODUCTION_CLIENTID       = 'f7484d06-f307-4e10-b661-0191f5efe031';
     68    CONST WEBHOOK_STAGING_URL= "https://boss-stage-internal.paytm.in/";
     69    CONST WEBHOOK_PRODUCTION_URL= "https://boss-internal.paytm.in/";
    7570
    7671}

  • paytm-payments/trunk/includes/PaytmHelper.php

    r2834199 r2904623  
    8282        }
    8383
    84         public static function executecUrl($apiURL, $requestParamList)
     84        /* public static function executecUrlOld($apiURL, $requestParamList) //not in use
    8585        {
    8686            $jsonResponse = wp_remote_post(
     
    9696            $responseParamList['request'] = $requestParamList;
    9797            return $responseParamList;
     98        }*/
     99
     100        public static function executecUrl($apiURL, $requestParamList, $method ='POST', $extraHeaders = array()){
     101            $headers = array("Content-Type"=> "application/json");
     102            if (!empty($extraHeaders)) {
     103                $headers = array_merge($headers, $extraHeaders);
     104            }               
     105            $args = array(
     106                'headers' => $headers,
     107                'body'      => json_encode($requestParamList, JSON_UNESCAPED_SLASHES),
     108                'method'    => $method
     109            );
     110
     111            $result =  wp_remote_request( $apiURL, $args );
     112            $response_body = wp_remote_retrieve_body($result);
     113            return $responseParamList['request'] = json_decode($response_body, true);
    98114        }
    99115
    100         public static function createJWTToken($key,$clientId,$environment)
    101         {
    102             // Create token header as a JSON string
    103             $header = json_encode(['alg' => 'HS512','typ' => 'JWT']);
    104             /* Create token payload as a JSON string */
    105             $time = time();
    106             $payload = json_encode(['client-id' => $clientId,'iat'=>$time]);
    107 
    108             // Encode Header to Base64Url String
    109             $base64UrlHeader = str_replace(['+', '/', '='], ['-', '_', ''], base64_encode($header));
    110 
    111             // Encode Payload to Base64Url String
    112             $base64UrlPayload = str_replace(['+', '/', '='], ['-', '_', ''], base64_encode($payload));
    113 
    114             // Create Signature Hash
    115             $signature = hash_hmac('SHA512', $base64UrlHeader . "." . $base64UrlPayload, $key, true);
    116 
    117             // Encode Signature to Base64Url String
    118             $base64UrlSignature = str_replace(['+', '/', '='], ['-', '_', ''], base64_encode($signature));
    119 
    120             // Create JWT
    121             $jwt = $base64UrlHeader . "." . $base64UrlPayload . "." . $base64UrlSignature;
    122 
    123             return $jwt;
    124         }
    125116    }
    126117endif;

  • paytm-payments/trunk/readme.txt

    r2833893 r2904623  
    44Requires PHP: 5.6
    55Requires at least: 4.0.1
    6 Tested up to: 6.1.1
    7 Stable tag: 2.7.7
     6Tested up to: 6.2
     7Stable tag: 2.7.9
    88License: GPLv2 or later
    99License URI: http://www.gnu.org/licenses/gpl-2.0.html
     
    9999
    100100== Changelog ==
    101  
     101
     102= 2.7.9 =
     103* Compatible and tested with Woocommerce version upto 7.5.1
     104* Optimize JS and CSS
     105* Updated Security
     106
    102107= 2.7.7 =
    103108* Compatible and tested with Woocommerce version upto 7.2.0

  • paytm-payments/trunk/woo-paytm.php

    r2833893 r2904623  
    44 * Plugin URI: https://github.com/Paytm/
    55 * Description: This plugin allow you to accept payments using Paytm. This plugin will add a Paytm Payment option on WooCommerce checkout page, when user choses Paytm as Payment Method, he will redirected to Paytm website to complete his transaction and on completion his payment, paytm will send that user back to your website along with transactions details. This plugin uses server-to-server verification to add additional security layer for validating transactions. Admin can also see payment status for orders by navigating to WooCommerce > Orders from menu in admin.
    6  * Version: 2.7.7
     6 * Version: 2.7.9
    77 * Author: Paytm
    88 * Author URI: https://business.paytm.com/payment-gateway
    99 * Tags: Paytm, Paytm Payments, PayWithPaytm, Paytm WooCommerce, Paytm Plugin, Paytm Payment Gateway
    1010 * Requires at least: 4.0.1
    11  * Tested up to: 6.1.1
     11 * Tested up to: 6.2
    1212 * Requires PHP: 5.6
    1313 * Text Domain: Paytm Payments
    1414 * WC requires at least: 2.0.0
    15  * WC tested up to: 7.2.0
     15 * WC tested up to: 7.5.1
    1616 */
    1717
     
    7777    wp_enqueue_script('paytm-script', plugin_dir_url(__FILE__) . 'assets/'.PaytmConstants::PLUGIN_VERSION_FOLDER.'/js/paytm-payments.js', array('jquery'), time(), true);
    7878}
    79 add_action('wp_head', 'paytmWoopayment_enqueue_style');
     79
     80function paytmWoopayment_js_css(){
     81    if ( class_exists( 'WooCommerce' ) ) {
     82        if( is_cart() || is_checkout() ) {
     83            add_action('wp_head', 'paytmWoopayment_enqueue_style');
     84        }
     85    }
     86}
     87
     88add_action( 'wp_enqueue_scripts', 'paytmWoopayment_js_css' );
     89
    8090
    8191if (PaytmConstants::SAVE_PAYTM_RESPONSE) {
Note: See TracChangeset for help on using the changeset viewer.