Андрей (andy) wrote in changelog,
Андрей
andy
changelog

[ljcom] r9577: LJSUP-6936 (Webmoney integration)

Committer: ailyin
LJSUP-6936 (Webmoney integration)
U   trunk/ssldocs/shop/webmoney-callback.bml
Modified: trunk/ssldocs/shop/webmoney-callback.bml
===================================================================
--- trunk/ssldocs/shop/webmoney-callback.bml	2010-10-01 09:28:40 UTC (rev 9576)
+++ trunk/ssldocs/shop/webmoney-callback.bml	2010-10-01 09:30:26 UTC (rev 9577)
@@ -2,6 +2,9 @@
 {
     use strict;
 
+    return 'webmoney is disabled'
+        unless LJ::is_enabled('webmoney-callbacks');
+
     my $act = LJ::Request->get_param('act');
 
     return LJ::Lang::ml('error.invalidform')
@@ -97,11 +100,17 @@
 
             # we consider the logic of signing stuff to be complex
             # enough, so it is done in Pay::Method::WebMoney
-            return 'invalid signature'
-                unless LJ::Pay::Method::WebMoney->check_signature(
-                    $sign_str, $form{'LMI_HASH'}
-                );
+            my $signature_valid = LJ::Pay::Method::WebMoney->check_signature(
+                $sign_str, $form{'LMI_HASH'}
+            );
 
+            unless ($signature_valid) {
+                warn "invalid signature passed to the webmoney callback ".
+                     "from " . LJ::get_remote_ip();
+
+                return 'invalid signature';
+            }
+
             # set some payvars with the transaction details
             my %payvars_map = (
                 'LMI_MODE'              => 'webmoney-mode',

Tags: andy, bml, ljcom
Subscribe
  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

  • 0 comments