v6.3.1 - Apple Pay Info Text, Fix Retry Payment #109

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Merged

paeddl merged 1 commit into SW6.6 from v6.3.1

Jan 15, 2025

Contributor

paeddl commented Jan 15, 2025

Apple Pay Infotext in backend
Fix: Retry payment after being cancelled by Unzer JS


          v6.3.1 - Apple Pay Info Text, Fix Retry Payment

fcd28a4

paeddl merged commit 1ce8c08 into SW6.6

1 check passed

paeddl deleted the v6.3.1 branch

January 15, 2025 09:14

github-actions bot commented Jan 15, 2025

Checkmarx One – Scan Summary & Details – 024909fb-7d6d-4b36-a06f-b188d7916797

New Issues (212)

Checkmarx found the following issues in this Pull Request

Severity	Issue	Source File / Package	Checkmarx Insight
	Stored_XSS	/vendor/unzerdev/php-sdk/test/Fixtures/JsonProvider.php: 24	details The method getResourceIdFromUrl embeds untrusted data in generated output with ThrowExpr, at line 38 of /vendor/unzerdev/php-sdk/src/Services/IdSer... Attack Vector
	Client_DOM_Stored_XSS	/vendor/unzerdev/php-sdk/examples/Applepay/index.php: 151	details The method handleError embeds untrusted data in generated output with html, at line 219 of /vendor/unzerdev/php-sdk/examples/Applepay/index.php. Th... Attack Vector
	Client_DOM_Stored_XSS	/vendor/unzerdev/php-sdk/examples/Applepay/index.php: 172	details The method handleError embeds untrusted data in generated output with html, at line 219 of /vendor/unzerdev/php-sdk/examples/Applepay/index.php. Th... Attack Vector
	Broken_or_Risky_Hashing_Function	/src/Components/AddressHashGenerator/AddressHashGenerator.php: 34	details In generateHash, the application uses a cryptographic hashing function, md5, that is considered cryptographically weak or broken, in /src/Component... Attack Vector
	Missing_HSTS_Header	/vendor/autoload.php: 7	details The web-application does not define an HSTS header, leaving it vulnerable to attack. Attack Vector
	Missing_HSTS_Header	/vendor/unzerdev/php-sdk/examples/Googlepay/index.php: 144	details The web-application does not define an HSTS header, leaving it vulnerable to attack. Attack Vector
	Privacy_Violation	/vendor/unzerdev/php-sdk/src/Services/PaymentService.php: 90	details Method performAuthorization at line 90 of /vendor/unzerdev/php-sdk/src/Services/PaymentService.php sends user information outside the application. ... Attack Vector
	Privacy_Violation	/vendor/unzerdev/php-sdk/examples/PaylaterInstallment/Controller.php: 105	details Method at line 105 of /vendor/unzerdev/php-sdk/examples/PaylaterInstallment/Controller.php sends user information outside the application. This ma... Attack Vector
	Privacy_Violation	/vendor/unzerdev/php-sdk/examples/PaylaterDirectDebit/Controller.php: 100	details Method at line 100 of /vendor/unzerdev/php-sdk/examples/PaylaterDirectDebit/Controller.php sends user information outside the application. This ma... Attack Vector
	Privacy_Violation	/vendor/unzerdev/php-sdk/examples/PaylaterInvoice/Controller.php: 80	details Method at line 80 of /vendor/unzerdev/php-sdk/examples/PaylaterInvoice/Controller.php sends user information outside the application. This may con... Attack Vector
	Privacy_Violation	/vendor/unzerdev/php-sdk/examples/PayPal/Controller.php: 80	details Method at line 80 of /vendor/unzerdev/php-sdk/examples/PayPal/Controller.php sends user information outside the application. This may constitute a... Attack Vector
	Privacy_Violation	/vendor/unzerdev/php-sdk/src/Unzer.php: 684	details Method updateAuthorization at line 684 of /vendor/unzerdev/php-sdk/src/Unzer.php sends user information outside the application. This may constitut... Attack Vector
	Privacy_Violation	/vendor/unzerdev/php-sdk/src/Services/PaymentService.php: 138	details Method authorize at line 138 of /vendor/unzerdev/php-sdk/src/Services/PaymentService.php sends user information outside the application. This may c... Attack Vector
	Privacy_Violation	/vendor/unzerdev/php-sdk/src/Services/PaymentService.php: 133	details Method authorize at line 133 of /vendor/unzerdev/php-sdk/src/Services/PaymentService.php sends user information outside the application. This may c... Attack Vector
	Privacy_Violation	/vendor/unzerdev/php-sdk/src/Unzer.php: 679	details Method performAuthorization at line 679 of /vendor/unzerdev/php-sdk/src/Unzer.php sends user information outside the application. This may constitu... Attack Vector
	Privacy_Violation	/vendor/unzerdev/php-sdk/src/Unzer.php: 679	details Method performAuthorization at line 679 of /vendor/unzerdev/php-sdk/src/Unzer.php sends user information outside the application. This may constitu... Attack Vector
	Privacy_Violation	/vendor/unzerdev/php-sdk/src/Unzer.php: 679	details Method performAuthorization at line 679 of /vendor/unzerdev/php-sdk/src/Unzer.php sends user information outside the application. This may constitu... Attack Vector
	Privacy_Violation	/vendor/unzerdev/php-sdk/src/Services/PaymentService.php: 133	details Method authorize at line 133 of /vendor/unzerdev/php-sdk/src/Services/PaymentService.php sends user information outside the application. This may c... Attack Vector
	Privacy_Violation	/vendor/unzerdev/php-sdk/src/Services/PaymentService.php: 138	details Method authorize at line 138 of /vendor/unzerdev/php-sdk/src/Services/PaymentService.php sends user information outside the application. This may c... Attack Vector
	Privacy_Violation	/vendor/unzerdev/php-sdk/src/Services/PaymentService.php: 133	details Method authorize at line 133 of /vendor/unzerdev/php-sdk/src/Services/PaymentService.php sends user information outside the application. This may c... Attack Vector
	Privacy_Violation	/vendor/unzerdev/php-sdk/src/Services/PaymentService.php: 138	details Method authorize at line 138 of /vendor/unzerdev/php-sdk/src/Services/PaymentService.php sends user information outside the application. This may c... Attack Vector
	Privacy_Violation	/vendor/unzerdev/php-sdk/src/Unzer.php: 679	details Method performAuthorization at line 679 of /vendor/unzerdev/php-sdk/src/Unzer.php sends user information outside the application. This may constitu... Attack Vector
	Privacy_Violation	/vendor/unzerdev/php-sdk/examples/PayPal/Controller.php: 80	details Method at line 80 of /vendor/unzerdev/php-sdk/examples/PayPal/Controller.php sends user information outside the application. This may constitute a... Attack Vector
	SSRF	/vendor/unzerdev/php-sdk/examples/Backend/UpdateTransactionController.php: 43	details The application sends a request to a remote server, for some resource, using url in /vendor/unzerdev/php-sdk/src/Adapter/CurlAdapter.php:45. Howeve... Attack Vector
	SSRF	/vendor/unzerdev/php-sdk/examples/Backend/UpdateTransactionController.php: 44	details The application sends a request to a remote server, for some resource, using url in /vendor/unzerdev/php-sdk/src/Adapter/CurlAdapter.php:45. Howeve... Attack Vector
	SSRF	/vendor/unzerdev/php-sdk/examples/PayPalRecurring/Controller.php: 39	details The application sends a request to a remote server, for some resource, using url in /vendor/unzerdev/php-sdk/src/Adapter/CurlAdapter.php:45. Howeve... Attack Vector
	SSRF	/vendor/unzerdev/php-sdk/examples/PaylaterInstallment/Controller.php: 52	details The application sends a request to a remote server, for some resource, using url in /vendor/unzerdev/php-sdk/src/Adapter/CurlAdapter.php:45. Howeve... Attack Vector
	SSRF	/vendor/unzerdev/php-sdk/examples/PaylaterDirectDebit/Controller.php: 47	details The application sends a request to a remote server, for some resource, using url in /vendor/unzerdev/php-sdk/src/Adapter/CurlAdapter.php:45. Howeve... Attack Vector
	SSRF	/vendor/unzerdev/php-sdk/examples/PaylaterInvoice/Controller.php: 46	details The application sends a request to a remote server, for some resource, using url in /vendor/unzerdev/php-sdk/src/Adapter/CurlAdapter.php:45. Howeve... Attack Vector
	SSRF	/vendor/unzerdev/php-sdk/examples/PayPal/Controller.php: 46	details The application sends a request to a remote server, for some resource, using url in /vendor/unzerdev/php-sdk/src/Adapter/CurlAdapter.php:45. Howeve... Attack Vector
	SSRF	/vendor/unzerdev/php-sdk/examples/InstallmentSecured/Controller.php: 44	details The application sends a request to a remote server, for some resource, using url in /vendor/unzerdev/php-sdk/src/Adapter/CurlAdapter.php:45. Howeve... Attack Vector
	SSRF	/vendor/unzerdev/php-sdk/examples/CardRecurring/Controller.php: 41	details The application sends a request to a remote server, for some resource, using url in /vendor/unzerdev/php-sdk/src/Adapter/CurlAdapter.php:45. Howeve... Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/Googlepay/Controller.php: 23	details Method at line 23 of /vendor/unzerdev/php-sdk/examples/Googlepay/Controller.php performs user authentication without terminating existing sessions... Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/Googlepay/Controller.php: 23	details Method at line 23 of /vendor/unzerdev/php-sdk/examples/Googlepay/Controller.php performs user authentication without terminating existing sessions... Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/PaylaterInvoice/Controller.php: 27	details Method at line 27 of /vendor/unzerdev/php-sdk/examples/PaylaterInvoice/Controller.php performs user authentication without terminating existing se... Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/Alipay/Controller.php: 21	details Method at line 21 of /vendor/unzerdev/php-sdk/examples/Alipay/Controller.php performs user authentication without terminating existing sessions. T... Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/Applepay/Controller.php: 21	details Method at line 21 of /vendor/unzerdev/php-sdk/examples/Applepay/Controller.php performs user authentication without terminating existing sessions.... Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/Applepay/Controller.php: 21	details Method at line 21 of /vendor/unzerdev/php-sdk/examples/Applepay/Controller.php performs user authentication without terminating existing sessions.... Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/Applepay/merchantvalidation.php: 22	details Method at line 22 of /vendor/unzerdev/php-sdk/examples/Applepay/merchantvalidation.php performs user authentication without terminating existing s... Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/Applepay/merchantvalidation.php: 22	details Method at line 22 of /vendor/unzerdev/php-sdk/examples/Applepay/merchantvalidation.php performs user authentication without terminating existing s... Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/Bancontact/Controller.php: 21	details Method at line 21 of /vendor/unzerdev/php-sdk/examples/Bancontact/Controller.php performs user authentication without terminating existing session... Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/BankTransfer/Controller.php: 21	details Method at line 21 of /vendor/unzerdev/php-sdk/examples/BankTransfer/Controller.php performs user authentication without terminating existing sessi... Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/Card/Controller.php: 22	details Method at line 22 of /vendor/unzerdev/php-sdk/examples/Card/Controller.php performs user authentication without terminating existing sessions. Thi... Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/Card/Controller.php: 22	details Method at line 22 of /vendor/unzerdev/php-sdk/examples/Card/Controller.php performs user authentication without terminating existing sessions. Thi... Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/CardExtended/Controller.php: 22	details Method at line 22 of /vendor/unzerdev/php-sdk/examples/CardExtended/Controller.php performs user authentication without terminating existing sessi... Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/CardExtended/Controller.php: 22	details Method at line 22 of /vendor/unzerdev/php-sdk/examples/CardExtended/Controller.php performs user authentication without terminating existing sessi... Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/CardRecurring/Controller.php: 23	details Method at line 23 of /vendor/unzerdev/php-sdk/examples/CardRecurring/Controller.php performs user authentication without terminating existing sess... Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/CardRecurring/RecurringPaymentController.php: 22	details Method at line 22 of /vendor/unzerdev/php-sdk/examples/CardRecurring/RecurringPaymentController.php performs user authentication without terminati... Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/CardRecurring/ReturnController.php: 22	details Method at line 22 of /vendor/unzerdev/php-sdk/examples/CardRecurring/ReturnController.php performs user authentication without terminating existin... Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/EmbeddedPayPage/Controller.php: 30	details Method at line 30 of /vendor/unzerdev/php-sdk/examples/EmbeddedPayPage/Controller.php performs user authentication without terminating existing se... Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/EmbeddedPayPage/Controller.php: 30	details Method at line 30 of /vendor/unzerdev/php-sdk/examples/EmbeddedPayPage/Controller.php performs user authentication without terminating existing se... Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/EPSCharge/Controller.php: 24	details Method at line 24 of /vendor/unzerdev/php-sdk/examples/EPSCharge/Controller.php performs user authentication without terminating existing sessions... Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/Giropay/Controller.php: 24	details Method at line 24 of /vendor/unzerdev/php-sdk/examples/Giropay/Controller.php performs user authentication without terminating existing sessions. ... Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/HostedPayPage/Controller.php: 29	details Method at line 29 of /vendor/unzerdev/php-sdk/examples/HostedPayPage/Controller.php performs user authentication without terminating existing sess... Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/HostedPayPage/Controller.php: 29	details Method at line 29 of /vendor/unzerdev/php-sdk/examples/HostedPayPage/Controller.php performs user authentication without terminating existing sess... Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/IDeal/Controller.php: 24	details Method at line 24 of /vendor/unzerdev/php-sdk/examples/IDeal/Controller.php performs user authentication without terminating existing sessions. Th... Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/InstallmentSecured/confirm.php: 22	details Method at line 22 of /vendor/unzerdev/php-sdk/examples/InstallmentSecured/confirm.php performs user authentication without terminating existing se... Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/InstallmentSecured/Controller.php: 26	details Method at line 26 of /vendor/unzerdev/php-sdk/examples/InstallmentSecured/Controller.php performs user authentication without terminating existing... Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/InstallmentSecured/Controller.php: 26	details Method at line 26 of /vendor/unzerdev/php-sdk/examples/InstallmentSecured/Controller.php performs user authentication without terminating existing... Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/InstallmentSecured/PlaceOrderController.php: 21	details Method at line 21 of /vendor/unzerdev/php-sdk/examples/InstallmentSecured/PlaceOrderController.php performs user authentication without terminatin... Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/Invoice/Controller.php: 23	details Method at line 23 of /vendor/unzerdev/php-sdk/examples/Invoice/Controller.php performs user authentication without terminating existing sessions. ... Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/InvoiceSecured/Controller.php: 26	details Method at line 26 of /vendor/unzerdev/php-sdk/examples/InvoiceSecured/Controller.php performs user authentication without terminating existing ses... Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/Klarna/Controller.php: 29	details Method at line 29 of /vendor/unzerdev/php-sdk/examples/Klarna/Controller.php performs user authentication without terminating existing sessions. T... Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/Klarna/Controller.php: 29	details Method at line 29 of /vendor/unzerdev/php-sdk/examples/Klarna/Controller.php performs user authentication without terminating existing sessions. T... Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/Klarna/Controller.php: 29	details Method at line 29 of /vendor/unzerdev/php-sdk/examples/Klarna/Controller.php performs user authentication without terminating existing sessions. T... Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/PaylaterDirectDebit/Controller.php: 28	details Method at line 28 of /vendor/unzerdev/php-sdk/examples/PaylaterDirectDebit/Controller.php performs user authentication without terminating existin... Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/PaylaterDirectDebit/Controller.php: 28	details Method at line 28 of /vendor/unzerdev/php-sdk/examples/PaylaterDirectDebit/Controller.php performs user authentication without terminating existin... Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/PaylaterInstallment/Controller.php: 29	details Method at line 29 of /vendor/unzerdev/php-sdk/examples/PaylaterInstallment/Controller.php performs user authentication without terminating existin... Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/PaylaterInstallment/Controller.php: 29	details Method at line 29 of /vendor/unzerdev/php-sdk/examples/PaylaterInstallment/Controller.php performs user authentication without terminating existin... Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/PaylaterInvoice/Controller.php: 27	details Method at line 27 of /vendor/unzerdev/php-sdk/examples/PaylaterInvoice/Controller.php performs user authentication without terminating existing se... Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/PayPal/Controller.php: 25	details Method at line 25 of /vendor/unzerdev/php-sdk/examples/PayPal/Controller.php performs user authentication without terminating existing sessions. T... Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/PayPal/Controller.php: 25	details Method at line 25 of /vendor/unzerdev/php-sdk/examples/PayPal/Controller.php performs user authentication without terminating existing sessions. T... Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/PayPalRecurring/Controller.php: 21	details Method at line 21 of /vendor/unzerdev/php-sdk/examples/PayPalRecurring/Controller.php performs user authentication without terminating existing se... Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/PayPalRecurring/ReturnController.php: 22	details Method at line 22 of /vendor/unzerdev/php-sdk/examples/PayPalRecurring/ReturnController.php performs user authentication without terminating exist... Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/PayU/Controller.php: 21	details Method at line 21 of /vendor/unzerdev/php-sdk/examples/PayU/Controller.php performs user authentication without terminating existing sessions. Thi... Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/PostFinanceCard/Controller.php: 21	details Method at line 21 of /vendor/unzerdev/php-sdk/examples/PostFinanceCard/Controller.php performs user authentication without terminating existing se... Attack Vector

More results are available on the CxOne platform

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet