Comments (3)
Thanks Mark.
It looks like that function has lost some code anyway - it should have the time mS appended to the end. Not how or when that disappeared.
$VendorTxCode = uniqid(date('Ymd-His-'), false);
If openssl_random_pseudo_bytes() is optional in a PHP installation (and it isn't PECL, so far as I can see, so should more-than-not likely be available) then it should have a fallback. If it is something that will always be available in PHP >5.3, then let's just go for it :-)
The makeVendorTxCode() in this package is just an example, and I would hope it would always be overridden. Context may be important to some merchant sites, and not to others. It's often easier when testing, but not so important in production.
I'll give the PR a go over the weekend, but it looks good to me (better than the blatant error that I put in there first, without any random element).
from sagepay.
I must have been having a brainstorm at the time. Of course a random element was added to the transaction ID - that is what uniqid() does.
Anyway, the change looks good to me, and hopefully will be more secure. This takes to the ID up to its max length, which has always been defined as 40 in the metadata, so this should not break any sites that have been assuming that max length could be used. I'll release this on a point release just in case.
https://github.com/academe/SagePay/blob/master/src/Academe/SagePay/Metadata/Transaction.php#L127
from sagepay.
Thank you for the fix.
from sagepay.
Related Issues (20)
- Create Omnipay Wrapper
- Make sure typehints are interfaces, not abstracts
- Token field may not be send in server-notification HOT 4
- Helper::formatAmount silently sets Amount to Zero HOT 9
- Fields for Refund not picked out HOT 6
- Switch to PSR-4 autoloading HOT 1
- Surcharge XML is too long HOT 9
- Start using constructor injection
- Use Data Mapper model rather than up-side-down Active Record HOT 1
- possible misleading information on comment section HOT 10
- Support discounts in basket HOT 17
- Sagepay callback function is not taking sagepay tx_model HOT 2
- Passing correct customer data to Sage Pay HOT 9
- Create Omnipay connector
- Is VPSSignature utilised? HOT 4
- MD5 signature - change from Pending to OK for PPRO payments HOT 3
- Handle duplicate notification callbacks HOT 2
- Second CardType does not contain tamper: true HOT 1
- Support 3d Secure v2 HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sagepay.