if (!tep_session_is_registered('cartID')) {
tep_session_register('cartID');
}
$cartID = $cart->cartID;
$params = array('USER' => tep_not_null(MODULE_PAYMENT_PAYPAL_UK_EXPRESS_USERNAME) ? MODULE_PAYMENT_PAYPAL_UK_EXPRESS_USERNAME : MODULE_PAYMENT_PAYPAL_UK_EXPRESS_VENDOR, 'VENDOR' => MODULE_PAYMENT_PAYPAL_UK_EXPRESS_VENDOR, 'PARTNER' => MODULE_PAYMENT_PAYPAL_UK_EXPRESS_PARTNER, 'PWD' => MODULE_PAYMENT_PAYPAL_UK_EXPRESS_PASSWORD, 'TENDER' => 'P', 'TRXTYPE' => MODULE_PAYMENT_PAYPAL_UK_EXPRESS_TRANSACTION_METHOD == 'Sale' ? 'S' : 'A');
switch ($_GET['osC_Action']) {
case 'retrieve':
$params['ACTION'] = 'G';
$params['TOKEN'] = $_GET['token'];
$post_string = '';
foreach ($params as $key => $value) {
$post_string .= $key . '[' . strlen(trim($value)) . ']=' . trim($value) . '&';
}
$post_string = substr($post_string, 0, -1);
/* MF - Added string termination to line below */
$response = $paypal_uk_express->sendTransactionToGateway($api_url, $post_string, array('X-VPS-REQUE$Id$'));
$response_array = array();
parse_str($response, $response_array);
if ($response_array['RESULT'] == '0') {
include DIR_WS_CLASSES . 'order.php';
if ($cart->get_content_type() != 'virtual') {
$country_iso_code_2 = tep_db_prepare_input($response_array['SHIPTOCOUNTRY']);
$zone_code = tep_db_prepare_input($response_array['SHIPTOSTATE']);
$country_query = tep_db_query("select countries_id, countries_name, countries_iso_code_2, countries_iso_code_3, address_format_id from " . TABLE_COUNTRIES . " where countries_iso_code_2 = '" . tep_db_input($country_iso_code_2) . "'");
$country = tep_db_fetch_array($country_query);
$zone_name = $response_array['SHIPTOSTATE'];
$zone_id = 0;
$zone_query = tep_db_query("select zone_id, zone_name from " . TABLE_ZONES . " where zone_country_id = '" . (int) $country['countries_id'] . "' and zone_code = '" . tep_db_input($zone_code) . "'");
if (tep_db_num_rows($zone_query)) {
$zone = tep_db_fetch_array($zone_query);
$zone_name = $zone['zone_name'];
// against alterations in the shopping cart contents
if (!tep_session_is_registered('cartID')) {
tep_session_register('cartID');
}
$cartID = $cart->cartID;
$params = array('USER' => tep_not_null(MODULE_PAYMENT_PAYPAL_UK_EXPRESS_USERNAME) ? MODULE_PAYMENT_PAYPAL_UK_EXPRESS_USERNAME : MODULE_PAYMENT_PAYPAL_UK_EXPRESS_VENDOR, 'VENDOR' => MODULE_PAYMENT_PAYPAL_UK_EXPRESS_VENDOR, 'PARTNER' => MODULE_PAYMENT_PAYPAL_UK_EXPRESS_PARTNER, 'PWD' => MODULE_PAYMENT_PAYPAL_UK_EXPRESS_PASSWORD, 'TENDER' => 'P', 'TRXTYPE' => MODULE_PAYMENT_PAYPAL_UK_EXPRESS_TRANSACTION_METHOD == 'Sale' ? 'S' : 'A');
switch ($HTTP_GET_VARS['osC_Action']) {
case 'retrieve':
$params['ACTION'] = 'G';
$params['TOKEN'] = $HTTP_GET_VARS['token'];
$post_string = '';
foreach ($params as $key => $value) {
$post_string .= $key . '[' . strlen(trim($value)) . ']=' . trim($value) . '&';
}
$post_string = substr($post_string, 0, -1);
$response = $paypal_uk_express->sendTransactionToGateway($api_url, $post_string, array('X-VPS-REQUEST-ID: ' . md5($cartID . tep_session_id() . rand())));
$response_array = array();
parse_str($response, $response_array);
if ($response_array['RESULT'] == '0') {
include DIR_WS_CLASSES . 'order.php';
if ($cart->get_content_type() != 'virtual') {
$country_iso_code_2 = tep_db_prepare_input($response_array['SHIPTOCOUNTRY']);
$zone_code = tep_db_prepare_input($response_array['SHIPTOSTATE']);
$country_query = tep_db_query("select countries_id, countries_name, countries_iso_code_2, countries_iso_code_3, address_format_id from " . TABLE_COUNTRIES . " where countries_iso_code_2 = '" . tep_db_input($country_iso_code_2) . "'");
$country = tep_db_fetch_array($country_query);
$zone_name = $response_array['SHIPTOSTATE'];
$zone_id = 0;
$zone_query = tep_db_query("select zone_id, zone_name from " . TABLE_ZONES . " where zone_country_id = '" . (int) $country['countries_id'] . "' and zone_code = '" . tep_db_input($zone_code) . "'");
if (tep_db_num_rows($zone_query)) {
$zone = tep_db_fetch_array($zone_query);
$zone_name = $zone['zone_name'];