commit cb319933994c9088d74b509f88976e26973a2482
parent a91b81e696dc6581947c1882b565224ed365e16d
Author: Florian Dold <florian.dold@gmail.com>
Date: Mon, 25 Jan 2016 15:04:33 +0100
check fulfillment UUID
Diffstat:
3 files changed, 19 insertions(+), 6 deletions(-)
diff --git a/src/frontend/fulfillment.php b/src/frontend/fulfillment.php
@@ -46,13 +46,19 @@ function generate_msg ($link){
return $msg;
}
-session_start();
-if (!isset ($_SESSION['payment_ok']))
+$hc = get($_GET["UUID"]);
+
+if (!$hc)
{
- echo "<p>Please come here after a successful payment!</p>";
+ http_response_code(400);
+ echo "<p>Bad request (UUID missing)";
+ die();
}
-else
+
+session_start();
+
+if (isset($_SESSION['payment_ok']))
{
$news = false;
switch ($_SESSION['receiver'])
@@ -66,10 +72,12 @@ else
case "Tor":
$news = "https://www.torproject.org/press/press.html.en";
break;
- }
+ }
echo generate_msg ($news);
+ die();
}
+
?>
</article>
</section>
diff --git a/src/frontend/pay.php b/src/frontend/pay.php
@@ -85,7 +85,7 @@ $resp = $client->getResponse();
$status_code = $resp->getResponseCode();
// Our response code is the same we got from the backend:
-http_response_code ($status_code);
+http_response_code($status_code);
// Now generate our body
if ($status_code != 200)
diff --git a/src/frontend/util.php b/src/frontend/util.php
@@ -1,4 +1,9 @@
<?php
+
+function get(&$var, $default=null) {
+ return isset($var) ? $var : $default;
+}
+
function url_join($base, $path) {
$url = (new http\URL($base))
->mod(array ("path" => $path), http\Url::JOIN_PATH|http\URL::SANITIZE_PATH);
