Develop #171

Ryouzanpaku · 2023-11-06T13:41:17Z

No description provided.

Co-authored-by: Vladislav Lipianin <>

…-types Add null for HasAccountInformation properties setters

…nzer docs.

Cc 570/paylater direct debit

CC-569/examples-threat-metrix

CC-573/paylater-dd-example

…-file-headers CC-567/remove-licence-info-from-file-headers

…sofort-type [CC-534] Add bank account information to Sofort type.

…nt-ID-should-be-configurable Cc 129/apple pay example merchant id should be configurable

Release-PHP-SDK-3] Adjust keypair used for basket v1 tests.

Release-PHP-SDK-3] Adjust paylater invoice cancel test because partial reversal is now supported by API.

Release-PHP-SDK-3] Add version summary/highlights.

Release-PHP-SDK-3] Merge remote-tracking branch 'origin/CC-584/Release-PHP-SDK-3.4.0' into CC-584/Release-PHP-SDK-3.4.0 # Conflicts: # test/integration/TransactionTypes/PaylaterCancelTest.php

Release-PHP-SDK-3] cleanup.

Cc-584/release php sdk 3.4.0

Release-PHP-SDK-3] Add missing use statement for unzer invoice example.

Release-PHP-SDK-3] mark direct debit example as deprecated.

Release-PHP-SDK-3] Add riskdata also to paypage examples.

Release-PHP-SDK-3] code style.

[CC-584 Release-PHP-SDK-3] qa

github-actions · 2023-11-06T13:43:19Z

Checkmarx One – Scan Summary & Details – d2373e33-63ac-4c37-a915-4d415149051f

Fixed Issues

Severity	Issue	Source File / Package
	Client_DOM_Stored_XSS	/examples/Applepay/index.php: 187
	Client_DOM_Stored_XSS	/examples/Applepay/index.php: 166
	Stored_XSS	/src/Unzer.php: 402
	Stored_XSS	/src/Unzer.php: 402
	Stored_XSS	/src/Unzer.php: 402
	Stored_XSS	/examples/InstallmentSecured/confirm.php: 61
	Stored_XSS	/examples/InstallmentSecured/confirm.php: 61
	Stored_XSS	/examples/InstallmentSecured/confirm.php: 61
	Stored_XSS	/src/Services/ResourceService.php: 396
	Stored_XSS	/src/Unzer.php: 402
	Stored_XSS	/examples/InstallmentSecured/confirm.php: 61
	Header_Injection	/examples/Applepay/merchantvalidation.php: 65
	Open_Redirect	/examples/PayPalRecurring/Controller.php: 54
	Privacy_Violation	/src/Resources/Payment.php: 153
	Client_Hardcoded_Domain	/examples/Backend/Failure.php: 33
	Client_Hardcoded_Domain	/examples/Backend/Failure.php: 35
	Client_Hardcoded_Domain	/examples/Backend/ManagePayment.php: 44
	Client_Hardcoded_Domain	/examples/Backend/ManagePayment.php: 46
	Client_Hardcoded_Domain	/examples/Backend/ManagePayment.php: 49
	Client_Hardcoded_Domain	/examples/Failure.php: 30
	Client_Hardcoded_Domain	/examples/Failure.php: 32
	Client_Hardcoded_Domain	/examples/Pending.php: 30
	Client_Hardcoded_Domain	/examples/Pending.php: 32
	Client_Hardcoded_Domain	/examples/Success.php: 44
	Client_Hardcoded_Domain	/examples/Success.php: 46
	Client_Hardcoded_Domain	/examples/PaylaterInstallment/index.php: 37
	Client_Hardcoded_Domain	/examples/PaylaterInstallment/index.php: 42
	Client_Hardcoded_Domain	/examples/Alipay/index.php: 37
	Client_Hardcoded_Domain	/examples/Alipay/index.php: 42
	Client_Hardcoded_Domain	/examples/Applepay/index.php: 37
	Client_Hardcoded_Domain	/examples/Applepay/index.php: 42
	Client_Hardcoded_Domain	/examples/Bancontact/index.php: 37
	Client_Hardcoded_Domain	/examples/Bancontact/index.php: 42
	Client_Hardcoded_Domain	/examples/BankTransfer/index.php: 37
	Client_Hardcoded_Domain	/examples/BankTransfer/index.php: 42
	Client_Hardcoded_Domain	/examples/Card/index.php: 37
	Client_Hardcoded_Domain	/examples/Card/index.php: 42
	Client_Hardcoded_Domain	/examples/CardExtended/index.php: 37
	Client_Hardcoded_Domain	/examples/CardExtended/index.php: 42
	Client_Hardcoded_Domain	/examples/CardRecurring/index.php: 37
	Client_Hardcoded_Domain	/examples/CardRecurring/index.php: 42
	Client_Hardcoded_Domain	/examples/EmbeddedPayPage/index.php: 38
	Client_Hardcoded_Domain	/examples/EmbeddedPayPage/index.php: 39
	Client_Hardcoded_Domain	/examples/EmbeddedPayPage/index.php: 42
	Client_Hardcoded_Domain	/examples/EmbeddedPayPage/index.php: 43
	Client_Hardcoded_Domain	/examples/EPSCharge/index.php: 37
	Client_Hardcoded_Domain	/examples/EPSCharge/index.php: 42
	Client_Hardcoded_Domain	/examples/Giropay/index.php: 37
	Client_Hardcoded_Domain	/examples/Giropay/index.php: 42
	Client_Hardcoded_Domain	/examples/HostedPayPage/index.php: 38
	Client_Hardcoded_Domain	/examples/HostedPayPage/index.php: 43
	Client_Hardcoded_Domain	/examples/IDeal/index.php: 37
	Client_Hardcoded_Domain	/examples/IDeal/index.php: 42
	Client_Hardcoded_Domain	/examples/index.php: 48
	Client_Hardcoded_Domain	/examples/index.php: 51
	Client_Hardcoded_Domain	/examples/index.php: 55
	Client_Hardcoded_Domain	/examples/InstallmentSecured/confirm.php: 85
	Client_Hardcoded_Domain	/examples/InstallmentSecured/confirm.php: 89
	Client_Hardcoded_Domain	/examples/InstallmentSecured/index.php: 37
	Client_Hardcoded_Domain	/examples/InstallmentSecured/index.php: 42
	Client_Hardcoded_Domain	/examples/Invoice/index.php: 40
	Client_Hardcoded_Domain	/examples/InvoiceSecured/index.php: 38
	Client_Hardcoded_Domain	/examples/InvoiceSecured/index.php: 43
	Client_Hardcoded_Domain	/examples/Klarna/index.php: 37
	Client_Hardcoded_Domain	/examples/Klarna/index.php: 42
	Client_Hardcoded_Domain	/examples/PaylaterInvoice/index.php: 38
	Client_Hardcoded_Domain	/examples/PaylaterInvoice/index.php: 43
	Client_Hardcoded_Domain	/examples/PayPal/index.php: 37
	Client_Hardcoded_Domain	/examples/PayPal/index.php: 42
	Client_Hardcoded_Domain	/examples/PayPalRecurring/index.php: 37
	Client_Hardcoded_Domain	/examples/PayPalRecurring/index.php: 42
	Client_Hardcoded_Domain	/examples/PostFinanceCard/index.php: 37
	Client_Hardcoded_Domain	/examples/PostFinanceCard/index.php: 42
	Client_Hardcoded_Domain	/examples/PostFinanceEfinance/index.php: 37
	Client_Hardcoded_Domain	/examples/PostFinanceEfinance/index.php: 42
	Client_Hardcoded_Domain	/examples/Prepayment/index.php: 40
	Client_Hardcoded_Domain	/examples/Przelewy24/index.php: 37
	Client_Hardcoded_Domain	/examples/Przelewy24/index.php: 42
	Client_Hardcoded_Domain	/examples/SepaDirectDebitSecured/index.php: 37
	Client_Hardcoded_Domain	/examples/SepaDirectDebitSecured/index.php: 42
	Client_Hardcoded_Domain	/examples/Sofort/index.php: 37
	Client_Hardcoded_Domain	/examples/Sofort/index.php: 42
	Client_Hardcoded_Domain	/examples/Webhooks/fetchAll.php: 60
	Client_Hardcoded_Domain	/examples/Webhooks/fetchAll.php: 64
	Client_Hardcoded_Domain	/examples/Webhooks/index.php: 67
	Client_Hardcoded_Domain	/examples/Webhooks/index.php: 71
	Client_Hardcoded_Domain	/examples/Webhooks/removeAll.php: 65
	Client_Hardcoded_Domain	/examples/Webhooks/removeAll.php: 69
	Client_Hardcoded_Domain	/examples/Wechatpay/index.php: 37
	Client_Hardcoded_Domain	/examples/Wechatpay/index.php: 42
	Trust_Boundary_Violation_in_Session_Variables	/examples/BankTransfer/Controller.php: 54
	Trust_Boundary_Violation_in_Session_Variables	/examples/BankTransfer/Controller.php: 54
	Trust_Boundary_Violation_in_Session_Variables	/examples/Card/Controller.php: 55
	Trust_Boundary_Violation_in_Session_Variables	/examples/Wechatpay/Controller.php: 56
	Trust_Boundary_Violation_in_Session_Variables	/examples/Wechatpay/Controller.php: 56
	Trust_Boundary_Violation_in_Session_Variables	/examples/BankTransfer/Controller.php: 54
	Trust_Boundary_Violation_in_Session_Variables	/examples/Giropay/Controller.php: 57
	Trust_Boundary_Violation_in_Session_Variables	/examples/Giropay/Controller.php: 57
	Trust_Boundary_Violation_in_Session_Variables	/examples/Wechatpay/Controller.php: 56
	Trust_Boundary_Violation_in_Session_Variables	/examples/CardExtended/Controller.php: 55
	Trust_Boundary_Violation_in_Session_Variables	/examples/EPSCharge/Controller.php: 57
	Trust_Boundary_Violation_in_Session_Variables	/examples/Sofort/Controller.php: 54
	Trust_Boundary_Violation_in_Session_Variables	/examples/Giropay/Controller.php: 57
	Trust_Boundary_Violation_in_Session_Variables	/examples/EPSCharge/Controller.php: 57
	Trust_Boundary_Violation_in_Session_Variables	/examples/Sofort/Controller.php: 54
	Trust_Boundary_Violation_in_Session_Variables	/examples/Applepay/Controller.php: 51
	Trust_Boundary_Violation_in_Session_Variables	/examples/IDeal/Controller.php: 57
	Trust_Boundary_Violation_in_Session_Variables	/examples/IDeal/Controller.php: 57
	Trust_Boundary_Violation_in_Session_Variables	/examples/Przelewy24/Controller.php: 57
	Trust_Boundary_Violation_in_Session_Variables	/examples/CardExtended/Controller.php: 55
	Trust_Boundary_Violation_in_Session_Variables	/examples/Przelewy24/Controller.php: 57
	Trust_Boundary_Violation_in_Session_Variables	/examples/EPSCharge/Controller.php: 57
	Trust_Boundary_Violation_in_Session_Variables	/examples/Sofort/Controller.php: 54
	Trust_Boundary_Violation_in_Session_Variables	/examples/Applepay/Controller.php: 51
	Trust_Boundary_Violation_in_Session_Variables	/examples/IDeal/Controller.php: 57
	Trust_Boundary_Violation_in_Session_Variables	/examples/InvoiceSecured/Controller.php: 60
	Trust_Boundary_Violation_in_Session_Variables	/examples/InvoiceSecured/Controller.php: 61
	Trust_Boundary_Violation_in_Session_Variables	/examples/Alipay/Controller.php: 54
	Trust_Boundary_Violation_in_Session_Variables	/examples/SepaDirectDebitSecured/Controller.php: 56
	Trust_Boundary_Violation_in_Session_Variables	/examples/SepaDirectDebitSecured/Controller.php: 57
	Trust_Boundary_Violation_in_Session_Variables	/examples/Alipay/Controller.php: 54
	Trust_Boundary_Violation_in_Session_Variables	/examples/Bancontact/Controller.php: 54
	Trust_Boundary_Violation_in_Session_Variables	/examples/Przelewy24/Controller.php: 57
	Trust_Boundary_Violation_in_Session_Variables	/examples/Bancontact/Controller.php: 54
	Trust_Boundary_Violation_in_Session_Variables	/examples/SepaDirectDebitSecured/Controller.php: 57
	Trust_Boundary_Violation_in_Session_Variables	/examples/SepaDirectDebitSecured/Controller.php: 56
	Trust_Boundary_Violation_in_Session_Variables	/examples/CardRecurring/RecurringPaymentController.php: 56
	Trust_Boundary_Violation_in_Session_Variables	/examples/Alipay/Controller.php: 54
	Trust_Boundary_Violation_in_Session_Variables	/examples/Bancontact/Controller.php: 54
	Trust_Boundary_Violation_in_Session_Variables	/examples/InvoiceSecured/Controller.php: 61
	Trust_Boundary_Violation_in_Session_Variables	/examples/InvoiceSecured/Controller.php: 60
	Trust_Boundary_Violation_in_Session_Variables	/examples/InvoiceSecured/Controller.php: 61
	Trust_Boundary_Violation_in_Session_Variables	/examples/InvoiceSecured/Controller.php: 60
	Trust_Boundary_Violation_in_Session_Variables	/examples/Card/Controller.php: 55
	Trust_Boundary_Violation_in_Session_Variables	/examples/CardRecurring/RecurringPaymentController.php: 56
	Trust_Boundary_Violation_in_Session_Variables	/examples/PayPalRecurring/Controller.php: 54
	Trust_Boundary_Violation_in_Session_Variables	/examples/CardRecurring/Controller.php: 56
	Unsafe_Use_Of_Target_blank	/examples/PaylaterInstallment/index.php: 47
	Unsafe_Use_Of_Target_blank	/examples/Wechatpay/index.php: 52
	Unsafe_Use_Of_Target_blank	/examples/Sofort/index.php: 47
	Unsafe_Use_Of_Target_blank	/examples/SepaDirectDebitSecured/index.php: 47
	Unsafe_Use_Of_Target_blank	/examples/Przelewy24/index.php: 47
	Unsafe_Use_Of_Target_blank	/examples/PostFinanceEfinance/index.php: 47
	Unsafe_Use_Of_Target_blank	/examples/PostFinanceCard/index.php: 47
	Unsafe_Use_Of_Target_blank	/examples/PayPal/index.php: 53
	Unsafe_Use_Of_Target_blank	/examples/PayPal/index.php: 51
	Unsafe_Use_Of_Target_blank	/examples/PayPalRecurring/index.php: 53
	Unsafe_Use_Of_Target_blank	/examples/PayPalRecurring/index.php: 51
	Unsafe_Use_Of_Target_blank	/examples/PaylaterInvoice/index.php: 48
	Unsafe_Use_Of_Target_blank	/examples/Klarna/index.php: 46
	Unsafe_Use_Of_Target_blank	/examples/InvoiceSecured/index.php: 48
	Unsafe_Use_Of_Target_blank	/examples/InstallmentSecured/index.php: 47
	Unsafe_Use_Of_Target_blank	/examples/index.php: 93

More results are available on AST platform

GreatG0ose and others added 30 commits September 6, 2023 11:58

[CC-344] Add pre/release workflows (#161)

da10318

Co-authored-by: Vladislav Lipianin <>

fix types (add null)

52aa0da

Merge branch 'develop' into bug-fix-has-account-information-types

16f2885

Merge pull request #162 from mkreusch/bug-fix-has-account-information…

a596303

…-types Add null for HasAccountInformation properties setters

[CC-570] [CC-570] Add Paylater Direct Debit.

4e83c60

[CC-570] run cs-fixer.

c86adcc

[CC-570] deprecate legacy direct debit types.

4680f38

[CC-570] Replace list of supported types by a corresponding link to u…

ab6b334

…nzer docs.

[CC-570] update changelog.

cda3fb2

[CC-570] Add unit test for paylater direct debit.

255f2f1

[CC-568] Add Unit test to verify empty bic response.

a3b9a67

[CC-569] Add and riskData incl. threatMetrixId to paylater examples.

73bd425

Merge pull request #163 from unzerdev/CC-570/paylater-direct-debit

22e171c

Cc 570/paylater direct debit

[CC-569] Merge branch 'develop' into CC-569/examples-threat-metrix

ccf5a75

[CC-569] Update changelog.

100a3aa

[CC-569] update sdk-version.

c6514a3

Merge pull request #164 from unzerdev/CC-569/examples-threat-metrix

8d5dc06

CC-569/examples-threat-metrix

[CC-573] Add Paylater Direct debit example.

74d5b0d

Merge pull request #165 from unzerdev/CC-573/paylater-dd-example

172f764

CC-573/paylater-dd-example

[CC-567] Remove licence info from file headers.

03367f4

[CC-567] Remove obsolete package tags in phpDoc comments.

94db8a2

[CC-567] Change file header to class header for most common used classes

6629c4d

[CC-567] run cs-fixer

73c4f3e

Merge pull request #166 from unzerdev/CC-567/remove-licence-info-from…

0211a02

…-file-headers CC-567/remove-licence-info-from-file-headers

[CC-534] Add bank account information to Sofort type.

6417fc7

[CC-534] Add JSON response for sofort type to tests.

e9cce48

Merge pull request #167 from unzerdev/CC-534/missing-account-data-in-…

3dfa288

…sofort-type [CC-534] Add bank account information to Sofort type.

[CC-129] Remove hard coded merchant id and use conatant instead.

353f977

[CC-129] Update changelog.

c8de486

[CC-129] typo.

27de72b

Ryouzanpaku and others added 13 commits November 3, 2023 09:25

Merge pull request #168 from unzerdev/CC-129/Apple-Pay-example-Mercha…

d171813

…nt-ID-should-be-configurable Cc 129/apple pay example merchant id should be configurable

[CC-584

0eb13b1

Release-PHP-SDK-3] Adjust keypair used for basket v1 tests.

[CC-584

21eaa95

Release-PHP-SDK-3] Adjust paylater invoice cancel test because partial reversal is now supported by API.

[CC-584

5aa0c5c

Release-PHP-SDK-3] Adjust paylater invoice cancel test because partial reversal is now supported by API.

[CC-584

8b2a6e6

Release-PHP-SDK-3] Add version summary/highlights.

[CC-584

71798df

Release-PHP-SDK-3] Merge remote-tracking branch 'origin/CC-584/Release-PHP-SDK-3.4.0' into CC-584/Release-PHP-SDK-3.4.0 # Conflicts: # test/integration/TransactionTypes/PaylaterCancelTest.php

[CC-584

b33d1b2

Release-PHP-SDK-3] cleanup.

Merge pull request #169 from unzerdev/CC-584/Release-PHP-SDK-3.4.0

7faab21

Cc-584/release php sdk 3.4.0

[CC-584

ddc5df8

Release-PHP-SDK-3] Add missing use statement for unzer invoice example.

[CC-584

a25b582

Release-PHP-SDK-3] mark direct debit example as deprecated.

[CC-584

b35767a

Release-PHP-SDK-3] Add riskdata also to paypage examples.

[CC-584

2dec267

Release-PHP-SDK-3] code style.

Merge pull request #170 from unzerdev/CC-584/Release-PHP-SDK-3.4.0

b79ebb4

[CC-584 Release-PHP-SDK-3] qa

Ryouzanpaku merged commit 632ce4c into master Nov 6, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Develop #171

Develop #171

Uh oh!

Ryouzanpaku commented Nov 6, 2023

Uh oh!

github-actions bot commented Nov 6, 2023

Uh oh!

Reviewers

Assignees

Labels

Milestone

Development

Uh oh!

4 participants

Develop #171

Develop #171

Uh oh!

Conversation

Ryouzanpaku commented Nov 6, 2023

Uh oh!

github-actions bot commented Nov 6, 2023

Fixed Issues

Uh oh!

Reviewers

Assignees

Labels

Milestone

Development

Uh oh!

4 participants