oqapi/webgui
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Restore ability to edit ITransact and Ogone payment drivers. Ensure that all forms use CSRF tokens.

Browse source
This commit is contained in:
Colin Kuskie 2012-02-24 22:43:43 -08:00
parent 02bb3a9d67
commit 476b14f82c
3 changed files with 4 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

2
lib/WebGUI/Shop/PayDriver.pm
View file

@ -372,6 +372,7 @@ sub getEditForm {
my $form = WebGUI::FormBuilder->new($self->session); my $form = WebGUI::FormBuilder->new($self->session);
$form->addField( "submit", name => "send" ); $form->addField( "submit", name => "send" );
$form->addField( 'csrfToken', name => 'csrfToken' );
$self->getDoFormTags('editSave', $form); $self->getDoFormTags('editSave', $form);
$form->addField( "hidden", $form->addField( "hidden",
@ -657,7 +658,6 @@ sub www_edit {
return $session->privilege->insufficient() unless $session->user->isAdmin; return $session->privilege->insufficient() unless $session->user->isAdmin;
my $form = $self->getEditForm; my $form = $self->getEditForm;
$form->addField( 'csrfToken', name => 'csrfToken' );
$form->addField( "submit", name => "send" ); $form->addField( "submit", name => "send" );
return '<h1>' . $i18n->get('payment methods') . '</h1>' . $form->toHtml; return '<h1>' . $i18n->get('payment methods') . '</h1>' . $form->toHtml;

4
lib/WebGUI/Shop/PayDriver/ITransact.pm
View file

@ -577,7 +577,7 @@ sub www_edit {
return $session->privilege->insufficient() unless $admin->canManage; return $session->privilege->insufficient() unless $admin->canManage;
my $form = $self->getEditForm; my $form = $self->getEditForm;
$form->submit; $form->addField( "submit", name => "send" );
##Form to let the user log into their ITransact account from here. ##Form to let the user log into their ITransact account from here.
my $terminal = WebGUI::HTMLForm->new($session, action=>"https://secure.paymentclearing.com/cgi-bin/rc/sess.cgi", extras=>'target="_blank"'); my $terminal = WebGUI::HTMLForm->new($session, action=>"https://secure.paymentclearing.com/cgi-bin/rc/sess.cgi", extras=>'target="_blank"');
@ -596,7 +596,7 @@ sub www_edit {
.'<b>https://'.$session->config->get("sitename")->[0] .'<b>https://'.$session->config->get("sitename")->[0]
.'/?shop=pay;method=do;do=processRecurringTransactionPostback;paymentGatewayId='.$self->getId.'</b>'; .'/?shop=pay;method=do;do=processRecurringTransactionPostback;paymentGatewayId='.$self->getId.'</b>';
return $admin->getAdminConsole->render($form->print.$output, $i18n->get('payment methods','PayDriver')); return $admin->getAdminConsole->render($form->toHtml.$output, $i18n->get('payment methods','PayDriver'));
} }
#------------------------------------------------------------------- #-------------------------------------------------------------------

2
lib/WebGUI/Shop/PayDriver/Ogone.pm
View file

@ -424,7 +424,7 @@ sub www_edit {
my $output = '<br />'; my $output = '<br />';
$output .= sprintf $i18n->get('ogone setup'), $processUrl, $processUrl; $output .= sprintf $i18n->get('ogone setup'), $processUrl, $processUrl;
return $admin->getAdminConsole->render($form->print.$output, $i18n->get('payment methods','PayDriver')); return $admin->getAdminConsole->render($form->toHtml.$output, $i18n->get('payment methods','PayDriver'));
} }
#------------------------------------------------------------------- #-------------------------------------------------------------------