modify session state correctly

3 files changed, 13 insertions, 5 deletions

diff --git a/src/frontend/generate_taler_contract.php b/src/frontend/generate_taler_contract.php
index cd708ad3..229434ac 100644
--- a/src/frontend/generate_taler_contract.php
+++ b/src/frontend/generate_taler_contract.php
@@ -143,11 +143,11 @@ else
 {
   $got_json = json_decode($resp->body->toString(), true);
   $hc = $got_json["H_contract"];
-  $payments = get($_SESSION['payments'], array());
+
+  $payments = &pull($_SESSION, "payments", array());
   $payments[$hc] = array(
     'receiver' => $receiver,
   );
-  $_SESSION['payments'] = $payments;
 
   echo json_encode ($got_json, JSON_PRETTY_PRINT);
 }
diff --git a/src/frontend/pay.php b/src/frontend/pay.php
index a517271a..5a028363 100644
--- a/src/frontend/pay.php
+++ b/src/frontend/pay.php
@@ -32,10 +32,9 @@ if (empty($hc))
 
 session_start();
 
-$payments = get($_SESSION['payments'], array());
-$my_payment = get($payments[$hc]);
+$payments = &pull($_SESSION, 'payments', array());
 
-if (null === $my_payment)
+if (!isset($payments[$hc])
 {
   http_response_code(400);
   echo json_encode(array(
@@ -44,6 +43,8 @@ if (null === $my_payment)
   return;
 }
 
+$my_payment = &$payments[$hc];
+
 $post_body = file_get_contents('php://input');
 
 $now = new DateTime('now');
diff --git a/src/frontend_lib/util.php b/src/frontend_lib/util.php
index 1ccc4674..379efbca 100644
--- a/src/frontend_lib/util.php
+++ b/src/frontend_lib/util.php
@@ -4,6 +4,13 @@ function get(&$var, $default=null) {
   return isset($var) ? $var : $default;
 }
 
+function &pull(&$arr, $idx, $default) {
+  if (!isset($arr[$idx]) {
+    $arr[idx] = $default;
+  }
+  return $arr[$idx];
+}
+
 function url_join($base, $path, $strip=false) {
   $flags = $strip ? (http\Url::STRIP_PATH|http\URL::STRIP_QUERY) : 0;
   return (new http\URL($base, null, $flags))