eboutic: check basket amount upon command validation

2025-07-11 04:19:25 +00:00 · 2019-03-15 01:48:42 +01:00
parent d56990b91f
commit 03eeffdea0
2 changed files with 46 additions and 2 deletions
--- a/eboutic/views.py
+++ b/eboutic/views.py
@ -271,6 +271,10 @@ class EtransactionAutoAnswer(View):
                    )
                    if b is None:
                        raise SuspiciousOperation("Basket does not exists")
+                    if int(b.get_total() * 100) != int(request.GET["Amount"]):
+                        raise SuspiciousOperation(
+                            "Basket total and amount do not match"
+                        )
                    i = Invoice()
                    i.user = b.user
                    i.payment_method = "CARD"