Index: /mods/wpsg_mod_su.class.php =================================================================== --- /mods/wpsg_mod_su.class.php (revision 7512) +++ /mods/wpsg_mod_su.class.php (revision 7513) @@ -186,83 +186,89 @@ } // public function mail_payment() - public function template_redirect() - { - - if (wpsg_isSizedString($_REQUEST['wpsg_plugin'], 'wpsg_mod_su') && wpsg_isSizedString($_REQUEST['confirm'], 'su')) - { - - $order = $this->db->fetchRow("SELECT * FROM `".WPSG_TBL_ORDER."` WHERE `id` = '".wpsg_q(sanitize_key($_REQUEST['user_variable_2']))."'"); - if ($order['id'] <= 0) die(); - - $oOrder = wpsg_order::getInstance($order['id']); - - $arHash = array( - 'transaction' => sanitize_key($_REQUEST['transaction']), - 'user_id' => sanitize_key($_REQUEST['user_id']), - 'project_id' => sanitize_key($_REQUEST['project_id']), - 'sender_holder' => sanitize_key($_REQUEST['sender_holder']), - 'sender_account_number' => sanitize_key($_REQUEST['sender_account_number']), - 'sender_bank_code' => sanitize_key($_REQUEST['sender_bank_code']), - 'sender_bank_name' => sanitize_text_field($_REQUEST['sender_bank_name']), - 'sender_bank_bic' => sanitize_key($_REQUEST['sender_bank_bic']), - 'sender_iban' => sanitize_key($_REQUEST['sender_iban']), - 'sender_country_id' => sanitize_key($_REQUEST['sender_country_id']), - 'recipient_holder' => sanitize_key($_REQUEST['recipient_holder']), - 'recipient_account_number' => sanitize_key($_REQUEST['recipient_account_number']), - 'recipient_bank_code' => sanitize_key($_REQUEST['recipient_bank_code']), - 'recipient_bank_name' => sanitize_text_field($_REQUEST['recipient_bank_name']), - 'recipient_bank_bic' => sanitize_key($_REQUEST['recipient_bank_bic']), - 'recipient_iban' => sanitize_key($_REQUEST['recipient_iban']), - 'recipient_country_id' => sanitize_key($_REQUEST['recipient_country_id']), - 'international_transaction' => sanitize_key($_REQUEST['international_transaction']), - 'amount' => number_format(wpsg_tf($oOrder->getToPay()), 2, '.', ''), - 'currency_id' => sanitize_key($_REQUEST['currency_id']), - 'reason_1' => sanitize_key($_REQUEST['reason_1']), - 'reason_2' => sanitize_key($_REQUEST['reason_2']), - 'security_criteria' => sanitize_key($_REQUEST['security_criteria']), - 'user_variable_0' => sanitize_key($_REQUEST['user_variable_0']), - 'user_variable_1' => sanitize_key($_REQUEST['user_variable_1']), - 'user_variable_2' => sanitize_key($_REQUEST['user_variable_2']), - 'user_variable_3' => sanitize_key($_REQUEST['user_variable_3']), - 'user_variable_4' => sanitize_key($_REQUEST['user_variable_4']), - 'user_variable_5' => sanitize_key($_REQUEST['user_variable_5']), - 'created' => sanitize_key($_REQUEST['created']), - 'notification_password' => $this->shop->get_option('wpsg_mod_su_noticepassword') - ); - - switch ($this->shop->get_option('wpsg_mod_su_hash')) - { - case 'md5': - $strHash = md5(implode("|", $arHash)); - break; - case 'sha1': - $strHash = sha1(implode("|", $arHash)); - break; - case 'sha256': - $strHash = hash("sha256", implode("|", $arHash)); - break; - case 'sha512': - $strHash = hash("sha512", implode("|", $arHash)); - break; - } - - if ($strHash == $_REQUEST['hash']) - { - + public function template_redirect() { + + if (wpsg_isSizedString($_REQUEST['wpsg_plugin'], 'wpsg_mod_su') && wpsg_isSizedString($_REQUEST['confirm'], 'su')) { + + try { + + if (!wpsg_checkInput($_REQUEST['user_variable_2'], WPSG_SANITIZE_INT)) throw new \Exception(__('UngÌltiger Wert in user_variable_2', 'wpsg')); + + $order = $this->db->fetchRow("SELECT * FROM `".WPSG_TBL_ORDER."` WHERE `id` = '".wpsg_q($_REQUEST['user_variable_2'])."'"); + if ($order['id'] <= 0) die(); + + $oOrder = wpsg_order::getInstance($order['id']); + + // Den Request validiere ich hier nicht weiter, da ich ihn nur zum Hash Abgleich brauche und somit die validitÀt prÌfe + + $arHash = array( + 'transaction' => $_REQUEST['transaction'], + 'user_id' => $_REQUEST['user_id'], + 'project_id' => $_REQUEST['project_id'], + 'sender_holder' => $_REQUEST['sender_holder'], + 'sender_account_number' => $_REQUEST['sender_account_number'], + 'sender_bank_code' => $_REQUEST['sender_bank_code'], + 'sender_bank_name' => $_REQUEST['sender_bank_name'], + 'sender_bank_bic' => $_REQUEST['sender_bank_bic'], + 'sender_iban' => $_REQUEST['sender_iban'], + 'sender_country_id' => $_REQUEST['sender_country_id'], + 'recipient_holder' => $_REQUEST['recipient_holder'], + 'recipient_account_number' => $_REQUEST['recipient_account_number'], + 'recipient_bank_code' => $_REQUEST['recipient_bank_code'], + 'recipient_bank_name' => $_REQUEST['recipient_bank_name'], + 'recipient_bank_bic' => $_REQUEST['recipient_bank_bic'], + 'recipient_iban' => $_REQUEST['recipient_iban'], + 'recipient_country_id' => $_REQUEST['recipient_country_id'], + 'international_transaction' => $_REQUEST['international_transaction'], + 'amount' => number_format(wpsg_tf($oOrder->getToPay()), 2, '.', ''), + 'currency_id' => $_REQUEST['currency_id'], + 'reason_1' => $_REQUEST['reason_1'], + 'reason_2' => $_REQUEST['reason_2'], + 'security_criteria' => $_REQUEST['security_criteria'], + 'user_variable_0' => $_REQUEST['user_variable_0'], + 'user_variable_1' => $_REQUEST['user_variable_1'], + 'user_variable_2' => $_REQUEST['user_variable_2'], + 'user_variable_3' => $_REQUEST['user_variable_3'], + 'user_variable_4' => $_REQUEST['user_variable_4'], + 'user_variable_5' => $_REQUEST['user_variable_5'], + 'created' => $_REQUEST['created'], + 'notification_password' => $this->shop->get_option('wpsg_mod_su_noticepassword') + ); + + $strHash = ''; + + switch ($this->shop->get_option('wpsg_mod_su_hash')) { + + case 'md5': + $strHash = md5(implode("|", $arHash)); + break; + case 'sha1': + $strHash = sha1(implode("|", $arHash)); + break; + case 'sha256': + $strHash = hash("sha256", implode("|", $arHash)); + break; + case 'sha512': + $strHash = hash("sha512", implode("|", $arHash)); + break; + + } + + if ($strHash === $_REQUEST['hash']) { + + $this->db->ImportQuery(WPSG_TBL_OL, array( + "title" => __("SofortÌberweisung VERIFIED", 'wpsg'), + "cdate" => "NOW()", + "o_id" => wpsg_q($order['id']), + "mailtext" => print_r($_REQUEST, 1) + )); + + $this->shop->setOrderStatus($order['id'], 100, true); + + } else throw new \Exception(__('Hash konnte nicht verifiziert werden.', 'wpsg')); + + } catch (\Exception $e) { + $this->db->ImportQuery(WPSG_TBL_OL, array( - "title" => __("SofortÌberweisung VERIFIED", 'wpsg'), - "cdate" => "NOW()", - "o_id" => wpsg_q($order['id']), - "mailtext" => print_r($_REQUEST, 1) - )); - - $this->shop->setOrderStatus($order['id'], 100, true); - - } - else - { - - $this->db->ImportQuery(WPSG_TBL_OL, array( - "title" => __("SofortÌberweisung FAILED", 'wpsg'), + "title" => __("SofortÌberweisung FAILED: ", 'wpsg').$e->getMessage(), "cdate" => "NOW()", "o_id" => wpsg_q($order['id']), Index: /views/mods/mod_su/settings_edit.phtml =================================================================== --- /views/mods/mod_su/settings_edit.phtml (revision 7512) +++ /views/mods/mod_su/settings_edit.phtml (revision 7513) @@ -57,5 +57,5 @@ 'MD5', 'sha1' => 'SHA1', 'sha256' => 'SHA256', 'sha512' => 'SHA512'), $this->get_option('wpsg_mod_su_hash'), array('help' => 'wpsg_mod_su_hash')); ?> -view['wpsg_mod_su_confirmurl']), array('help' => 'wpsg_mod_su_confirmurl', 'readonly' => true)); ?> +view['wpsg_mod_su_confirmurl'], array('help' => 'wpsg_mod_su_confirmurl', 'readonly' => true)); ?> get_option('wpsg_mod_su_autostart')); ?>