Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Suhosin security patch and failed processed payments #22

Open
stojg opened this issue Dec 5, 2012 · 1 comment
Open

Suhosin security patch and failed processed payments #22

stojg opened this issue Dec 5, 2012 · 1 comment

Comments

@stojg
Copy link

stojg commented Dec 5, 2012

DPSAdapter::processDPSHostedResponse() should somehow warn when $_REQUEST["result"] is not set.

This can happen on servers with suhosin and when the "result" get parameter is longer than 512 bytes, see suhosin.get.max_value_length configuration.

When a get param value is longer than that it will be removed from the $_REQUEST.

In a live server environment, this would can cause (depending on the server setup) a PHP notice, but still return a 200 OK response code to the DPS provider, that will then processes the transaction even though the script failed to process the transaction.

@sminnee
Copy link
Member

sminnee commented Dec 5, 2012

It would be good to have some kind of warning for an install that had an inappropriate suhosin setting. Perhaps payment can come bundled with an EnvironmentCheck?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants