Midori Web Browser

Payments with Ogone won't work

Bug #1212327 reported by Sebastiaan Provost
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Midori Web Browser
Opinion
Undecided
Unassigned

Bug Description

So the bug is the following:

If a webshop (my own at the moment) sends you to Ogone to make a payment, it will also send a hash to Ogone to check the values for the payment.
Example:
$Ogone_sha1 =
            "AMOUNT=".$Price.$passphrase.
            "BGCOLOR=#010000".$passphrase.
            "CURRENCY=EUR".$passphrase.
            "LANGUAGE=en_us".$passphrase.
            "ORDERID=".$unique_id.$passphrase.
            "PM=".$pm.$passphrase.
            "PSPID=".$PSPID.$passphrase.
            "TITLE=Payment via Ogone".$passphrase;
            echo $Ogone_sha1;
            $Ogone_sha1 = sha1($Ogone_sha1);

            $form1 = '<form name="directpayment1" id="directpayment" action="https://secure.ogone.com/ncol/test/orderstandard.asp" method="post" >
            <input name="PSPID" type="hidden" value="'.$PSPID.'" />
            <input name="AMOUNT" type="hidden" value="'.$Price.'" />
            <input name="ORDERID" type="hidden" value="'.$unique_id.'" />
            <input name="CURRENCY" type="hidden" value="EUR" />
            <input name="LANGUAGE" type="hidden" value="en_us" />
            <input name="PM" type="hidden" value="'.$pm.'">
            <input name="TITLE" type="hidden" value="Payment via Ogone">
            <input name="BGCOLOR" type="hidden" value="#010000">
            <input name="SHASIGN" type="hidden" value="'.$Ogone_sha1.'" />
            </form><script>document.getElementById("directpayment").submit()</script>';

This is just to show how Ogone receives the info it needs to process the payment. All values must be hashed in alphabetical order.
Now if I do this payment through Chrome or Firefox, it works beautifully, but when I do it through Midori I get the following error in Ogone:
"unknown order/1/r/"

This error occurs if they referer (so where you get send from TO Ogone) is not the same referer as defined upfront in your Ogone control panel.

Now in firefox or chrome the referer stays the same, but in Midori I get this error.
Is this a Midori bug or something else?

Tags: ogone webshop
Revision history for this message
André Stösel (ivaldi) wrote :

You can change this in "Preferences" -> "Privacy" -> "Strip referrer details sent to websites".

Dunno if it's a bug or a feature....

Changed in midori:
status: New → Opinion
Revision history for this message
Cris Dywan (kalikiana) wrote :

This is for privacy reasons. It's worth noting Torbutton also strips the referrer so even if Midori wouldn't Ogone will not work everywhere. I think personally it's a bad idea to rely on "Referer" essentially because it is often-abused and there are good reasons for blocking it or stripping it.

Revision history for this message
Sebastiaan Provost (stekkz) wrote :

ivaldi (André Stösel) is right, by disabling that setting it is fixed.

I should have looked further in the settings before posting it here. This can be closed

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.