WordPress.org
Get WordPress

Plugin Directory

Changeset 687774


Ignore:
Timestamp:
03/26/2013 10:02:15 PM (13 years ago)
Author:
gesman
Message:

1.25 version update

Location:
bitcoin-payments-for-woocommerce/trunk
Files:
4 edited

Legend:

Unmodified
Added
Removed

  • bitcoin-payments-for-woocommerce/trunk/bitcoinway-woocommerce.php

    r686643 r687774  
    1212Plugin URI: http://www.bitcoinway.com/
    1313Description: Bitcoin Payments for WooCommerce plugin allows you to accept payments in bitcoins for physical and digital products at your WooCommerce-powered online store.
    14 Version: 1.24
     14Version: 1.25
    1515Author: BitcoinWay
    1616Author URI: http://www.bitcoinway.com/

  • bitcoin-payments-for-woocommerce/trunk/bwwc-bitcoin-gateway.php

    r686643 r687774  
    266266
    267267            $bitcoin_addr_merchant = $this->bitcoin_addr_merchant;
    268             $callback_url = trailingslashit (home_url()) . "?wc-api=BWWC_Bitcoin&bitcoinway=1&src=bcinfo&order_id={$order_id}"; // http://www.example.com/?bitcoinway=1&order_id=74&src=bcinfo
     268            $secret_key = substr(md5(microtime()), 0, 16);  # Generate secret key to be validate upon receiving IPN callback to prevent spoofing.
     269            $callback_url = trailingslashit (home_url()) . "?wc-api=BWWC_Bitcoin&secret_key={$secret_key}&bitcoinway=1&src=bcinfo&order_id={$order_id}"; // http://www.example.com/?bitcoinway=1&order_id=74&src=bcinfo
    269270        BWWC__log_event (__FILE__, __LINE__, "Calling BWWC__generate_temporary_bitcoin_address(). Payments to be forwarded to: '{$bitcoin_addr_merchant}' with callback URL: '{$callback_url}' ...");
    270271
     
    283284        BWWC__log_event (__FILE__, __LINE__, "     Generated unique bitcoin address: '{$bitcoins_address}' for order_id " . $order_id);
    284285
     286        update_post_meta (
     287            $order_id,          // post id ($order_id)
     288            'secret_key',   // meta key
     289            $secret_key         // meta value. If array - will be auto-serialized
     290            );
    285291        update_post_meta (
    286292            $order_id,          // post id ($order_id)
     
    438444
    439445
    440                 $ips = gethostbynamel('blockchain.info');
    441                 $must_be_prefix    = preg_replace ('|\d+\.\d+$|', "", $ips[0]);
    442                 $originated_prefix = preg_replace ('|\d+\.\d+$|', "", @$_SERVER['REMOTE_ADDR']);
    443 
    444                 //Check the Request ip matches that from blockchain.info
    445                 if ($must_be_prefix != $originated_prefix)
     446                $order_id = @$_GET['order_id'];
     447
     448                $secret_key = get_post_meta($order_id, 'secret_key', true);
     449                $secret_key_sent = @$_GET['secret_key'];
     450                // Check the Request secret_key matches the original one (blockchain.info sends all params back)
     451                if ($secret_key_sent != $secret_key)
    446452                {
    447                     BWWC__log_event (__FILE__, __LINE__, "Warning: wrong originating IP address: " . $_SERVER['REMOTE_ADDR'] . ". Expected prefix: " . $must_be_prefix . ". Fraud? IPN request ignored...");
    448                    
    449                     //////!!!
    450                     BWWC__log_event (__FILE__, __LINE__, "Temporary proceeding with processing.");
    451                     /// More security validation will be added soon
    452                     //////!!!
    453                     ///!!!exit ('Bad IP');
     453                BWWC__log_event (__FILE__, __LINE__, "Warning: secret_key does not match! secret_key sent: '{$secret_key_sent}'. Expected: '{$secret_key}'. Processing aborted.");
     454                exit ('Invalid secret_key');
    454455                }
    455456
    456                 $order_id = @$_GET['order_id'];
    457457                $confirmations = @$_GET['confirmations'];
    458458
     
    522522                {
    523523                    // Number of confirmations are not there yet... Skip it this time ...
    524                     // Don't print *ok* so the notification resent again on next confirmation
    525                     BWWC__log_event (__FILE__, __LINE__, "NOTE: Payment notification received (for BTC {$value_in_btc}), but number of confirmations is not enough yet. Confirmations received/required: {$confirmations}/{$this->confirmations}");
    526                     exit();
     524                // Don't print *ok* so the notification resent again on next confirmation
     525                BWWC__log_event (__FILE__, __LINE__, "NOTE: Payment notification received (for BTC {$value_in_btc}), but number of confirmations is not enough yet. Confirmations received/required: {$confirmations}/{$this->confirmations}");
     526                exit();
    527527                }
    528528            }

  • bitcoin-payments-for-woocommerce/trunk/bwwc-include-all.php

    r686643 r687774  
    77//---------------------------------------------------------------------------
    88// Global definitions
    9 define('BWWC_VERSION',           '1.24');
     9define('BWWC_VERSION',           '1.25');
    1010
    1111//-----------------------------------------------

  • bitcoin-payments-for-woocommerce/trunk/readme.txt

    r686643 r687774  
    1414== Description ==
    1515
    16 You online store must use WooCommerce platform (free wordpress plugin).
     16Your online store must use WooCommerce platform (free wordpress plugin).
    1717Once you installed and activated WooCommerce, you may install and activate Bitcoin Payments for WooCommerce.
    1818
     
    4747== Changelog ==
    4848
     49= 1.25 =
     50* Implemented security check (secret_key validation logic) to prevent spoofed IPN requests.
     51
    4952= 1.24 =
    5053* Fixed IPN callback notification invocation specific to WC 2.x
Note: See TracChangeset for help on using the changeset viewer.