diff --git a/.eslintrc.yml b/.eslintrc.yml index 110dcd0b..7135cd02 100644 --- a/.eslintrc.yml +++ b/.eslintrc.yml @@ -11,4 +11,5 @@ rules: no-unexpected-multiline: 0 brace-style: [error, 1tbs] space-before-function-paren: [error, never] - padded-blocks: [error, never] \ No newline at end of file + padded-blocks: [error, never] + func-call-spacing: [error, never] \ No newline at end of file diff --git a/debian/changelog b/debian/changelog index 4f7962fb..318742ff 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,4 +1,4 @@ -hedera-web (1.406.32) stable; urgency=low +hedera-web (1.406.33) stable; urgency=low * Initial Release. diff --git a/forms/ecomerce/catalog/style.css b/forms/ecomerce/catalog/style.css index 30d6b8dd..9922dec1 100644 --- a/forms/ecomerce/catalog/style.css +++ b/forms/ecomerce/catalog/style.css @@ -162,6 +162,7 @@ font-size: 1.1em; text-overflow: ellipsis; overflow: hidden; + max-height: 2.4em; } .item-info > p { diff --git a/forms/ecomerce/orders/orders.js b/forms/ecomerce/orders/orders.js index c1ecdef3..5f7d4078 100644 --- a/forms/ecomerce/orders/orders.js +++ b/forms/ecomerce/orders/orders.js @@ -1,66 +1,57 @@ -Hedera.Orders = new Class -({ - Extends: Hedera.Form +Hedera.Orders = new Class({ + Extends: Hedera.Form, - ,activate: function () - { - this.tpv = new Hedera.Tpv ({conn: this.conn}); - this.tpv.check (this._onTpvCheck.bind (this)); - } + activate: function() { + this.tpv = new Hedera.Tpv({conn: this.conn}); + this.tpv.check(this._onTpvCheck.bind(this)); + }, - ,_onTpvCheck: function (tpv, tpvOrder, tpvStatus) - { + _onTpvCheck: function(tpv, tpvOrder, tpvStatus) { if (tpvStatus === 'ko') - this.$('error-dialog').show (); - } + this.$('error-dialog').show(); + }, - ,onBasketClick: function () - { - this.hash.set ({form: 'ecomerce/basket'}); - } + onBasketClick: function() { + this.hash.set({form: 'ecomerce/basket'}); + }, - ,repeaterFunc: function (res, form) - { - res.$('link').href = this.hash.make ({ + repeaterFunc: function(res, form) { + res.$('link').href = this.hash.make({ form: 'ecomerce/ticket', - ticket: form.get ('id') + ticket: form.get('id') }); - } + }, // TPV - ,balanceConditionalFunc: function (field, value) - { + balanceConditionalFunc: function(field, value) { if (value >= 0) - Vn.Node.removeClass (this.$('balance'), 'negative'); + Vn.Node.removeClass(this.$('balance'), 'negative'); else - Vn.Node.addClass (this.$('balance'), 'negative'); - } + Vn.Node.addClass(this.$('balance'), 'negative'); + }, - ,onPayButtonClick: function () - { + onPayButtonClick: function() { var amount = -this.$('debt').value; amount = amount <= 0 ? null : amount; var defaultAmountStr = ''; if (amount !== null) - defaultAmountStr = Vn.Value.format (amount, '%.2d'); + defaultAmountStr = Vn.Value.format(amount, '%.2d'); - amount = prompt (_('AmountToPay:'), defaultAmountStr); + amount = prompt(_('AmountToPay:'), defaultAmountStr); - if (amount != null) - { - amount = parseFloat (amount.replace (',', '.')); - this.tpv.pay (amount, null); + if (amount != null) { + amount = parseFloat(amount.replace(',', '.')); + this.tpv.pay(amount, null); } - } + }, - ,onDialogResponse: function (dialog, response) - { + onDialogResponse: function(dialog, response) { if (response == Htk.Dialog.Button.RETRY) - this.tpv.retryPay (); + this.tpv.retryPay(); } }); diff --git a/js/hedera/tpv.js b/js/hedera/tpv.js index 82358c9f..19f2d9ac 100644 --- a/js/hedera/tpv.js +++ b/js/hedera/tpv.js @@ -6,116 +6,102 @@ module.exports = new Class ,tpvOrder: null ,tpvStatus: null - ,check: function (callback) - { - this.tpvOrder = Vn.Hash.get ('tpvOrder'); - this.tpvStatus = Vn.Hash.get ('tpvStatus'); + ,check: function(callback) { + this.tpvOrder = Vn.Hash.get('tpvOrder'); + this.tpvStatus = Vn.Hash.get('tpvStatus'); - if (this.tpvStatus) - { - var batch = new Sql.Batch (); - batch.addValue ('transaction', this.tpvOrder); - batch.addValue ('status', this.tpvStatus); + if (this.tpvStatus) { + var batch = new Sql.Batch(); + batch.addValue('transaction', this.tpvOrder); + batch.addValue('status', this.tpvStatus); var query = 'CALL tpvTransactionEnd (#transaction, #status)'; - this.conn.execQuery (query, null, batch); + this.conn.execQuery(query, null, batch); } if (callback) - callback (this, this.tpvOrder, this.tpvStatus); + callback(this, this.tpvOrder, this.tpvStatus); } - ,pay: function (amount, company) - { - this._realPay (amount * 100, company); + ,pay: function(amount, company) { + this._realPay(amount * 100, company); } - ,_realPay: function (amount, company) - { - if (isNumeric (amount) && amount > 0) - { + ,_realPay: function(amount, company) { + if (isNumeric(amount) && amount > 0) { var params = { - amount: parseInt (amount) - ,urlOk: this._makeUrl ('ok') - ,urlKo: this._makeUrl ('ko') + amount: parseInt(amount) + ,urlOk: this._makeUrl('ok') + ,urlKo: this._makeUrl('ko') ,company: company }; - this.conn.send ('tpv/transaction', params, - this._onTransactionStart.bind (this)); - } - else - Htk.Toast.showError (_('AmountError')); + this.conn.send('tpv/transaction', params, + this._onTransactionStart.bind(this)); + } else + Htk.Toast.showError(_('AmountError')); } - ,_onTransactionStart: function (json) - { - if (json) - { + ,_onTransactionStart: function(json) { + if (json) { var postValues = json.postValues; - var form = document.createElement ('form'); + var form = document.createElement('form'); form.method = 'POST'; form.action = json.url; - document.body.appendChild (form); + document.body.appendChild(form); - for (var field in postValues) - { - var input = document.createElement ('input'); + for (var field in postValues) { + var input = document.createElement('input'); input.type = 'hidden'; input.name = field; - form.appendChild (input); + form.appendChild(input); if (postValues[field]) input.value = postValues[field]; } - form.submit (); - } - else - Htk.Toast.showWarning (_('PayError')); + form.submit(); + } else + Htk.Toast.showWarning(_('PayError')); } - ,retryPay: function () - { - var batch = new Sql.Batch (); - batch.addValue ('transaction', parseInt (this.tpvOrder)); + ,retryPay: function() { + var batch = new Sql.Batch(); + batch.addValue('transaction', parseInt(this.tpvOrder)); var query = 'SELECT t.amount, m.companyFk ' +'FROM myTpvTransaction t ' +'JOIN tpvMerchant m ON m.id = t.merchantFk ' +'WHERE t.id = #transaction'; - this.conn.execQuery (query, - this._onRetryPayDone.bind (this), batch); + this.conn.execQuery(query, + this._onRetryPayDone.bind(this), batch); } - ,_onRetryPayDone: function (resultSet) - { - var res = resultSet.fetchResult (); + ,_onRetryPayDone: function(resultSet) { + var res = resultSet.fetchResult(); - if (res.next ()) - this._realPay (res.get ('amount'), res.get ('companyFk')); + if (res.next()) + this._realPay(res.get('amount'), res.get('companyFk')); else - Htk.Toast.showError (_('AmountError')); + Htk.Toast.showError(_('AmountError')); } - ,_makeUrl: function (status) - { + ,_makeUrl: function(status) { var path = location.protocol +'//'+ location.host; path += location.port ? ':'+ location.port : ''; path += location.pathname; path += location.search ? location.search : ''; - path += Vn.Hash.make ({ + path += Vn.Hash.make({ form: 'ecomerce/orders', tpvStatus: status, - tpvOrder: '%s' + tpvOrder: '_transactionId_' }, true); return path; } }); -function isNumeric (n) -{ - return !isNaN (parseFloat(n)) && isFinite (n); +function isNumeric(n) { + return !isNaN(parseFloat(n)) && isFinite(n); } diff --git a/js/vn/hash.js b/js/vn/hash.js index f638019e..f1311ace 100644 --- a/js/vn/hash.js +++ b/js/vn/hash.js @@ -1,5 +1,5 @@ -var HashListener = require ('./hash-listener'); +var HashListener = require('./hash-listener'); /** * Class to handle the URL. @@ -11,15 +11,15 @@ module.exports = ,_listener: null ,initialize: function() { - this._listener = new HashListener (); + this._listener = new HashListener(); - this._hashChangedHandler = this._hashChanged.bind (this); - window.addEventListener ('hashchange', this._hashChangedHandler); - this._hashChanged (); + this._hashChangedHandler = this._hashChanged.bind(this); + window.addEventListener('hashchange', this._hashChangedHandler); + this._hashChanged(); } ,destroy: function() { - window.removeEventListener ('hashchange', this._hashChangedHandler); + window.removeEventListener('hashchange', this._hashChangedHandler); } ,getListener: function() { @@ -46,7 +46,7 @@ module.exports = for (var key in map) newMap[key] = map[key]; - this.set (newMap); + this.set(newMap); } /** @@ -60,7 +60,7 @@ module.exports = if (map[key] === null || map[key] === undefined) delete map[key]; - var newHash = this.make (map); + var newHash = this.make(map); if (!map) map = {}; @@ -73,7 +73,7 @@ module.exports = location.hash = newHash; this._blockChanged = false; - this._listener.changed (); + this._listener.changed(); } } @@ -109,10 +109,10 @@ module.exports = return; var newMap = hashMap = {}; - var kvPairs = newHash.substr(2).split ('&'); + var kvPairs = newHash.substr(2).split('&'); for (var i = 0; i < kvPairs.length; i++) { - var kvPair = kvPairs[i].split ('=', 2); + var kvPair = kvPairs[i].split('=', 2); if (kvPair[0]) newMap[decodeURIComponent(kvPair[0])] = decodeURIComponent(kvPair[1]); @@ -120,6 +120,6 @@ module.exports = this._hashMap = newMap; this._hash = newHash; - this._listener.changed (); + this._listener.changed(); } }; diff --git a/js/vn/url.js b/js/vn/url.js index 9b42eec8..f5f9bba0 100644 --- a/js/vn/url.js +++ b/js/vn/url.js @@ -8,10 +8,9 @@ module.exports = * * @param {string} key The variable name **/ - getQuery: function (key) - { - var regExp = new RegExp ('[\?\&]'+ key +'=([^\&]*)(\&?)', 'i'); - var value = location.search.match (regExp); + getQuery: function(key) { + var regExp = new RegExp('[\?\&]'+ key +'=([^\&]*)(\&?)', 'i'); + var value = location.search.match(regExp); return value ? value[1] : value; } @@ -22,21 +21,18 @@ module.exports = * @param {string} key The variable name * @param {string} value The new value **/ - ,setQuery: function (key, value) - { + ,setQuery: function(key, value) { var changed = true; var found = false; var newPair = key +'='+ value; - var kvPairs = location.search.substr(1).split ('?'); + var kvPairs = location.search.substr(1).split('?'); - for (var i = 0; i < kvPairs.length; i++) - { - var kvPair = kvPairs[i].split ('=', 1); + for (var i = 0; i < kvPairs.length; i++) { + var kvPair = kvPairs[i].split('=', 1); - if (kvPair[0] == key) - { + if (kvPair[0] == key) { if (kvPair[1] != value) - kvPairs.splice (i, 1, newPair); + kvPairs.splice(i, 1, newPair); else changed = false; @@ -46,29 +42,26 @@ module.exports = } if (!found) - kvPairs.push (newPair); + kvPairs.push(newPair); if (changed) - document.location.hash = '?'+ kvPairs.join ('&'); + document.location.hash = '?'+ kvPairs.join('&'); } - ,makeUri: function (map) - { + ,makeUri: function(map) { var post = ''; - for (var key in map) - { + for (var key in map) { var value = map[key]; - - if (post.length > 2) - post += '&'; if (value === null || value === undefined) continue; if (typeof value == 'boolean') value = value ? '1' : '0'; + if (post.length > 2) + post += '&'; - post += key +'='+ encodeURIComponent (value); + post += encodeURIComponent(key) +'='+ encodeURIComponent(value); } return post; diff --git a/package.json b/package.json index 6070c2c4..1271fb75 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "hedera-web", - "version": "1.406.32", + "version": "1.406.33", "description": "Verdnatura web page", "license": "GPL-3.0", "repository": { diff --git a/rest/tpv/transaction.php b/rest/tpv/transaction.php index 8033a18e..b152351d 100644 --- a/rest/tpv/transaction.php +++ b/rest/tpv/transaction.php @@ -17,9 +17,11 @@ class Transaction extends Vn\Web\JsonRequest { throw new Exception('Transaction error'); $transactionId = str_pad($row->transactionId, 12, '0', STR_PAD_LEFT); - $urlOk = empty($_REQUEST['urlOk']) ? '' : sprintf($_REQUEST['urlOk'], $transactionId); - $urlKo = empty($_REQUEST['urlKo']) ? '' : sprintf($_REQUEST['urlKo'], $transactionId); $merchantUrl = $row->merchantUrl ? $row->merchantUrl : ''; + $urlOk = empty($_REQUEST['urlOk']) ? '' : + str_replace('_transactionId_', $transactionId, $_REQUEST['urlOk']); + $urlKo = empty($_REQUEST['urlKo']) ? '' : + str_replace('_transactionId_', $transactionId, $_REQUEST['urlKo']); $params = [ 'Ds_Merchant_Amount' => $amount @@ -39,9 +41,16 @@ class Transaction extends Vn\Web\JsonRequest { $bytes = [0, 0, 0, 0, 0, 0, 0, 0]; $iv = implode(array_map('chr', $bytes)); - $key = mcrypt_encrypt(MCRYPT_3DES, $key, $transactionId, MCRYPT_MODE_CBC, $iv); - - $signature = base64_encode(hash_hmac('sha256', $encodedParams, $key, TRUE)); + + $paddedData = $transactionId; + if (strlen($paddedData) % 8) { + $paddedData = str_pad($paddedData, + strlen($paddedData) + 8 - strlen($paddedData) % 8, "\0"); + } + + $encryptedData = openssl_encrypt($paddedData, + 'des-ede3-cbc', $key, OPENSSL_RAW_DATA | OPENSSL_NO_PADDING , $iv); + $signature = base64_encode(hash_hmac('sha256', $encodedParams, $encryptedData, TRUE)); $url = $row->url; $postValues = [