Updated Stripe4Mal Software Package

Greetings,

After hearing back from the folks at Stripe (with some valid minor concerns — mainly concerns from Mal’s E-commerce’s perspective) I have made a few minor modifications to the Stripe4Mal package.  While the issues addressed are ones that are likely to not to see any great exploitative use, as a white hat security guy, I can’t help but to take such advisement to heart.

Download the updated Stripe4Mal package (same URL as the previous release)…

Here’s what’s changed:

  • Validate length of the CC passed through the script and validate that it is, in fact, a numeric value.
  • Validate length and numeric-ness of the expiry year and month passed through the script.
  • Validate that the purchase amount the script receives is in the proper format for Stripe to process, including verifying that it is a wholly-integer value, and is a positive number.

There is a possibility that another update will be released soon, I am waiting for a bit more review from the staffers at Stripe, though the need for such another update is yet to be determined.

Happy Selling!
–Quinn

Leave a Reply

You must be logged in to post a comment.