Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

New cart-modification-during-checkout prevention.

  • Loading branch information...
commit b72d6e0b4cd3bde96a7a25e9727c152d757b68d8 1 parent e72f21a
Wojtek Ruszczewski authored April 10, 2012
7  catalog/checkout_confirmation.php
@@ -23,13 +23,6 @@
23 23
     tep_redirect(tep_href_link(FILENAME_SHOPPING_CART));
24 24
   }
25 25
 
26  
-// avoid hack attempts during the checkout procedure by checking the internal cartID
27  
-  if (isset($cart->cartID) && tep_session_is_registered('cartID')) {
28  
-    if ($cart->cartID != $cartID) {
29  
-      tep_redirect(tep_href_link(FILENAME_CHECKOUT_SHIPPING, '', 'SSL'));
30  
-    }
31  
-  }
32  
-
33 26
 // if no shipping method has been selected, redirect the customer to the shipping method selection page
34 27
   if (!tep_session_is_registered('shipping')) {
35 28
     tep_redirect(tep_href_link(FILENAME_CHECKOUT_SHIPPING, '', 'SSL'));
7  catalog/checkout_payment.php
@@ -28,13 +28,6 @@
28 28
     tep_redirect(tep_href_link(FILENAME_CHECKOUT_SHIPPING, '', 'SSL'));
29 29
   }
30 30
 
31  
-// avoid hack attempts during the checkout procedure by checking the internal cartID
32  
-  if (isset($cart->cartID) && tep_session_is_registered('cartID')) {
33  
-    if ($cart->cartID != $cartID) {
34  
-      tep_redirect(tep_href_link(FILENAME_CHECKOUT_SHIPPING, '', 'SSL'));
35  
-    }
36  
-  }
37  
-
38 31
 // Stock Check
39 32
   if ( (STOCK_CHECK == 'true') && (STOCK_ALLOW_CHECKOUT != 'true') ) {
40 33
     $products = $cart->get_products();
7  catalog/checkout_process.php
@@ -32,13 +32,6 @@
32 32
     tep_redirect(tep_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'SSL'));
33 33
  }
34 34
 
35  
-// avoid hack attempts during the checkout procedure by checking the internal cartID
36  
-  if (isset($cart->cartID) && tep_session_is_registered('cartID')) {
37  
-    if ($cart->cartID != $cartID) {
38  
-      tep_redirect(tep_href_link(FILENAME_CHECKOUT_SHIPPING, '', 'SSL'));
39  
-    }
40  
-  }
41  
-
42 35
   include(DIR_WS_LANGUAGES . $language . '/' . FILENAME_CHECKOUT_PROCESS);
43 36
 
44 37
 // load selected payment module
5  catalog/checkout_shipping.php
@@ -44,11 +44,6 @@
44 44
   require(DIR_WS_CLASSES . 'order.php');
45 45
   $order = new order;
46 46
 
47  
-// register a random ID in the session to check throughout the checkout procedure
48  
-// against alterations in the shopping cart contents
49  
-  if (!tep_session_is_registered('cartID')) tep_session_register('cartID');
50  
-  $cartID = $cart->cartID;
51  
-
52 47
 // if the order contains only virtual products, forward the customer to the billing page as
53 48
 // a shipping address is not needed
54 49
   if ($order->content_type == 'virtual') {
27  catalog/includes/classes/shopping_cart.php
@@ -11,7 +11,7 @@
11 11
 */
12 12
 
13 13
   class shoppingCart {
14  
-    var $contents, $total, $weight, $cartID, $content_type;
  14
+    var $contents, $total, $weight, $content_type;
15 15
 
16 16
     function shoppingCart() {
17 17
       $this->reset();
@@ -42,7 +42,7 @@ function restore_contents() {
42 42
         }
43 43
       }
44 44
 
45  
-// reset per-session cart contents, but not the database contents
  45
+// reset per-session cart contents, but not the database contents (this also resets the checkout)
46 46
       $this->reset(false);
47 47
 
48 48
       $products_query = tep_db_query("select products_id, customers_basket_quantity from " . TABLE_CUSTOMERS_BASKET . " where customers_id = '" . (int)$customer_id . "'");
@@ -56,14 +56,12 @@ function restore_contents() {
56 56
       }
57 57
 
58 58
       $this->cleanup();
59  
-
60  
-// assign a temporary unique ID to the order contents to prevent hack attempts during the checkout procedure
61  
-      $this->cartID = $this->generate_cart_id();
62 59
     }
63 60
 
64 61
     function reset($reset_database = false) {
65 62
       global $customer_id;
66 63
 
  64
+      $this->reset_checkout();
67 65
       $this->contents = array();
68 66
       $this->total = 0;
69 67
       $this->weight = 0;
@@ -73,9 +71,15 @@ function reset($reset_database = false) {
73 71
         tep_db_query("delete from " . TABLE_CUSTOMERS_BASKET . " where customers_id = '" . (int)$customer_id . "'");
74 72
         tep_db_query("delete from " . TABLE_CUSTOMERS_BASKET_ATTRIBUTES . " where customers_id = '" . (int)$customer_id . "'");
75 73
       }
  74
+    }
76 75
 
77  
-      unset($this->cartID);
78  
-      if (tep_session_is_registered('cartID')) tep_session_unregister('cartID');
  76
+// resets checkout data, should be used after any cart modification to prevent wrong shipping / payment costs
  77
+    function reset_checkout() {
  78
+      global $shipping, $payment;
  79
+      $shipping = null;
  80
+      $payment = null;
  81
+      if (tep_session_is_registered('shipping')) tep_session_unregister('shipping');
  82
+      if (tep_session_is_registered('payment')) tep_session_unregister('payment');
79 83
     }
80 84
 
81 85
     function add_cart($products_id, $qty = '1', $attributes = '', $notify = true) {
@@ -121,6 +125,7 @@ function add_cart($products_id, $qty = '1', $attributes = '', $notify = true) {
121 125
           if ($this->in_cart($products_id_string)) {
122 126
             $this->update_quantity($products_id_string, $qty, $attributes);
123 127
           } else {
  128
+            $this->reset_checkout();
124 129
             $this->contents[$products_id_string] = array('qty' => (int)$qty);
125 130
 // insert into database
126 131
             if (tep_session_is_registered('customer_id')) tep_db_query("insert into " . TABLE_CUSTOMERS_BASKET . " (customers_id, products_id, customers_basket_quantity, customers_basket_date_added) values ('" . (int)$customer_id . "', '" . tep_db_input($products_id_string) . "', '" . (int)$qty . "', '" . date('Ymd') . "')");
@@ -136,9 +141,6 @@ function add_cart($products_id, $qty = '1', $attributes = '', $notify = true) {
136 141
           }
137 142
 
138 143
           $this->cleanup();
139  
-
140  
-// assign a temporary unique ID to the order contents to prevent hack attempts during the checkout procedure
141  
-          $this->cartID = $this->generate_cart_id();
142 144
         }
143 145
       }
144 146
     }
@@ -166,6 +168,7 @@ function update_quantity($products_id, $quantity = '', $attributes = '') {
166 168
       }
167 169
 
168 170
       if (is_numeric($products_id) && isset($this->contents[$products_id_string]) && is_numeric($quantity) && ($attributes_pass_check == true)) {
  171
+        $this->reset_checkout();
169 172
         $this->contents[$products_id_string] = array('qty' => (int)$quantity);
170 173
 // update database
171 174
         if (tep_session_is_registered('customer_id')) tep_db_query("update " . TABLE_CUSTOMERS_BASKET . " set customers_basket_quantity = '" . (int)$quantity . "' where customers_id = '" . (int)$customer_id . "' and products_id = '" . tep_db_input($products_id_string) . "'");
@@ -228,15 +231,13 @@ function in_cart($products_id) {
228 231
     function remove($products_id) {
229 232
       global $customer_id;
230 233
 
  234
+      $this->reset_checkout();
231 235
       unset($this->contents[$products_id]);
232 236
 // remove from database
233 237
       if (tep_session_is_registered('customer_id')) {
234 238
         tep_db_query("delete from " . TABLE_CUSTOMERS_BASKET . " where customers_id = '" . (int)$customer_id . "' and products_id = '" . tep_db_input($products_id) . "'");
235 239
         tep_db_query("delete from " . TABLE_CUSTOMERS_BASKET_ATTRIBUTES . " where customers_id = '" . (int)$customer_id . "' and products_id = '" . tep_db_input($products_id) . "'");
236 240
       }
237  
-
238  
-// assign a temporary unique ID to the order contents to prevent hack attempts during the checkout procedure
239  
-      $this->cartID = $this->generate_cart_id();
240 241
     }
241 242
 
242 243
     function remove_all() {

0 notes on commit b72d6e0

Please sign in to comment.
Something went wrong with that request. Please try again.