Digitalstack/ZnoteAAC
2
0
Fork 0
mirror of https://github.com/Znote/ZnoteAAC.git synced 2025-04-29 18:59:21 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix: sanitizing pagseguro

Browse Source
This commit is contained in:
Gabriel Pedro 2016-05-04 20:30:37 -04:00
parent 1804fe0059
commit 816801880f
2 changed files with 12 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
pagseguro_ipn.php
View File

@ -73,17 +73,19 @@
$rawPayment = VerifyPagseguroIPN($notificationCode); $rawPayment = VerifyPagseguroIPN($notificationCode);
$payment = simplexml_load_string($rawPayment); $payment = simplexml_load_string($rawPayment);
$paymentStatus = (int) $paymentStatus;
$paymentCode = sanitize($paymentCode);
report($notificationCode, $rawPayment); report($notificationCode, $rawPayment);
// Updating Payment Status // Updating Payment Status
mysql_update('UPDATE `znote_pagseguro` SET `payment_status` = ' . ($payment->status) . ' WHERE `transaction` = \'' . $payment->code . '\' '); mysql_update('UPDATE `znote_pagseguro` SET `payment_status` = ' . $paymentStatus . ' WHERE `transaction` = \'' . $paymentCode . '\' ');
// Check that the payment_status is Completed // Check that the payment_status is Completed
if ($payment->status == 3) { if ($paymentStatus == 3) {
// Check that transaction has not been previously processed // Check that transaction has not been previously processed
$transaction = mysql_select_single('SELECT `transaction`, `completed` FROM `znote_pagseguro` WHERE `transaction`= \'' . $payment->code .'\''); $transaction = mysql_select_single('SELECT `transaction`, `completed` FROM `znote_pagseguro` WHERE `transaction`= \'' . $paymentCode .'\'');
$status = true; $status = true;
$custom = (int) $payment->reference; $custom = (int) $payment->reference;
@ -97,7 +99,7 @@
if ($status) { if ($status) {
// transaction log // transaction log
mysql_update('UPDATE `znote_pagseguro` SET `completed` = 1 WHERE `transaction` = \'' . $payment->code . '\''); mysql_update('UPDATE `znote_pagseguro` SET `completed` = 1 WHERE `transaction` = \'' . $paymentCode . '\'');
// Process payment // Process payment
$data = mysql_select_single("SELECT `points` AS `old_points` FROM `znote_accounts` WHERE `account_id`='$custom';"); $data = mysql_select_single("SELECT `points` AS `old_points` FROM `znote_accounts` WHERE `account_id`='$custom';");
@ -106,7 +108,7 @@
$new_points = $data['old_points'] + $item->quantity; $new_points = $data['old_points'] + $item->quantity;
mysql_update("UPDATE `znote_accounts` SET `points`='$new_points' WHERE `account_id`='$custom'"); mysql_update("UPDATE `znote_accounts` SET `points`='$new_points' WHERE `account_id`='$custom'");
} }
} else if ($payment->status == 7) { } else if ($paymentStatus == 7) {
mysql_update('UPDATE `znote_pagseguro` SET `completed` = 1 WHERE `transaction` = \'' . $payment->code . '\' '); mysql_update('UPDATE `znote_pagseguro` SET `completed` = 1 WHERE `transaction` = \'' . $paymentCode . '\' ');
} }
?> ?>

7
pagseguro_retorno.php
View File

@ -96,12 +96,13 @@
$rawTransaction = VerifyPagseguroIPN($transactionCode); $rawTransaction = VerifyPagseguroIPN($transactionCode);
$transaction = simplexml_load_string($rawTransaction); $transaction = simplexml_load_string($rawTransaction);
$completed = ($transaction->status != 7) ? 0 : 1; $transactionStatus = (int) $transaction->status;
$completed = ($transactionStatus != 7) ? 0 : 1;
$custom = (int) $transaction->reference; $custom = (int) $transaction->reference;
$item = $transaction->items->item[0]; $item = $transaction->items->item[0];
$points = $item->quantity; $points = $item->quantity;
$price = $item->quantity * ($pagseguro['price'] / 100); $price = $points * ($pagseguro['price'] / 100);
mysql_insert('INSERT INTO `znote_pagseguro` VALUES (null, \'' . $transaction->code . '\', ' . $custom . ', \'' . $price . '\', \'' . $points . '\', ' . $transaction->status . ', ' . $completed . ')'); mysql_insert('INSERT INTO `znote_pagseguro` VALUES (null, \'' . sanitize($transaction->code) . '\', ' . $custom . ', \'' . $price . '\', \'' . $points . '\', ' . $transactionStatus . ', ' . $completed . ')');
header('Location: shop.php?callback=processing'); header('Location: shop.php?callback=processing');