From 02f3b0ffb113e5c4615abb1387490d2b6b3cf5a8 Mon Sep 17 00:00:00 2001 From: adityaGuglaniWork Date: Mon, 13 Nov 2017 20:10:01 +0530 Subject: [PATCH 1/2] Verifying host for AWS Load balancer --- src/Payfast.php | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/src/Payfast.php b/src/Payfast.php index d6bb4d4..de811ad 100644 --- a/src/Payfast.php +++ b/src/Payfast.php @@ -193,9 +193,10 @@ public function validSignature($signature) public function validateHost($request) { - $hosts = $this->getHosts(); + $hosts = $this->getHosts(); + $HTTPXForwardedFor = $this->getHTTPXForwardedFor($request); - if( !in_array( $request->server('REMOTE_ADDR'), $hosts ) ) + if( !in_array( $request->server('REMOTE_ADDR'), $hosts ) && !in_array( $HTTPXForwardedFor, $hosts ) ) { throw new Exception('Not a valid Host'); } @@ -218,6 +219,13 @@ public function getHosts() return array_unique($hosts); } + public function getHTTPXForwardedFor($request) + { + $hosts = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']); + $host = trim(end($hosts)); + return $host; + } + public function validateAmount($grossAmount) { if($this->amount === $this->newMoney($grossAmount)->convertedAmount()) { From 06b77abf7d7cebe8190621eb375dc80c90ba9b82 Mon Sep 17 00:00:00 2001 From: adityaGuglaniWork Date: Fri, 24 Nov 2017 13:29:21 +0530 Subject: [PATCH 2/2] Now working for servers with/without load balancer --- src/Payfast.php | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/Payfast.php b/src/Payfast.php index de811ad..df36e3c 100644 --- a/src/Payfast.php +++ b/src/Payfast.php @@ -221,8 +221,11 @@ public function getHosts() public function getHTTPXForwardedFor($request) { - $hosts = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']); - $host = trim(end($hosts)); + $host = ''; + if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) { + $hosts = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']); + $host = trim(end($hosts)); + } return $host; }