From 58fdfc607f442a43c9bcc719d1a0acf35972fafc Mon Sep 17 00:00:00 2001 From: Vincent Boulanger Date: Thu, 16 May 2024 19:01:07 +0200 Subject: [PATCH] OX6-158: Add session variable and safety check for browser history-back button usage --- .../controllers/fcPayOnePaymentView.php | 1 + extend/application/models/fcPayOneOrder.php | 16 +++++++++++----- 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/extend/application/controllers/fcPayOnePaymentView.php b/extend/application/controllers/fcPayOnePaymentView.php index 20b9a25..8a6d4cc 100755 --- a/extend/application/controllers/fcPayOnePaymentView.php +++ b/extend/application/controllers/fcPayOnePaymentView.php @@ -233,6 +233,7 @@ public function init() unset($oOrder); } $this->_oFcpoHelper->fcpoDeleteSessionVariable('sess_challenge'); + $this->_oFcpoHelper->fcpoDeleteSessionVariable('fcpoRedirectOnGoing'); parent::init(); } diff --git a/extend/application/models/fcPayOneOrder.php b/extend/application/models/fcPayOneOrder.php index 186b05e..c676413 100755 --- a/extend/application/models/fcPayOneOrder.php +++ b/extend/application/models/fcPayOneOrder.php @@ -747,11 +747,15 @@ protected function _fcpoEarlyValidation($blSaveAfterRedirect, $oBasket, $oUser, $this->_checkOrderExist($sGetChallenge) ); - if ($blSaveAfterRedirect === false && $this->_checkOrderExist($sGetChallenge)) { - $oUtils = $this->_oFcpoHelper->fcpoGetUtils(); - $oUtils->logger('BLOCKER'); - // we might use this later, this means that somebody klicked like mad on order button - return self::ORDER_STATE_ORDEREXISTS; + $blIsRedirectionOnGoing = (bool) $this->_oFcpoHelper->fcpoGetSessionVariable('fcpoRedirectOnGoing'); + if ($blSaveAfterRedirect === false && !$blIsRedirectionOnGoing) { + if ($this->_checkOrderExist($sGetChallenge)) { + $oUtils = $this->_oFcpoHelper->fcpoGetUtils(); + $oUtils->logger('BLOCKER'); + // we might use this later, this means that somebody klicked like mad on order button + + return self::ORDER_STATE_ORDEREXISTS; + } } // check if basket is still the same as it was before @@ -1059,6 +1063,7 @@ protected function _fcpoSaveOrderValues($sTxid, $iOrderNotChecked) $this->_oFcpoHelper->fcpoDeleteSessionVariable('fcpoRefNr'); $this->_oFcpoHelper->fcpoDeleteSessionVariable('fcpoAuthMode'); $this->_oFcpoHelper->fcpoDeleteSessionVariable('fcpoRedirectUrl'); + $this->_oFcpoHelper->fcpoDeleteSessionVariable('fcpoRedirectOnGoing'); } /** @@ -1894,6 +1899,7 @@ protected function _fcpoHandleAuthorizationRedirect($aResponse, $sRefNr, $sAutho } else { $sRedirectUrl = $aResponse['redirecturl']; } + $this->_oFcpoHelper->fcpoSetSessionVariable('fcpoRedirectOnGoing', '1'); $oUtils->redirect($sRedirectUrl, false); } }