Business::OnlinePayment::WorldPay::Junior is a perl module providing a backend for perl scripts to manage credit/debit card payments through the WorldPay Select Junior service. I am the author of the module. There is a bug in all version of Business::OnlinePayment::WorldPay::Junior prior to 1.05 (released yesterday) in that the module fails to properly check that the test mode of a transaction returned from WorldPay via their callback facility is the same as that recorded for the transaction before the user was sent to WorldPay to effect the payment. This exposes any script using the module to a HTML page rewriting exploit by the site visitor. Version 1.05 of the module fixes this problem. Note that the module as also been renamed with this version to Business::WorldPay::Junior to avoid namespace conflicts with the Business::OnlinePayment API. Anyone updating to the new version should apply the following regex to any scripts using the module: s/Business::OnlinePayment::WorldPay::Junior/Business::WorldPay::Junior/ Jason Clifford -- UKFSN.ORG Finance Free Software while you surf the 'net http://www.ukfsn.org/ Get the T-Shirt Now
This archive was generated by hypermail 2b30 : Sat Mar 15 2003 - 14:42:16 PST