search

w7corp / easywechat

📦 一个 PHP 微信 SDK
https://easywechat.com
MIT License
10.29k stars 2.4k forks source link

6.0-dev 生成createV2Signature签名没有及时移除signType导致签名错误 #2721

Closed exvu closed 1 year ago

exvu commented 1 year ago

我用的环境

生成createV2Signature签名没有及时移除signType导致签名错误

public function createV2Signature(array $params): string
    {
        $method = 'md5';
        $secretKey = $this->merchant->getV2SecretKey();

        if (empty($secretKey)) {
            throw new InvalidConfigException('Missing v2 secret key.');
        }

        if ('HMAC-SHA256' === $params['signType']) {
            $method = function ($str) use ($secretKey) {
                return hash_hmac('sha256', $str, $secretKey);
            };
        }
#源码没有这行 ,应该移除参数
        unset($params['signType']);

        ksort($params);

        $params['key'] = $secretKey;
        // @phpstan-ignore-next-line
        return strtoupper((string) call_user_func_array($method, [urldecode(http_build_query($params))]));
    }
overtrue commented 1 year ago

感谢反馈!