Changeset 3303342
- Timestamp:
- 05/30/2025 06:12:35 AM (9 months ago)
- Location:
- gestpay-for-woocommerce
- Files:
-
- 18 edited
- 1 copied
-
tags/20250530 (copied) (copied from gestpay-for-woocommerce/trunk)
-
tags/20250530/gestpay-for-woocommerce.php (modified) (3 diffs)
-
tags/20250530/inc/checkout-payment-fields.php (modified) (2 diffs)
-
tags/20250530/inc/class-gestpay-cards.php (modified) (5 diffs)
-
tags/20250530/inc/class-gestpay-endpoint.php (modified) (2 diffs)
-
tags/20250530/inc/class-gestpay-s2s.php (modified) (3 diffs)
-
tags/20250530/inc/class-wc-settings-tab-gestpay.php (modified) (1 diff)
-
tags/20250530/inc/helper.php (modified) (1 diff)
-
tags/20250530/inc/my-cards.php (modified) (4 diffs)
-
tags/20250530/readme.txt (modified) (2 diffs)
-
trunk/gestpay-for-woocommerce.php (modified) (3 diffs)
-
trunk/inc/checkout-payment-fields.php (modified) (2 diffs)
-
trunk/inc/class-gestpay-cards.php (modified) (5 diffs)
-
trunk/inc/class-gestpay-endpoint.php (modified) (2 diffs)
-
trunk/inc/class-gestpay-s2s.php (modified) (3 diffs)
-
trunk/inc/class-wc-settings-tab-gestpay.php (modified) (1 diff)
-
trunk/inc/helper.php (modified) (1 diff)
-
trunk/inc/my-cards.php (modified) (4 diffs)
-
trunk/readme.txt (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
gestpay-for-woocommerce/tags/20250530/gestpay-for-woocommerce.php
r3298604 r3303342 4 4 * Plugin URI: http://wordpress.org/plugins/gestpay-for-woocommerce/ 5 5 * Description: Abilita il sistema di pagamento GestPay by Axerve (Gruppo Banca Sella) in WooCommerce. 6 * Version: 202505 236 * Version: 20250530 7 7 * Requires at least: 4.7 8 8 * Requires PHP: 7.0 … … 63 63 define( 'GESTPAY_WC_API', 'WC_Gateway_Gestpay' ); 64 64 65 // Used to crypt the token 66 define( 'GESTPAY_SECRET_KEY_1', 'gestpay_secret_key_1' ); 67 define( 'GESTPAY_SECRET_KEY_2', 'gestpay_secret_key_2' ); 68 65 69 // Immediately require these files 66 70 require_once 'inc/class-gestpay-endpoint.php'; … … 329 333 add_action( 'woocommerce_api_' . strtolower( get_class( $this ) ), array( $this, 'check_gateway_response' ) ); 330 334 add_action( 'woocommerce_update_options_payment_gateways_' . $this->id, array( $this, 'process_admin_options' ) ); 335 336 if ( function_exists( 'is_checkout' ) && is_checkout() ) { 337 // Include TLS js by Gestpay 338 wp_enqueue_script( 'gestpay-TLSCHK_TE', '//sandbox.gestpay.net/pagam/javascript/TLSCHK_TE.js', array(), time(), true ); 339 wp_enqueue_script( 'gestpay-TLSCHK_PRO', '//ecomm.sella.it/pagam/javascript/TLSCHK_PRO.js', array(), time(), true ); 340 wp_enqueue_script( 'gestpay-checkBrowser', '//www.gestpay.it/checkbrowser/checkBrowser.js', array('gestpay-TLSCHK_TE','gestpay-TLSCHK_PRO'), time(), true ); 341 } 342 343 add_action( 'woocommerce_review_order_before_payment', array( $this, 'check_tls12' ) ); 331 344 332 345 // Do not allow subscriptions payments with other payment types. -
gestpay-for-woocommerce/tags/20250530/inc/checkout-payment-fields.php
r3298604 r3303342 83 83 <?php 84 84 $wc_gestpay_cc_default = get_user_meta( get_current_user_id(), '_wc_gestpay_cc_default', true ); 85 $card_index = 0; 85 86 foreach ( $cards as $card ) : 86 87 … … 100 101 esc_html( $card['year'] ) 101 102 ); 103 104 $crypted = $this->Gestpay->Helper->crypt_token($card['token']); 102 105 ?> 103 106 <input type="radio" 104 id="gestpay-s2s-cc-token-<?php echo esc_attr( $card ['token']); ?>"107 id="gestpay-s2s-cc-token-<?php echo esc_attr( $card_index ); ?>" 105 108 class="gestpay-s2s-card-selection" 106 109 name="gestpay-s2s-cc-token" 107 110 style="width:auto;display:inline-block;" 108 value="<?php echo esc_attr( $c ard['token']); ?>" <?php checked( $this_cc_is_checked ); ?> />109 110 <label style="display:inline;" for="gestpay-s2s-cc-token-<?php echo esc_attr( $card ['token']); ?>"><?php echo esc_html( $expir_str ); ?></label>111 value="<?php echo esc_attr( $crypted ); ?>" <?php checked( $this_cc_is_checked ); ?> /> 112 113 <label style="display:inline;" for="gestpay-s2s-cc-token-<?php echo esc_attr( $card_index++ ); ?>"><?php echo esc_html( $expir_str ); ?></label> 111 114 <br /> 112 115 -
gestpay-for-woocommerce/tags/20250530/inc/class-gestpay-cards.php
r3297391 r3303342 29 29 30 30 $this->Gestpay = $gestpay; 31 $this->current_user_id = get_current_user_id(); 31 32 32 33 if ( ! is_admin() ) { 33 $this->current_user_id = get_current_user_id();34 35 34 add_action( 'woocommerce_account_' . GESTPAY_ACCOUNT_TOKENS_ENDPOINT . '_endpoint', array( $this, 'endpoint_content' ) ); 36 35 } … … 41 40 */ 42 41 public function endpoint_content() { 42 43 if ( ! $this->current_user_id ) { 44 return; 45 } 43 46 44 47 // Variables used inside the template "my-cards" … … 64 67 65 68 public function get_cards() { 69 if ( ! $this->current_user_id ) { 70 return array(); 71 } 66 72 return $this->can_use_token() ? get_user_meta( $this->current_user_id, GESTPAY_META_TOKEN, true ) : array(); 67 73 } … … 100 106 if ( isset( $_POST['security'] ) && wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST['security'] ) ), 'card-manage' ) ) { 101 107 if ( isset( $_POST['token'] ) ) { 102 $token = sanitize_text_field( wp_unslash( $_POST['token'] ) ); 108 $crypted_token = sanitize_text_field( wp_unslash( $_POST['token'] ) ); 109 110 if (!class_exists('WC_Gateway_GestPay_Helper')) { 111 include_once(__DIR__ . '/helper.php'); 112 } 113 $helper = new WC_Gateway_GestPay_Helper(); 114 $decrypted_token = $helper->decrypt_token( $crypted_token ); 103 115 $uid = get_current_user_id(); 104 116 105 117 if ( $cards = get_user_meta( $uid, GESTPAY_META_TOKEN, true ) ) { 106 if ( isset( $cards[$ token] ) ) {107 unset( $cards[$ token] );118 if ( isset( $cards[$decrypted_token] ) ) { 119 unset( $cards[$decrypted_token] ); 108 120 update_user_meta( $uid, GESTPAY_META_TOKEN, $cards ); 109 121 … … 121 133 if ( isset( $_POST['security'] ) && wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST['security'] ) ), 'card-manage' ) ) { 122 134 if ( isset( $_POST['token'] ) ) { 123 update_user_meta( get_current_user_id(), '_wc_gestpay_cc_default', sanitize_text_field( wp_unslash( $_POST['token'] ) ) ); 135 $crypted_token = sanitize_text_field( wp_unslash( $_POST['token'] ) ); 136 137 if (!class_exists('WC_Gateway_GestPay_Helper')) { 138 include_once(__DIR__ . '/helper.php'); 139 } 140 $helper = new WC_Gateway_GestPay_Helper(); 141 $decrypted_token = $helper->decrypt_token( $crypted_token ); 142 update_user_meta( get_current_user_id(), '_wc_gestpay_cc_default', $decrypted_token ); 124 143 } 125 144 wp_die(); -
gestpay-for-woocommerce/tags/20250530/inc/class-gestpay-endpoint.php
r3276807 r3303342 22 22 public function __construct() { 23 23 24 load_plugin_textdomain( 'gestpay-for-woocommerce', false, dirname( plugin_basename( GESTPAY_MAIN_FILE ) ) . "/languages" ); 25 26 $this->title = __( 'Stored Cards', 'gestpay-for-woocommerce' ); 24 add_action('init', array($this, 'set_title')); 27 25 28 26 // Actions used to insert a new endpoint in the WordPress. … … 35 33 // Add new tab/page into the My Account page. 36 34 add_filter( 'woocommerce_account_menu_items', array( $this, 'new_menu_items' ) ); 35 } 36 37 public function set_title() { 38 load_plugin_textdomain( 'gestpay-for-woocommerce', false, dirname( plugin_basename( GESTPAY_MAIN_FILE ) ) . "/languages" ); 39 $this->title = __( 'Stored Cards', 'gestpay-for-woocommerce' ); 37 40 } 38 41 -
gestpay-for-woocommerce/tags/20250530/inc/class-gestpay-s2s.php
r3291597 r3303342 53 53 54 54 // Skip validation if reusing a token 55 // Here there is no need to decrypt the token 55 56 $cc_token = $this->Helper->get_post_params( 'gestpay-s2s-cc-token' ); 56 57 if ( !empty( $cc_token ) && $cc_token != 'new-card' ) { … … 115 116 if ( ! empty( $token ) && $token != 'new-card' ) { 116 117 117 $this->Helper->log_add( '[reusing token]: ' . $token ); 118 $decrypted_token = $this->Helper->decrypt_token( $token ); 119 120 $this->Helper->log_add( '[reusing token]: ' . $decrypted_token ); 118 121 119 122 if ( !empty( $this->Subscr->saved_cards ) ) { 120 123 $card_token = array(); 121 124 foreach ( $this->Subscr->saved_cards as $card ) { 122 if ( $card['token'] == $ token ) {125 if ( $card['token'] == $decrypted_token ) { 123 126 $card_token = $card; 124 127 break; … … 130 133 131 134 // Add the token to the parameters, so that it will be used to make the first payment 132 $s2s_payment_params['token'] = $ token;135 $s2s_payment_params['token'] = $decrypted_token; 133 136 } 134 137 } -
gestpay-for-woocommerce/tags/20250530/inc/class-wc-settings-tab-gestpay.php
r3297391 r3303342 61 61 $ip = wp_remote_retrieve_body(wp_remote_get('https://icanhazip.com/')); 62 62 if (preg_match('/\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/', $ip)) { 63 return 'Indirizzo IP da utilizzare nel backoffice di Gestpay: <b style="font-size:18px">' . $ip . '</b> ';63 return 'Indirizzo IP da utilizzare nel backoffice di Gestpay: <b style="font-size:18px">' . $ip . '</b> (<b>Nota:</b> Gestpay supporta solo indirizzi IPv4, IPv6 non è supportato).'; 64 64 } elseif (preg_match('/^(([0-9A-Fa-f]{1,4}:){7})([0-9A-Fa-f]{1,4})$|(([0-9A-Fa-f]{1,4}:){1,6}:)(([0-9A-Fa-f]{1,4}:){0,4})([0-9A-Fa-f]{1,4})$/', $ip)) { 65 65 return 'Indirizzo IPv6 non supportato ('.$ip.'). Contatta il supporto tecnico per maggiori informazioni.'; -
gestpay-for-woocommerce/tags/20250530/inc/helper.php
r3291597 r3303342 998 998 return isset( $_POST[$key] ) ? trim( sanitize_text_field( wp_unslash( $_POST[$key] ) ) ) : ''; 999 999 } 1000 1001 /** 1002 * crypt the token 1003 */ 1004 function crypt_token( $token ) { 1005 $key1 = get_option(GESTPAY_SECRET_KEY_1); 1006 if (empty($key1)) { 1007 $key1 = base64_encode(openssl_random_pseudo_bytes(32)); 1008 add_option(GESTPAY_SECRET_KEY_1, $key1); 1009 } 1010 1011 $key2 = get_option(GESTPAY_SECRET_KEY_2); 1012 if (empty($key2)) { 1013 $key2 = base64_encode(openssl_random_pseudo_bytes(64)); 1014 add_option(GESTPAY_SECRET_KEY_2, $key2); 1015 } 1016 1017 $method = "aes-256-cbc"; 1018 $iv_length = openssl_cipher_iv_length($method); 1019 $iv = openssl_random_pseudo_bytes($iv_length); 1020 1021 $first_encrypted = openssl_encrypt($token,$method,base64_decode($key1), OPENSSL_RAW_DATA ,$iv); 1022 $second_encrypted = hash_hmac('sha3-512', $first_encrypted, base64_decode($key2), TRUE); 1023 1024 $output = base64_encode($iv.$second_encrypted.$first_encrypted); 1025 return $output; 1026 } 1027 1028 /** 1029 * decrypt the token 1030 */ 1031 function decrypt_token( $token ) { 1032 $key1 = get_option(GESTPAY_SECRET_KEY_1); 1033 $key2 = get_option(GESTPAY_SECRET_KEY_2); 1034 if (empty($key1) || empty($key2)) { 1035 return false; 1036 } 1037 1038 $mix = base64_decode($token); 1039 1040 $method = "aes-256-cbc"; 1041 $iv_length = openssl_cipher_iv_length($method); 1042 1043 $iv = substr($mix,0,$iv_length); 1044 $second_encrypted = substr($mix,$iv_length,64); 1045 $first_encrypted = substr($mix,$iv_length+64); 1046 1047 $decrypted = openssl_decrypt($first_encrypted,$method,base64_decode($key1),OPENSSL_RAW_DATA,$iv); 1048 $second_encrypted_new = hash_hmac('sha3-512', $first_encrypted, base64_decode($key2), TRUE); 1049 1050 if (hash_equals($second_encrypted,$second_encrypted_new)) { 1051 return $decrypted; 1052 } else { 1053 return false; 1054 } 1055 } 1000 1056 } 1001 1057 -
gestpay-for-woocommerce/tags/20250530/inc/my-cards.php
r3297391 r3303342 60 60 // replace token letters with asterisks 61 61 $show_card = substr_replace( $card['token'], '**********', 2, -4 ); 62 $crypted = $this->Gestpay->Helper->crypt_token($card['token']); 62 63 ?> 63 64 … … 80 81 <img src="<?php echo esc_url( $delete_img ); ?>" 81 82 class="wc-gestpay-s2s-delete" 82 data-token="<?php echo esc_attr( $c ard['token']); ?>"83 data-token="<?php echo esc_attr( $crypted ); ?>" 83 84 alt="<?php echo esc_attr( $trans_str['s2s_token_delete'] ); ?>" 84 85 style="display: inline;" /> … … 91 92 <img src="<?php echo esc_url( $unchecked_img ); ?>" 92 93 class="wc-gestpay-s2s-set" 93 data-token="<?php echo esc_attr( $c ard['token']); ?>"94 data-token="<?php echo esc_attr( $crypted ); ?>" 94 95 alt="<?php echo esc_attr( $trans_str['s2s_token_add_default'] ); ?>" 95 96 style="display: inline;" /> … … 99 100 <img src="<?php echo esc_url( $checked_img ); ?>" 100 101 class="wc-gestpay-s2s-unset" 101 data-token="<?php echo esc_attr( $c ard['token']); ?>"102 data-token="<?php echo esc_attr( $crypted ); ?>" 102 103 alt="<?php echo esc_attr( $trans_str['s2s_token_remove_default'] ); ?>" 103 104 style="display: inline;" /> -
gestpay-for-woocommerce/tags/20250530/readme.txt
r3298604 r3303342 5 5 Requires PHP: 7.0 6 6 Tested up to: 6.8 7 Stable tag: 202505 237 Stable tag: 20250530 8 8 License: GPLv2 or later 9 9 License URI: http://www.gnu.org/licenses/gpl-2.0.html … … 69 69 == Changelog == 70 70 71 = 20250530 = 72 * Security: Impreved Credit card tokens encryption 73 * Security: Improved AJAX/CSRF security 74 * Fix: 3DS2 payment flows issues fixed 75 * Fix: Improved TLS 1.2 connection handling 76 * Fix: Corrected IPv6 handling message 77 * Fix: PHP Warning: Undefined property: Gestpay_Cards::$current_user_id 78 * Fix: Notice: Function _load_textdomain_just_in_time was called incorrectly 79 * Checks: Verified compatibility with WordPress 6.8, WooCommerce 9.4.2 80 71 81 = 20250523 = 72 82 * Fix: Fixed CVV label HTML output in iframe mode -
gestpay-for-woocommerce/trunk/gestpay-for-woocommerce.php
r3298604 r3303342 4 4 * Plugin URI: http://wordpress.org/plugins/gestpay-for-woocommerce/ 5 5 * Description: Abilita il sistema di pagamento GestPay by Axerve (Gruppo Banca Sella) in WooCommerce. 6 * Version: 202505 236 * Version: 20250530 7 7 * Requires at least: 4.7 8 8 * Requires PHP: 7.0 … … 63 63 define( 'GESTPAY_WC_API', 'WC_Gateway_Gestpay' ); 64 64 65 // Used to crypt the token 66 define( 'GESTPAY_SECRET_KEY_1', 'gestpay_secret_key_1' ); 67 define( 'GESTPAY_SECRET_KEY_2', 'gestpay_secret_key_2' ); 68 65 69 // Immediately require these files 66 70 require_once 'inc/class-gestpay-endpoint.php'; … … 329 333 add_action( 'woocommerce_api_' . strtolower( get_class( $this ) ), array( $this, 'check_gateway_response' ) ); 330 334 add_action( 'woocommerce_update_options_payment_gateways_' . $this->id, array( $this, 'process_admin_options' ) ); 335 336 if ( function_exists( 'is_checkout' ) && is_checkout() ) { 337 // Include TLS js by Gestpay 338 wp_enqueue_script( 'gestpay-TLSCHK_TE', '//sandbox.gestpay.net/pagam/javascript/TLSCHK_TE.js', array(), time(), true ); 339 wp_enqueue_script( 'gestpay-TLSCHK_PRO', '//ecomm.sella.it/pagam/javascript/TLSCHK_PRO.js', array(), time(), true ); 340 wp_enqueue_script( 'gestpay-checkBrowser', '//www.gestpay.it/checkbrowser/checkBrowser.js', array('gestpay-TLSCHK_TE','gestpay-TLSCHK_PRO'), time(), true ); 341 } 342 343 add_action( 'woocommerce_review_order_before_payment', array( $this, 'check_tls12' ) ); 331 344 332 345 // Do not allow subscriptions payments with other payment types. -
gestpay-for-woocommerce/trunk/inc/checkout-payment-fields.php
r3298604 r3303342 83 83 <?php 84 84 $wc_gestpay_cc_default = get_user_meta( get_current_user_id(), '_wc_gestpay_cc_default', true ); 85 $card_index = 0; 85 86 foreach ( $cards as $card ) : 86 87 … … 100 101 esc_html( $card['year'] ) 101 102 ); 103 104 $crypted = $this->Gestpay->Helper->crypt_token($card['token']); 102 105 ?> 103 106 <input type="radio" 104 id="gestpay-s2s-cc-token-<?php echo esc_attr( $card ['token']); ?>"107 id="gestpay-s2s-cc-token-<?php echo esc_attr( $card_index ); ?>" 105 108 class="gestpay-s2s-card-selection" 106 109 name="gestpay-s2s-cc-token" 107 110 style="width:auto;display:inline-block;" 108 value="<?php echo esc_attr( $c ard['token']); ?>" <?php checked( $this_cc_is_checked ); ?> />109 110 <label style="display:inline;" for="gestpay-s2s-cc-token-<?php echo esc_attr( $card ['token']); ?>"><?php echo esc_html( $expir_str ); ?></label>111 value="<?php echo esc_attr( $crypted ); ?>" <?php checked( $this_cc_is_checked ); ?> /> 112 113 <label style="display:inline;" for="gestpay-s2s-cc-token-<?php echo esc_attr( $card_index++ ); ?>"><?php echo esc_html( $expir_str ); ?></label> 111 114 <br /> 112 115 -
gestpay-for-woocommerce/trunk/inc/class-gestpay-cards.php
r3297391 r3303342 29 29 30 30 $this->Gestpay = $gestpay; 31 $this->current_user_id = get_current_user_id(); 31 32 32 33 if ( ! is_admin() ) { 33 $this->current_user_id = get_current_user_id();34 35 34 add_action( 'woocommerce_account_' . GESTPAY_ACCOUNT_TOKENS_ENDPOINT . '_endpoint', array( $this, 'endpoint_content' ) ); 36 35 } … … 41 40 */ 42 41 public function endpoint_content() { 42 43 if ( ! $this->current_user_id ) { 44 return; 45 } 43 46 44 47 // Variables used inside the template "my-cards" … … 64 67 65 68 public function get_cards() { 69 if ( ! $this->current_user_id ) { 70 return array(); 71 } 66 72 return $this->can_use_token() ? get_user_meta( $this->current_user_id, GESTPAY_META_TOKEN, true ) : array(); 67 73 } … … 100 106 if ( isset( $_POST['security'] ) && wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST['security'] ) ), 'card-manage' ) ) { 101 107 if ( isset( $_POST['token'] ) ) { 102 $token = sanitize_text_field( wp_unslash( $_POST['token'] ) ); 108 $crypted_token = sanitize_text_field( wp_unslash( $_POST['token'] ) ); 109 110 if (!class_exists('WC_Gateway_GestPay_Helper')) { 111 include_once(__DIR__ . '/helper.php'); 112 } 113 $helper = new WC_Gateway_GestPay_Helper(); 114 $decrypted_token = $helper->decrypt_token( $crypted_token ); 103 115 $uid = get_current_user_id(); 104 116 105 117 if ( $cards = get_user_meta( $uid, GESTPAY_META_TOKEN, true ) ) { 106 if ( isset( $cards[$ token] ) ) {107 unset( $cards[$ token] );118 if ( isset( $cards[$decrypted_token] ) ) { 119 unset( $cards[$decrypted_token] ); 108 120 update_user_meta( $uid, GESTPAY_META_TOKEN, $cards ); 109 121 … … 121 133 if ( isset( $_POST['security'] ) && wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST['security'] ) ), 'card-manage' ) ) { 122 134 if ( isset( $_POST['token'] ) ) { 123 update_user_meta( get_current_user_id(), '_wc_gestpay_cc_default', sanitize_text_field( wp_unslash( $_POST['token'] ) ) ); 135 $crypted_token = sanitize_text_field( wp_unslash( $_POST['token'] ) ); 136 137 if (!class_exists('WC_Gateway_GestPay_Helper')) { 138 include_once(__DIR__ . '/helper.php'); 139 } 140 $helper = new WC_Gateway_GestPay_Helper(); 141 $decrypted_token = $helper->decrypt_token( $crypted_token ); 142 update_user_meta( get_current_user_id(), '_wc_gestpay_cc_default', $decrypted_token ); 124 143 } 125 144 wp_die(); -
gestpay-for-woocommerce/trunk/inc/class-gestpay-endpoint.php
r3276807 r3303342 22 22 public function __construct() { 23 23 24 load_plugin_textdomain( 'gestpay-for-woocommerce', false, dirname( plugin_basename( GESTPAY_MAIN_FILE ) ) . "/languages" ); 25 26 $this->title = __( 'Stored Cards', 'gestpay-for-woocommerce' ); 24 add_action('init', array($this, 'set_title')); 27 25 28 26 // Actions used to insert a new endpoint in the WordPress. … … 35 33 // Add new tab/page into the My Account page. 36 34 add_filter( 'woocommerce_account_menu_items', array( $this, 'new_menu_items' ) ); 35 } 36 37 public function set_title() { 38 load_plugin_textdomain( 'gestpay-for-woocommerce', false, dirname( plugin_basename( GESTPAY_MAIN_FILE ) ) . "/languages" ); 39 $this->title = __( 'Stored Cards', 'gestpay-for-woocommerce' ); 37 40 } 38 41 -
gestpay-for-woocommerce/trunk/inc/class-gestpay-s2s.php
r3291597 r3303342 53 53 54 54 // Skip validation if reusing a token 55 // Here there is no need to decrypt the token 55 56 $cc_token = $this->Helper->get_post_params( 'gestpay-s2s-cc-token' ); 56 57 if ( !empty( $cc_token ) && $cc_token != 'new-card' ) { … … 115 116 if ( ! empty( $token ) && $token != 'new-card' ) { 116 117 117 $this->Helper->log_add( '[reusing token]: ' . $token ); 118 $decrypted_token = $this->Helper->decrypt_token( $token ); 119 120 $this->Helper->log_add( '[reusing token]: ' . $decrypted_token ); 118 121 119 122 if ( !empty( $this->Subscr->saved_cards ) ) { 120 123 $card_token = array(); 121 124 foreach ( $this->Subscr->saved_cards as $card ) { 122 if ( $card['token'] == $ token ) {125 if ( $card['token'] == $decrypted_token ) { 123 126 $card_token = $card; 124 127 break; … … 130 133 131 134 // Add the token to the parameters, so that it will be used to make the first payment 132 $s2s_payment_params['token'] = $ token;135 $s2s_payment_params['token'] = $decrypted_token; 133 136 } 134 137 } -
gestpay-for-woocommerce/trunk/inc/class-wc-settings-tab-gestpay.php
r3297391 r3303342 61 61 $ip = wp_remote_retrieve_body(wp_remote_get('https://icanhazip.com/')); 62 62 if (preg_match('/\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/', $ip)) { 63 return 'Indirizzo IP da utilizzare nel backoffice di Gestpay: <b style="font-size:18px">' . $ip . '</b> ';63 return 'Indirizzo IP da utilizzare nel backoffice di Gestpay: <b style="font-size:18px">' . $ip . '</b> (<b>Nota:</b> Gestpay supporta solo indirizzi IPv4, IPv6 non è supportato).'; 64 64 } elseif (preg_match('/^(([0-9A-Fa-f]{1,4}:){7})([0-9A-Fa-f]{1,4})$|(([0-9A-Fa-f]{1,4}:){1,6}:)(([0-9A-Fa-f]{1,4}:){0,4})([0-9A-Fa-f]{1,4})$/', $ip)) { 65 65 return 'Indirizzo IPv6 non supportato ('.$ip.'). Contatta il supporto tecnico per maggiori informazioni.'; -
gestpay-for-woocommerce/trunk/inc/helper.php
r3291597 r3303342 998 998 return isset( $_POST[$key] ) ? trim( sanitize_text_field( wp_unslash( $_POST[$key] ) ) ) : ''; 999 999 } 1000 1001 /** 1002 * crypt the token 1003 */ 1004 function crypt_token( $token ) { 1005 $key1 = get_option(GESTPAY_SECRET_KEY_1); 1006 if (empty($key1)) { 1007 $key1 = base64_encode(openssl_random_pseudo_bytes(32)); 1008 add_option(GESTPAY_SECRET_KEY_1, $key1); 1009 } 1010 1011 $key2 = get_option(GESTPAY_SECRET_KEY_2); 1012 if (empty($key2)) { 1013 $key2 = base64_encode(openssl_random_pseudo_bytes(64)); 1014 add_option(GESTPAY_SECRET_KEY_2, $key2); 1015 } 1016 1017 $method = "aes-256-cbc"; 1018 $iv_length = openssl_cipher_iv_length($method); 1019 $iv = openssl_random_pseudo_bytes($iv_length); 1020 1021 $first_encrypted = openssl_encrypt($token,$method,base64_decode($key1), OPENSSL_RAW_DATA ,$iv); 1022 $second_encrypted = hash_hmac('sha3-512', $first_encrypted, base64_decode($key2), TRUE); 1023 1024 $output = base64_encode($iv.$second_encrypted.$first_encrypted); 1025 return $output; 1026 } 1027 1028 /** 1029 * decrypt the token 1030 */ 1031 function decrypt_token( $token ) { 1032 $key1 = get_option(GESTPAY_SECRET_KEY_1); 1033 $key2 = get_option(GESTPAY_SECRET_KEY_2); 1034 if (empty($key1) || empty($key2)) { 1035 return false; 1036 } 1037 1038 $mix = base64_decode($token); 1039 1040 $method = "aes-256-cbc"; 1041 $iv_length = openssl_cipher_iv_length($method); 1042 1043 $iv = substr($mix,0,$iv_length); 1044 $second_encrypted = substr($mix,$iv_length,64); 1045 $first_encrypted = substr($mix,$iv_length+64); 1046 1047 $decrypted = openssl_decrypt($first_encrypted,$method,base64_decode($key1),OPENSSL_RAW_DATA,$iv); 1048 $second_encrypted_new = hash_hmac('sha3-512', $first_encrypted, base64_decode($key2), TRUE); 1049 1050 if (hash_equals($second_encrypted,$second_encrypted_new)) { 1051 return $decrypted; 1052 } else { 1053 return false; 1054 } 1055 } 1000 1056 } 1001 1057 -
gestpay-for-woocommerce/trunk/inc/my-cards.php
r3297391 r3303342 60 60 // replace token letters with asterisks 61 61 $show_card = substr_replace( $card['token'], '**********', 2, -4 ); 62 $crypted = $this->Gestpay->Helper->crypt_token($card['token']); 62 63 ?> 63 64 … … 80 81 <img src="<?php echo esc_url( $delete_img ); ?>" 81 82 class="wc-gestpay-s2s-delete" 82 data-token="<?php echo esc_attr( $c ard['token']); ?>"83 data-token="<?php echo esc_attr( $crypted ); ?>" 83 84 alt="<?php echo esc_attr( $trans_str['s2s_token_delete'] ); ?>" 84 85 style="display: inline;" /> … … 91 92 <img src="<?php echo esc_url( $unchecked_img ); ?>" 92 93 class="wc-gestpay-s2s-set" 93 data-token="<?php echo esc_attr( $c ard['token']); ?>"94 data-token="<?php echo esc_attr( $crypted ); ?>" 94 95 alt="<?php echo esc_attr( $trans_str['s2s_token_add_default'] ); ?>" 95 96 style="display: inline;" /> … … 99 100 <img src="<?php echo esc_url( $checked_img ); ?>" 100 101 class="wc-gestpay-s2s-unset" 101 data-token="<?php echo esc_attr( $c ard['token']); ?>"102 data-token="<?php echo esc_attr( $crypted ); ?>" 102 103 alt="<?php echo esc_attr( $trans_str['s2s_token_remove_default'] ); ?>" 103 104 style="display: inline;" /> -
gestpay-for-woocommerce/trunk/readme.txt
r3298604 r3303342 5 5 Requires PHP: 7.0 6 6 Tested up to: 6.8 7 Stable tag: 202505 237 Stable tag: 20250530 8 8 License: GPLv2 or later 9 9 License URI: http://www.gnu.org/licenses/gpl-2.0.html … … 69 69 == Changelog == 70 70 71 = 20250530 = 72 * Security: Impreved Credit card tokens encryption 73 * Security: Improved AJAX/CSRF security 74 * Fix: 3DS2 payment flows issues fixed 75 * Fix: Improved TLS 1.2 connection handling 76 * Fix: Corrected IPv6 handling message 77 * Fix: PHP Warning: Undefined property: Gestpay_Cards::$current_user_id 78 * Fix: Notice: Function _load_textdomain_just_in_time was called incorrectly 79 * Checks: Verified compatibility with WordPress 6.8, WooCommerce 9.4.2 80 71 81 = 20250523 = 72 82 * Fix: Fixed CVV label HTML output in iframe mode
Note: See TracChangeset
for help on using the changeset viewer.