Fix Bad Request

lemonwaysas · Feb 9, 2017 · 9eff75e · 9eff75e
1 parent 4f68160
commit 9eff75e
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 7 deletions.
diff --git a/src/lemonway/controllers/admin/AdminMoneyOutController.php b/src/lemonway/controllers/admin/AdminMoneyOutController.php
@@ -157,7 +157,7 @@ public function beforeAdd($moneyOut)
                 "wallet" => $moneyOut->id_lw_wallet,
                 "amountTot" => number_format((float)$moneyOut->amount_to_pay, 2, '.', ''),
                 'amountCom' => number_format((float)0, 2, '.', ''),
-                "message" => urlencode(Configuration::get('PS_SHOP_NAME')) . " - " .
+                "message" => Configuration::get('PS_SHOP_NAME') . " - " .
                  $this->module->l("Moneyout from Prestashop module"),
                 "ibanId" => $moneyOut->id_lw_iban,
                 "autCommission" => 0,

diff --git a/src/lemonway/controllers/front/redirect.php b/src/lemonway/controllers/front/redirect.php
@@ -67,8 +67,8 @@ public function postProcess()
         * It' is necessary to send a new wkToken for each requests
         */
         $wkToken = $this->module->saveWkToken($cart->id);
-        $comment = urlencode(Configuration::get('PS_SHOP_NAME')) . " - " . $cart->id . " - " .
-         urlencode($customer->lastname) . " " . urlencode($customer->firstname) . " - " . $customer->email;
+        $comment = Configuration::get('PS_SHOP_NAME') . " - " . $cart->id . " - " .
+         $customer->lastname . " " . $customer->firstname . " - " . $customer->email;
 
         /**
         * Check if module mkt is installed, in this case, we don't send amount commission

diff --git a/src/lemonway/services/LemonWayKit.php b/src/lemonway/services/LemonWayKit.php
@@ -337,12 +337,12 @@ private function sendRequest($methodName, $params, $version)
         "http://www.w3.org/2003/05/soap-envelope"><soap12:Body><' . $methodName . ' xmlns="Service_mb_xml">';
 
         foreach ($params as $key => $value) {
-            $xml_soap .= '<' . $key . '>' . $value . '</' . $key . '>';
+            $xml_soap .= '<' . $key . '>' . $this->cleanRequest($value) . '</' . $key . '>';
         }
 
         $xml_soap .= '<version>' . $version . '</version>';
-        $xml_soap .= '<wlPass>' . $accessConfig['wlPass'] . '</wlPass>';
-        $xml_soap .= '<wlLogin>' . $accessConfig['wlLogin'] . '</wlLogin>';
+        $xml_soap .= '<wlPass>' . $this->cleanRequest($accessConfig['wlPass']) . '</wlPass>';
+        $xml_soap .= '<wlLogin>' . $this->cleanRequest($accessConfig['wlLogin']) . '</wlLogin>';
         $xml_soap .= '<language>' . $accessConfig['language'] . '</language>';
         $xml_soap .= '<walletIp>' . $ip . '</walletIp>';
         $xml_soap .= '<walletUa>' . $ua . '</walletUa>';
@@ -356,7 +356,7 @@ private function sendRequest($methodName, $params, $version)
             "Cache-Control: no-cache",
             "Pragma: no-cache",
             'SOAPAction: "Service_mb_xml/' . $methodName . '"',
-            "Content-length: " . Tools::strlen($xml_soap)
+            "Content-length: " . strlen($xml_soap)
         );
 
         $ch = curl_init();
@@ -473,4 +473,13 @@ public function printCardForm($moneyInToken, $cssUrl = '', $language = 'en')
             }
         }
     }
+
+    private function cleanRequest($str)
+    {
+        $str = str_replace('&', htmlentities('&'), $str);
+        $str = str_replace('<', htmlentities('<'), $str);
+        $str = str_replace('>', htmlentities('>'), $str);
+
+        return $str;
+    }
 }