Skip to content

Commit

Permalink
Merge pull request #71 from afterpay/feature/more-dm-data-to-checkout…
Browse files Browse the repository at this point in the history 
…-EIT-3646

Prevent cookie props from overwriting existing query params.
  • Loading branch information
@benfterpay
benfterpay authored Jan 19, 2024
2 parents dd139a5 + f8d3249 commit de8d969
Showing 1 changed file with 6 additions and 2 deletions.
8 changes: 6 additions & 2 deletions src/HTTP/Response/CreateCheckout.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,14 +57,18 @@ public function afterReceive()
$cookieObj = json_decode($decodedCookie, false);
$urlChanged = false;

if (isset($cookieObj->deviceId) && preg_match('/^[0-9a-z-]*$/i', $cookieObj->deviceId)) {
$query_str = parse_url($bodyObj->redirectCheckoutUrl, PHP_URL_QUERY);
$query_arr = array();
parse_str($query_str, $query_arr);

if (isset($cookieObj->deviceId) && !array_key_exists('device_id', $query_arr) && preg_match('/^[0-9a-z-]*$/i', $cookieObj->deviceId)) {
$bodyObj->redirectCheckoutUrl .= "&device_id={$cookieObj->deviceId}";
$urlChanged = true;
}

if (isset($cookieObj->checkout) && is_object($cookieObj->checkout)) {
foreach ($cookieObj->checkout as $prop => $val) {
if (preg_match('/^[0-9a-z]+$/i', $prop) && preg_match('/^[0-9a-z-]*$/i', $val)) {
if (!array_key_exists($prop, $query_arr) && preg_match('/^[0-9a-z]+$/i', $prop) && preg_match('/^[0-9a-z-]*$/i', $val)) {
$bodyObj->redirectCheckoutUrl .= "&{$prop}={$val}";
$urlChanged = true;
}
Expand Down

0 comments on commit de8d969

Please sign in to comment.