jenkins-bot has submitted this change and it was merged.
Change subject: Prevent Donors from Using the CC# as a Name Additional changes
to DataValidator
......................................................................
Prevent Donors from Using the CC# as a Name
Additional changes to DataValidator
Runs a donors first/last name through a Luhn check to prevent
them from entering a credit card number in this field.
Change-Id: I6f22aef2a27ca665a14ec6b2513962fb7921a9fd
---
M gateway_common/DataValidator.php
M gateway_common/interface.i18n.php
2 files changed, 80 insertions(+), 21 deletions(-)
Approvals:
Adamw: Looks good to me, approved
jenkins-bot: Verified
diff --git a/gateway_common/DataValidator.php b/gateway_common/DataValidator.php
index b04d0c9..9f8abff 100644
--- a/gateway_common/DataValidator.php
+++ b/gateway_common/DataValidator.php
@@ -61,7 +61,6 @@
'visa',
'discover'
);
-
/**
* getNumericFields returns a list of DonationInterface fields that are
@@ -166,21 +165,23 @@
//this is gonna get ugly up in here.
//error_log( __FUNCTION__ . " $field, $type, $value " );
+ //NOTE: We are just using the next bit because it's convenient.
+ //getErrorToken is actually for something entirely different:
+ //Figuring out where on the form the error should land.
+ $message_field = self::getErrorToken( $field );
+ if ( $field === 'expiration' ){
+ ///the inevitable special case.
+ $message_field = $field;
+ }
+ //postal code is a weird one. More L10n than I18n.
+ //'donate_interface-error-msg-postal' => 'postal code',
+
+ $error_message_field_string = 'donate_interface-error-msg-' .
$message_field;
+
//Empty messages should get:
//'donate_interface-error-msg' => 'Please enter your $1';
//If they have no defined error message, give 'em the default.
if ($type === 'non_empty'){
- //NOTE: We are just using the next bit because it's
convenient.
- //getErrorToken is actually for something entirely
different:
- //Figuring out where on the form the error should land.
- $message_field = self::getErrorToken( $field );
- if ( $field === 'expiration' ){
- $message_field = $field;
- }
- //postal code is a weird one. More L10n than I18n.
- //'donate_interface-error-msg-postal' => 'postal code',
-
- $error_message_field_string =
'donate_interface-error-msg-' . $message_field;
if ( $message_field != 'general' &&
self::wmfMessageExists( $error_message_field_string, $language ) ) {
return wfMessage(
'donate_interface-error-msg',
@@ -210,18 +211,28 @@
break;
}
- $error_message_field_string =
'donate_interface-error-msg-' . $suffix;
+ $error_message_string = 'donate_interface-error-msg-' .
$suffix;
if ( $type === 'calculated'){
//try for the special "calculated" error
message.
- if ( self::wmfMessageExists(
$error_message_field_string . '-calc', $language ) ) {
- return wfMessage(
$error_message_field_string . '-calc')->text();
+ if ( self::wmfMessageExists(
$error_message_string . '-calc', $language ) ) {
+ return wfMessage( $error_message_string
. '-calc')->text();
}
}
- //try for the "invalid whatever" error message.
- if ( self::wmfMessageExists(
$error_message_field_string, $language ) ) {
- return wfMessage( $error_message_field_string
)->text();
+// //try for the "invalid whatever" error message.
+// if ( self::wmfMessageExists( $error_message_string,
$language ) ) {
+// return wfMessage( $error_message_string
)->text();
+// }
+
+ //try for new more specific default correction message
+ if ( $message_field != 'general'
+ && self::wmfMessageExists(
$error_message_field_string, $language )
+ && self::wmfMessageExists(
'donate_interface-error-msg-field-correction', $language ) ) {
+ return wfMessage(
+
'donate_interface-error-msg-field-correction',
+ wfMessage( $error_message_field_string
)->text()
+ )->text();
}
}
@@ -376,6 +387,8 @@
//Or maybe that's more payment
type validation territory...
//@TODO: Insert More Think Here
break;
+ case 'validate_name':
+ $check_type = 'calculated';
}
$instructions[$check_type][$field] =
$function_name;
}
@@ -442,7 +455,7 @@
}
$instructions['calculated'][$field] = $result;
- if ($result === false){ //implying we did the
check, and it failed.
+ if ($result === false){ //implying we did the
check, and it failed.
$errors[ self::getErrorToken( $field )
] = self::getErrorMessage( $field, 'calculated', $language, $data[$field] );
}
@@ -505,6 +518,10 @@
break;
case 'country':
return 'validate_country_allowed';
+ break;
+ case 'fname':
+ case 'lname':
+ return 'validate_name';
break;
}
@@ -724,6 +741,47 @@
return true;
}
}
+
+ /**
+ * Some people are silly and enter their CC numbers as their name. This
performs a luhn check
+ * on the name to make sure it's not actually a potentially valid CC
number.
+ *
+ * @param string $value Ze name!
+ * @returns boolean True if the name is not suspiciously like a CC
number
+ */
+ public static function validate_name( $value ) {
+ $value = preg_replace( '/[^0-9]/', '', $value );
+ if ( is_numeric( $value ) ) {
+ return !DataValidator::luhn_check( $value );
+ } else {
+ return true;
+ }
+ }
+
+ /**
+ * Performs a Luhn algorithm check on a string.
+ *
+ * @param $str
+ *
+ * @return bool True if the number was valid according to the algorithm
+ */
+ public static function luhn_check( $str ) {
+ $odd = !strlen( $str ) % 2;
+ $sum = 0;
+
+ for( $i = 0; $i < strlen( $str ); $i++ ) {
+ $n = 0 + $str[$i];
+ $odd = !$odd;
+
+ if( $odd ) {
+ $sum += $n;
+ } else {
+ $x = 2 * $n;
+ $sum += ($x > 9) ? ($x - 9) : $x;
+ }
+ }
+ return( ( $sum % 10 ) == 0 );
+ }
/**
* getGatewayClass
diff --git a/gateway_common/interface.i18n.php
b/gateway_common/interface.i18n.php
index 57f4d95..e09f162 100644
--- a/gateway_common/interface.i18n.php
+++ b/gateway_common/interface.i18n.php
@@ -175,6 +175,7 @@
'donate_interface-error-msg-general' => 'There was an error processing
your request.',
'donate_interface-error-msg-nopaypal' => 'Due to a technical error, we
cannot send your request to PayPal. Please try using our regular credit card
donation form.',
'donate_interface-error-msg' => 'Please enter your $1',
+ 'donate_interface-error-msg-field-correction' => 'Please correct the
errors in your $1',
'donate_interface-error-msg-js' => 'Please enter your',
'donate_interface-error-msg-validation' => 'Please correct the errors
in the form.',
'donate_interface-error-msg-invalid-amount' => 'Please enter a valid
amount',
@@ -683,8 +684,8 @@
'donate_interface-error-msg-discover' => 'Error message for invalid
Discover card number.',
'donate_interface-error-msg-amount' => 'Used in error message regarding
the donation amount field.',
'donate_interface-error-msg-emailAdd' => '{{Identical|E-mail address}}',
- 'donate_interface-error-msg-fname' => 'Used in error message regarding
the first name field.',
- 'donate_interface-error-msg-lname' => 'Used in error message regarding
the last name field.',
+ 'donate_interface-error-msg-fname' => 'Used in error message regarding
the first name field',
+ 'donate_interface-error-msg-lname' => 'Used in error message regarding
the last name field',
'donate_interface-error-msg-street' => '{{Identical|Street}}',
'donate_interface-error-msg-city' => '{{Identical|City}}',
'donate_interface-error-msg-state' => '{{Identical|State}}',
--
To view, visit https://gerrit.wikimedia.org/r/49187
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I6f22aef2a27ca665a14ec6b2513962fb7921a9fd
Gerrit-PatchSet: 5
Gerrit-Project: mediawiki/extensions/DonationInterface
Gerrit-Branch: master
Gerrit-Owner: Mwalker <[email protected]>
Gerrit-Reviewer: Adamw <[email protected]>
Gerrit-Reviewer: Katie Horn <[email protected]>
Gerrit-Reviewer: Pgehres <[email protected]>
Gerrit-Reviewer: Siebrand <[email protected]>
Gerrit-Reviewer: jenkins-bot
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
