Merge pull request #5 from wirecard/trimmedFingerprint

Improve fingerprint check

README.md

@@ -2,7 +2,7 @@
 
 [![License](https://img.shields.io/badge/license-GPLv2-blue.svg)](https://raw.githubusercontent.com/wirecard/oxid-wcp/master/LICENSE)
 [![OXID eSales Community Edition 4.10.1](https://img.shields.io/badge/OXID_CE-v4.10.1-green.svg)](http://www.oxid-esales.com/)
-[![OXID eSales Enterprise Edition 5.2.6](https://img.shields.io/badge/OXID_EE-v5.2.6-green.svg)](http://www.oxid-esales.com/)
+[![OXID eSales Enterprise Edition 5.2.9](https://img.shields.io/badge/OXID_EE-v5.2.9-green.svg)](http://www.oxid-esales.com/)
 [![PHP v5.6](https://img.shields.io/badge/php-v5.6-yellow.svg)](http://www.php.net)
 
 Wirecard Checkout Page extension for OXID eSales 
@@ -28,4 +28,3 @@ Wirecard Checkout Page offers:
 - Web interface for managing payments (approvals, cancelations, credits, etc.).
 - Benefit from Wirecard Bank´s license to conclude credit card acceptance contracts (acquiring) and issue credit cards.
 - With Wirecard Collecting only a single contract is required for payouts within various payment methods.
-- Support of recurring payments (subscriptions, one-click checkout).

modules/wirecard/checkoutpage/application/controllers/wdceepayment.php

@@ -44,7 +44,7 @@ class wdceepayment extends oxUBase
     protected static $_PAYMENT_WIRECARD_CHECKOUT_URL = 'checkout.wirecard.com';
     protected static $_PAYMENT_INIT_URL = 'https://checkout.wirecard.com/page/init-server.php';
 
-    protected static $_PLUGIN_VERSION = '2.7.0';
+    protected static $_PLUGIN_VERSION = '2.7.1';
 
     protected static $_CUSTOMER_ID_DEMO_MODE = 'D200001';
     protected static $_CUSTOMER_ID_TEST_MODE = 'D200411';
@@ -501,12 +501,14 @@ protected function _createWCPRequestArray($oOrder)
 
         $request['sess_challenge'] = oxRegistry::getSession()->getVariable('sess_challenge');
 
+	    $request = array_map('trim', $request);
+
         $requestFingerprintOrder = 'secret';
         $tempArray = array('secret' => $this->getSecret());
 
         foreach ($request as $key => $value) {
             $requestFingerprintOrder .= ',' . $key;
-            $tempArray[(string)$key] = (string)$value;
+            $tempArray[(string)$key] = $value;
         }
 
         $requestFingerprintOrder .= ',requestFingerprintOrder';
@@ -703,7 +705,7 @@ protected function _confirmProcess($showConfirmResponse = true)
                         return $error;
                     }
                 }
-                if (strcmp($seed, $_POST['responseFingerprint']) == 0) {
+                if (strcasecmp($seed, $_POST['responseFingerprint']) == 0) {
                     if (!$this->_isPaid($oOrder)) {
                         $this->_wcpConfirmLogging('Fingerprints match. Setting order status to PAID');
 
@@ -794,7 +796,7 @@ protected function _confirmProcess($showConfirmResponse = true)
                         }
                     }
 
-                    if (strcasecmp(hash_hmac('sha512', $seed, $this->getSecret()), $_POST['responseFingerprint']) == 0) {
+                    if (strcasecmp($seed, $_POST['responseFingerprint']) == 0) {
                         if (!$this->_isPaid($oOrder)) {
                             $this->_wcpConfirmLogging('Fingerprints match. Setting order status to PENDING');
 

modules/wirecard/checkoutpage/metadata.php

@@ -46,8 +46,8 @@
             'en' => 'Wirecard Checkout Page Payment Extension for Oxid eShop.<br /><br /><div id="helpPanel"><div class="bd"><strong>Support and sales information</strong><br /><a href="https://guides.wirecard.at/support" target="_blank">support</a><br /><a href="https://guides.wirecard.at/sales" target="_blank">sales</a></div></div>',
         ),
         'thumbnail' => 'picture.jpg',
-        'version' => '2.6.3',
-        'author' => 'Wirecard CEE',
+        'version' => '2.7.1',
+        'author' => 'Wirecard',
         'email' => 'support@wirecard.at',
         'url' => 'http://www.wirecard.at',
         'extend' => array (