Skip to content

Commit

Permalink
revert nounce (#29)
Browse files Browse the repository at this point in the history
* revert nounce

* only use php 7.4
  • Loading branch information
carlHandy committed Jul 22, 2024
1 parent 418559a commit 593b5e0
Show file tree
Hide file tree
Showing 3 changed files with 12 additions and 12 deletions.
2 changes: 1 addition & 1 deletion composer.json
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
"require": {
"phpseclib/phpseclib": "~3.0",
"woocommerce/woocommerce": "^5.9.1",
"php": "^5.6 || ~7.0 || ~7.1 || ~7.2 || ~7.3 || ~7.4"
"php": "~7.4"
},
"require-dev": {
"phpunit/phpunit": "^9.5"
Expand Down
19 changes: 10 additions & 9 deletions includes/class-mmg-checkout-payment.php
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,6 @@ public function enqueue_scripts() {
wp_enqueue_script('mmg-checkout', plugin_dir_url(dirname(__FILE__)) . 'js/mmg-checkout.js', array('jquery'), '1.0', true);
wp_localize_script('mmg-checkout', 'mmg_checkout_params', array(
'ajax_url' => admin_url('admin-ajax.php'),
'security' => wp_create_nonce('mmg_generate_checkout_url'),
));
error_log('MMG Checkout: Script enqueued on checkout pay page');
} else {
Expand All @@ -63,15 +62,12 @@ public function enqueue_scripts() {
}

public function generate_checkout_url() {
// Add nonce verification
check_ajax_referer('mmg_generate_checkout_url', 'security');

try {
if (!$this->validate_public_key()) {
throw new Exception('Invalid RSA public key');
}

$order_id = isset($_POST['order_id']) ? absint($_POST['order_id']) : 0;
$order_id = isset($_POST['order_id']) ? intval($_POST['order_id']) : 0;
$order = wc_get_order($order_id);

if (!$order) {
Expand Down Expand Up @@ -124,7 +120,12 @@ private function encrypt($checkout_object) {
error_log("Checkout Object:\n $json_object\n");

// message to bytes
$json_bytes = mb_convert_encoding($json_object, 'UTF-8');
if (function_exists('mb_convert_encoding')) {
$json_bytes = mb_convert_encoding($json_object, 'ISO-8859-1', 'UTF-8');
} else {
// Fallback method
$json_bytes = utf8_decode($json_object);
}

// Load the public key
try {
Expand Down Expand Up @@ -277,7 +278,7 @@ public function handle_payment_confirmation() {

$token = isset($_GET['token']) ? sanitize_text_field($_GET['token']) : '';

if (empty($token) || !is_string($token) || strlen($token) > 1024) {
if (empty($token)) {
wp_die('Invalid token', 'MMG Checkout Error', array('response' => 400));
}

Expand All @@ -289,8 +290,8 @@ public function handle_payment_confirmation() {
wp_die('Error decrypting token: ' . $e->getMessage(), 'MMG Checkout Error', array('response' => 400));
}

$order_id = isset($payment_data['merchantTransactionId']) ? absint($payment_data['merchantTransactionId']) : 0;
$result_code = isset($payment_data['resultCode']) ? absint($payment_data['resultCode']) : null;
$order_id = isset($payment_data['merchantTransactionId']) ? intval($payment_data['merchantTransactionId']) : 0;
$result_code = isset($payment_data['resultCode']) ? intval($payment_data['resultCode']) : null;
$result_message = isset($payment_data['resultMessage']) ? sanitize_text_field($payment_data['resultMessage']) : '';

$order = wc_get_order($order_id);
Expand Down
3 changes: 1 addition & 2 deletions js/mmg-checkout.js
Original file line number Diff line number Diff line change
Expand Up @@ -11,8 +11,7 @@ jQuery(document).ready(function($) {
type: 'POST',
data: {
action: 'generate_checkout_url',
order_id: orderId,
security: mmg_checkout_params.security
order_id: orderId
},
success: function(response) {
if (response.success && response.data.checkout_url) {
Expand Down

0 comments on commit 593b5e0

Please sign in to comment.