From d3a9e9a057726a79e31ede436836763a41ea76ad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aleksander=20K=C4=85kol?= Date: Wed, 3 Dec 2025 23:06:27 +0100 Subject: [PATCH 1/4] Validate request notification --- Notification/NotificationProcessor.php | 22 +++++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/Notification/NotificationProcessor.php b/Notification/NotificationProcessor.php index 950008f..7ed2a3b 100644 --- a/Notification/NotificationProcessor.php +++ b/Notification/NotificationProcessor.php @@ -28,17 +28,29 @@ public function __construct(NotificationProcessorFactoryInterface $factory, Tpay public function process() { $strategy = $this->factory->create($this->request->getPost()->toArray()); + $storeId = null; - if ($strategy instanceof BlikAliasNotificationProcessor) { - $storeId = null; - } else { - $orderId = $this->request->getPost('order_id') ? base64_decode($this->request->getPost('order_id')) : base64_decode($this->request->getPost('tr_crc')); - $storeId = $this->getOrderStore($orderId); + if (!$strategy instanceof BlikAliasNotificationProcessor) { + $orderId = $this->getOrderId(); + if ($orderId) { + $storeId = $this->getOrderStore($orderId); + } } $strategy->process($storeId); } + private function getOrderId(): ?string + { + $value = $this->request->getPost('order_id') ?? $this->request->getPost('tr_crc'); + + if ($value === null) { + return null; + } + + return base64_decode($value); + } + private function getOrderStore(string $orderId): ?int { $order = $this->tpayService->getOrderById($orderId); From a970850b9b6860d0003e2589f72c86055e62e7fa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aleksander=20K=C4=85kol?= Date: Thu, 4 Dec 2025 08:58:14 +0100 Subject: [PATCH 2/4] Validate request notification --- Notification/NotificationProcessor.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Notification/NotificationProcessor.php b/Notification/NotificationProcessor.php index 7ed2a3b..42a2ba4 100644 --- a/Notification/NotificationProcessor.php +++ b/Notification/NotificationProcessor.php @@ -44,7 +44,7 @@ private function getOrderId(): ?string { $value = $this->request->getPost('order_id') ?? $this->request->getPost('tr_crc'); - if ($value === null) { + if (null === $value) { return null; } From ebbc05b3f3882843c56b7e99ff078eb1851e2536 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aleksander=20K=C4=85kol?= Date: Thu, 4 Dec 2025 22:40:38 +0100 Subject: [PATCH 3/4] update openapi --- composer.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/composer.json b/composer.json index 821831e..5567e1b 100755 --- a/composer.json +++ b/composer.json @@ -15,7 +15,7 @@ "composer-runtime-api": "^2.0", "magento/framework": "^103.0", "magento/module-csp": "^100.4.5-p6", - "tpay-com/tpay-openapi-php": "^2.2.1", + "tpay-com/tpay-openapi-php": "^2.2.2", "tpay-com/tpay-php": "^2.4.7" }, "suggest": { From a92b15fff507be260226e1c5c3e5d8def8ddfbe3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aleksander=20K=C4=85kol?= Date: Thu, 11 Dec 2025 09:14:29 +0100 Subject: [PATCH 4/4] update openapi --- .version | 2 +- CHANGELOG.MD | 6 ++++++ composer.json | 2 +- 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/.version b/.version index f225a78..aedc15b 100644 --- a/.version +++ b/.version @@ -1 +1 @@ -2.5.2 +2.5.3 diff --git a/CHANGELOG.MD b/CHANGELOG.MD index 7e45c77..a6d3a84 100644 --- a/CHANGELOG.MD +++ b/CHANGELOG.MD @@ -5,6 +5,12 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## 2.5.3 + +### Added + +- Validation for notification request + ## 2.5.2 ### Fixed diff --git a/composer.json b/composer.json index 5567e1b..b83b5a4 100755 --- a/composer.json +++ b/composer.json @@ -15,7 +15,7 @@ "composer-runtime-api": "^2.0", "magento/framework": "^103.0", "magento/module-csp": "^100.4.5-p6", - "tpay-com/tpay-openapi-php": "^2.2.2", + "tpay-com/tpay-openapi-php": "^2.2.3", "tpay-com/tpay-php": "^2.4.7" }, "suggest": {