From 8ea01a69083682f99a8ed9f358bd17068e408eca Mon Sep 17 00:00:00 2001
From: Alpha Kane <betaxab@gmail.com>
Date: Mon, 10 Jan 2022 16:37:33 +0800
Subject: [PATCH] Pay Controller: Do not leak the content of the product

---
 app/Http/Controllers/Pay/AlipayController.php  | 2 +-
 app/Http/Controllers/Pay/PaysapiController.php | 2 +-
 app/Http/Controllers/Pay/StripeController.php  | 0
 app/Http/Controllers/Pay/WepayController.php   | 2 +-
 app/Http/Controllers/Pay/YipayController.php   | 2 +-
 5 files changed, 4 insertions(+), 4 deletions(-)
 mode change 100755 => 100644 app/Http/Controllers/Pay/StripeController.php

diff --git a/app/Http/Controllers/Pay/AlipayController.php b/app/Http/Controllers/Pay/AlipayController.php
index e54e509b..a50ad9ec 100644
--- a/app/Http/Controllers/Pay/AlipayController.php
+++ b/app/Http/Controllers/Pay/AlipayController.php
@@ -35,7 +35,7 @@ public function gateway(string $payway, string $orderSN)
             $order = [
                 'out_trade_no' => $this->order->order_sn,
                 'total_amount' => (float)$this->order->actual_price,
-                'subject' => $this->order->title
+                'subject' => $this->order->order_sn
             ];
             switch ($payway){
                 case 'zfbf2f':
diff --git a/app/Http/Controllers/Pay/PaysapiController.php b/app/Http/Controllers/Pay/PaysapiController.php
index 77f0090f..5c4b51d9 100644
--- a/app/Http/Controllers/Pay/PaysapiController.php
+++ b/app/Http/Controllers/Pay/PaysapiController.php
@@ -21,7 +21,7 @@ public function gateway(string $payway, string $orderSN)
             $orderuid = $this->order->email;       //此处传入您网站用户的用户名，方便在paysapi后台查看是谁付的款，强烈建议加上。可忽略。
             //校验传入的表单，确保价格为正常价格（整数，1位小数，2位小数都可以），支付渠道只能是1或者2，orderuid长度不要超过33个中英文字。
             //此处就在您服务器生成新订单，并把创建的订单号传入到下面的orderid中。
-            $goodsname = $this->order->title;
+            $goodsname = $this->order->order_sn;
             $orderid = $this->order->order_sn;    //每次有任何参数变化，订单号就变一个吧。
             $uid = $this->payGateway->merchant_id; //"此处填写PaysApi的uid";
             $token = $this->payGateway->merchant_pem; //"此处填写PaysApi的Token";
diff --git a/app/Http/Controllers/Pay/StripeController.php b/app/Http/Controllers/Pay/StripeController.php
old mode 100755
new mode 100644
diff --git a/app/Http/Controllers/Pay/WepayController.php b/app/Http/Controllers/Pay/WepayController.php
index 323a2244..124e8c3d 100644
--- a/app/Http/Controllers/Pay/WepayController.php
+++ b/app/Http/Controllers/Pay/WepayController.php
@@ -28,7 +28,7 @@ public function gateway(string $payway, string $orderSN)
             $order = [
                 'out_trade_no' => $this->order->order_sn,
                 'total_fee' => bcmul($this->order->actual_price, 100, 0),
-                'body' => $this->order->title
+                'body' => $this->order->order_sn
             ];
             switch ($payway){
                 case 'wescan':
diff --git a/app/Http/Controllers/Pay/YipayController.php b/app/Http/Controllers/Pay/YipayController.php
index 840e5197..61eddcb0 100644
--- a/app/Http/Controllers/Pay/YipayController.php
+++ b/app/Http/Controllers/Pay/YipayController.php
@@ -20,7 +20,7 @@ public function gateway(string $payway, string $orderSN)
                 'out_trade_no' => $this->order->order_sn,
                 'return_url' => url('detail-order-sn', ['orderSN' => $this->order->order_sn]),
                 'notify_url' => url($this->payGateway->pay_handleroute . '/notify_url'),
-                'name'   => $this->order->title,
+                'name'   => $this->order->order_sn,
                 'money'  => (float)$this->order->actual_price,
                 'sign' => $this->payGateway->merchant_pem,
                 'sign_type' =>'MD5'