退款通知验证有问题 #92
Description
从官方文档可以看出,异步通知的参数中,并没有签名参数,只需要对req_info解密即可。
但是在代码中发现
`if (isset($data['sign']) && $data['sign'] && $sign === $data['sign']) {
$responseData['sign_match'] = true;
} else {
$responseData['sign_match'] = false;
}
if ($responseData['sign_match'] && isset($data['refund_status']) && $data['refund_status'] == 'SUCCESS') {
$responseData['refunded'] = true;
} else {
$responseData['refunded'] = false;
}`
$data['sign']是不存在的,所以在前面调用response的data,sign_match一定是false,refunded也是false
@lokielse 如果有空看看吧,现在我用的是1.x