Issues in createTransactionUsingCreditCard.php (master) - Issues in master - reginaldojunior/winners - Measure and Improve Code Quality continuously with Scrutinizer

Issues (4141)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

examples/createTransactionUsingCreditCard.php (1 issue)

Labels

Bug 1

Severity

Critical 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php //

/*
 * ***********************************************************************
 Copyright [2014] [PagSeguro Internet Ltda.]

 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at

 http://www.apache.org/licenses/LICENSE-2.0

 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 * ***********************************************************************
 */

require_once "../PagSeguroLibrary/PagSeguroLibrary.php";

/**
 * Class with a main method to illustrate the usage of the domain class PagSeguroDirectPaymentRequest
 */
class CreateTransactionUsingCreditCard
{

    public static function main()
    {

        // Instantiate a new payment request
        $directPaymentRequest = new PagSeguroDirectPaymentRequest();

        // Set the Payment Mode for this payment request
        $directPaymentRequest->setPaymentMode('DEFAULT');

        // Set the Payment Method for this payment request
        $directPaymentRequest->setPaymentMethod('CREDIT_CARD');

        /**
        * @todo Change the receiver Email
        */
        $directPaymentRequest->setReceiverEmail('[email protected]');

        // Set the currency
        $directPaymentRequest->setCurrency("BRL");

        // Add an item for this payment request
       	// Add an item for this payment request
        $directPaymentRequest->addItem(
            '0001',
            'Descricao do item a ser vendido',
            2,
            10.00
        );

        // Add an item for this payment request
        $directPaymentRequest->addItem(
            '0002',
            'Descricao do item a ser vendido',
            2,
            5.00
        );

        // Set a reference code for this payment request. It is useful to identify this payment
        // in future notifications.
        $directPaymentRequest->setReference("REF123");

        // Set your customer information.
        // If you using SANDBOX you must use an email @sandbox.pagseguro.com.br
        $directPaymentRequest->setSender(
            'João Comprador',
            '[email protected]',
            '11',
            '56273440',
            'CPF',
            '156.009.442-76',
            true
        );

        $directPaymentRequest->setSenderHash("d94d002b6998ca9cd69092746518e50aded5a54aef64c4877ccea02573694986");

        // Set shipping information for this payment request
        $sedexCode = PagSeguroShippingType::getCodeByType('SEDEX');
        $directPaymentRequest->setShippingType($sedexCode);
        $directPaymentRequest->setShippingAddress(
            '01452002',
            'Av. Brig. Faria Lima',
            '1384',
            'apto. 114',
            'Jardim Paulistano',
            'São Paulo',
            'SP',
            'BRA'
        );

        //Set billing information for credit card
        $billing = new PagSeguroBilling
        (
            array(
                'postalCode' => '01452002',
                'street' => 'Av. Brig. Faria Lima',
                'number' => '1384',
                'complement' => 'apto. 114',
                'district' => 'Jardim Paulistano',
                'city' => 'São Paulo',
                'state' => 'SP',
                'country' => 'BRA'
            )
        );

        $token = "5b97542cd1524b67a9e89b3d90c1f262";

        $installment = new PagSeguroInstallment(
            array("quantity" => 1,
                  "value" => "30.00")
            );

        $cardCheckout = new PagSeguroCreditCardCheckout(
            array(
                'token' => $token,
                'installment' => $installment,
                'holder' => new PagSeguroCreditCardHolder(
                    array(
                        'name' => 'João Comprador', //Equals in Credit Card
                        'documents' => array(
                            'type' => 'CPF',
                            'value' => '156.009.442-76'
                        ),
                        'birthDate' => date('01/10/1979'),
                        'areaCode' => 11,
                        'number' => 56273440
                    )
                ),
                'billing' => $billing
            )
        );

        //Set credit card for payment
        $directPaymentRequest->setCreditCard($cardCheckout);

        try {
            /**
             * #### Credentials #####
             * Replace the parameters below with your credentials
             * You can also get your credentials from a config file. See an example:
             * $credentials = PagSeguroConfig::getAccountCredentials();
             */

            // seller authentication
            //$credentials = new PagSeguroAccountCredentials("[email protected]",
                "E231B2C9BCC8474DA2E260B6C8CF60D3");


            // application authentication
            $credentials = PagSeguroConfig::getApplicationCredentials();
            $credentials->setAuthorizationCode("E231B2C9BCC8474DA2E260B6C8CF60D3");

            // Register this payment request in PagSeguro to obtain the payment URL to redirect your customer.
            $return = $directPaymentRequest->register($credentials);

            self::printTransactionReturn($return);

        } catch (PagSeguroServiceException $e) {
            die($e->getMessage());
        }
    }

    public static function printTransactionReturn($transaction)
    {

        if ($transaction) {
            echo "<h2>Retorno da transação com Cartão de Crédito.</h2>";
            echo "<p><strong>Date: </strong> ".$transaction->getDate() ."</p> ";
            echo "<p><strong>lastEventDate: </strong> ".$transaction->getLastEventDate()."</p> ";
            echo "<p><strong>code: </strong> ".$transaction->getCode() ."</p> ";
            echo "<p><strong>reference: </strong> ".$transaction->getReference() ."</p> ";
            echo "<p><strong>type: </strong> ".$transaction->getType()->getValue() ."</p> ";
            echo "<p><strong>status: </strong> ".$transaction->getStatus()->getValue() ."</p> ";

            echo "<p><strong>paymentMethodType: </strong> ".$transaction->getPaymentMethod()->getType()->getValue() ."</p> ";
            echo "<p><strong>paymentModeCode: </strong> ".$transaction->getPaymentMethod()->getCode()->getValue() ."</p> ";

            echo "<p><strong>grossAmount: </strong> ".$transaction->getGrossAmount() ."</p> ";
            echo "<p><strong>discountAmount: </strong> ".$transaction->getDiscountAmount() ."</p> ";
            echo "<p><strong>feeAmount: </strong> ".$transaction->getFeeAmount() ."</p> ";
            echo "<p><strong>netAmount: </strong> ".$transaction->getNetAmount() ."</p> ";
            echo "<p><strong>extraAmount: </strong> ".$transaction->getExtraAmount() ."</p> ";

            echo "<p><strong>installmentCount: </strong> ".$transaction->getInstallmentCount() ."</p> ";
            echo "<p><strong>itemCount: </strong> ".$transaction->getItemCount() ."</p> ";

            echo "<p><strong>Items: </strong></p>";
            foreach ($transaction->getItems() as $item)
            {
                echo "<p><strong>id: </strong> ". $item->getId() ."</br> ";
                echo "<strong>description: </strong> ". $item->getDescription() ."</br> ";
                echo "<strong>quantity: </strong> ". $item->getQuantity() ."</br> ";
                echo "<strong>amount: </strong> ". $item->getAmount() ."</p> ";
            }

            echo "<p><strong>senderName: </strong> ".$transaction->getSender()->getName() ."</p> ";
            echo "<p><strong>senderEmail: </strong> ".$transaction->getSender()->getEmail() ."</p> ";
            echo "<p><strong>senderPhone: </strong> ".$transaction->getSender()->getPhone()->getAreaCode() . " - " .
                 $transaction->getSender()->getPhone()->getNumber() . "</p> ";
            echo "<p><strong>Shipping: </strong></p>";
            echo "<p><strong>street: </strong> ".$transaction->getShipping()->getAddress()->getStreet() ."</p> ";
            echo "<p><strong>number: </strong> ".$transaction->getShipping()->getAddress()->getNumber()  ."</p> ";
            echo "<p><strong>complement: </strong> ".$transaction->getShipping()->getAddress()->getComplement()  ."</p> ";
            echo "<p><strong>district: </strong> ".$transaction->getShipping()->getAddress()->getDistrict()  ."</p> ";
            echo "<p><strong>postalCode: </strong> ".$transaction->getShipping()->getAddress()->getPostalCode()  ."</p> ";
            echo "<p><strong>city: </strong> ".$transaction->getShipping()->getAddress()->getCity()  ."</p> ";
            echo "<p><strong>state: </strong> ".$transaction->getShipping()->getAddress()->getState()  ."</p> ";
            echo "<p><strong>country: </strong> ".$transaction->getShipping()->getAddress()->getCountry()  ."</p> ";
        }

      echo "<pre>";
    }
}

CreateTransactionUsingCreditCard::main();


1			<?php //
2
3			/*
4			* ***********************************************************************
5			Copyright [2014] [PagSeguro Internet Ltda.]
6
7			Licensed under the Apache License, Version 2.0 (the "License");
8			you may not use this file except in compliance with the License.
9			You may obtain a copy of the License at
10
11			http://www.apache.org/licenses/LICENSE-2.0
12
13			Unless required by applicable law or agreed to in writing, software
14			distributed under the License is distributed on an "AS IS" BASIS,
15			WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16			See the License for the specific language governing permissions and
17			limitations under the License.
18			* ***********************************************************************
19			*/
20
21			require_once "../PagSeguroLibrary/PagSeguroLibrary.php";
22
23			/**
24			* Class with a main method to illustrate the usage of the domain class PagSeguroDirectPaymentRequest
25			*/
26			class CreateTransactionUsingCreditCard
27			{
28
29			public static function main()
30			{
31
32			// Instantiate a new payment request
33			$directPaymentRequest = new PagSeguroDirectPaymentRequest();
34
35			// Set the Payment Mode for this payment request
36			$directPaymentRequest->setPaymentMode('DEFAULT');
37
38			// Set the Payment Method for this payment request
39			$directPaymentRequest->setPaymentMethod('CREDIT_CARD');
40
41			/**
42			* @todo Change the receiver Email
43			*/
44			$directPaymentRequest->setReceiverEmail('[email protected]');
45
46			// Set the currency
47			$directPaymentRequest->setCurrency("BRL");
48
49			// Add an item for this payment request
50			// Add an item for this payment request
51			$directPaymentRequest->addItem(
52			'0001',
53			'Descricao do item a ser vendido',
54			2,
55			10.00
56			);
57
58			// Add an item for this payment request
59			$directPaymentRequest->addItem(
60			'0002',
61			'Descricao do item a ser vendido',
62			2,
63			5.00
64			);
65
66			// Set a reference code for this payment request. It is useful to identify this payment
67			// in future notifications.
68			$directPaymentRequest->setReference("REF123");
69
70			// Set your customer information.
71			// If you using SANDBOX you must use an email @sandbox.pagseguro.com.br
72			$directPaymentRequest->setSender(
73			'João Comprador',
74			'[email protected]',
75			'11',
76			'56273440',
77			'CPF',
78			'156.009.442-76',
79			true
80			);
81
82			$directPaymentRequest->setSenderHash("d94d002b6998ca9cd69092746518e50aded5a54aef64c4877ccea02573694986");
83
84			// Set shipping information for this payment request
85			$sedexCode = PagSeguroShippingType::getCodeByType('SEDEX');
86			$directPaymentRequest->setShippingType($sedexCode);
87			$directPaymentRequest->setShippingAddress(
88			'01452002',
89			'Av. Brig. Faria Lima',
90			'1384',
91			'apto. 114',
92			'Jardim Paulistano',
93			'São Paulo',
94			'SP',
95			'BRA'
96			);
97
98			//Set billing information for credit card
99			$billing = new PagSeguroBilling
100			(
101			array(
102			'postalCode' => '01452002',
103			'street' => 'Av. Brig. Faria Lima',
104			'number' => '1384',
105			'complement' => 'apto. 114',
106			'district' => 'Jardim Paulistano',
107			'city' => 'São Paulo',
108			'state' => 'SP',
109			'country' => 'BRA'
110			)
111			);
112
113			$token = "5b97542cd1524b67a9e89b3d90c1f262";
114
115			$installment = new PagSeguroInstallment(
116			array("quantity" => 1,
117			"value" => "30.00")
118			);
119
120			$cardCheckout = new PagSeguroCreditCardCheckout(
121			array(
122			'token' => $token,
123			'installment' => $installment,
124			'holder' => new PagSeguroCreditCardHolder(
125			array(
126			'name' => 'João Comprador', //Equals in Credit Card
127			'documents' => array(
128			'type' => 'CPF',
129			'value' => '156.009.442-76'
130			),
131			'birthDate' => date('01/10/1979'),
132			'areaCode' => 11,
133			'number' => 56273440
134			)
135			),
136			'billing' => $billing
137			)
138			);
139
140			//Set credit card for payment
141			$directPaymentRequest->setCreditCard($cardCheckout);
142
143			try {
144			/**
145			* #### Credentials #####
146			* Replace the parameters below with your credentials
147			* You can also get your credentials from a config file. See an example:
148			* $credentials = PagSeguroConfig::getAccountCredentials();
149			*/
150
151			// seller authentication
152			//$credentials = new PagSeguroAccountCredentials("[email protected]",
153			"E231B2C9BCC8474DA2E260B6C8CF60D3");
			0 ignored issues – show Bug introduced 2015-11-21 13:40 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code did not parse for me. Apparently, there is an error somewhere around this line: Syntax error, unexpected ')' Loading history...
154
155			// application authentication
156			$credentials = PagSeguroConfig::getApplicationCredentials();
157			$credentials->setAuthorizationCode("E231B2C9BCC8474DA2E260B6C8CF60D3");
158
159			// Register this payment request in PagSeguro to obtain the payment URL to redirect your customer.
160			$return = $directPaymentRequest->register($credentials);
161
162			self::printTransactionReturn($return);
163
164			} catch (PagSeguroServiceException $e) {
165			die($e->getMessage());
166			}
167			}
168
169			public static function printTransactionReturn($transaction)
170			{
171
172			if ($transaction) {
173			echo "<h2>Retorno da transação com Cartão de Crédito.</h2>";
174			echo "<p><strong>Date: </strong> ".$transaction->getDate() ."</p> ";
175			echo "<p><strong>lastEventDate: </strong> ".$transaction->getLastEventDate()."</p> ";
176			echo "<p><strong>code: </strong> ".$transaction->getCode() ."</p> ";
177			echo "<p><strong>reference: </strong> ".$transaction->getReference() ."</p> ";
178			echo "<p><strong>type: </strong> ".$transaction->getType()->getValue() ."</p> ";
179			echo "<p><strong>status: </strong> ".$transaction->getStatus()->getValue() ."</p> ";
180
181			echo "<p><strong>paymentMethodType: </strong> ".$transaction->getPaymentMethod()->getType()->getValue() ."</p> ";
182			echo "<p><strong>paymentModeCode: </strong> ".$transaction->getPaymentMethod()->getCode()->getValue() ."</p> ";
183
184			echo "<p><strong>grossAmount: </strong> ".$transaction->getGrossAmount() ."</p> ";
185			echo "<p><strong>discountAmount: </strong> ".$transaction->getDiscountAmount() ."</p> ";
186			echo "<p><strong>feeAmount: </strong> ".$transaction->getFeeAmount() ."</p> ";
187			echo "<p><strong>netAmount: </strong> ".$transaction->getNetAmount() ."</p> ";
188			echo "<p><strong>extraAmount: </strong> ".$transaction->getExtraAmount() ."</p> ";
189
190			echo "<p><strong>installmentCount: </strong> ".$transaction->getInstallmentCount() ."</p> ";
191			echo "<p><strong>itemCount: </strong> ".$transaction->getItemCount() ."</p> ";
192
193			echo "<p><strong>Items: </strong></p>";
194			foreach ($transaction->getItems() as $item)
195			{
196			echo "<p><strong>id: </strong> ". $item->getId() ."</br> ";
197			echo "<strong>description: </strong> ". $item->getDescription() ."</br> ";
198			echo "<strong>quantity: </strong> ". $item->getQuantity() ."</br> ";
199			echo "<strong>amount: </strong> ". $item->getAmount() ."</p> ";
200			}
201
202			echo "<p><strong>senderName: </strong> ".$transaction->getSender()->getName() ."</p> ";
203			echo "<p><strong>senderEmail: </strong> ".$transaction->getSender()->getEmail() ."</p> ";
204			echo "<p><strong>senderPhone: </strong> ".$transaction->getSender()->getPhone()->getAreaCode() . " - " .
205			$transaction->getSender()->getPhone()->getNumber() . "</p> ";
206			echo "<p><strong>Shipping: </strong></p>";
207			echo "<p><strong>street: </strong> ".$transaction->getShipping()->getAddress()->getStreet() ."</p> ";
208			echo "<p><strong>number: </strong> ".$transaction->getShipping()->getAddress()->getNumber() ."</p> ";
209			echo "<p><strong>complement: </strong> ".$transaction->getShipping()->getAddress()->getComplement() ."</p> ";
210			echo "<p><strong>district: </strong> ".$transaction->getShipping()->getAddress()->getDistrict() ."</p> ";
211			echo "<p><strong>postalCode: </strong> ".$transaction->getShipping()->getAddress()->getPostalCode() ."</p> ";
212			echo "<p><strong>city: </strong> ".$transaction->getShipping()->getAddress()->getCity() ."</p> ";
213			echo "<p><strong>state: </strong> ".$transaction->getShipping()->getAddress()->getState() ."</p> ";
214			echo "<p><strong>country: </strong> ".$transaction->getShipping()->getAddress()->getCountry() ."</p> ";
215			}
216
217			echo "<pre>";
218			}
219			}
220
221			CreateTransactionUsingCreditCard::main();
222

reginaldojunior / winners

Issues (4141)

Security Analysis not enabled

examples/createTransactionUsingCreditCard.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like