Commit ee09c3ab authored by rubofvil's avatar rubofvil
Browse files

Fix issue mask sensitive data in log !48 extensions/redsys#42

parent 51519355
......@@ -274,7 +274,7 @@ class CRM_Core_Payment_Redsys extends CRM_Core_Payment {
// Load vars in $input, &ids.
$ipn->getInput($input, $ids);
Civi::log()->debug("Redsys IPN Response: Parameteres received \n input: " . print_r($input, TRUE) . "\n ids: " . print_r($ids, TRUE));
CRM_Redsys_Config::write_log($input, $ids, "Redsys IPN Response: Parameteres received \n input: ");
$paymentProcessorID = $this->_paymentProcessor['id'];
if (!$ipn->validateData($this->_paymentProcessor, $input, $ids, $objects, TRUE, $paymentProcessorID)) {
......
......@@ -56,18 +56,10 @@ class CRM_Core_Payment_RedsysIPN extends CRM_Core_Payment_BaseIPN {
if (!$recur) {
if (str_replace(",", "", $contribution->total_amount) != str_replace(",", "", $input['amount'])) {
Civi::log()->debug("Amount values dont match between database and IPN request");
echo "Failure: Amount values dont match between database and IPN request<p>";
return FALSE;
}
}
$redsys_settings = CRM_Core_BAO_Setting::getItem("Redsys Settings", 'redsys_settings');
$masquerade_input = $input;
$fields_to_hide = ['Ds_MerchantParameters', 'Ds_Signature', 'Ds_Merchant_Identifier'];
foreach ($fields_to_hide as $field_to_hide) {
unset($masquerade_input[$field_to_hide]);
}
$transaction = new CRM_Core_Transaction();
if ($input['Ds_Response'] != self::REDSYS_RESPONSE_CODE_ACCEPTED) {
$error = self::trimAmount($input['Ds_Response']);
......@@ -77,9 +69,7 @@ class CRM_Core_Payment_RedsysIPN extends CRM_Core_Payment_BaseIPN {
else {
$input['reasonCode'] = $error;
}
if ($redsys_settings['save_log'] == '1') {
Civi::log()->debug("Redsys IPN Response: About to cancel contr \n input: " . print_r($masquerade_input, TRUE) . "\n ids: " . print_r($ids, TRUE));
}
CRM_Redsys_Config::write_log($input, $ids, "Redsys IPN Response: About to cancel contr \n input: ");
try {
civicrm_api3('contribution', 'create', ['id' => $input['contributionID'], 'contribution_status_id' => 'Cancelled', 'cancel_reason' => $input['reasonCode'], 'cancel_date' => date('Y-m-d')]);
}
......@@ -90,9 +80,7 @@ class CRM_Core_Payment_RedsysIPN extends CRM_Core_Payment_BaseIPN {
}
return TRUE;
}
if ($redsys_settings['save_log'] == '1') {
Civi::log()->debug("Redsys IPN Response: About complete trans \n input: " . print_r($masquerade_input, TRUE) . "\n ids: " . print_r($ids, TRUE));
}
CRM_Redsys_Config::write_log($input, $ids, "Redsys IPN Response: About complete trans \n input: ");
try {
civicrm_api3('contribution', 'completetransaction', ['id' => $input['contributionID'], 'trxn_id' => $input["trxn_id"]]);
}
......
<?php
class CRM_Redsys_Config {
public static function write_log ($input, $ids, $preffix_log) {
$redsys_settings = CRM_Core_BAO_Setting::getItem("Redsys Settings", 'redsys_settings');
if ($redsys_settings['save_log'] == '1') {
$masquerade_input = $input;
$fields_to_hide = ['Ds_MerchantParameters', 'Ds_Signature', 'Ds_Merchant_Identifier'];
foreach ($fields_to_hide as $field_to_hide) {
unset($masquerade_input[$field_to_hide]);
}
Civi::log()->debug($preffix_log . print_r($masquerade_input, TRUE) . "\n ids: " . print_r($ids, TRUE));
}
}
}
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment