【类 型】:fix
【主 题】:支付接口 检查前端提交数据 【描 述】: [原因]:支付前 从后端取数据检测 提高安全性 [过程]: [影响]: 【结 束】 # 类型 包含: # feat:新功能(feature) # fix:修补bug # docs:文档(documentation) # style: 格式(不影响代码运行的变动) # refactor:重构(即不是新增功能,也不是修改bug的代码变动) # test:增加测试 # chore:构建过程或辅助工具的变动
This commit is contained in:
tk
parent
c6e2c03617
commit
e561fae860
@ -53,8 +53,26 @@ class PayController extends PublicController
|
|||||||
|
|
||||||
//获取订单信息
|
//获取订单信息
|
||||||
$where['order_sn'] = $_REQUEST['order_sn'];
|
$where['order_sn'] = $_REQUEST['order_sn'];
|
||||||
|
$field = array('order_sn,shop_id,total_price,total_weight,openid');
|
||||||
|
$orderDb = D('order');
|
||||||
|
if ($order = $orderDb->where($where)->field($field)->find()) {
|
||||||
|
echo json_encode(array('status' => 0, 'msg' => '订单不存在'));
|
||||||
|
exit();
|
||||||
|
}
|
||||||
|
//订单检查
|
||||||
|
$whereShop['shop_id'] = $order['shop_id'];
|
||||||
|
$fieldShop = array('price_min', 'weight_max');
|
||||||
|
$shopDb = D('shop');
|
||||||
|
if ($shop = $shopDb->where($whereShop)->field($fieldShop)->find()) {
|
||||||
|
echo json_encode(array('status' => 0, 'msg' => '商铺不存在'));
|
||||||
|
exit();
|
||||||
|
}
|
||||||
|
if ($order['openid'] != $this->openid || (float)$order['total_price'] < (float)$shop['price_min'] || $order['total_weight'] > $shop['weight_max']) {
|
||||||
|
echo json_encode(array('status' => 0, 'msg' => '提交信息异常'));
|
||||||
|
exit();
|
||||||
|
}
|
||||||
|
|
||||||
$orderDb = D('order');
|
$orderDb = D('order');
|
||||||
$order = $orderDb->where($where)->find();
|
|
||||||
//设置获取签名的订单参数
|
//设置获取签名的订单参数
|
||||||
$orderParameter = [
|
$orderParameter = [
|
||||||
'out_trade_no' => $order['order_sn'],
|
'out_trade_no' => $order['order_sn'],
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user