PDA

View Full Version : Quantum Gateway Full Integration



michael_s
08-30-2011, 09:01 PM
* Fixed major security hole that allowed anyone to run arbitrary SQL code by passing it as an error $_GET parameter to the payment module.

* Added optional (but highly recommended) support for secret "MD5 Hash" key that prevents your customers from submitting a query to your store that tricks your store into thinking they've paid for items in their cart.

* Show only the last 4 digits (instead of the first 4 and last 4) of credit card on the confirmation page. This seems more consistent with what every other credit card processor seems to do.

* Error messages are now passed in $_SESSION vars instead of as $_GET parameters. This avoids conflicts with security modules that clear $_GET parameters of all punctuation and other potentially dangerous characters.

* The "Name on Credit Card" field is now passed to the gateway as the name on the credit card. Previously the "Name on Credit Card" field was ignored and the billing name was passed to the gateway.

* Minor changes to text and labels. For example, payment method now shows up as "Credit Card" instead of "QuantumGateway" for your customers.

* A clear error is now shown if they enter no credit card number instead of telling them the (empty) last four digits of their credit card don't match any type of card accepted.

More... (http://addons.oscommerce.com/info/5490)