CGM_Public/pretix_original
2
0
Fork 1
mirror of https://github.com/pretix/pretix.git synced 2026-05-07 15:34:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

PayPal: Add additional protection against invalid sessions

Browse Source
This commit is contained in:
Raphael Michel
2020-06-12 13:13:45 +02:00
parent e7da2aec53
commit 99e02bde36
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/pretix/plugins/paypal/payment.py
View File

@@ -332,6 +332,11 @@ class Paypal(BasePaymentProvider):
self.init_api() self.init_api()
pp_payment = paypalrestsdk.Payment.find(request.session.get('payment_paypal_id')) pp_payment = paypalrestsdk.Payment.find(request.session.get('payment_paypal_id'))
if payment.order.code not in pp_payment.transactions[0].description:
logger.error('Order code mismatch: Payment %s vs paypal trans %s' % (payment.id, str(pp_payment)))
raise PaymentException(_('We were unable to process your payment. See below for details on how to '
'proceed.'))
ReferencedPayPalObject.objects.get_or_create(order=payment.order, payment=payment, reference=pp_payment.id) ReferencedPayPalObject.objects.get_or_create(order=payment.order, payment=payment, reference=pp_payment.id)
if str(pp_payment.transactions[0].amount.total) != str(payment.amount) or pp_payment.transactions[0].amount.currency \ if str(pp_payment.transactions[0].amount.total) != str(payment.amount) or pp_payment.transactions[0].amount.currency \
!= self.event.currency: != self.event.currency: