[PW-3546] Adding payload and redirectResult GET parameters to transpa…

…rent redirect (#92) * [PW-3546] Adding payload GET parameter to transparent redirect * [PW-3546] Adding redirectResult GET parameter to transparent redirect * [PW-3546] Filtering POST params and forwarding all GET params from the transparent controller
Adyen · Dec 1, 2020 · 0b546f1 · 0b546f1
1 parent 9c81b67
commit 0b546f1
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 14 deletions.
diff --git a/Controllers/Frontend/Transparent.php b/Controllers/Frontend/Transparent.php
@@ -7,6 +7,7 @@
 class Shopware_Controllers_Frontend_Transparent extends Shopware_Controllers_Frontend_Payment implements CSRFWhitelistAware
 {
 
+    const ALLOWED_PARAMS = ['MD', 'PaRes'];
     /**
      * @var Logger
      */
@@ -29,30 +30,34 @@ public function getWhitelistedCSRFActions()
      */
     public function redirectAction()
     {
-        $allowedPostParams = ['MD', 'PaRes'];
         $redirectUrl = Shopware()->Router()->assemble([
             'controller' => 'process',
             'action' => 'return',
         ]);
 
         $this->View()->assign('redirectUrl', $redirectUrl);
-        $this->View()->assign('postParams', $this->retrievePostParams($allowedPostParams));
+        $this->View()->assign('redirectParams', $this->retrieveParams());
         $this->logger->debug('Forward incoming POST response to process/return', [
-            'POST parameter keys' => $allowedPostParams
+            'POST and GET parameter keys' => self::ALLOWED_PARAMS
         ]);
     }
 
-    private function retrievePostParams(array $allowedParams): array
+    private function retrieveParams(): array
     {
-        $params = [];
-        foreach ($allowedParams as $key) {
-            if (null === $value = $this->Request()->getPost($key)) {
-                continue;
+        $request = $this->Request();
+
+        //Getting all GET parameters except for Shopware's action, controller and module
+        $getParams = $request->getQuery();
+        unset($getParams['action'], $getParams['controller'], $getParams['module']);
+
+        //Filtering allowed POST parameters
+        $fullPostParams = $request->getParams();
+        $postParams = [];
+        foreach (self::ALLOWED_PARAMS as $allowedParam) {
+            if (isset($fullPostParams[$allowedParam])) {
+                $postParams[$allowedParam] = $fullPostParams[$allowedParam];
             }
-
-            $params[$key] = $value;
         }
-
-        return $params;
+        return array_merge($getParams, $postParams);
     }
 }
diff --git a/Resources/views/frontend/transparent/redirect.tpl b/Resources/views/frontend/transparent/redirect.tpl
@@ -5,11 +5,11 @@
     <head><title></title></head>
     <body onload="document.forms['transparent_redirect'].submit();">
         <form id="transparent_redirect" method="POST" action="{$redirectUrl}">
-            {foreach $postParams as $value}
+            {foreach $redirectParams as $value}
                 <input type="hidden" name="{$value@key}" value="{$value|escape}" />
             {/foreach}
         </form>
     </body>
 </html>
 {/strip}
-{/block}
+{/block}