CVS log for interchange/lib/Vend/Payment/Protx2.pm

Up to [Local Repository] / interchange / lib / Vend / Payment

Request diff between arbitrary revisions

Keyword substitution: kv
Default branch: MAIN

Revision 1.2: download - view: text, markup, annotated - select for diffs
Thu Apr 10 23:44:45 2008 UTC (8 months, 4 weeks ago) by jon
Branches: MAIN
CVS tags: STABLE_5_6-root, STABLE_5_6-branch, REL_5_7_1, REL_5_6_1, REL_5_5_3, REL_5_5_2, HEAD, DEB_5_6_1_2
Diff to: previous 1.1: preferred, colored
Changes since revision 1.1: +560 -526 lines

Code cleanup after audit of Protx2 payment module.

The logdir option was insecure, as it could be specified by
an end-user, and could cause a new file to be touched.

This is now only allowed if the developer wants it by setting this in catalog.cfg:

    Route protx logdir_from_user_allowed 1

It was also insecure in that it allowed absolute paths, disregarding NoAbsolute.
That is now checked.

Reworked external touch call with Perl open call to remove shell exploit possibility.
This was probably the most dangerous part of accepting end-user logdir form input.

Fix variable name typo that broke Diners Club detection.

Made code work under strict pragma.

Fixed errors and cleaned up POD documentation.

Reformatted code with standard indenting, brace positioning, etc.

Only tested against the Protx test environment; still needs live account testing
by someone with an account.

Revision 1.1: download - view: text, markup, annotated - select for diffs
Thu Apr 10 23:35:40 2008 UTC (8 months, 4 weeks ago) by jon
Branches: MAIN

Add Protx2 payment module, compatible with Protx API 2.22, by Lyn St George (RT #9).

Downloaded from:

http://www.interchange.rtfm.info/mirror/payments/Protx2.pm

First, committing verbatim.

Interchange CVSweb <info@icdevgroup.org>

Preferred diff type:
View only branch:
Sort log by: