Committer: ailyin
LJSUP-6936 (Webmoney integration)U trunk/ssldocs/shop/webmoney-callback.bml
Modified: trunk/ssldocs/shop/webmoney-callback.bml =================================================================== --- trunk/ssldocs/shop/webmoney-callback.bml 2010-10-01 09:28:40 UTC (rev 9576) +++ trunk/ssldocs/shop/webmoney-callback.bml 2010-10-01 09:30:26 UTC (rev 9577) @@ -2,6 +2,9 @@ { use strict; + return 'webmoney is disabled' + unless LJ::is_enabled('webmoney-callbacks'); + my $act = LJ::Request->get_param('act'); return LJ::Lang::ml('error.invalidform') @@ -97,11 +100,17 @@ # we consider the logic of signing stuff to be complex # enough, so it is done in Pay::Method::WebMoney - return 'invalid signature' - unless LJ::Pay::Method::WebMoney->check_signature( - $sign_str, $form{'LMI_HASH'} - ); + my $signature_valid = LJ::Pay::Method::WebMoney->check_signature( + $sign_str, $form{'LMI_HASH'} + ); + unless ($signature_valid) { + warn "invalid signature passed to the webmoney callback ". + "from " . LJ::get_remote_ip(); + + return 'invalid signature'; + } + # set some payvars with the transaction details my %payvars_map = ( 'LMI_MODE' => 'webmoney-mode',