Changeset 2917055
- Timestamp:
- 05/25/2023 04:02:31 AM (3 years ago)
- Location:
- 9pay-gateway/trunk
- Files:
-
- 3 edited
-
includes/gateways/ninepay-gateway.php (modified) (2 diffs)
-
includes/gateways/ninepay.php (modified) (2 diffs)
-
mc-quetma.php (modified) (3 diffs)
Legend:
- Unmodified
- Added
- Removed
-
9pay-gateway/trunk/includes/gateways/ninepay-gateway.php
r2903756 r2917055 287 287 if($order->get_payment_method() != $this->id) return; 288 288 289 $result = sanitize_text_field($_GET['result']); 290 $request_checksum = sanitize_text_field($_GET['checksum']); 289 291 /*Check isset params*/ 290 if(empty($ _GET['result']) || empty($_GET['checksum'])) {292 if(empty($result) || empty($request_checksum)) { 291 293 $mess = $this->genMess(null, $configFile, $lang); 292 294 $this->paymentFail($lang, $mess); … … 295 297 296 298 $secretKeyCheckSum = $this->get_option('checksum_secret_key'); 297 if (is_null($_GET['result'])) { 298 return; 299 } 300 $result = sanitize_text_field($_GET['result']); 299 if (is_null($result)) { 300 return; 301 } 301 302 302 303 $hashChecksum = strtoupper(hash('sha256', $result . $secretKeyCheckSum)); 303 304 304 if ($hashChecksum !== $ _GET['checksum']) {305 if ($hashChecksum !== $request_checksum) { 305 306 return; 306 307 } -
9pay-gateway/trunk/includes/gateways/ninepay.php
r2903653 r2917055 23 23 public function show_notify(){ 24 24 $screen = get_current_screen(); 25 $valid = $screen->id == 'woocommerce_page_wc-settings' && isset($_GET['section']) && $_GET['section'] ==$this->id; 25 $section = sanitize_text_field($_GET['section']); 26 $valid = $screen->id == 'woocommerce_page_wc-settings' && !empty($section) && $section ==$this->id; 26 27 if(!$valid) return; 27 28 ?> … … 65 66 function process_payment( $order_id ) { 66 67 $order = new WC_Order( $order_id ); 67 if (is_null($_POST['ninepay_payment_method'])) { 68 $ninePayPaymentMethod = sanitize_text_field($_POST['ninepay_payment_method']); 69 if (is_null($ninePayPaymentMethod)) { 68 70 return; 69 71 } 70 $ninePayPaymentMethod = sanitize_text_field($_POST['ninepay_payment_method']);71 72 $paymentMethod = $ninePayPaymentMethod; 72 73 $configFile = include('core/config.php'); -
9pay-gateway/trunk/mc-quetma.php
r2903756 r2917055 105 105 add_action('rest_api_init', function(){ 106 106 107 if (!is_string($_REQUEST['result'])) { 107 $result = sanitize_text_field($_REQUEST['result']); 108 109 if (!is_string($result)) { 108 110 return; 109 111 } 110 $result = ($_REQUEST['result']); 111 112 if (!is_string($ _REQUEST['checksum'])) {112 113 $checksum = sanitize_text_field($_REQUEST['checksum']); 114 if (!is_string($checksum)) { 113 115 return; 114 116 } 115 $checksum = ($_REQUEST['checksum']);116 117 117 118 register_rest_route('nine-pay/v1', '/result-ipn', array( … … 269 270 270 271 $excRateUrl = $host . '?' . http_build_query($httpData); 271 $ch = curl_init(); 272 curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); 273 curl_setopt($ch, CURLOPT_URL, $excRateUrl); 274 $result=curl_exec($ch); 275 curl_close($ch); 272 273 $result = wp_remote_retrieve_body(wp_remote_get($execRateUrl)); 276 274 277 275 $allCurrencies = json_decode($result, true); … … 689 687 $lang = $config['ninepay_lang']; 690 688 691 if (is_null($_POST['post_data'])) { 689 $postData = sanitize_text_field($_POST['post_data']); 690 if (is_null($postData)) { 692 691 return; 693 692 } 694 $postData = ($_POST['post_data']);695 693 696 694 parse_str($postData, $result);
Note: See TracChangeset
for help on using the changeset viewer.