From 934bdbee95016aad6bda58caed24c78114e4927c Mon Sep 17 00:00:00 2001 From: skodak Date: Tue, 14 Nov 2006 20:52:15 +0000 Subject: [PATCH] MDL-7535 PayPal communication now fully utf-8 compatible, users must check/fix encoding setting in their PayPal account - see linked docs from PayPal enrolment config page --- enrol/paypal/enrol.html | 1 + enrol/paypal/enrol.php | 36 ++++++++++++++---------------------- enrol/paypal/ipn.php | 33 +++++++++++++++++++-------------- 3 files changed, 34 insertions(+), 36 deletions(-) diff --git a/enrol/paypal/enrol.html b/enrol/paypal/enrol.html index 4e18b43f7e..793e6bc87e 100644 --- a/enrol/paypal/enrol.html +++ b/enrol/paypal/enrol.html @@ -10,6 +10,7 @@
+ diff --git a/enrol/paypal/enrol.php b/enrol/paypal/enrol.php index fc13238d07..7700caeec8 100644 --- a/enrol/paypal/enrol.php +++ b/enrol/paypal/enrol.php @@ -32,7 +32,7 @@ function print_entry($course) { } else { - print_header($strloginto, $course->fullname, + print_header($strloginto, $course->fullname, "wwwroot/course/\">$strcourses -> $strloginto"); print_course($course, "80%"); @@ -56,13 +56,13 @@ function print_entry($course) { echo ''; } else { //Sanitise some fields before building the PayPal form - $coursefullname = $this->sanitise_for_paypal($course->fullname); - $courseshortname = $this->sanitise_for_paypal($course->shortname); - $userfullname = $this->sanitise_for_paypal(fullname($USER)); - $userfirstname = $this->sanitise_for_paypal($USER->firstname); - $userlastname = $this->sanitise_for_paypal($USER->lastname); - $useraddress = $this->sanitise_for_paypal($USER->address); - $usercity = $this->sanitise_for_paypal($USER->city); + $coursefullname = $course->fullname; + $courseshortname = $course->shortname; + $userfullname = fullname($USER); + $userfirstname = $USER->firstname; + $userlastname = $USER->lastname; + $useraddress = $USER->address; + $usercity = $USER->city; include($CFG->dirroot.'/enrol/paypal/enrol.html'); } @@ -99,7 +99,7 @@ function get_access_icons($course) { $str = $manual->get_access_icons($course); } else { - + $strrequirespayment = get_string("requirespayment"); $strcost = get_string("cost"); @@ -115,10 +115,10 @@ function get_access_icons($course) { case 'AUD': $currency = '$'; break; default: $currency = '$'; break; } - + $str .= '
'.$strcost.': '; $str .= $currency.format_float($cost,2).'
'; - + } return $str; @@ -137,12 +137,12 @@ function config_form($frm) { 'AUD' => 'Australian Dollars' ); - $vars = array('enrol_cost', 'enrol_currency', 'enrol_paypalbusiness', + $vars = array('enrol_cost', 'enrol_currency', 'enrol_paypalbusiness', 'enrol_mailstudents', 'enrol_mailteachers', 'enrol_mailadmins'); foreach ($vars as $var) { if (!isset($frm->$var)) { $frm->$var = ''; - } + } } include("$CFG->dirroot/enrol/paypal/config.html"); @@ -179,17 +179,9 @@ function process_config($config) { $config->enrol_mailadmins = ''; } set_config('enrol_mailadmins', $config->enrol_mailadmins); - - return true; -} + return true; -//To avoid wrong (for PayPal) characters in sent data -function sanitise_for_paypal($text) { - $textlib = textlib_get_instance(); - $text = $textlib->specialtoascii($text); - // TODO: characters that have no ascii equivalents are not sanitized properly :-( - return $text; } /** diff --git a/enrol/paypal/ipn.php b/enrol/paypal/ipn.php index 4aefe4c777..6cde62a6df 100644 --- a/enrol/paypal/ipn.php +++ b/enrol/paypal/ipn.php @@ -6,7 +6,7 @@ * This script waits for Payment notification from PayPal, * then double checks that data by sending it back to PayPal. * If PayPal verifies this then it sets up the enrolment for that -* +* * Set the $user->timeaccess course array * * @param user referenced object, must contain $user->id already set @@ -21,14 +21,19 @@ error("Sorry, you can not use the script that way."); } -/// Read all the data from PayPal and get it ready for later +/// Read all the data from PayPal and get it ready for later; +/// we expect only valid UTF-8 encoding, it is the responsibility +/// of user to set it up properly in PayPal business acount, +/// it is documented in docs wiki. $req = 'cmd=_notify-validate'; + $data = new object(); + foreach ($_POST as $key => $value) { - $value = urlencode(stripslashes($value)); - $req .= "&$key=$value"; - $data->$key = urldecode($value); + $value = stripslashes($value); + $req .= "&$key=".urlencode($value); + $data->$key = $value; } $custom = explode('-', $data->custom); @@ -104,7 +109,7 @@ // If our status is not completed or not pending on an echeck clearance then ignore and die // This check is redundant at present but may be useful if paypal extend the return codes in the future - if (! ( $data->payment_status == "Completed" or + if (! ( $data->payment_status == "Completed" or ($data->payment_status == "Pending" and $data->pending_reason == "echeck") ) ) { die; } @@ -117,14 +122,14 @@ email_paypal_error_to_admin("Transaction $data->txn_id is being repeated!", $data); die; - } - + } + if ($data->business != $CFG->enrol_paypalbusiness) { // Check that the email is the one we want it to be email_paypal_error_to_admin("Business email is $data->business (not $CFG->enrol_paypalbusiness)", $data); die; - } - + } + if (!$user = get_record('user', 'id', $data->userid)) { // Check that user exists email_paypal_error_to_admin("User $data->userid doesn't exist", $data); die; @@ -143,7 +148,7 @@ } $cost = format_float($cost, 2); - if ($data->payment_gross < $cost) { + if ($data->payment_gross < $cost) { email_paypal_error_to_admin("Amount paid is not enough ($data->payment_gross < $cost))", $data); die; @@ -164,14 +169,14 @@ if (!empty($CFG->enrol_mailstudents)) { $a->coursename = "$course->fullname"; $a->profileurl = "$CFG->wwwroot/user/view.php?id=$user->id"; - email_to_user($user, $teacher, get_string("enrolmentnew", '', $course->shortname), + email_to_user($user, $teacher, get_string("enrolmentnew", '', $course->shortname), get_string('welcometocoursetext', '', $a)); } if (!empty($CFG->enrol_mailteachers)) { $a->course = "$course->fullname"; $a->user = fullname($user); - email_to_user($teacher, $user, get_string("enrolmentnew", '', $course->shortname), + email_to_user($teacher, $user, get_string("enrolmentnew", '', $course->shortname), get_string('enrolmentnewuser', '', $a)); } @@ -180,7 +185,7 @@ $a->user = fullname($user); $admins = get_admins(); foreach ($admins as $admin) { - email_to_user($admin, $user, get_string("enrolmentnew", '', $course->shortname), + email_to_user($admin, $user, get_string("enrolmentnew", '', $course->shortname), get_string('enrolmentnewuser', '', $a)); } } -- 2.39.5