Skip to content
This repository has been archived by the owner on Mar 15, 2024. It is now read-only.

Fix validation of IPN response #28

Open
wants to merge 9 commits into
base: master
Choose a base branch
from

Conversation

nykopol
Copy link
Contributor

@nykopol nykopol commented Mar 27, 2014

This PR fix the validation process to match specifications about the use of PBX_REPONDRE_A option or the use of the URL specified in paybox interface.

In concrete, if you use the PBX_REPONDRE_A option, the signature must be validated with data returned according to PBX_RETOUR option. While if you define the URL for IPN by the interface of Paybox, the signature must be validated with all the parameters, even those that can be external to PBX_RETOUR (for example a page parameter).

$container->setParameter('lexik_paybox.pbx_retour', $param_signed);
}
}else{
$container->setParameter('lexik_paybox.pbx_retour', null);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe you should set the parameter with an empty array or you will get a warning when in_array() is called in Response on line 130:
if (in_array($key, $this->pbxRetour)) {

@nykopol
Copy link
Contributor Author

nykopol commented Apr 3, 2014

@cedric-g i had forgotten to filter the data in Response::initData for url_ipn vaidation. So now pbx_retour does not require to be an array as this parameter isn't used anymore in validation by url_ipn.

I think this PR can be merge now.

Conflicts:
	Paybox/System/Base/Response.php
	README.md
	Resources/config/services.yml
	Tests/Paybox/System/ResponseTest.php
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants