Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Validate transactionId on Sage Pay Form result #131

Closed
judgej opened this issue Mar 27, 2019 · 2 comments
Closed

Validate transactionId on Sage Pay Form result #131

judgej opened this issue Mar 27, 2019 · 2 comments
Assignees
@judgej
Labels
enhancement

Comments

@judgej
Copy link
Member

judgej commented Mar 27, 2019

This is hinted at in documentation added for issue #130

When the user returns from the off-site Sage Pay Form, they return with the transactionId. The gateway should enforce a check to make sure it is the expected transactionId for the current session and basket/cart.

Most merchant sites will sensibly do this, but enforcing it in the driver will offer a further layer of security.
@judgej judgej self-assigned this Jun 18, 2019
judgej added a commit to academe/omnipay-sagepay that referenced this issue Aug 24, 2019
@judgej
Issue thephpleague#131 Force expected transactionId to be supplied fo…
b7f1312 
…r Form complete.
@judgej
Copy link
Member Author

judgej commented Aug 24, 2019

This would be a breaking change for most sites, and that needs to happen to move to force some safer practices for the sites that don't do this check themselves.

judgej added a commit to academe/omnipay-sagepay that referenced this issue Aug 24, 2019
@judgej
Issue thephpleague#131 additional documentation on error recovery.
0454e93
@judgej
Copy link
Member Author

judgej commented Nov 23, 2019

PR #143 merged.

@judgej judgej closed this as completed Nov 23, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@judgej judgej

Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@judgej