Index: /changelog =================================================================== --- /changelog (revision 7585) +++ /changelog (revision 7586) @@ -270,2 +270,3 @@ #4.1.6 - Bugfix: Mögliches Problem beim Update Prozess behoben +- Bugfix: Nounce Absicherung beim aktualisieren der Zahlung im Modul "PayPal" Index: /mods/wpsg_mod_paypal.class.php =================================================================== --- /mods/wpsg_mod_paypal.class.php (revision 7585) +++ /mods/wpsg_mod_paypal.class.php (revision 7586) @@ -136,17 +136,19 @@ } // public function wpsg_deinstall_sites() - public function order_ajax() - { - - if (wpsg_isSizedString($_REQUEST['do'], 'refresh')) - { - - $_REQUEST['edit_id'] = wpsg_sinput("key", $_REQUEST['edit_id']); - - $state = $this->getPaymentState($_REQUEST['edit_id']); + public function order_ajax() { + + if (wpsg_isSizedString($_REQUEST['do'], 'refresh')) { + + wpsg_checkNounce('Order', 'view', ['action' => 'ajax', 'edit_id' => wpsg_getInt($_REQUEST['edit_id']), 'do' => 'refresh', 'mod' => 'wpsg_mod_paypal']); + + if (!wpsg_checkInput($_REQUEST['edit_id'], WPSG_SANITIZE_INT)) throw \wpsg\Exception::getSanitizeException(); else $order_id = intval($_REQUEST['edit_id']); + + $state = $this->getPaymentState($order_id); $this->shop->addBackendMessage(wpsg_translate(__('Status der Zahlung (#1#) erfolgreich abgefragt.', 'wpsg'), $state)); - - $this->shop->redirect(WPSG_URL_WP.'wp-admin/admin.php?page=wpsg-Order&action=view&edit_id='.$_REQUEST['edit_id']); + + $this->shop->redirect( + wpsg_admin_url('Order', 'view', ['edit_id' => $order_id]) + ); } Index: /views/mods/mod_paypal/order_view_afterpayment.phtml =================================================================== --- /views/mods/mod_paypal/order_view_afterpayment.phtml (revision 7585) +++ /views/mods/mod_paypal/order_view_afterpayment.phtml (revision 7586) @@ -14,5 +14,9 @@
- +