Skip to content
This repository has been archived by the owner on Jun 20, 2024. It is now read-only.

Commit

Permalink
Add new configuration value to check hash or not (#16)
Browse files Browse the repository at this point in the history
  • Loading branch information
danidomen authored and ecoslado committed Jan 11, 2017
1 parent a10c4be commit 67065e1
Show file tree
Hide file tree
Showing 2 changed files with 29 additions and 11 deletions.
31 changes: 23 additions & 8 deletions doofinder.php
Original file line number Diff line number Diff line change
Expand Up @@ -153,17 +153,18 @@ public function getContent()
{
$this->addCSS('css/doofinder.css');

$doofinder_hash = Configuration::get('DF_FEED_HASH');

if (isset($_POST['submit'.$this->name]))
{
$this->_updateConfiguration();

if (!count($this->_postErrors))
{
$doofinder_hash = Configuration::get('DF_FEED_HASH');
$enable_hash = Configuration::get('DF_ENABLE_HASH', null);
$this->_html .= $this->displayConfirmation($this->l('Settings updated!'));
$this->_html .= $this->displayError($this->l('IF YOU HAVE CHANGED ANYTHING IN YOUR DATA FEED SETTINGS, REMEMBER YOU MUST REPROCESS.'));
if(empty($doofinder_hash)){
if(!empty($doofinder_hash) && $enable_hash){
$this->_html .= $this->displayError($this->l('CHECK ALSO THAT THE NEW FEED URL IS THE SAME THAT ON YOUR DOOFINDER PANEL.'));
}
}
Expand Down Expand Up @@ -191,11 +192,7 @@ protected function addCSS($url)
*/
protected function _updateConfiguration()
{
$doofinder_hash = Configuration::get('DF_FEED_HASH');
if(empty($doofinder_hash)){
$doofinder_hash = md5('PrestaShop_Doofinder_'.date('YmdHis'));
Configuration::updateValue('DF_FEED_HASH',$doofinder_hash);
}

$df_invalid_msg = $this->l('Please, select a valid option for %s.');
$df_required_msg = $this->l('%s field is mandatory.');

Expand All @@ -208,6 +205,7 @@ protected function _updateConfiguration()
'DF_SHOW_PRODUCT_FEATURES' => $this->l('Include product features in feed'),
'DF_OWSEARCH' => $this->l('Overwrite Search page with Doofinder results'),
'DF_OWSEARCHFAC' => $this->l('Enable facets on Overwrite Search Page'),
'DF_ENABLE_HASH' => $this->l('Enable security hash on feed URL'),
'DF_DEBUG' => $this->l('Activate to write debug info in file.')
);

Expand All @@ -224,6 +222,16 @@ protected function _updateConfiguration()
$this->_postErrors[] = sprintf($df_invalid_msg, $optname_alt);
}
}

$doofinder_hash = Configuration::get('DF_FEED_HASH');
if(empty($doofinder_hash)){
$enable_hash = Configuration::get('DF_ENABLE_HASH', null);
if($enable_hash){
$doofinder_hash = md5('PrestaShop_Doofinder_'.date('YmdHis'));
Configuration::updateValue('DF_FEED_HASH',$doofinder_hash);
}
}


$cfgStrSelectValues = array(
'DF_GS_IMAGE_SIZE' => array( // Image Size
Expand Down Expand Up @@ -431,6 +439,12 @@ protected function _displayForm()
$field = $this->getYesNoSelectFor($optname, $this->l('Enable facets on Overwrite Search Page'));
$fields[] = $field;
$helper->fields_value[$optname] = $this->cfg($optname, self::NO);

// DF_ENABLE_HASH
$optname = 'DF_ENABLE_HASH';
$field = $this->getYesNoSelectFor($optname, $this->l('Enable security hash on feed URL'));
$fields[] = $field;
$helper->fields_value[$optname] = $this->cfg($optname, self::NO);

// DF_DEBUG
$optname = 'DF_DEBUG';
Expand Down Expand Up @@ -513,11 +527,12 @@ protected function _displayForm()
$optname = 'DOOFINDER_SCRIPT_';
$desc = $this->l('Paste the script as you got it from Doofinder.');
$doofinder_hash = Configuration::get('DF_FEED_HASH');
$enable_hash = Configuration::get('DF_ENABLE_HASH', null);
foreach (Language::getLanguages(true, $this->context->shop->id) as $lang)
{
$realoptname = $optname.strtoupper($lang['iso_code']);
$url = dfTools::getFeedURL($lang['iso_code']);
if(!empty($doofinder_hash)){
if(!empty($doofinder_hash) && $enable_hash){
$url.='&dfsec_hash='.$doofinder_hash;
}
$fields[] = array(
Expand Down
9 changes: 6 additions & 3 deletions feed.php
Original file line number Diff line number Diff line change
Expand Up @@ -47,10 +47,13 @@
require_once(dirname(__FILE__) . '/../../init.php');

$doofinder_hash = Configuration::get('DF_FEED_HASH');
$enable_hash = Configuration::get('DF_ENABLE_HASH', null);
$dfsec_hash = Tools::getValue('dfsec_hash');
if(!empty($doofinder_hash) && $dfsec_hash != $doofinder_hash){
header('HTTP/1.1 403 Forbidden', true, 403);
exit('Forbidden access. Maybe security token missed. Please check on your doofinder module configuration page the new URL for your feed');
if($enable_hash){
if(!empty($doofinder_hash) && $dfsec_hash != $doofinder_hash){
header('HTTP/1.1 403 Forbidden', true, 403);
exit('Forbidden access. Maybe security token missed. Please check on your doofinder module configuration page the new URL for your feed');
}
}


Expand Down

0 comments on commit 67065e1

Please sign in to comment.