diff --git a/opencart1.5.x/upload/admin/controller/payment/xendit.php b/opencart1.5.x/upload/admin/controller/payment/xendit.php index e0514b5..e55dac2 100644 --- a/opencart1.5.x/upload/admin/controller/payment/xendit.php +++ b/opencart1.5.x/upload/admin/controller/payment/xendit.php @@ -3,6 +3,7 @@ class ControllerPaymentXendit extends Controller { private $error = array(); + private static $placeholder_sensitive_information = '********'; public function index() { @@ -14,6 +15,16 @@ public function index() $this->load->model('localisation/order_status'); if (($this->request->server['REQUEST_METHOD'] == 'POST') && $this->validate()) { + foreach ($this->request->post as $key => &$value) { + if ($value === self::$placeholder_sensitive_information) { + /** + * if value is placeholder, replace with current config value + * + * To prevent placeholder value stored as config value + */ + $value = $this->config->get($key); + } + } $this->model_setting_setting->editSetting('xendit', $this->request->post); $this->session->data['success'] = $this->language->get('text_success'); @@ -76,7 +87,9 @@ public function index() if (isset($this->request->post['payment_xendit_test_public_key'])) { $this->data['xendit_test_public_key'] = $this->request->post['payment_xendit_test_public_key']; } elseif ($this->config->has('payment_xendit_test_public_key')) { - $this->data['xendit_test_public_key'] = $this->config->get('payment_xendit_test_public_key'); + $this->data['xendit_test_public_key'] = $this->config->get('payment_xendit_test_public_key') === '' ? + $this->config->get('payment_xendit_test_public_key') : + self::$placeholder_sensitive_information; } else { $this->data['xendit_test_public_key'] = ''; } @@ -84,7 +97,9 @@ public function index() if (isset($this->request->post['payment_xendit_live_public_key'])) { $this->data['xendit_live_public_key'] = $this->request->post['payment_xendit_live_public_key']; } elseif ($this->config->has('payment_xendit_live_public_key')) { - $this->data['xendit_live_public_key'] = $this->config->get('payment_xendit_live_public_key'); + $this->data['xendit_live_public_key'] = $this->config->get('payment_xendit_live_public_key') === '' ? + $this->config->get('payment_xendit_live_public_key') : + self::$placeholder_sensitive_information; } else { $this->data['xendit_live_public_key'] = ''; } @@ -92,7 +107,9 @@ public function index() if (isset($this->request->post['payment_xendit_test_secret_key'])) { $this->data['xendit_test_secret_key'] = $this->request->post['payment_xendit_test_secret_key']; } elseif ($this->config->has('payment_xendit_test_secret_key')) { - $this->data['xendit_test_secret_key'] = $this->config->get('payment_xendit_test_secret_key'); + $this->data['xendit_test_secret_key'] = $this->config->get('payment_xendit_test_secret_key') === '' ? + $this->config->get('payment_xendit_test_secret_key') : + self::$placeholder_sensitive_information; } else { $this->data['xendit_test_secret_key'] = ''; } @@ -100,7 +117,9 @@ public function index() if (isset($this->request->post['payment_xendit_live_secret_key'])) { $this->data['xendit_live_secret_key'] = $this->request->post['payment_xendit_live_secret_key']; } elseif ($this->config->has('payment_xendit_live_secret_key')) { - $this->data['xendit_live_secret_key'] = $this->config->get('payment_xendit_live_secret_key'); + $this->data['xendit_live_secret_key'] = $this->config->get('payment_xendit_live_secret_key') === '' ? + $this->config->get('payment_xendit_live_secret_key') : + self::$placeholder_sensitive_information; } else { $this->data['xendit_live_secret_key'] = ''; } diff --git a/opencart2.0.x-2.2.x/upload/admin/controller/payment/xendit.php b/opencart2.0.x-2.2.x/upload/admin/controller/payment/xendit.php index 6a59cc1..24fb190 100644 --- a/opencart2.0.x-2.2.x/upload/admin/controller/payment/xendit.php +++ b/opencart2.0.x-2.2.x/upload/admin/controller/payment/xendit.php @@ -3,6 +3,7 @@ class Controllerpaymentxendit extends Controller { private $error = array(); + private static $placeholder_sensitive_information = '********'; public function index() { @@ -14,6 +15,16 @@ public function index() $this->load->model('localisation/order_status'); if (($this->request->server['REQUEST_METHOD'] == 'POST') && $this->validate()) { + foreach ($this->request->post as $key => &$value) { + if ($value === self::$placeholder_sensitive_information) { + /** + * if value is placeholder, replace with current config value + * + * To prevent placeholder value stored as config value + */ + $value = $this->config->get($key); + } + } $this->model_setting_setting->editSetting('xendit', $this->request->post); $this->session->data['success'] = $this->language->get('text_success'); @@ -76,7 +87,9 @@ public function index() if (isset($this->request->post['xendit_test_public_key'])) { $data['xendit_test_public_key'] = $this->request->post['xendit_test_public_key']; } elseif ($this->config->has('xendit_test_public_key')) { - $data['xendit_test_public_key'] = $this->config->get('xendit_test_public_key'); + $data['xendit_test_public_key'] = $this->config->get('xendit_test_public_key') === '' ? + $this->config->get('xendit_test_public_key') : + self::$placeholder_sensitive_information; } else { $data['xendit_test_public_key'] = ''; } @@ -84,7 +97,9 @@ public function index() if (isset($this->request->post['xendit_live_public_key'])) { $data['xendit_live_public_key'] = $this->request->post['xendit_live_public_key']; } elseif ($this->config->has('xendit_live_public_key')) { - $data['xendit_live_public_key'] = $this->config->get('xendit_live_public_key'); + $data['xendit_live_public_key'] = $this->config->get('xendit_live_public_key') === '' ? + $this->config->get('xendit_live_public_key') : + self::$placeholder_sensitive_information; } else { $data['xendit_live_public_key'] = ''; } @@ -92,7 +107,9 @@ public function index() if (isset($this->request->post['xendit_test_secret_key'])) { $data['xendit_test_secret_key'] = $this->request->post['xendit_test_secret_key']; } elseif ($this->config->has('xendit_test_secret_key')) { - $data['xendit_test_secret_key'] = $this->config->get('xendit_test_secret_key'); + $data['xendit_test_secret_key'] = $this->config->get('xendit_test_secret_key') === '' ? + $this->config->get('xendit_test_secret_key') : + self::$placeholder_sensitive_information; } else { $data['xendit_test_secret_key'] = ''; } @@ -100,7 +117,9 @@ public function index() if (isset($this->request->post['xendit_live_secret_key'])) { $data['xendit_live_secret_key'] = $this->request->post['xendit_live_secret_key']; } elseif ($this->config->has('xendit_live_secret_key')) { - $data['xendit_live_secret_key'] = $this->config->get('xendit_live_secret_key'); + $data['xendit_live_secret_key'] = $this->config->get('xendit_live_secret_key') === '' ? + $this->config->get('xendit_live_secret_key') : + self::$placeholder_sensitive_information; } else { $data['xendit_live_secret_key'] = ''; } diff --git a/opencart2.3.x/upload/admin/controller/extension/payment/xendit.php b/opencart2.3.x/upload/admin/controller/extension/payment/xendit.php index 6111d6a..0985254 100644 --- a/opencart2.3.x/upload/admin/controller/extension/payment/xendit.php +++ b/opencart2.3.x/upload/admin/controller/extension/payment/xendit.php @@ -3,6 +3,7 @@ class ControllerExtensionPaymentXendit extends Controller { private $error = array(); + private static $placeholder_sensitive_information = '********'; public function index() { @@ -14,6 +15,16 @@ public function index() $this->load->model('localisation/order_status'); if (($this->request->server['REQUEST_METHOD'] == 'POST') && $this->validate()) { + foreach ($this->request->post as $key => &$value) { + if ($value === self::$placeholder_sensitive_information) { + /** + * if value is placeholder, replace with current config value + * + * To prevent placeholder value stored as config value + */ + $value = $this->config->get($key); + } + } $this->model_setting_setting->editSetting('xendit', $this->request->post); $this->session->data['success'] = $this->language->get('text_success'); @@ -75,7 +86,9 @@ public function index() if (isset($this->request->post['xendit_test_public_key'])) { $data['xendit_test_public_key'] = $this->request->post['xendit_test_public_key']; } elseif ($this->config->has('xendit_test_public_key')) { - $data['xendit_test_public_key'] = $this->config->get('xendit_test_public_key'); + $data['xendit_test_public_key'] = $this->config->get('xendit_test_public_key') === '' ? + $this->config->get('xendit_test_public_key') : + self::$placeholder_sensitive_information; } else { $data['xendit_test_public_key'] = ''; } @@ -83,7 +96,9 @@ public function index() if (isset($this->request->post['xendit_live_public_key'])) { $data['xendit_live_public_key'] = $this->request->post['xendit_live_public_key']; } elseif ($this->config->has('xendit_live_public_key')) { - $data['xendit_live_public_key'] = $this->config->get('xendit_live_public_key'); + $data['xendit_live_public_key'] = $this->config->get('xendit_live_public_key') === '' ? + $this->config->get('xendit_live_public_key') : + self::$placeholder_sensitive_information; } else { $data['xendit_live_public_key'] = ''; } @@ -91,7 +106,9 @@ public function index() if (isset($this->request->post['xendit_test_secret_key'])) { $data['xendit_test_secret_key'] = $this->request->post['xendit_test_secret_key']; } elseif ($this->config->has('xendit_test_secret_key')) { - $data['xendit_test_secret_key'] = $this->config->get('xendit_test_secret_key'); + $data['xendit_test_secret_key'] = $this->config->get('xendit_test_secret_key') === '' ? + $this->config->get('xendit_test_secret_key') : + self::$placeholder_sensitive_information; } else { $data['xendit_test_secret_key'] = ''; } @@ -99,7 +116,9 @@ public function index() if (isset($this->request->post['xendit_live_secret_key'])) { $data['xendit_live_secret_key'] = $this->request->post['xendit_live_secret_key']; } elseif ($this->config->has('xendit_live_secret_key')) { - $data['xendit_live_secret_key'] = $this->config->get('xendit_live_secret_key'); + $data['xendit_live_secret_key'] = $this->config->get('xendit_live_secret_key') === '' ? + $this->config->get('xendit_live_secret_key') : + self::$placeholder_sensitive_information; } else { $data['xendit_live_secret_key'] = ''; } diff --git a/opencart3.0.x/upload/admin/controller/extension/payment/xendit.php b/opencart3.0.x/upload/admin/controller/extension/payment/xendit.php index e7558c9..8ce5313 100644 --- a/opencart3.0.x/upload/admin/controller/extension/payment/xendit.php +++ b/opencart3.0.x/upload/admin/controller/extension/payment/xendit.php @@ -3,6 +3,7 @@ class ControllerExtensionPaymentXendit extends Controller { private $error = array(); + private static $placeholder_sensitive_information = '********'; public function index() { @@ -14,6 +15,16 @@ public function index() $this->load->model('localisation/order_status'); if (($this->request->server['REQUEST_METHOD'] == 'POST') && $this->validate()) { + foreach ($this->request->post as $key => &$value) { + if ($value === self::$placeholder_sensitive_information) { + /** + * if value is placeholder, replace with current config value + * + * To prevent placeholder value stored as config value + */ + $value = $this->config->get($key); + } + } $this->model_setting_setting->editSetting('payment_xendit', $this->request->post); $this->session->data['success'] = $this->language->get('text_success'); @@ -72,7 +83,9 @@ public function index() if (isset($this->request->post['payment_xendit_test_public_key'])) { $data['xendit_test_public_key'] = $this->request->post['payment_xendit_test_public_key']; } elseif ($this->config->has('payment_xendit_test_public_key')) { - $data['xendit_test_public_key'] = $this->config->get('payment_xendit_test_public_key'); + $data['xendit_test_public_key'] = $this->config->get('payment_xendit_test_public_key') === '' ? + $this->config->get('payment_xendit_test_public_key') : + self::$placeholder_sensitive_information; } else { $data['xendit_test_public_key'] = ''; } @@ -80,7 +93,9 @@ public function index() if (isset($this->request->post['payment_xendit_live_public_key'])) { $data['xendit_live_public_key'] = $this->request->post['payment_xendit_live_public_key']; } elseif ($this->config->has('payment_xendit_live_public_key')) { - $data['xendit_live_public_key'] = $this->config->get('payment_xendit_live_public_key'); + $data['xendit_live_public_key'] = $this->config->get('payment_xendit_live_public_key') === '' ? + $this->config->get('payment_xendit_live_public_key') : + self::$placeholder_sensitive_information; } else { $data['xendit_live_public_key'] = ''; } @@ -88,7 +103,9 @@ public function index() if (isset($this->request->post['payment_xendit_test_secret_key'])) { $data['xendit_test_secret_key'] = $this->request->post['payment_xendit_test_secret_key']; } elseif ($this->config->has('payment_xendit_test_secret_key')) { - $data['xendit_test_secret_key'] = $this->config->get('payment_xendit_test_secret_key'); + $data['xendit_test_secret_key'] = $this->config->get('payment_xendit_test_secret_key') === '' ? + $this->config->get('payment_xendit_test_secret_key') : + self::$placeholder_sensitive_information; } else { $data['xendit_test_secret_key'] = ''; } @@ -96,7 +113,9 @@ public function index() if (isset($this->request->post['payment_xendit_live_secret_key'])) { $data['xendit_live_secret_key'] = $this->request->post['payment_xendit_live_secret_key']; } elseif ($this->config->has('payment_xendit_live_secret_key')) { - $data['xendit_live_secret_key'] = $this->config->get('payment_xendit_live_secret_key'); + $data['xendit_live_secret_key'] = $this->config->get('payment_xendit_live_secret_key') === '' ? + $this->config->get('payment_xendit_live_secret_key') : + self::$placeholder_sensitive_information; } else { $data['xendit_live_secret_key'] = ''; }