Skip to content
This repository has been archived by the owner on Feb 9, 2019. It is now read-only.

Commit

Permalink
Merge pull request #35 from ebizmarts/development
Browse files Browse the repository at this point in the history
Merge fix for exposed ids.
  • Loading branch information
Santiagoebizmarts authored Feb 8, 2019
2 parents 9d09695 + d2e806a commit 3ac475d
Show file tree
Hide file tree
Showing 8 changed files with 530 additions and 486 deletions.
8 changes: 3 additions & 5 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
# This extension has been put in code freeze and will be deprecated as soon as Magento 1 support period finishes. If you need support please contact us.

# SagePay OFFICIAL Extension for Magento - FREE

__NEW: SagePay Protocol v3 with European Payments support (UK, Germany, Spain)__
Expand All @@ -17,14 +19,10 @@ New FREE __Sage Pay approved__ extension from __ebizmarts__. Supports all [Sage
* Handy admin tools
* Magento events (observers) have been used to avoid conflicts with other extensions

The latest stable version of the extension can be installed via the [Magento Connect](http://www.magentocommerce.com/magento-connect/ebizmarts-sage-pay-suite-ce-europe-free-sagepay-official-extension.html).

----
## Support
Need support? [Click here](http://ebizmarts.com/forums/view/2)

To Install configure and see most common issues visit our [wiki](http://wiki.ebizmarts.com/)

*Please note that this free extension only supports PAYMENT transactions, please contact ebizmarts for the fully featured commercial version.*

**For more information about the commercial version of this extension [CLICK HERE](http://store.ebizmarts.com/extensions/sage-pay-suite-pro.html). Supports PayPal, REFUNDS, DEFER and AUTHENTICATE Payments, and much more.**
**For more information about the commercial version of this extension [CLICK HERE](http://store.ebizmarts.com/extensions/sage-pay-suite-pro.html). Supports PayPal, REFUNDS, DEFER and AUTHENTICATE Payments, and much more.**
Original file line number Diff line number Diff line change
Expand Up @@ -29,22 +29,24 @@ protected function _toHtml()
$successUrl = Mage::getModel('adminhtml/url')->getUrl('adminhtml/sales_order/view', array('order_id' => $orderId, '_secure' => true));
}
else {
if(!is_null($this->getRequest()->getParam('qide'))
&& !is_null($this->getRequest()->getParam('incide'))
&& !is_null($this->getRequest()->getParam('oide'))) {
$helper = Mage::helper('sagepaysuite');
$sanitizedParams = $helper->sanitizeParamsFromQuery($this->getRequest()->getParams());
if (isset($sanitizedParams['qide'])
&& isset($sanitizedParams['incide'])
&& isset($sanitizedParams['oide'])) {
$transaction = Mage::getModel('sagepaysuite2/sagepaysuite_transaction')
->loadByParent($this->getRequest()->getParam('oide'));
->loadByParent($sanitizedParams['oide']);
$first_arrive = $transaction->getData("server_success_arrived") == false;
Mage::getSingleton('core/session')->setData("sagepay_server_first_arrive", $first_arrive);

if(!$this->isPreSaveEnabled()){
//relogin user if just registered
$quote = Mage::getModel('sales/quote')->load($this->getRequest()->getParam('qide'));
$quote = Mage::getModel('sales/quote')->load($sanitizedParams['qide']);
$isRegister = ($quote->getData('checkout_method') == 'register');
$quote_customer_id = $quote->getData('customer_id');
$transaction = Mage::getModel('sagepaysuite2/sagepaysuite_transaction')
->loadByParent($this->getRequest()->getParam('oide'));
if($isRegister && $quote_customer_id == $this->getRequest()->getParam('cusid')){
->loadByParent($sanitizedParams['oide']);
if($isRegister && $quote_customer_id == $sanitizedParams['cusid']){
//check transaction flag
if($first_arrive){
Mage::getSingleton('customer/session')->loginById($this->getRequest()->getParam('cusid'));
Expand Down Expand Up @@ -85,18 +87,18 @@ protected function _toHtml()
}

Mage::getSingleton('checkout/session')
->setLastSuccessQuoteId($this->getRequest()->getParam('qide'))
->setLastQuoteId($this->getRequest()->getParam('qide'))
->setLastOrderId($this->getRequest()->getParam('oide'))
->setLastRealOrderId(Mage::helper('sagepaysuite')->decodeParamFromQuery($this->getRequest()->getParam('incide')));
->setLastSuccessQuoteId($sanitizedParams['qide'])
->setLastQuoteId($sanitizedParams['qide'])
->setLastOrderId($sanitizedParams['oide'])
->setLastRealOrderId(Mage::helper('sagepaysuite')->decodeParamFromQuery($sanitizedParams['incide']));

//set invoice flag
$autoInvoice = (int)$this->getRequest()->getParam('inv');
$autoInvoice = (int)$sanitizedParams['inv'];
$preventInvoice = ((int)Mage::getStoreConfig('payment/sagepaysuite/prevent_invoicing') === 1);
Mage::getSingleton('sagepaysuite/session')->setCreateInvoicePayment($autoInvoice && !$preventInvoice);

if($this->isPreSaveEnabled()) {
$order = Mage::getModel('sales/order')->load($this->getRequest()->getParam('oide'));
$order = Mage::getModel('sales/order')->load($sanitizedParams['oide']);

//change status
$order->setStatus((string)Mage::getModel('sagepaysuite/sagePayServer')->getConfigData('order_status'))->save();
Expand All @@ -108,18 +110,18 @@ protected function _toHtml()

$_succuessParams = Mage::helper('sagepaysuite')->sanitizeParamsForQuery(
array('_secure' => true,
'oide' => $this->getRequest()->getParam('oide'),
'qide' => $this->getRequest()->getParam('qide'),
'incide' => $this->getRequest()->getParam('incide'),
'inv' => $this->getRequest()->getParam('inv'))
'oide' => $sanitizedParams['oide'],
'qide' => $sanitizedParams['qide'],
'incide' => $sanitizedParams['incide'],
'inv' => $sanitizedParams['inv'])
);

$successUrl = Mage::getModel('core/url')->getUrl('checkout/onepage/success', $_succuessParams);

//recover multishipping data
if($this->getRequest()->getParam('multishipping')) {
//get multishipping ids data
$msorderids = $this->getRequest()->getParam('msorderids');
$msorderids = $sanitizedParams['msorderids'];
$msorderids = explode(",", $msorderids);
$msorderidsArray = array();
for($i = 0;$i<count($msorderids);$i++){
Expand Down
67 changes: 65 additions & 2 deletions app/code/local/Ebizmarts/SagePaySuite/Helper/Data.php
Original file line number Diff line number Diff line change
Expand Up @@ -752,13 +752,13 @@ public function sanitizeParamsForQuery(array $parameters)
$return = array();

foreach ($parameters as $_key => $_param) {
$return [$_key] = $this->_encodeParamForQuery($_param);
$return [$_key] = $this->encodeParamForQuery($_param);
}

return $return;
}

private function _encodeParamForQuery($string)
private function encodeParamForQuery($string)
{
return rawurlencode($string);
}
Expand All @@ -768,4 +768,67 @@ public function decodeParamFromQuery($string)
return rawurldecode($string);
}

public function sanitizeParamsFromQuery(array $parameters)
{
$return = array();
foreach ($parameters as $_key => $_param) {
if ($this->isEncryptedParam($_key)) {
$return[$_key] = $this->decodeParamFromQuery($_param);
} else {
$return[$_key] = $_param;
}
}
return $return;
}

protected function isEncryptedParam($key)
{
switch ($key) {
case 'inv':
case 'cusid':
case 'qide':
case 'incide':
case 'oide':
case 'qid':
return true;
break;
default:
return false;
break;
}
}
/**
* Add params with format key=value to void problems when encryption returns value with character /
*
* @param $url
* @param $params
* @return string
*/
public function addEncodedParamsToUrl($url, $params)
{
$encodedParams = $this->sanitizeParamsForQuery($params);
if(strstr($url, '?') === false) {
$url .= '?' . $this->_getFormattedParams($encodedParams);
} else {
$url .= '&' . $this->_getFormattedParams($encodedParams);
}
return $url;
}
/**
* @param $encodedParams
* @return string
*/
protected function _getFormattedParams($encodedParams)
{
$formattedString = '';
$count = 0;
foreach ($encodedParams as $key => $value) {
if ($count > 0) {
$formattedString .= '&';
}
$formattedString .= $key . '=' . $value;
$count++;
}
return $formattedString;
}
}
Loading

0 comments on commit 3ac475d

Please sign in to comment.