Merge pull request #5 from cardinity/security_patch

Security patch

modules/gateways/callback/cardinity.php

@@ -133,6 +133,32 @@
             0, // Payment Fee
             $gatewayModuleName
         );
+    }elseif($status == 'pending'){
+        //3dsv2 failed with pending, retry v1
+
+         //3D secure authorization pending
+         $url = $result->getAuthorizationInformation()->getUrl();
+         $pareq = $result->getAuthorizationInformation()->getData();
+         $termurl = $gatewayParams['systemurl'] . 'modules/gateways/callback/cardinity.php';
+         $md = $invoiceId. ',' . $result->getId();
+
+         $htmlOutput = "<div style='text-align: center; width:300px; position: fixed; top: 30%; left: 50%; margin-top: -50px; margin-left: -150px;'>";
+         $htmlOutput .= '<h2>You will be redirected for 3ds verification shortly. </h2>';
+         $htmlOutput .= '<p>If browser does not redirect after 5 seconds, press Submit</p>';
+         $htmlOutput .= '<form id="3dsecureform" method="post" action="' . $url . '">';
+         $htmlOutput .= '<input type="hidden" name="PaReq" value="' . $pareq . '" />';
+         $htmlOutput .= '<input type="hidden" name="TermUrl" value="' . $termurl . '"/>';
+         $htmlOutput .= '<input type="hidden" name="MD" value="' . $md . '"/>';
+         $htmlOutput .= '<input type="submit" value="Submit" />';
+         $htmlOutput .= '</form>';
+         $htmlOutput .= '<script type="text/javascript">setTimeout(function() { document.getElementById("3dsecureform").submit(); }, 5000);</script>';
+         $htmlOutput .= '</div>';
+
+         echo $htmlOutput;
+         //we dont want to do anything else. just show html form and redirect
+         exit();
+
+
     }
 } catch (Exception\Request $exception) {
     $transactionInformation = array(

modules/gateways/callback/cardinitybrowserinfo.php

@@ -1,10 +1,24 @@
 <?php
 
+$name = 'cardinity_browser_info';
+//$value = base64_encode(serialize($_POST['browser_info']));
+
+
+//stringify the parameters
+$browser_info_string = implode("",$_POST['browser_info']);
+$signature = hash_hmac('sha256', $browser_info_string, $_SERVER['HTTP_USER_AGENT']);
+
+//add signature to array
+$securedCookieArray = $_POST['browser_info'];
+$securedCookieArray['signature'] = $signature;
+
+//convert to json
+$securedCookieJson = base64_encode(json_encode($securedCookieArray));
+
+
+$value = $securedCookieJson;
 
-//$_SESSION['cardinity_browser_info'] = $_POST['browser_info']['screen_width'];
 
-$name = 'cardinity_browser_info';
-$value = base64_encode(serialize($_POST['browser_info']));
 $expire = time() + 60 * 5;
 $path = ini_get('session.cookie_path');
 if ($path == null) {
@@ -16,6 +30,7 @@
 }
 $httponly = true;
 $secure = false;
+$samesite = 'None';
 
 
 if (PHP_VERSION_ID < 70300) {

modules/gateways/cardinity.php

@@ -180,9 +180,23 @@ function processInternalPayment($params){
         ];
 
 
-
-        $browserInfoCookie = unserialize(base64_decode($_COOKIE['cardinity_browser_info']));
-
+        //decode from json
+        $securedCookieArray = json_decode(base64_decode($_COOKIE['cardinity_browser_info']), true);
+
+        //pluck signature
+        $signatureGot = $securedCookieArray['signature'];
+        unset($securedCookieArray['signature']);
+
+        //generate new signature
+        $browser_info_string = implode("",$securedCookieArray);
+        $signature = hash_hmac('sha256', $browser_info_string, $_SERVER['HTTP_USER_AGENT']);
+
+        if($signature == $signatureGot){
+            //signature matched
+            $browserInfoCookie = $securedCookieArray;
+        }else{
+            $browserInfoCookie = array();
+        }
 
         /*
         * The actual credit card info form is handled by whmcs and is encoded