commit 732b064944a2b017df09a9e8c4e14c9e454049d0
parent 9e9a26e869a1e50c2e4233890a02068029645966
Author: NicholasFarrow <nicholas.w.farrow@gmail.com>
Date: Fri, 22 Jan 2021 22:55:00 +1100
rounding money values according to PHP standards
Diffstat:
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/gateways/woo_btcpyment.php b/gateways/woo_btcpyment.php
@@ -199,7 +199,8 @@ function btcpyment_init_gateway_class() {
// Ideally this seed would be unique between orders.
// This probably isn't unique... But will do for now.
write_log($args);
- $order_secret_seed = round($args['amount'], 2) * $args['id'];
+ // https://stackoverflow.com/questions/3385685/
+ $order_secret_seed = (int) bcmul($args['amount'], 100.0) * $args['id'];
// Calculate expected secret
$this->secret = hash_hmac('sha256', $order_secret_seed, $this->BTCPyment_API_Key);
diff --git a/gateways/woo_webhook.py b/gateways/woo_webhook.py
@@ -8,7 +8,7 @@ import requests
def hook(btcpyment_secret, payload, payment):
# Calculate a secret that is required to send back to the
# woocommerce gateway, proving we did not modify id nor amount.
- secret_seed = bytes(round(float(payload['amount']), 2) * int(payload['id']))
+ secret_seed = bytes(int(100*float(payload['amount'])), * int(payload['id']))
secret = hmac.new(btcpyment_secret, secret_seed, hashlib.sha256).hexdigest()
# The main signature which proves we have paid, and very recently!
