Update of /cvs/scoop/scoop/lib/Scoop/Billing
In directory lithium.sabren.com:/tmp/cvs-serv30231/lib/Scoop/Billing
Modified Files:
Linkpoint.pm
Log Message:
Committing XSS (and some others janra found, as I recall) security fixes
and some stuff found in the K5 upgrade. -j
Index: Linkpoint.pm
===================================================================
RCS file: /cvs/scoop/scoop/lib/Scoop/Billing/Linkpoint.pm,v
retrieving revision 1.1
retrieving revision 1.2
diff -C2 -d -r1.1 -r1.2
*** Linkpoint.pm 21 Apr 2002 07:07:58 -0000 1.1
--- Linkpoint.pm 6 Aug 2006 04:22:45 -0000 1.2
***************
*** 22,40 ****
# Make a new lperl
! my $lperl = new LPERL($S->{CONFIG}->{lbin_location}, "FILE", $S->{CONFIG}->{lbin_tmp_dir});
my $transaction_hash = $S->lperl_input_hash($price, $args);
!
# Ok, go ahead then
my %cc_result;
unless ($S->{CC_ERR}) {
! %cc_result = $lperl->ApproveSale($transaction_hash);
}
! return %cc_result;
}
-
# cc_pre_auth: Pre-authorize a transaction.
sub cc_pre_auth {
--- 22,41 ----
# Make a new lperl
! my $lperl = new LPPERL();
my $transaction_hash = $S->lperl_input_hash($price, $args);
! $transaction_hash->{ordertype} = 'SALE';
# Ok, go ahead then
my %cc_result;
unless ($S->{CC_ERR}) {
! %cc_result = $lperl->curl_process($transaction_hash);
}
+
+ my $ret_result = $S->cc_backport_result($price, \%cc_result);
! return %{$ret_result};
}
# cc_pre_auth: Pre-authorize a transaction.
sub cc_pre_auth {
***************
*** 44,58 ****
# Make a new lperl
! my $lperl = new LPERL($S->{CONFIG}->{lbin_location}, "FILE", $S->{CONFIG}->{lbin_tmp_dir});
my $transaction_hash = $S->lperl_input_hash($price, $in);
# Ok, go ahead then
my %cc_result;
unless ($S->{CC_ERR}) {
! %cc_result = $lperl->CapturePayment($transaction_hash);
}
! return %cc_result;
}
--- 45,62 ----
# Make a new lperl
! my $lperl = new LPPERL();
my $transaction_hash = $S->lperl_input_hash($price, $in);
+ $transaction_hash->{ordertype} = 'PREAUTH';
# Ok, go ahead then
my %cc_result;
unless ($S->{CC_ERR}) {
! %cc_result = $lperl->curl_process($transaction_hash);
}
! my $ret_result = $S->cc_backport_result($price, \%cc_result);
!
! return %{$ret_result};
}
***************
*** 66,81 ****
# Finish sale
my $transaction_hash = {
! hostname => $S->{CONFIG}->{linkpt_host},
port => $S->{CONFIG}->{linkpt_port},
! storename => $S->{CONFIG}->{linkpt_store},
keyfile => $S->{CONFIG}->{linkpt_keyfile},
! orders => $orders
};
! my $lperl = new LPERL($S->{CONFIG}->{lbin_location}, "FILE", $S->{CONFIG}->{lbin_tmp_dir});
! my $processed = $lperl->BillOrders($transaction_hash);
! return $transaction_hash->{orders};
}
--- 70,96 ----
# Finish sale
my $transaction_hash = {
! host => $S->{CONFIG}->{linkpt_host},
port => $S->{CONFIG}->{linkpt_port},
! configfile => $S->{CONFIG}->{linkpt_store},
keyfile => $S->{CONFIG}->{linkpt_keyfile},
! ordertype => 'POSTAUTH'
};
! my $lperl = new LPPERL();
! my @return_orders;
! foreach my $o (@{$orders}) {
! my $th = $transaction_hash;
! $th->{'oid'} = $o->{'orderID'};
! $th->{'chargetotal'} = $o->{'amount'};
! my %cc_result = $lperl->curl_process($transaction_hash);
! my $ret_result = $S->cc_backport_result($th->{'chargetotal'}, \%cc_result);
! foreach my $k (keys %{$o}) {
! $ret_result->{$k} = $o->{$k};
! }
! push @return_orders, $ret_result;
! }
! return \@return_orders;
}
***************
*** 91,116 ****
# Pull out numeric part of address, if possible
my $addrnum = $in->{baddr1};
! $addrnum =~ s/^(\d+).*$//g;
my $transaction_hash = {
! hostname => $S->{CONFIG}->{linkpt_host},
port => $S->{CONFIG}->{linkpt_port},
! storename => $S->{CONFIG}->{linkpt_store},
keyfile => $S->{CONFIG}->{linkpt_keyfile},
chargetotal => $price,
cardnumber => $in->{cardnumber},
! expmonth => $in->{expmonth},
! expyear => $in->{expyear},
! bname => "$in->{fname} $in->{lname}",
! baddr1 => $in->{baddr1},
! baddr2 => $in->{baddr2},
! bcity => $in->{bcity},
! bstate => $in->{bstate},
! bcountry => $in->{bcountry},
! bzip => $in->{bzip},
phone => $in->{phone},
! ip => $S->{REMOTE_IP},
! mototransaction => 'ECI_TRANSACTION',
! cvmindicator => 'CVM_NotProvided'
};
--- 106,135 ----
# Pull out numeric part of address, if possible
my $addrnum = $in->{baddr1};
! $addrnum =~ s/^\s*(\d+).*$/$1/g;
+ # Make expiration year two-digit
+ $in->{expyear} =~ s/.*(\d\d)$/$1/;
+
my $transaction_hash = {
! host => $S->{CONFIG}->{linkpt_host},
port => $S->{CONFIG}->{linkpt_port},
! configfile => $S->{CONFIG}->{linkpt_store},
keyfile => $S->{CONFIG}->{linkpt_keyfile},
chargetotal => $price,
cardnumber => $in->{cardnumber},
! cardexpmonth => $in->{expmonth},
! cardexpyear => $in->{expyear},
! name => "$in->{fname} $in->{lname}",
! address1 => $in->{baddr1},
! address2 => $in->{baddr2},
! city => $in->{bcity},
! state => $in->{bstate},
! country => $in->{bcountry},
! zip => $in->{bzip},
phone => $in->{phone},
! ip => $S->{REMOTE_IP},
! transactionorigin => 'ECI',
! cvmindicator => 'not_provided',
! result => 'LIVE'
};
***************
*** 124,130 ****
unless (
! $transaction_hash->{hostname} &&
$transaction_hash->{port} &&
! $transaction_hash->{storename} &&
$transaction_hash->{keyfile} ) {
$S->{CC_ERR} .= qq|Server is not properly configured to process this transaction.<br>|;
--- 143,149 ----
unless (
! $transaction_hash->{host} &&
$transaction_hash->{port} &&
! $transaction_hash->{configfile} &&
$transaction_hash->{keyfile} ) {
$S->{CC_ERR} .= qq|Server is not properly configured to process this transaction.<br>|;
***************
*** 135,139 ****
--- 154,172 ----
+ # Convert some of the new fields to old field names, so i don't have to rewrite every goddamn thing
+ sub cc_backport_result {
+ my $S = shift;
+ my $price = shift;
+ my $cc_result = shift;
+ my $ret_result = $cc_result;
+ $ret_result->{chargetotal} = $price;
+ $ret_result->{total} = $price;
+ $ret_result->{statusCode} = ($cc_result->{'r_approved'} eq 'APPROVED') ? 1 : 0;
+ $ret_result->{neworderID} = $cc_result->{r_ordernum};
+ $ret_result->{statusMessage} = $cc_result->{r_error};
+
+ return $ret_result;
+ }
1;