changed validation to simpler fix that was a potential merge candidate

- FoxyCart/FoxyCart-Cart-Validation--PHP#16
mak001 · Jul 7, 2020 · 5c6d057 · 5c6d057
1 parent 342fef8
commit 5c6d057
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 8 deletions.
diff --git a/src/Form/AddToCartForm.php b/src/Form/AddToCartForm.php
@@ -274,13 +274,12 @@ public static function getGeneratedValue(
         $optionValue = null,
         $method = 'name',
         $output = false,
-        $urlEncode = false,
-        $open = false
+        $urlEncode = false
     ) {
         $optionName = ($optionName !== null) ? preg_replace('/\s/', '_', $optionName) : $optionName;
         $helper = FoxyHelper::create();
 
-        return $helper::fc_hash_value($productCode, $optionName, $optionValue, $method, $output, $urlEncode, $open);
+        return $helper::fc_hash_value($productCode, $optionName, $optionValue, $method, $output, $urlEncode);
     }
 
     /**

diff --git a/thirdparty/foxycart/foxycart.cart_validation.php b/thirdparty/foxycart/foxycart.cart_validation.php
@@ -135,7 +135,7 @@ public static function fc_hash_querystring($qs, $output = TRUE) {
             }
             // Continue to sign the value and replace the name=value in the querystring with name=value||hash
             $value = self::fc_hash_value($codes[$pair['prefix']], urldecode($pair['name']), urldecode($pair['value']), 'value', FALSE, 'urlencode');
-            if (urldecode($pair['value']) == '--OPEN--') {
+            if (urldecode($pair['value']) === '--OPEN--') {
                 $replacement = $pair['amp'].$value.'=';
             } else {
                 $replacement = $pair['amp'].$pair['prefix'].urlencode($pair['name']).'='.$value;
@@ -162,19 +162,19 @@ public static function fc_hash_querystring($qs, $output = TRUE) {
      * @param string $method Choose to encode for the name or the value. Defaults to name.
      * @param bool $output Will echo when true and return when false.
      * @param bool $urlencode Output will be url encoded if true. Defaults to false.
-     * @param bool $open Should be false if the field is not user editable. (e.g. price should be false, order notes should be true)
      *
      * @return string|null
      **/
-    public static function fc_hash_value($product_code, $option_name, $option_value = '', $method = 'name', $output = TRUE, $urlencode = false, $open = true) {
+    public static function fc_hash_value($product_code, $option_name, $option_value = '', $method = 'name', $output = TRUE, $urlencode = false) {
         if (!$product_code || !$option_name) {
             return FALSE;
         }
         $option_name = str_replace(' ', '_', $option_name);
-        $hash = hash_hmac('sha256', $product_code.$option_name.$option_value, self::$secret);
-        if ($option_value == '--OPEN--' && $open) {
+        if ($option_value === '--OPEN--') {
+            $hash = hash_hmac('sha256', $product_code.$option_name.$option_value, self::$secret);
             $value = ($urlencode) ? urlencode($option_name).'||'.$hash.'||open' : $option_name.'||'.$hash.'||open';
         } else {
+            $hash = hash_hmac('sha256', $product_code.$option_name.$option_value, self::$secret);
             self::$log[] = '<strong>Challenge: </strong><span style="font-family:monospace; color:blue"><code>'.$product_code.$option_name.$option_value.'</code></span>';
             if ($method == 'name') {
                 $value = ($urlencode) ? urlencode($option_name).'||'.$hash : $option_name.'||'.$hash;