HerculesWS
Added index.html files to common paypalvar folders for donator info protection
Added index.html files to common paypalvar folders for donator info protection
Signed-off-by: mleo1 [email protected]
Is this even correct? I'm not a paypal user, but by looking at the paypal documentation it doesn't seem like this covers all the possible cases (why does the fluxcp paypal module use an input from third parties as path, without validation anyways? That's really nasty, I would never ever use that module on a real server). See txn_type and payment_status in the documentation, and this code snippet from the fluxcp paypal module:
private function saveDetailsToFile()
{
if ($this->txnIsValid) {
$logDir1 = realpath(FLUX_DATA_DIR.'/logs/transactions');
$logDir2 = $logDir1.'/'.$this->ipnVariables->get('txn_type');
$logDir3 = $logDir2.'/'.$this->ipnVariables->get('payment_status');
$logFile = $logDir3.'/'.$this->ipnVariables->get('txn_id').'.log.php';
if (!is_dir($logDir2)) {
mkdir($logDir2, 0600);
}
if (!is_dir($logDir3)) {
mkdir($logDir3, 0600);
}
$fp = fopen($logFile, 'w');
if ($fp) {
foreach ($this->ipnVariables->toArray() as $key => $value) {
fwrite($fp, "$key: $value\n");
}
fclose($fp);
return $logFile;
}
}
return false;
}
It's most common, I've check some popular servers that accept paypal, this 5 is always what I see. (I swear, I did not count the donations, kek)
Anyway, guys are welcomed to add more to this lazy somewhat fix.