gpt4 book ai didi

3d-secure - Paymill:至少有一家银行存在 3D 安全漏洞?

转载 作者:行者123 更新时间:2023-12-02 22:12:28 24 4
gpt4 key购买 nike

我使用 3D 安全的 Paymill API 进行支付:

paymill.createToken(params, paymillResponseHandler, tdsInit, tdsCleanup);

文档中的这部分完全不起作用:

var tdsInit = function(iframeUrl, cancelFn) {
var body = document.body || document.getElementsByTagName('body')[0];
var iframe = document.createElement('iframe');

iframe.id = 'tdsIframe';
iframe.src = iframeUrl;
iframe.width = 600;
iframe.height = 500;
iframe.style.zIndex = 0xffffffff;
iframe.style.background = '#fff';
iframe.style.position = 'absolute';

body.insertBefore(iframe, body.firstChild);
};

所以我这样做:

function tdsInit(iframeUrl, cancelFn) {
var body = document.body;
var div3D = document.createElement("div");
div3D.id = "div3Dsecure";
body.insertBefore(div3D, body.firstChild);
var pareq = decodeURIComponent(iframeUrl.params.PaReq.replace(/\+/g, " "));
var termurl = decodeURIComponent(iframeUrl.params.TermUrl.replace(/\+/g, " "));
div3D.innerHTML='.$dot.'<form id="3Dsecureform" action="'.$dot.'+iframeUrl.url+'.$dot.'" method="POST"><textarea name="PaReq" style="display:none">'.$dot.'+pareq+'.$dot.'</textarea><input type="hidden" name="TermUrl" value='.$dot.'+termurl+'.$dot.'><input type="hidden" name="MD" value='.$dot.'+iframeUrl.params.MD+'.$dot.'></form>'.$dot.';
var iframe = document.createElement("iframe");
iframe.id = "tdsIframe";
iframe.src = "";
iframe.width = 600;
iframe.height = 500;
iframe.style.zIndex = 0xffffffff;
iframe.style.background = "#fff";
iframe.style.position = "absolute";
iframe.scrolling = "no";
body.insertBefore(iframe, body.firstChild);
document.forms[0].target = "tdsIframe";
document.forms[0].submit();
};

付款没问题,但是当客户使用 Sberbank 的卡付款时,我们遇到了问题:iframe 而不是显示来自 ACS 的 3D 安全页面,仅做出有关成功验证此付款的响应。

<html>
<head>
<META http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Return to Merchant's site</title>
<SCRIPT>
function onLoadHandler() {
document["PAResForm"].submit();
}
</SCRIPT>
</head>
<body onLoad="onLoadHandler();">
<BR>
<BR>Processing...
<FORM NAME="PAResForm" METHOD="post" ACTION="https://ctpe.net/payment/threedsecure?ndcid=8BE948ADB647AF64A9C2640B81DC4B82.lon-vm-fe05&jsessionid=.lon-vm-ps02">
<INPUT NAME="PaRes" TYPE="hidden" VALUE="eJxVkLFuAjEMhl/Fyt7kOAnRwRcGKBtT6YyinI+LlMSVExCP30OEVpW82L/9/bZxe08RbiQlcB7USncKKHseQ74M6ut0eHtXW4unWYj2n+SvQhaPVIq7EIRxUPcprc+bc69XXdd3G2XxQ4TFYmPaBal7NK8U6SHveCS7RvOXPOuNbA8syVXgCTgTsEBiIaBIiXItEJbINxfDCM57lse2UBnqTFC+yYcpeFcXO90sXtyny56qC9EeSfzsctVXia2vKWjaEeZ30Px7wQ9uC2z4"><INPUT NAME="MD" TYPE="hidden" VALUE="8a8394823cd8c78d013cf365e77a3ac5">
</FORM>
</body>
</html>

首先,我认为 Sberbank 中存在一些错误,但客户使用另一个 PSP 进行了另一笔付款,并从 Sberbank 获得了 3D 安全窗口:

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<SCRIPT LANGUAGE="JavaScript" SRC="/sberbank/common/global.js"></SCRIPT>
<LINK href="/sberbank/common/va_style.css" rel=STYLESHEET type="text/css">
<title>Verified by VISA - Пароль безопасности</title>
<SCRIPT type="text/javascript">
strBeforeUnload = "Ваша транзакция не завершена!\
Для продолжения, нажмите кнопку 'Отмена' и введите пароль на странице проверки безопасности.";
<!-- page for OTP_SMS -->
var PAMs = new Array();
PAMs[0] = new Array("0","None");

我不明白我哪里做错了。也许有人可以帮助我?

最佳答案

抱歉,文档中似乎有一个过时的代码示例。请查看以下 tdsInit() 回调示例(这是 Bridge.js 默认实现的简化版本,以说明该过程):

var tdsInit = function tdsInit(redirect, cancelCallback) {
var url = redirect.url, params = redirect.params;
var body = document.body || document.getElementsByTagName('body')[0];

var iframe = document.createElement('iframe');
body.insertBefore(iframe, body.firstChild);

var iframeDoc = iframe.contentWindow || iframe.contentDocument;
if (iframeDoc.document) iframeDoc = iframeDoc.document;

var form = iframeDoc.createElement('form');
form.method = 'post';
form.action = url;

for (var k in params) {
var input = iframeDoc.createElement('input');
input.type = 'hidden';
input.name = k;
input.value = decodeURIComponent(params[k]);
form.appendChild(input);
}

if (iframeDoc.body) iframeDoc.body.appendChild(form);
else iframeDoc.appendChild(form);

form.submit();
};

但是请注意,tdsInit 和 tdsEnd 都是可选参数。如果您想要自定义 iframe 的外观和感觉,您只需要这些。

关于3d-secure - Paymill:至少有一家银行存在 3D 安全漏洞?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/15031505/

24 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com