Merge pull request #219 from Hlavtox/fix-sha

Fix sha1 deprecation
PrestaShop · Sep 26, 2023 · 79a4111 · 79a4111
2 parents 6070d75 + 5a0915f
commit 79a4111
Showing 1 changed file with 15 additions and 5 deletions.
diff --git a/psgdpr.php b/psgdpr.php
@@ -737,31 +737,41 @@ public function hookDisplayGDPRConsent(array $params): string
         /** @var ConsentRepository $consentRepository */
         $consentRepository = $this->get('PrestaShop\Module\Psgdpr\Repository\ConsentRepository');
 
+        // If no information about a module requesting a consent checkbox was passed, nothing to do
         if (!isset($params['id_module'])) {
             return '';
         }
 
         $moduleId = (int) $params['id_module'];
 
+        // If this module does not have a consent activated, nothing to do
         if (false === $consentRepository->findModuleConsentIsActive($moduleId)) {
             return '';
         }
 
         $message = $consentRepository->findModuleConsentMessage($moduleId, $this->context->language->id);
         $url = $this->context->link->getModuleLink($this->name, 'FrontAjaxGdpr', [], true);
 
-        $customerId = $this->context->customer->id;
+        /*
+         * Prepare customer data. The tokens will be used to reverse validate the data in the AJAX request.
+         * customer_token is used when the customer is logged in, guest_token when not. Even if both customer
+         * and guest IDs are empty, we can still mark the consent by using the IP address.
+         */
         $guestId = 0;
-
-        if ($customerId == null) {
+        $customerId = 0;
+        $secureKey = '';
+        if (!empty($this->context->customer->id)) {
+            $customerId = $this->context->customer->id;
+            $secureKey = $this->context->customer->secure_key;
+        }
+        if (!empty($this->context->cart->id_guest)) {
             $guestId = $this->context->cart->id_guest;
-            $customerId = 0;
         }
 
         $this->context->smarty->assign([
             'psgdpr_id_guest' => $guestId,
             'psgdpr_id_customer' => $customerId,
-            'psgdpr_customer_token' => sha1($this->context->customer->secure_key),
+            'psgdpr_customer_token' => sha1($secureKey),
             'psgdpr_guest_token' => sha1('psgdpr' . $guestId . $_SERVER['REMOTE_ADDR'] . date('Y-m-d')),
             'psgdpr_id_module' => $moduleId,
             'psgdpr_consent_message' => $message,