From 7dd3783cf1a3c7ed79341a578fa26ff72993cfe3 Mon Sep 17 00:00:00 2001 From: Aulia Hakiem Date: Thu, 17 Dec 2020 12:24:26 +0700 Subject: [PATCH 1/2] not returning real api key in FE for OC 3 --- .../controller/extension/payment/xendit.php | 35 ++++++++++++++++--- 1 file changed, 31 insertions(+), 4 deletions(-) diff --git a/opencart3.0.x/upload/admin/controller/extension/payment/xendit.php b/opencart3.0.x/upload/admin/controller/extension/payment/xendit.php index e7558c9..fd6755f 100644 --- a/opencart3.0.x/upload/admin/controller/extension/payment/xendit.php +++ b/opencart3.0.x/upload/admin/controller/extension/payment/xendit.php @@ -3,6 +3,7 @@ class ControllerExtensionPaymentXendit extends Controller { private $error = array(); + private static $placeholder_sensitive_information = '********'; public function index() { @@ -14,6 +15,16 @@ public function index() $this->load->model('localisation/order_status'); if (($this->request->server['REQUEST_METHOD'] == 'POST') && $this->validate()) { + foreach ($this->request->post as $key => &$value) { + if ($value === self::$placeholder_sensitive_information) { + /** + * if value is placeholder, replace with current config value + * + * To prevent placeholder value stored as config value + */ + $value = $this->config->get($key); + } + } $this->model_setting_setting->editSetting('payment_xendit', $this->request->post); $this->session->data['success'] = $this->language->get('text_success'); @@ -72,7 +83,11 @@ public function index() if (isset($this->request->post['payment_xendit_test_public_key'])) { $data['xendit_test_public_key'] = $this->request->post['payment_xendit_test_public_key']; } elseif ($this->config->has('payment_xendit_test_public_key')) { - $data['xendit_test_public_key'] = $this->config->get('payment_xendit_test_public_key'); + if ($this->config->get('payment_xendit_test_public_key') === '') { + $data['xendit_test_public_key'] = $this->config->get('payment_xendit_test_public_key'); + } else { + $data['xendit_test_public_key'] = self::$placeholder_sensitive_information; + } } else { $data['xendit_test_public_key'] = ''; } @@ -80,7 +95,11 @@ public function index() if (isset($this->request->post['payment_xendit_live_public_key'])) { $data['xendit_live_public_key'] = $this->request->post['payment_xendit_live_public_key']; } elseif ($this->config->has('payment_xendit_live_public_key')) { - $data['xendit_live_public_key'] = $this->config->get('payment_xendit_live_public_key'); + if ($this->config->get('payment_xendit_live_public_key') === '') { + $data['xendit_live_public_key'] = $this->config->get('payment_xendit_live_public_key'); + } else { + $data['xendit_live_public_key'] = self::$placeholder_sensitive_information; + } } else { $data['xendit_live_public_key'] = ''; } @@ -88,7 +107,11 @@ public function index() if (isset($this->request->post['payment_xendit_test_secret_key'])) { $data['xendit_test_secret_key'] = $this->request->post['payment_xendit_test_secret_key']; } elseif ($this->config->has('payment_xendit_test_secret_key')) { - $data['xendit_test_secret_key'] = $this->config->get('payment_xendit_test_secret_key'); + if ($this->config->get('payment_xendit_test_secret_key') === '') { + $data['xendit_test_secret_key'] = $this->config->get('payment_xendit_test_secret_key'); + } else { + $data['xendit_test_secret_key'] = self::$placeholder_sensitive_information; + } } else { $data['xendit_test_secret_key'] = ''; } @@ -96,7 +119,11 @@ public function index() if (isset($this->request->post['payment_xendit_live_secret_key'])) { $data['xendit_live_secret_key'] = $this->request->post['payment_xendit_live_secret_key']; } elseif ($this->config->has('payment_xendit_live_secret_key')) { - $data['xendit_live_secret_key'] = $this->config->get('payment_xendit_live_secret_key'); + if ($this->config->get('payment_xendit_live_secret_key') === '') { + $data['xendit_live_secret_key'] = $this->config->get('payment_xendit_live_secret_key'); + } else { + $data['xendit_live_secret_key'] = self::$placeholder_sensitive_information; + } } else { $data['xendit_live_secret_key'] = ''; } From e49c9b6774b6db0e1da2b1f6c75198ff55ba3c41 Mon Sep 17 00:00:00 2001 From: Aulia Hakiem Date: Thu, 17 Dec 2020 13:36:58 +0700 Subject: [PATCH 2/2] enable on other version --- .../admin/controller/payment/xendit.php | 27 +++++++++++++--- .../admin/controller/payment/xendit.php | 27 +++++++++++++--- .../controller/extension/payment/xendit.php | 27 +++++++++++++--- .../controller/extension/payment/xendit.php | 32 +++++++------------ 4 files changed, 81 insertions(+), 32 deletions(-) diff --git a/opencart1.5.x/upload/admin/controller/payment/xendit.php b/opencart1.5.x/upload/admin/controller/payment/xendit.php index e0514b5..e55dac2 100644 --- a/opencart1.5.x/upload/admin/controller/payment/xendit.php +++ b/opencart1.5.x/upload/admin/controller/payment/xendit.php @@ -3,6 +3,7 @@ class ControllerPaymentXendit extends Controller { private $error = array(); + private static $placeholder_sensitive_information = '********'; public function index() { @@ -14,6 +15,16 @@ public function index() $this->load->model('localisation/order_status'); if (($this->request->server['REQUEST_METHOD'] == 'POST') && $this->validate()) { + foreach ($this->request->post as $key => &$value) { + if ($value === self::$placeholder_sensitive_information) { + /** + * if value is placeholder, replace with current config value + * + * To prevent placeholder value stored as config value + */ + $value = $this->config->get($key); + } + } $this->model_setting_setting->editSetting('xendit', $this->request->post); $this->session->data['success'] = $this->language->get('text_success'); @@ -76,7 +87,9 @@ public function index() if (isset($this->request->post['payment_xendit_test_public_key'])) { $this->data['xendit_test_public_key'] = $this->request->post['payment_xendit_test_public_key']; } elseif ($this->config->has('payment_xendit_test_public_key')) { - $this->data['xendit_test_public_key'] = $this->config->get('payment_xendit_test_public_key'); + $this->data['xendit_test_public_key'] = $this->config->get('payment_xendit_test_public_key') === '' ? + $this->config->get('payment_xendit_test_public_key') : + self::$placeholder_sensitive_information; } else { $this->data['xendit_test_public_key'] = ''; } @@ -84,7 +97,9 @@ public function index() if (isset($this->request->post['payment_xendit_live_public_key'])) { $this->data['xendit_live_public_key'] = $this->request->post['payment_xendit_live_public_key']; } elseif ($this->config->has('payment_xendit_live_public_key')) { - $this->data['xendit_live_public_key'] = $this->config->get('payment_xendit_live_public_key'); + $this->data['xendit_live_public_key'] = $this->config->get('payment_xendit_live_public_key') === '' ? + $this->config->get('payment_xendit_live_public_key') : + self::$placeholder_sensitive_information; } else { $this->data['xendit_live_public_key'] = ''; } @@ -92,7 +107,9 @@ public function index() if (isset($this->request->post['payment_xendit_test_secret_key'])) { $this->data['xendit_test_secret_key'] = $this->request->post['payment_xendit_test_secret_key']; } elseif ($this->config->has('payment_xendit_test_secret_key')) { - $this->data['xendit_test_secret_key'] = $this->config->get('payment_xendit_test_secret_key'); + $this->data['xendit_test_secret_key'] = $this->config->get('payment_xendit_test_secret_key') === '' ? + $this->config->get('payment_xendit_test_secret_key') : + self::$placeholder_sensitive_information; } else { $this->data['xendit_test_secret_key'] = ''; } @@ -100,7 +117,9 @@ public function index() if (isset($this->request->post['payment_xendit_live_secret_key'])) { $this->data['xendit_live_secret_key'] = $this->request->post['payment_xendit_live_secret_key']; } elseif ($this->config->has('payment_xendit_live_secret_key')) { - $this->data['xendit_live_secret_key'] = $this->config->get('payment_xendit_live_secret_key'); + $this->data['xendit_live_secret_key'] = $this->config->get('payment_xendit_live_secret_key') === '' ? + $this->config->get('payment_xendit_live_secret_key') : + self::$placeholder_sensitive_information; } else { $this->data['xendit_live_secret_key'] = ''; } diff --git a/opencart2.0.x-2.2.x/upload/admin/controller/payment/xendit.php b/opencart2.0.x-2.2.x/upload/admin/controller/payment/xendit.php index 6a59cc1..24fb190 100644 --- a/opencart2.0.x-2.2.x/upload/admin/controller/payment/xendit.php +++ b/opencart2.0.x-2.2.x/upload/admin/controller/payment/xendit.php @@ -3,6 +3,7 @@ class Controllerpaymentxendit extends Controller { private $error = array(); + private static $placeholder_sensitive_information = '********'; public function index() { @@ -14,6 +15,16 @@ public function index() $this->load->model('localisation/order_status'); if (($this->request->server['REQUEST_METHOD'] == 'POST') && $this->validate()) { + foreach ($this->request->post as $key => &$value) { + if ($value === self::$placeholder_sensitive_information) { + /** + * if value is placeholder, replace with current config value + * + * To prevent placeholder value stored as config value + */ + $value = $this->config->get($key); + } + } $this->model_setting_setting->editSetting('xendit', $this->request->post); $this->session->data['success'] = $this->language->get('text_success'); @@ -76,7 +87,9 @@ public function index() if (isset($this->request->post['xendit_test_public_key'])) { $data['xendit_test_public_key'] = $this->request->post['xendit_test_public_key']; } elseif ($this->config->has('xendit_test_public_key')) { - $data['xendit_test_public_key'] = $this->config->get('xendit_test_public_key'); + $data['xendit_test_public_key'] = $this->config->get('xendit_test_public_key') === '' ? + $this->config->get('xendit_test_public_key') : + self::$placeholder_sensitive_information; } else { $data['xendit_test_public_key'] = ''; } @@ -84,7 +97,9 @@ public function index() if (isset($this->request->post['xendit_live_public_key'])) { $data['xendit_live_public_key'] = $this->request->post['xendit_live_public_key']; } elseif ($this->config->has('xendit_live_public_key')) { - $data['xendit_live_public_key'] = $this->config->get('xendit_live_public_key'); + $data['xendit_live_public_key'] = $this->config->get('xendit_live_public_key') === '' ? + $this->config->get('xendit_live_public_key') : + self::$placeholder_sensitive_information; } else { $data['xendit_live_public_key'] = ''; } @@ -92,7 +107,9 @@ public function index() if (isset($this->request->post['xendit_test_secret_key'])) { $data['xendit_test_secret_key'] = $this->request->post['xendit_test_secret_key']; } elseif ($this->config->has('xendit_test_secret_key')) { - $data['xendit_test_secret_key'] = $this->config->get('xendit_test_secret_key'); + $data['xendit_test_secret_key'] = $this->config->get('xendit_test_secret_key') === '' ? + $this->config->get('xendit_test_secret_key') : + self::$placeholder_sensitive_information; } else { $data['xendit_test_secret_key'] = ''; } @@ -100,7 +117,9 @@ public function index() if (isset($this->request->post['xendit_live_secret_key'])) { $data['xendit_live_secret_key'] = $this->request->post['xendit_live_secret_key']; } elseif ($this->config->has('xendit_live_secret_key')) { - $data['xendit_live_secret_key'] = $this->config->get('xendit_live_secret_key'); + $data['xendit_live_secret_key'] = $this->config->get('xendit_live_secret_key') === '' ? + $this->config->get('xendit_live_secret_key') : + self::$placeholder_sensitive_information; } else { $data['xendit_live_secret_key'] = ''; } diff --git a/opencart2.3.x/upload/admin/controller/extension/payment/xendit.php b/opencart2.3.x/upload/admin/controller/extension/payment/xendit.php index 6111d6a..0985254 100644 --- a/opencart2.3.x/upload/admin/controller/extension/payment/xendit.php +++ b/opencart2.3.x/upload/admin/controller/extension/payment/xendit.php @@ -3,6 +3,7 @@ class ControllerExtensionPaymentXendit extends Controller { private $error = array(); + private static $placeholder_sensitive_information = '********'; public function index() { @@ -14,6 +15,16 @@ public function index() $this->load->model('localisation/order_status'); if (($this->request->server['REQUEST_METHOD'] == 'POST') && $this->validate()) { + foreach ($this->request->post as $key => &$value) { + if ($value === self::$placeholder_sensitive_information) { + /** + * if value is placeholder, replace with current config value + * + * To prevent placeholder value stored as config value + */ + $value = $this->config->get($key); + } + } $this->model_setting_setting->editSetting('xendit', $this->request->post); $this->session->data['success'] = $this->language->get('text_success'); @@ -75,7 +86,9 @@ public function index() if (isset($this->request->post['xendit_test_public_key'])) { $data['xendit_test_public_key'] = $this->request->post['xendit_test_public_key']; } elseif ($this->config->has('xendit_test_public_key')) { - $data['xendit_test_public_key'] = $this->config->get('xendit_test_public_key'); + $data['xendit_test_public_key'] = $this->config->get('xendit_test_public_key') === '' ? + $this->config->get('xendit_test_public_key') : + self::$placeholder_sensitive_information; } else { $data['xendit_test_public_key'] = ''; } @@ -83,7 +96,9 @@ public function index() if (isset($this->request->post['xendit_live_public_key'])) { $data['xendit_live_public_key'] = $this->request->post['xendit_live_public_key']; } elseif ($this->config->has('xendit_live_public_key')) { - $data['xendit_live_public_key'] = $this->config->get('xendit_live_public_key'); + $data['xendit_live_public_key'] = $this->config->get('xendit_live_public_key') === '' ? + $this->config->get('xendit_live_public_key') : + self::$placeholder_sensitive_information; } else { $data['xendit_live_public_key'] = ''; } @@ -91,7 +106,9 @@ public function index() if (isset($this->request->post['xendit_test_secret_key'])) { $data['xendit_test_secret_key'] = $this->request->post['xendit_test_secret_key']; } elseif ($this->config->has('xendit_test_secret_key')) { - $data['xendit_test_secret_key'] = $this->config->get('xendit_test_secret_key'); + $data['xendit_test_secret_key'] = $this->config->get('xendit_test_secret_key') === '' ? + $this->config->get('xendit_test_secret_key') : + self::$placeholder_sensitive_information; } else { $data['xendit_test_secret_key'] = ''; } @@ -99,7 +116,9 @@ public function index() if (isset($this->request->post['xendit_live_secret_key'])) { $data['xendit_live_secret_key'] = $this->request->post['xendit_live_secret_key']; } elseif ($this->config->has('xendit_live_secret_key')) { - $data['xendit_live_secret_key'] = $this->config->get('xendit_live_secret_key'); + $data['xendit_live_secret_key'] = $this->config->get('xendit_live_secret_key') === '' ? + $this->config->get('xendit_live_secret_key') : + self::$placeholder_sensitive_information; } else { $data['xendit_live_secret_key'] = ''; } diff --git a/opencart3.0.x/upload/admin/controller/extension/payment/xendit.php b/opencart3.0.x/upload/admin/controller/extension/payment/xendit.php index fd6755f..8ce5313 100644 --- a/opencart3.0.x/upload/admin/controller/extension/payment/xendit.php +++ b/opencart3.0.x/upload/admin/controller/extension/payment/xendit.php @@ -83,11 +83,9 @@ public function index() if (isset($this->request->post['payment_xendit_test_public_key'])) { $data['xendit_test_public_key'] = $this->request->post['payment_xendit_test_public_key']; } elseif ($this->config->has('payment_xendit_test_public_key')) { - if ($this->config->get('payment_xendit_test_public_key') === '') { - $data['xendit_test_public_key'] = $this->config->get('payment_xendit_test_public_key'); - } else { - $data['xendit_test_public_key'] = self::$placeholder_sensitive_information; - } + $data['xendit_test_public_key'] = $this->config->get('payment_xendit_test_public_key') === '' ? + $this->config->get('payment_xendit_test_public_key') : + self::$placeholder_sensitive_information; } else { $data['xendit_test_public_key'] = ''; } @@ -95,11 +93,9 @@ public function index() if (isset($this->request->post['payment_xendit_live_public_key'])) { $data['xendit_live_public_key'] = $this->request->post['payment_xendit_live_public_key']; } elseif ($this->config->has('payment_xendit_live_public_key')) { - if ($this->config->get('payment_xendit_live_public_key') === '') { - $data['xendit_live_public_key'] = $this->config->get('payment_xendit_live_public_key'); - } else { - $data['xendit_live_public_key'] = self::$placeholder_sensitive_information; - } + $data['xendit_live_public_key'] = $this->config->get('payment_xendit_live_public_key') === '' ? + $this->config->get('payment_xendit_live_public_key') : + self::$placeholder_sensitive_information; } else { $data['xendit_live_public_key'] = ''; } @@ -107,11 +103,9 @@ public function index() if (isset($this->request->post['payment_xendit_test_secret_key'])) { $data['xendit_test_secret_key'] = $this->request->post['payment_xendit_test_secret_key']; } elseif ($this->config->has('payment_xendit_test_secret_key')) { - if ($this->config->get('payment_xendit_test_secret_key') === '') { - $data['xendit_test_secret_key'] = $this->config->get('payment_xendit_test_secret_key'); - } else { - $data['xendit_test_secret_key'] = self::$placeholder_sensitive_information; - } + $data['xendit_test_secret_key'] = $this->config->get('payment_xendit_test_secret_key') === '' ? + $this->config->get('payment_xendit_test_secret_key') : + self::$placeholder_sensitive_information; } else { $data['xendit_test_secret_key'] = ''; } @@ -119,11 +113,9 @@ public function index() if (isset($this->request->post['payment_xendit_live_secret_key'])) { $data['xendit_live_secret_key'] = $this->request->post['payment_xendit_live_secret_key']; } elseif ($this->config->has('payment_xendit_live_secret_key')) { - if ($this->config->get('payment_xendit_live_secret_key') === '') { - $data['xendit_live_secret_key'] = $this->config->get('payment_xendit_live_secret_key'); - } else { - $data['xendit_live_secret_key'] = self::$placeholder_sensitive_information; - } + $data['xendit_live_secret_key'] = $this->config->get('payment_xendit_live_secret_key') === '' ? + $this->config->get('payment_xendit_live_secret_key') : + self::$placeholder_sensitive_information; } else { $data['xendit_live_secret_key'] = ''; }