From e350ff5242763f25448cf47211c6d100f823d312 Mon Sep 17 00:00:00 2001 From: "said.ozgat" Date: Thu, 28 Jan 2021 16:37:35 +0300 Subject: [PATCH 1/2] +samesite cookie control added. --- iyzipay/iyzipay.php | 125 +++++++++++++++++++++++++++++--------------- 1 file changed, 82 insertions(+), 43 deletions(-) diff --git a/iyzipay/iyzipay.php b/iyzipay/iyzipay.php index fabcddd..25dde30 100755 --- a/iyzipay/iyzipay.php +++ b/iyzipay/iyzipay.php @@ -1,28 +1,28 @@ -* @copyright 2018 iyzico -* @license http://opensource.org/licenses/afl-3.0.php Academic Free License (AFL 3.0) -* International Registered Trademark & Property of iyzico -*/ + * 2007-2018 PrestaShop + * + * NOTICE OF LICENSE + * + * This source file is subject to the Academic Free License (AFL 3.0) + * that is bundled with this package in the file LICENSE.txt. + * It is also available through the world-wide-web at this URL: + * http://opensource.org/licenses/afl-3.0.php + * If you did not receive a copy of the license and are unable to + * obtain it through the world-wide-web, please send an email + * to license@prestashop.com so we can send you a copy immediately. + * + * DISCLAIMER + * + * Do not edit or add to this file if you wish to upgrade PrestaShop to newer + * versions in the future. If you wish to customize PrestaShop for your + * needs please refer to http://www.prestashop.com for more information. + * + * @author iyzico + * @copyright 2018 iyzico + * @license http://opensource.org/licenses/afl-3.0.php Academic Free License (AFL 3.0) + * International Registered Trademark & Property of iyzico + */ use PrestaShop\PrestaShop\Core\Payment\PaymentOption; @@ -70,7 +70,7 @@ public function __construct() $this->commissionAmount = $this->l('commissionAmount'); - + $this->confirmUninstall = $this->l('are you sure ?'); $this->limited_countries = array('TR','FR','EN'); @@ -80,8 +80,11 @@ public function __construct() $this->ps_versions_compliancy = array('min' => '1.7', 'max' => _PS_VERSION_); $this->extra_mail_vars = array( - '{instalmentFee}' => '', - ); + '{instalmentFee}' => '', + ); + + $this->checkAndSetCookieSameSite(); + } /** @@ -118,19 +121,19 @@ public function uninstall() include(dirname(__FILE__).'/sql/uninstall.php'); - return $this->unregisterHook('footer') - && $this->unregisterHook('backOfficeHeader') - && $this->unregisterHook('PaymentOptions') - && $this->unregisterHook('paymentReturn') - && Configuration::deleteByName('iyzipay_api_type') - && Configuration::deleteByName('iyzipay_api_key') - && Configuration::deleteByName('iyzipay_secret_key') - && Configuration::deleteByName('iyzipay_module_status') - && Configuration::deleteByName('iyzipay_option_text') - && Configuration::deleteByName('iyzipay_display') - && Configuration::deleteByName('iyzipay_overlay_position') - && Configuration::deleteByName('iyzipay_overlay_token') - && parent::uninstall(); + return $this->unregisterHook('footer') + && $this->unregisterHook('backOfficeHeader') + && $this->unregisterHook('PaymentOptions') + && $this->unregisterHook('paymentReturn') + && Configuration::deleteByName('iyzipay_api_type') + && Configuration::deleteByName('iyzipay_api_key') + && Configuration::deleteByName('iyzipay_secret_key') + && Configuration::deleteByName('iyzipay_module_status') + && Configuration::deleteByName('iyzipay_option_text') + && Configuration::deleteByName('iyzipay_display') + && Configuration::deleteByName('iyzipay_overlay_position') + && Configuration::deleteByName('iyzipay_overlay_token') + && parent::uninstall(); } /** @@ -340,11 +343,11 @@ private function setIyziTitle() } /** - * Add the CSS & JavaScript files you want to be loaded in the BO. - */ + * Add the CSS & JavaScript files you want to be loaded in the BO. + */ public function hookBackOfficeHeader() { - + if (Tools::getValue('configure') == $this->name) { $this->context->controller->addJS($this->_path.'views/js/back.js'); $this->context->controller->addCSS($this->_path.'views/css/back.css'); @@ -398,6 +401,7 @@ public function hookPaymentOptions($params) */ public function checkoutFormGenerate($params) { + $this->context->cookie->totalPrice = false; $this->context->cookie->installmentFee = false; $this->context->cookie->iyziToken = false; @@ -476,6 +480,41 @@ public function hookPaymentReturn($params) /** * @return mixed */ + + private function setcookieSameSite($name, $value, $expire, $path, $domain, $secure, $httponly) { + + if (PHP_VERSION_ID < 70300) { + + setcookie($name, $value, $expire, "$path; samesite=None", $domain, $secure, $httponly); + } + else { + setcookie($name, $value, [ + 'expires' => $expire, + 'path' => $path, + 'domain' => $domain, + 'samesite' => 'None', + 'secure' => $secure, + 'httponly' => $httponly + ]); + + + } + } + + private function checkAndSetCookieSameSite(){ + + $checkCookieNames = array('PHPSESSID','OCSESSID','default','PrestaShop-','wp_woocommerce_session_'); + + foreach ($_COOKIE as $cookieName => $value) { + foreach ($checkCookieNames as $checkCookieName){ + if (stripos($cookieName,$checkCookieName) === 0) { + $this->setcookieSameSite($cookieName,$_COOKIE[$cookieName], time() + 86400, "/", $_SERVER['SERVER_NAME'],true, true); + } + } + } + } + + private function getOptionText() { $title = Configuration::get('iyzipay_option_text'); @@ -574,4 +613,4 @@ private function iyziMultipLangTitle($title, $isoCode) return $title; } -} \ No newline at end of file +} From cdb65eee5ca4d8e0f0b3d3bfde0af95bcb225e74 Mon Sep 17 00:00:00 2001 From: "said.ozgat" Date: Thu, 28 Jan 2021 16:48:30 +0300 Subject: [PATCH 2/2] +samesite cookie control added. --- iyzipay/iyzipay.php | 92 ++++++++++++++++++++++----------------------- 1 file changed, 44 insertions(+), 48 deletions(-) diff --git a/iyzipay/iyzipay.php b/iyzipay/iyzipay.php index 25dde30..10c8b72 100755 --- a/iyzipay/iyzipay.php +++ b/iyzipay/iyzipay.php @@ -1,28 +1,28 @@ - * @copyright 2018 iyzico - * @license http://opensource.org/licenses/afl-3.0.php Academic Free License (AFL 3.0) - * International Registered Trademark & Property of iyzico - */ +* 2007-2018 PrestaShop +* +* NOTICE OF LICENSE +* +* This source file is subject to the Academic Free License (AFL 3.0) +* that is bundled with this package in the file LICENSE.txt. +* It is also available through the world-wide-web at this URL: +* http://opensource.org/licenses/afl-3.0.php +* If you did not receive a copy of the license and are unable to +* obtain it through the world-wide-web, please send an email +* to license@prestashop.com so we can send you a copy immediately. +* +* DISCLAIMER +* +* Do not edit or add to this file if you wish to upgrade PrestaShop to newer +* versions in the future. If you wish to customize PrestaShop for your +* needs please refer to http://www.prestashop.com for more information. +* +* @author iyzico +* @copyright 2018 iyzico +* @license http://opensource.org/licenses/afl-3.0.php Academic Free License (AFL 3.0) +* International Registered Trademark & Property of iyzico +*/ use PrestaShop\PrestaShop\Core\Payment\PaymentOption; @@ -80,11 +80,10 @@ public function __construct() $this->ps_versions_compliancy = array('min' => '1.7', 'max' => _PS_VERSION_); $this->extra_mail_vars = array( - '{instalmentFee}' => '', - ); + '{instalmentFee}' => '', + ); $this->checkAndSetCookieSameSite(); - } /** @@ -121,19 +120,19 @@ public function uninstall() include(dirname(__FILE__).'/sql/uninstall.php'); - return $this->unregisterHook('footer') - && $this->unregisterHook('backOfficeHeader') - && $this->unregisterHook('PaymentOptions') - && $this->unregisterHook('paymentReturn') - && Configuration::deleteByName('iyzipay_api_type') - && Configuration::deleteByName('iyzipay_api_key') - && Configuration::deleteByName('iyzipay_secret_key') - && Configuration::deleteByName('iyzipay_module_status') - && Configuration::deleteByName('iyzipay_option_text') - && Configuration::deleteByName('iyzipay_display') - && Configuration::deleteByName('iyzipay_overlay_position') - && Configuration::deleteByName('iyzipay_overlay_token') - && parent::uninstall(); + return $this->unregisterHook('footer') + && $this->unregisterHook('backOfficeHeader') + && $this->unregisterHook('PaymentOptions') + && $this->unregisterHook('paymentReturn') + && Configuration::deleteByName('iyzipay_api_type') + && Configuration::deleteByName('iyzipay_api_key') + && Configuration::deleteByName('iyzipay_secret_key') + && Configuration::deleteByName('iyzipay_module_status') + && Configuration::deleteByName('iyzipay_option_text') + && Configuration::deleteByName('iyzipay_display') + && Configuration::deleteByName('iyzipay_overlay_position') + && Configuration::deleteByName('iyzipay_overlay_token') + && parent::uninstall(); } /** @@ -343,8 +342,8 @@ private function setIyziTitle() } /** - * Add the CSS & JavaScript files you want to be loaded in the BO. - */ + * Add the CSS & JavaScript files you want to be loaded in the BO. + */ public function hookBackOfficeHeader() { @@ -401,7 +400,6 @@ public function hookPaymentOptions($params) */ public function checkoutFormGenerate($params) { - $this->context->cookie->totalPrice = false; $this->context->cookie->installmentFee = false; $this->context->cookie->iyziToken = false; @@ -477,10 +475,6 @@ public function hookPaymentReturn($params) return $this->display(__FILE__, 'views/templates/front/confirmation.tpl'); } - /** - * @return mixed - */ - private function setcookieSameSite($name, $value, $expire, $path, $domain, $secure, $httponly) { if (PHP_VERSION_ID < 70300) { @@ -514,7 +508,9 @@ private function checkAndSetCookieSameSite(){ } } - + /** + * @return mixed + */ private function getOptionText() { $title = Configuration::get('iyzipay_option_text'); @@ -613,4 +609,4 @@ private function iyziMultipLangTitle($title, $isoCode) return $title; } -} +} \ No newline at end of file