Congegni/sintonia
7
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

SAAS-973: Airtime Billing page - Add support for August promotion plans

Browse source 
Made WHMCS Airtime group id a constant
Check for CSRF token on promo eligibilty ajax check
This commit is contained in:
drigato 2015-07-30 13:27:32 -04:00
parent bccba2f9d5
commit b2fbb27801
4 changed files with 27 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

22
airtime_mvc/application/controllers/BillingController.php
View file

@ -31,11 +31,20 @@ class BillingController extends Zend_Controller_Action {
}
$data = $request->getPost();
$eligible = Billing::isClientEligibleForPromo(
$data["newproductid"], $data["newproductbillingcycle"]);
$current_namespace = new Zend_Session_Namespace('csrf_namespace');
$observed_csrf_token = $this->_getParam('csrf_token');
$expected_csrf_token = $current_namespace->authtoken;
//Set the return JSON value
$this->_helper->json(array("result"=>$eligible));
if($observed_csrf_token == $expected_csrf_token) {
$eligible = Billing::isClientEligibleForPromo(
$data["newproductid"], $data["newproductbillingcycle"]);
//Set the return JSON value
$this->_helper->json(array("result"=>$eligible));
} else {
$this->getResponse()->setHttpResponseCode(403);
$this->_helper->json(array("result"=>false, "error"=>"CSRF token did not match."));
}
}
public function upgradeAction()
@ -47,6 +56,7 @@ class BillingController extends Zend_Controller_Action {
$request = $this->getRequest();
$form = new Application_Form_BillingUpgradeDowngrade();
if ($request->isPost()) {
$formData = $request->getPost();
@ -80,8 +90,8 @@ class BillingController extends Zend_Controller_Action {
//and it freaks out and does the wrong thing if we do it via the API
//so we have to do avoid that.
if (($currentPlanProductId == $formData["newproductid"]) &&
($currentPlanProductBillingCycle == $formData["newproductbillingcycle"]))
{
($currentPlanProductBillingCycle == $formData["newproductbillingcycle"])
) {
$placeAnUpgradeOrder = false;
}