Merge pull request #18 from xendit/TPI-2829/scrub-api-key

return placeholder value on API key fields
xendit · Dec 18, 2020 · a11032d · a11032d
2 parents 89b1364 + e49c9b6
commit a11032d
Show file tree

Hide file tree

Showing 4 changed files with 92 additions and 16 deletions.
diff --git a/opencart1.5.x/upload/admin/controller/payment/xendit.php b/opencart1.5.x/upload/admin/controller/payment/xendit.php
@@ -3,6 +3,7 @@
 class ControllerPaymentXendit extends Controller
 {
     private $error = array();
+    private static $placeholder_sensitive_information = '********';
 
     public function index()
     {
@@ -14,6 +15,16 @@ public function index()
         $this->load->model('localisation/order_status');
 
         if (($this->request->server['REQUEST_METHOD'] == 'POST') && $this->validate()) {
+            foreach ($this->request->post as $key => &$value) {
+                if ($value === self::$placeholder_sensitive_information) {
+                    /**
+                     * if value is placeholder, replace with current config value
+                     * 
+                     * To prevent placeholder value stored as config value
+                    */
+                    $value = $this->config->get($key);
+                }
+            }
             $this->model_setting_setting->editSetting('xendit', $this->request->post);
             $this->session->data['success'] = $this->language->get('text_success');
 
@@ -76,31 +87,39 @@ public function index()
         if (isset($this->request->post['payment_xendit_test_public_key'])) {
             $this->data['xendit_test_public_key'] = $this->request->post['payment_xendit_test_public_key'];
         } elseif ($this->config->has('payment_xendit_test_public_key')) {
-            $this->data['xendit_test_public_key'] = $this->config->get('payment_xendit_test_public_key');
+            $this->data['xendit_test_public_key'] = $this->config->get('payment_xendit_test_public_key') === '' ? 
+                $this->config->get('payment_xendit_test_public_key') :
+                self::$placeholder_sensitive_information;
         } else {
             $this->data['xendit_test_public_key'] = '';
         }
 
         if (isset($this->request->post['payment_xendit_live_public_key'])) {
             $this->data['xendit_live_public_key'] = $this->request->post['payment_xendit_live_public_key'];
         } elseif ($this->config->has('payment_xendit_live_public_key')) {
-            $this->data['xendit_live_public_key'] = $this->config->get('payment_xendit_live_public_key');
+            $this->data['xendit_live_public_key'] = $this->config->get('payment_xendit_live_public_key') === '' ? 
+                $this->config->get('payment_xendit_live_public_key') :
+                self::$placeholder_sensitive_information;
         } else {
             $this->data['xendit_live_public_key'] = '';
         }
 
         if (isset($this->request->post['payment_xendit_test_secret_key'])) {
             $this->data['xendit_test_secret_key'] = $this->request->post['payment_xendit_test_secret_key'];
         } elseif ($this->config->has('payment_xendit_test_secret_key')) {
-            $this->data['xendit_test_secret_key'] = $this->config->get('payment_xendit_test_secret_key');
+            $this->data['xendit_test_secret_key'] = $this->config->get('payment_xendit_test_secret_key') === '' ? 
+                $this->config->get('payment_xendit_test_secret_key') :
+                self::$placeholder_sensitive_information;
         } else {
             $this->data['xendit_test_secret_key'] = '';
         }
 
         if (isset($this->request->post['payment_xendit_live_secret_key'])) {
             $this->data['xendit_live_secret_key'] = $this->request->post['payment_xendit_live_secret_key'];
         } elseif ($this->config->has('payment_xendit_live_secret_key')) {
-            $this->data['xendit_live_secret_key'] = $this->config->get('payment_xendit_live_secret_key');
+            $this->data['xendit_live_secret_key'] = $this->config->get('payment_xendit_live_secret_key') === '' ? 
+                $this->config->get('payment_xendit_live_secret_key') :
+                self::$placeholder_sensitive_information;
         } else {
             $this->data['xendit_live_secret_key'] = '';
         }

diff --git a/opencart2.0.x-2.2.x/upload/admin/controller/payment/xendit.php b/opencart2.0.x-2.2.x/upload/admin/controller/payment/xendit.php
@@ -3,6 +3,7 @@
 class Controllerpaymentxendit extends Controller
 {
     private $error = array();
+    private static $placeholder_sensitive_information = '********';
 
     public function index()
     {
@@ -14,6 +15,16 @@ public function index()
         $this->load->model('localisation/order_status');
 
         if (($this->request->server['REQUEST_METHOD'] == 'POST') && $this->validate()) {
+            foreach ($this->request->post as $key => &$value) {
+                if ($value === self::$placeholder_sensitive_information) {
+                    /**
+                     * if value is placeholder, replace with current config value
+                     * 
+                     * To prevent placeholder value stored as config value
+                    */
+                    $value = $this->config->get($key);
+                }
+            }
             $this->model_setting_setting->editSetting('xendit', $this->request->post);
             $this->session->data['success'] = $this->language->get('text_success');
 
@@ -76,31 +87,39 @@ public function index()
         if (isset($this->request->post['xendit_test_public_key'])) {
             $data['xendit_test_public_key'] = $this->request->post['xendit_test_public_key'];
         } elseif ($this->config->has('xendit_test_public_key')) {
-            $data['xendit_test_public_key'] = $this->config->get('xendit_test_public_key');
+            $data['xendit_test_public_key'] = $this->config->get('xendit_test_public_key') === '' ?
+                $this->config->get('xendit_test_public_key') :
+                self::$placeholder_sensitive_information;
         } else {
             $data['xendit_test_public_key'] = '';
         }
 
         if (isset($this->request->post['xendit_live_public_key'])) {
             $data['xendit_live_public_key'] = $this->request->post['xendit_live_public_key'];
         } elseif ($this->config->has('xendit_live_public_key')) {
-            $data['xendit_live_public_key'] = $this->config->get('xendit_live_public_key');
+            $data['xendit_live_public_key'] = $this->config->get('xendit_live_public_key') === '' ?
+                $this->config->get('xendit_live_public_key') :
+                self::$placeholder_sensitive_information;
         } else {
             $data['xendit_live_public_key'] = '';
         }
 
         if (isset($this->request->post['xendit_test_secret_key'])) {
             $data['xendit_test_secret_key'] = $this->request->post['xendit_test_secret_key'];
         } elseif ($this->config->has('xendit_test_secret_key')) {
-            $data['xendit_test_secret_key'] = $this->config->get('xendit_test_secret_key');
+            $data['xendit_test_secret_key'] = $this->config->get('xendit_test_secret_key') === '' ?
+                $this->config->get('xendit_test_secret_key') :
+                self::$placeholder_sensitive_information;
         } else {
             $data['xendit_test_secret_key'] = '';
         }
 
         if (isset($this->request->post['xendit_live_secret_key'])) {
             $data['xendit_live_secret_key'] = $this->request->post['xendit_live_secret_key'];
         } elseif ($this->config->has('xendit_live_secret_key')) {
-            $data['xendit_live_secret_key'] = $this->config->get('xendit_live_secret_key');
+            $data['xendit_live_secret_key'] = $this->config->get('xendit_live_secret_key') === '' ?
+                $this->config->get('xendit_live_secret_key') :
+                self::$placeholder_sensitive_information;
         } else {
             $data['xendit_live_secret_key'] = '';
         }

diff --git a/opencart2.3.x/upload/admin/controller/extension/payment/xendit.php b/opencart2.3.x/upload/admin/controller/extension/payment/xendit.php
@@ -3,6 +3,7 @@
 class ControllerExtensionPaymentXendit extends Controller
 {
     private $error = array();
+    private static $placeholder_sensitive_information = '********';
 
     public function index()
     {
@@ -14,6 +15,16 @@ public function index()
         $this->load->model('localisation/order_status');
 
         if (($this->request->server['REQUEST_METHOD'] == 'POST') && $this->validate()) {
+            foreach ($this->request->post as $key => &$value) {
+                if ($value === self::$placeholder_sensitive_information) {
+                    /**
+                     * if value is placeholder, replace with current config value
+                     * 
+                     * To prevent placeholder value stored as config value
+                    */
+                    $value = $this->config->get($key);
+                }
+            }
             $this->model_setting_setting->editSetting('xendit', $this->request->post);
             $this->session->data['success'] = $this->language->get('text_success');
 
@@ -75,31 +86,39 @@ public function index()
         if (isset($this->request->post['xendit_test_public_key'])) {
             $data['xendit_test_public_key'] = $this->request->post['xendit_test_public_key'];
         } elseif ($this->config->has('xendit_test_public_key')) {
-            $data['xendit_test_public_key'] = $this->config->get('xendit_test_public_key');
+            $data['xendit_test_public_key'] = $this->config->get('xendit_test_public_key') === '' ?
+                $this->config->get('xendit_test_public_key') :
+                self::$placeholder_sensitive_information;
         } else {
             $data['xendit_test_public_key'] = '';
         }
 
         if (isset($this->request->post['xendit_live_public_key'])) {
             $data['xendit_live_public_key'] = $this->request->post['xendit_live_public_key'];
         } elseif ($this->config->has('xendit_live_public_key')) {
-            $data['xendit_live_public_key'] = $this->config->get('xendit_live_public_key');
+            $data['xendit_live_public_key'] = $this->config->get('xendit_live_public_key') === '' ?
+                $this->config->get('xendit_live_public_key') :
+                self::$placeholder_sensitive_information;
         } else {
             $data['xendit_live_public_key'] = '';
         }
 
         if (isset($this->request->post['xendit_test_secret_key'])) {
             $data['xendit_test_secret_key'] = $this->request->post['xendit_test_secret_key'];
         } elseif ($this->config->has('xendit_test_secret_key')) {
-            $data['xendit_test_secret_key'] = $this->config->get('xendit_test_secret_key');
+            $data['xendit_test_secret_key'] = $this->config->get('xendit_test_secret_key') === '' ?
+                $this->config->get('xendit_test_secret_key') :
+                self::$placeholder_sensitive_information;
         } else {
             $data['xendit_test_secret_key'] = '';
         }
 
         if (isset($this->request->post['xendit_live_secret_key'])) {
             $data['xendit_live_secret_key'] = $this->request->post['xendit_live_secret_key'];
         } elseif ($this->config->has('xendit_live_secret_key')) {
-            $data['xendit_live_secret_key'] = $this->config->get('xendit_live_secret_key');
+            $data['xendit_live_secret_key'] = $this->config->get('xendit_live_secret_key') === '' ?
+                $this->config->get('xendit_live_secret_key') :
+                self::$placeholder_sensitive_information;
         } else {
             $data['xendit_live_secret_key'] = '';
         }

diff --git a/opencart3.0.x/upload/admin/controller/extension/payment/xendit.php b/opencart3.0.x/upload/admin/controller/extension/payment/xendit.php
@@ -3,6 +3,7 @@
 class ControllerExtensionPaymentXendit extends Controller
 {
     private $error = array();
+    private static $placeholder_sensitive_information = '********';
 
     public function index()
     {
@@ -14,6 +15,16 @@ public function index()
         $this->load->model('localisation/order_status');
 
         if (($this->request->server['REQUEST_METHOD'] == 'POST') && $this->validate()) {
+            foreach ($this->request->post as $key => &$value) {
+                if ($value === self::$placeholder_sensitive_information) {
+                    /**
+                     * if value is placeholder, replace with current config value
+                     * 
+                     * To prevent placeholder value stored as config value
+                    */
+                    $value = $this->config->get($key);
+                }
+            }
             $this->model_setting_setting->editSetting('payment_xendit', $this->request->post);
             $this->session->data['success'] = $this->language->get('text_success');
 
@@ -72,31 +83,39 @@ public function index()
         if (isset($this->request->post['payment_xendit_test_public_key'])) {
             $data['xendit_test_public_key'] = $this->request->post['payment_xendit_test_public_key'];
         } elseif ($this->config->has('payment_xendit_test_public_key')) {
-            $data['xendit_test_public_key'] = $this->config->get('payment_xendit_test_public_key');
+            $data['xendit_test_public_key'] = $this->config->get('payment_xendit_test_public_key') === '' ?
+                $this->config->get('payment_xendit_test_public_key') :
+                self::$placeholder_sensitive_information;
         } else {
             $data['xendit_test_public_key'] = '';
         }
 
         if (isset($this->request->post['payment_xendit_live_public_key'])) {
             $data['xendit_live_public_key'] = $this->request->post['payment_xendit_live_public_key'];
         } elseif ($this->config->has('payment_xendit_live_public_key')) {
-            $data['xendit_live_public_key'] = $this->config->get('payment_xendit_live_public_key');
+            $data['xendit_live_public_key'] = $this->config->get('payment_xendit_live_public_key') === '' ?
+                $this->config->get('payment_xendit_live_public_key') :
+                self::$placeholder_sensitive_information;
         } else {
             $data['xendit_live_public_key'] = '';
         }
 
         if (isset($this->request->post['payment_xendit_test_secret_key'])) {
             $data['xendit_test_secret_key'] = $this->request->post['payment_xendit_test_secret_key'];
         } elseif ($this->config->has('payment_xendit_test_secret_key')) {
-            $data['xendit_test_secret_key'] = $this->config->get('payment_xendit_test_secret_key');
+            $data['xendit_test_secret_key'] = $this->config->get('payment_xendit_test_secret_key') === '' ?
+                $this->config->get('payment_xendit_test_secret_key') :
+                self::$placeholder_sensitive_information;
         } else {
             $data['xendit_test_secret_key'] = '';
         }
 
         if (isset($this->request->post['payment_xendit_live_secret_key'])) {
             $data['xendit_live_secret_key'] = $this->request->post['payment_xendit_live_secret_key'];
         } elseif ($this->config->has('payment_xendit_live_secret_key')) {
-            $data['xendit_live_secret_key'] = $this->config->get('payment_xendit_live_secret_key');
+            $data['xendit_live_secret_key'] = $this->config->get('payment_xendit_live_secret_key') === '' ?
+                $this->config->get('payment_xendit_live_secret_key') :
+                self::$placeholder_sensitive_information;
         } else {
             $data['xendit_live_secret_key'] = '';
         }