Changeset 3874 for WAeUP_SRP/trunk/skins


Ignore:
Timestamp:
26 Jan 2009, 08:52:01 (16 years ago)
Author:
Henrik Bettermann
Message:

avoid manipulation of the callback URL

I have to implement further improvements. The referer should be either interswitchng.com or waeup.org

File:
1 edited

Legend:

Unmodified
Added
Removed

  • WAeUP_SRP/trunk/skins/waeup_epayment/interswitch_cb.py

    r3870 r3874  
    4141    logger.info('%s:%s illegal access, real_x_ip = %s' % (member_id,student_id,real_ip))
    4242    return context.REQUEST.RESPONSE.redirect("%s/srp_anonymous_view" % context.portal_url())
     43
     44referer = request.get('HTTP_REFERER','none')
     45real_ip = request.get('HTTP_X_REAL_IP',"none") 
     46logger.info('%s, callback referer = %s, IP = %s' % (student_id,referer,real_ip))
     47
     48if referer == "":
     49    logger.info('%s, no callback referrer, callback rejected, IP = %s' % (student_id,real_ip))
     50    return request.RESPONSE.redirect("%s/waeup_document_view" % context.absolute_url())
    4351
    4452student = getattr(students,student_id)
     
    9199
    92100if  resp == '00':
    93 
    94101    if pay_doc.category == 'schoolfee': 
    95102        if context.getStudentReviewState() == "school_fee_paid":
     
    132139
    133140    logger.info('%s received valid callback' % student_id)
    134     #referer = request.get('HTTP_REFERER','none')
    135     #logger.info('%s valid callback referer = %s' % (student_id,referer))
    136     #real_ip = request.get('HTTP_X_REAL_IP',"none")
    137     #logger.info('%s valid callback real_ip = %s' % (student_id,real_ip))
    138141
    139142else:
Note: See TracChangeset for help on using the changeset viewer.