security updates

have to check views and entityreference for custom patches
This commit is contained in:
Bachir Soussi Chiadmi
2015-04-19 20:45:16 +02:00
parent 802ec0c6f3
commit b3221c71e2
516 changed files with 14267 additions and 7349 deletions

View File

@@ -4,9 +4,9 @@ dependencies[] = uc_payment
package = Ubercart - payment
core = 7.x
; Information added by Drupal.org packaging script on 2013-12-17
version = "7.x-3.6"
; Information added by Drupal.org packaging script on 2014-10-22
version = "7.x-3.8"
core = "7.x"
project = "ubercart"
datestamp = "1387304010"
datestamp = "1413965350"

View File

@@ -1,113 +0,0 @@
<?php
/**
* @file
* Page callbacks for administrative recurring fee operation pages.
*/
/**
* Displays a form to update a subscriptions's CC info.
*
* @see uc_authorizenet_arb_admin_update_form_submit()
* @ingroup forms
*/
function uc_authorizenet_arb_admin_update_form($form, &$form_state, $rfid) {
$order = new stdClass();
$fee = uc_recurring_fee_load('user', $rfid);
$form['rfid'] = array(
'#type' => 'value',
'#value' => $rfid,
);
$form['description'] = array(
'#markup' => '<div>' . t('Subscription ID: @subscription_id', array('@subscription_id' => $fee['data'])) . '</div>',
);
$form['cc_data'] = array(
'#type' => 'fieldset',
'#title' => t('Credit card details'),
'#theme' => 'uc_payment_method_credit_form',
'#tree' => TRUE,
);
$form['cc_data'] += uc_payment_method_credit_form(array(), $order);
unset($form['cc_data']['cc_policy']);
$form['actions'] = array('#type' => 'actions');
$form['actions']['submit'] = array(
'#type' => 'submit',
'#value' => t('Update'),
'#suffix' => l(t('Cancel'), 'admin/store/orders/recurring'),
);
return $form;
}
/**
* Form submission handler for uc_authorizenet_arb_admin_update_form().
*
* @see uc_authorizenet_arb_admin_update_form()
*/
function uc_authorizenet_arb_admin_update_form_submit($form, &$form_state) {
$fee = uc_recurring_fee_load('user', $form_state['values']['rfid']);
$updates = array(
'payment' => array(
'creditCard' => array(
'cardNumber' => $form_state['values']['cc_data']['cc_number'],
'expirationDate' => $form_state['values']['cc_data']['cc_exp_year'] . '-' . $form_state['values']['cc_data']['cc_exp_month'],
),
),
);
$result = uc_authorizenet_arb_update($fee['data'], $updates, $fee['order_id']);
// If the update was successful...
if ($result) {
drupal_set_message(t('Subscription data updated at Authorize.Net.'));
}
else {
drupal_set_message(t('Subscription update failed. See order admin comments for more details.'), 'error');
}
$form_state['redirect'] = 'admin/store/orders/recurring';
}
/**
* Displays a confirm form for canceling a subscription.
*
* @see uc_authorizenet_arb_admin_cancel_form_submit()
* @ingroup forms
*/
function uc_authorizenet_arb_admin_cancel_form($form, &$form_state, $rfid) {
$form['rfid'] = array(
'#type' => 'value',
'#value' => $rfid,
);
return confirm_form($form, t('Are you sure you wish to cancel this subscription?'), 'admin/store/orders/recurring', NULL, t('Confirm'), t('Cancel'));
}
/**
* Form submission handler for uc_authorizenet_arb_admin_cancel_form().
*
* @see uc_authorizenet_arb_admin_cancel_form()
*/
function uc_authorizenet_arb_admin_cancel_form_submit($form, &$form_state) {
$fee = uc_recurring_fee_load('user', $form_state['values']['rfid']);
$result = uc_authorizenet_arb_cancel($fee['data'], $fee['order_id'], $fee);
// If the cancellation was successful...
if ($result) {
drupal_set_message(t('Subscription canceled through Authorize.Net.'));
// Set the fee's recurring charges to 0.
uc_recurring_fee_cancel($fee['rfid']);
}
else {
drupal_set_message(t('Subscription cancellation failed. See order admin comments for more details.'), 'error');
}
$form_state['redirect'] = 'admin/store/orders/recurring';
}

View File

@@ -5,9 +5,9 @@ dependencies[] = uc_credit
package = Ubercart - payment
core = 7.x
; Information added by Drupal.org packaging script on 2013-12-17
version = "7.x-3.6"
; Information added by Drupal.org packaging script on 2014-10-22
version = "7.x-3.8"
core = "7.x"
project = "ubercart"
datestamp = "1387304010"
datestamp = "1413965350"

View File

@@ -23,46 +23,6 @@ function uc_authorizenet_menu() {
'file' => 'uc_authorizenet.pages.inc',
);
// User operations menu items for ARB recurring fees.
$items['user/%user/recurring/%/arb-update'] = array(
'title' => 'Update your payment details',
'description' => 'Update the payment details for a recurring fee.',
'page callback' => 'drupal_get_form',
'page arguments' => array('uc_authorizenet_arb_user_update_form', 1, 3),
'access callback' => 'uc_recurring_user_access',
'access arguments' => array(1, 3),
'type' => MENU_CALLBACK,
'file' => 'uc_authorizenet.pages.inc',
);
$items['user/%user/recurring/%/arb-cancel'] = array(
'title' => 'Cancel the recurring fee?',
'description' => 'Cancel a recurring fee.',
'page callback' => 'drupal_get_form',
'page arguments' => array('uc_authorizenet_arb_user_cancel_form', 1, 3),
'access callback' => 'uc_recurring_user_access',
'access arguments' => array(1, 3),
'type' => MENU_CALLBACK,
'file' => 'uc_authorizenet.pages.inc',
);
// Admin operations menu items.
$items['admin/store/orders/recurring/%/arb-update'] = array(
'title' => 'Update ARB subscription',
'page callback' => 'drupal_get_form',
'page arguments' => array('uc_authorizenet_arb_admin_update_form', 4),
'access arguments' => array('administer recurring fees'),
'type' => MENU_CALLBACK,
'file' => 'uc_authorizenet.admin.inc',
);
$items['admin/store/orders/recurring/%/arb-cancel'] = array(
'title' => 'Cancel ARB subscription',
'page callback' => 'drupal_get_form',
'page arguments' => array('uc_authorizenet_arb_admin_cancel_form', 4),
'access arguments' => array('administer recurring fees'),
'type' => MENU_CALLBACK,
'file' => 'uc_authorizenet.admin.inc',
);
return $items;
}
@@ -639,45 +599,6 @@ function _uc_authorizenet_charge($order, $amount, $data) {
return $result;
}
/**
* Implements hook_recurring_fee().
*/
function uc_authorizenet_recurring_fee($order, $fee) {
// Don't process the fee if ARB is disabled in the gateway settings.
if (variable_get('uc_authnet_arb_mode', 'disabled') == 'disabled') {
return FALSE;
}
return uc_authorizenet_arb_create($order, $fee);
}
/**
* Implements hook_recurring_fee_ops().
*/
function uc_authorizenet_recurring_fee_ops($context, $fee) {
$ops = array();
switch ($context) {
case 'fee_admin':
if ($fee['remaining_intervals'] > 0) {
$ops[] = l(t('update'), 'admin/store/orders/recurring/' . $fee['rfid'] . '/arb-update');
$ops[] = l(t('cancel'), 'admin/store/orders/recurring/' . $fee['rfid'] . '/arb-cancel');
}
else {
$ops[] = l(t('delete'), 'admin/store/orders/recurring/' . $fee['rfid'] . '/delete');
}
break;
case 'user':
$ops[] = l(t('update'), 'user/' . $fee['uid'] . '/recurring/' . $fee['rfid'] . '/arb-update');
$ops[] = l(t('cancel'), 'user/' . $fee['uid'] . '/recurring/' . $fee['rfid'] . '/arb-cancel');
break;
}
return $ops;
}
/**
* Sends an XML API Request to Authorize.Net.
*
@@ -722,157 +643,6 @@ function uc_authorizenet_xml_api($server, $xml) {
return $response;
}
/**
* Sends an ARB Create request via the XML API.
*
* @param $order
* The order object containing billing and shipping information.
* @param $fee
* An array of data describing the recurring fee.
*
* @return
* TRUE or FALSE indicating the success of the request.
*/
function uc_authorizenet_arb_create($order, $fee) {
$server = variable_get('uc_authnet_arb_mode', 'disabled');
// Setup variables for the payment schedule.
list($length, $unit) = explode(' ', $fee->regular_interval);
list($trial_length, $trial_unit) = explode(' ', $fee->initial_charge);
// Convert weeks and years to days.
if ($unit == 'weeks') {
$length *= 7;
$unit = 'days';
}
elseif ($unit == 'years') {
$length *= 365;
$unit = 'days';
}
// Get a default SKU if none was supplied.
if (empty($fee->model)) {
$fee->model = db_query("SELECT model FROM {uc_products} WHERE nid = :nid", array(':nid' => $fee->nid))->fetchField();
}
// Make sure we have valid values for Authorize.Net.
if ($length <= 0 || $unit == 'days' && $length > 365 || $unit == 'months' && $length > 12) {
watchdog('uc_authorizenet', 'Product @sku has invalid interval settings for Authorize.Net - @length @unit', array('@sku' => $fee->model, '@length' => $length, '@unit' => $unit), WATCHDOG_ERROR);
return FALSE;
}
// Get the country data for the billing and shipping information.
$billing_country = uc_get_country_data(array('country_id' => $order->billing_country));
$delivery_country = uc_get_country_data(array('country_id' => $order->delivery_country));
// Build the data array for the request.
$data = array(
'refId' => substr($order->order_id . '-' . REQUEST_TIME, 0, 20),
'subscription' => array(
'name' => substr(t('Order @order_id', array('@order_id' => $order->order_id)), 0, 50),
'paymentSchedule' => array(
'interval' => array(
'length' => $length,
'unit' => $unit,
),
'startDate' => date('Y-m-d', strtotime('+ ' . $fee->initial_charge)),
'totalOccurrences' => $fee->number_intervals,
'trialOccurrences' => '0',
),
'amount' => round($fee->fee_amount, 2),
'trialAmount' => 0,
'payment' => array(), // Data inserted below based on payment method.
'order' => array(
'invoiceNumber' => substr($order->order_id, 0, 20),
'description' => substr(t('Order @order_id - @sku', array('@order_id' => $order->order_id, '@sku' => $fee->model)), 0, 255),
),
'customer' => array(
'id' => substr($order->uid, 0, 20),
'email' => substr($order->primary_email, 0, 255),
'phoneNumber' => substr($order->billing_phone, 0, 25),
// 'faxNumber' => '',
),
'billTo' => array(
'firstName' => substr($order->billing_first_name, 0, 50),
'lastName' => substr($order->billing_last_name, 0, 50),
'company' => substr($order->billing_company, 0, 50),
'address' => substr($order->billing_street1, 0, 60),
'city' => substr($order->billing_city, 0, 40),
'state' => substr(uc_get_zone_code($order->billing_zone), 0, 2),
'zip' => substr($order->billing_postal_code, 0, 20),
'country' => !$billing_country ? '' : $billing_country[0]['country_iso_code_2'],
),
'shipTo' => array(
'firstName' => substr($order->delivery_first_name, 0, 50),
'lastName' => substr($order->delivery_last_name, 0, 50),
'company' => substr($order->delivery_company, 0, 50),
'address' => substr($order->delivery_street1, 0, 60),
'city' => substr($order->delivery_city, 0, 40),
'state' => substr(uc_get_zone_code($order->delivery_zone), 0, 2),
'zip' => substr($order->delivery_postal_code, 0, 20),
'country' => !$delivery_country ? '' : $delivery_country[0]['country_iso_code_2'],
),
),
);
// Strip out the shipping info if it isn't necessary.
if (empty($data['subscription']['shipTo']['firstName'])) {
unset($data['subscription']['shipTo']);
}
// Add the payment information to the data array based on the payment method.
if ($order->payment_method == 'credit') {
if ($order->payment_details['cc_exp_month'] < 10) {
$order->payment_details['cc_exp_month'] = '0' . $order->payment_details['cc_exp_month'];
}
$data['subscription']['payment'] = array(
'creditCard' => array(
'cardNumber' => $order->payment_details['cc_number'],
'expirationDate' => $order->payment_details['cc_exp_year'] . '-' . $order->payment_details['cc_exp_month'],
),
);
}
// Build the XML string.
$xml = _uc_authorizenet_xml_api_wrapper('ARBCreateSubscriptionRequest', _uc_authorizenet_array_to_xml($data));
// Send the request off to the server and get the response.
$response = uc_authorizenet_xml_api($server, $xml);
// Fail if the response is empty or FALSE.
if (!$response) {
return FALSE;
}
// Parse the response into a data array.
$data = _uc_authorizenet_arb_parse_response($response);
if ($data['resultCode'] == 'Error') {
uc_order_comment_save($order->order_id, 0, t('Authorize.Net: Recurring fee for @model failed.<br />@error - @text', array('@model' => $fee->model, '@error' => $data['code'], '@text' => $data['text'])), 'admin');
return FALSE;
}
$user_fee = array(
'rfid' => 0,
'uid' => $order->uid,
'fee_handler' => 'uc_authorizenet',
'next_charge' => strtotime('+' . $fee->initial_charge),
'fee_amount' => $fee->fee_amount,
'regular_interval' => $fee->regular_interval,
'remaining_intervals' => $fee->number_intervals,
'charged_intervals' => 0,
'order_id' => $order->order_id,
'data' => $data['subscriptionId'],
);
uc_recurring_fee_save('user', $user_fee);
uc_order_comment_save($order->order_id, 0, t('Authorize.Net: Recurring fee setup for @model.<br />Subscription ID: @subscription_id', array('@model' => $fee->model, '@subscription_id' => $data['subscriptionId'])), 'admin');
return TRUE;
}
/**
* Updates an ARB subscription; for simplicity's sake, payment schedule
* information cannot be updated at this time.
@@ -894,7 +664,7 @@ function uc_authorizenet_arb_update($subscription_id, $updates, $order_id = NULL
// Build the data array for the request.
$data = array(
'refId' => substr($order->order_id . '-' . REQUEST_TIME, 0, 20),
'refId' => substr($order_id . '-' . REQUEST_TIME, 0, 20),
'subscriptionId' => $subscription_id,
'subscription' => $updates
);
@@ -925,59 +695,6 @@ function uc_authorizenet_arb_update($subscription_id, $updates, $order_id = NULL
return TRUE;
}
/**
* Cancels an ARB subscription.
*
* @param $subscription
* The ID of the subscription at Authorize.Net.
* @param $order_id
* Optional. The ID of the order the recurring fee was attached to.
* @param $fee
* Optional. The data array for the recurring fee being canceled.
*
* @return
* TRUE or FALSE indicating the success of the cancellation.
*/
function uc_authorizenet_arb_cancel($subscription_id, $order_id = NULL, $fee = array()) {
$server = variable_get('uc_authnet_arb_mode', 'disabled');
// Build the data array for the request.
$data = array(
'refId' => substr($order->order_id . '-' . REQUEST_TIME, 0, 20),
'subscriptionId' => $subscription_id,
);
// Build the XML string.
$xml = _uc_authorizenet_xml_api_wrapper('ARBCancelSubscriptionRequest', _uc_authorizenet_array_to_xml($data));
// Send the request off to the server and get the response.
$response = uc_authorizenet_xml_api($server, $xml);
// Fail if the response is empty or FALSE.
if (!$response) {
return FALSE;
}
// Parse the response into a data array.
$data = _uc_authorizenet_arb_parse_response($response);
if ($data['resultCode'] == 'Error') {
if (!empty($order_id)) {
uc_order_comment_save($order_id, 0, t('Authorize.Net: Subscription @subscription_id cancellation failed.<br />@error - @text', array('@subscription_id' => $subscription_id, '@error' => $data['code'], '@text' => $data['text'])), 'admin');
}
return FALSE;
}
uc_order_comment_save($order_id, 0, t('Authorize.Net: Subscription @subscription_id canceled.', array('@subscription_id' => $subscription_id)), 'admin');
// Let other modules act on the canceled fee.
if (!empty($fee)) {
module_invoke_all('uc_arb_cancel', $fee);
}
return TRUE;
}
/**
* Wraps XML API request child elements in the request element and includes
* the merchant authentication information.

View File

@@ -2,8 +2,7 @@
/**
* @file
* Page callbacks for Authorize.Net's Silent POST feature and user
* specific recurring fee operation pages.
* Page callback for Authorize.Net's Silent POST feature.
*/
@@ -47,116 +46,3 @@ function uc_authorizenet_silent_post() {
exit();
}
/**
* Displays a form for customers to update their CC info.
*
* @see uc_authorizenet_arb_user_update_form_submit()
* @ingroup forms
*/
function uc_authorizenet_arb_user_update_form($form, &$form_state, $user, $rfid) {
$fee = uc_recurring_fee_load('user', $rfid);
$form['uid'] = array(
'#type' => 'value',
'#value' => $user->uid,
);
$form['rfid'] = array(
'#type' => 'value',
'#value' => $rfid,
);
$form['description'] = array(
'#markup' => '<div>' . t('Recurring fee order ID: @order_id', array('@order_id' => $fee['order_id'])) . '</div>',
);
$form['cc_data'] = array(
'#type' => 'fieldset',
'#title' => t('Credit card details'),
'#theme' => 'uc_payment_method_credit_form',
'#tree' => TRUE,
);
$form['cc_data'] += uc_payment_method_credit_form(array(), $order);
unset($form['cc_data']['cc_policy']);
$form['actions'] = array('#type' => 'actions');
$form['actions']['submit'] = array(
'#type' => 'submit',
'#value' => t('Update'),
'#suffix' => l(t('Cancel'), 'user/' . $user->uid),
);
return $form;
}
/**
* Form submission handler for uc_authorizenet_arb_user_update_form().
*
* @see uc_authorizenet_arb_user_update_form()
*/
function uc_authorizenet_arb_user_update_form_submit($form, &$form_state) {
$fee = uc_recurring_fee_load('user', $form_state['values']['rfid']);
$updates = array(
'payment' => array(
'creditCard' => array(
'cardNumber' => $form_state['values']['cc_data']['cc_number'],
'expirationDate' => $form_state['values']['cc_data']['cc_exp_year'] . '-' . $form_state['values']['cc_data']['cc_exp_month'],
),
),
);
$result = uc_authorizenet_arb_update($fee['data'], $updates, $fee['order_id']);
// If the update was successful...
if ($result) {
drupal_set_message(t('The payment details for that recurring fee have been updated.'));
}
else {
drupal_set_message(t('An error has occurred while updating your payment details. Please try again and contact us if you are unable to perform the update.'), 'error');
}
$form_state['redirect'] = 'user/' . $form_state['values']['uid'];
}
/**
* Displays a confirm form for customers to cancel their fees.
*
* @see uc_authorizenet_arb_user_cancel_form_submit()
* @ingroup forms
*/
function uc_authorizenet_arb_user_cancel_form($form, &$form_state, $user, $rfid) {
$form['uid'] = array(
'#type' => 'value',
'#value' => $user->uid,
);
$form['rfid'] = array(
'#type' => 'value',
'#value' => $rfid,
);
return confirm_form($form, t('Are you sure you wish to cancel this fee?'), 'user/' . $user->uid, t('This action cannot be undone and may result in the termination of subscription services.'), t('Confirm'), t('Cancel'));
}
/**
* Form submission handler for uc_authorizenet_arb_user_cancel_form().
*
* @see uc_authorizenet_arb_user_cancel_form()
*/
function uc_authorizenet_arb_user_cancel_form_submit($form, &$form_state) {
$fee = uc_recurring_fee_load('user', $form_state['values']['rfid']);
$result = uc_authorizenet_arb_cancel($fee['data'], $fee['order_id'], $fee);
// If the cancellation was successful...
if ($result) {
drupal_set_message(t('The recurring fee has been canceled.'));
// Set the fee's recurring charges to 0.
uc_recurring_fee_cancel($fee['rfid']);
}
else {
drupal_set_message(t('An error has occurred. Please try again and contact us if the problem persists.'), 'error');
}
$form_state['redirect'] = 'user/' . $form_state['values']['uid'];
}

View File

@@ -5,9 +5,9 @@ dependencies[] = uc_credit
package = Ubercart - payment
core = 7.x
; Information added by Drupal.org packaging script on 2013-12-17
version = "7.x-3.6"
; Information added by Drupal.org packaging script on 2014-10-22
version = "7.x-3.8"
core = "7.x"
project = "ubercart"
datestamp = "1387304010"
datestamp = "1413965350"

View File

@@ -8,9 +8,9 @@ core = 7.x
; Test cases
files[] = tests/uc_credit.test
; Information added by Drupal.org packaging script on 2013-12-17
version = "7.x-3.6"
; Information added by Drupal.org packaging script on 2014-10-22
version = "7.x-3.8"
core = "7.x"
project = "ubercart"
datestamp = "1387304010"
datestamp = "1413965350"

View File

@@ -7,9 +7,9 @@ core = 7.x
; Class definitions
files[] = uc_cybersource.soap.inc
; Information added by Drupal.org packaging script on 2013-12-17
version = "7.x-3.6"
; Information added by Drupal.org packaging script on 2014-10-22
version = "7.x-3.8"
core = "7.x"
project = "ubercart"
datestamp = "1387304010"
datestamp = "1413965350"

View File

@@ -6,9 +6,9 @@ dependencies[] = uc_quote
package = Ubercart - payment
core = 7.x
; Information added by Drupal.org packaging script on 2013-12-17
version = "7.x-3.6"
; Information added by Drupal.org packaging script on 2014-10-22
version = "7.x-3.8"
core = "7.x"
project = "ubercart"
datestamp = "1387304010"
datestamp = "1413965350"

View File

@@ -10,9 +10,9 @@ files[] = tests/uc_payment.test
configure = admin/store/settings/payment
; Information added by Drupal.org packaging script on 2013-12-17
version = "7.x-3.6"
; Information added by Drupal.org packaging script on 2014-10-22
version = "7.x-3.8"
core = "7.x"
project = "ubercart"
datestamp = "1387304010"
datestamp = "1413965350"

View File

@@ -5,9 +5,9 @@ dependencies[] = uc_payment
package = Ubercart - payment
core = 7.x
; Information added by Drupal.org packaging script on 2013-12-17
version = "7.x-3.6"
; Information added by Drupal.org packaging script on 2014-10-22
version = "7.x-3.8"
core = "7.x"
project = "ubercart"
datestamp = "1387304010"
datestamp = "1413965350"

View File

@@ -4,9 +4,9 @@ dependencies[] = uc_payment
package = Ubercart - payment
core = 7.x
; Information added by Drupal.org packaging script on 2013-12-17
version = "7.x-3.6"
; Information added by Drupal.org packaging script on 2014-10-22
version = "7.x-3.8"
core = "7.x"
project = "ubercart"
datestamp = "1387304010"
datestamp = "1413965350"