[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [taler-merchant-frontend-examples] branch master updated: s
From: |
gnunet |
Subject: |
[GNUnet-SVN] [taler-merchant-frontend-examples] branch master updated: security check on php payment. |
Date: |
Mon, 27 Mar 2017 16:04:46 +0200 |
This is an automated email from the git hooks/post-receive script.
marcello pushed a commit to branch master
in repository merchant-frontend-examples.
The following commit(s) were added to refs/heads/master by this push:
new 326904f security check on php payment.
326904f is described below
commit 326904f79fa985771b558ece2f0c3b329c3cab12
Author: Marcello Stanisci <address@hidden>
AuthorDate: Mon Mar 27 16:04:14 2017 +0200
security check on php payment.
---
php/order.php | 2 +-
php/pay.php | 13 +++++++++++--
2 files changed, 12 insertions(+), 3 deletions(-)
diff --git a/php/order.php b/php/order.php
index aa77b3e..bc6d824 100644
--- a/php/order.php
+++ b/php/order.php
@@ -41,7 +41,7 @@
'timestamp' =>
"/Date(" . $now->getTimestamp() . ")/",
'fulfillment_url' =>
- url_rel("/fulfillment.php"),
+ url_rel("/fulfillment.php?order_id=$order_id"),
'pay_url' =>
url_rel("/pay.php"),
'refund_deadline' =>
diff --git a/php/pay.php b/php/pay.php
index e5bd268..25b2d6a 100644
--- a/php/pay.php
+++ b/php/pay.php
@@ -10,9 +10,18 @@
return;
}
// Get coins.
- $body = file_get_contents('php://input');
- $response = post_to_backend("/pay", json_decode($body));
+ $body = json_decode(file_get_contents('php://input'));
+
+ if ($_SESSION["order_id"] != $body->order_id){
+ echo build_error($response,
+ "Mismatch between the product ordered and the one
attempted to be paid",
+ 406);
+ return;
+ }
+
+ $response = post_to_backend("/pay", $body);
http_response_code($response['status_code']);
+
if (200 != $response['status_code']){
echo build_error($response,
"Could not send payment to backend",
--
To stop receiving notification emails like this one, please contact
address@hidden
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [GNUnet-SVN] [taler-merchant-frontend-examples] branch master updated: security check on php payment.,
gnunet <=