redsys.rb in activemerchant-1.87.0

- old
+ new

@@ -430,11 +430,11 @@
       end
 
       def validate_signature(data)
         if sha256_authentication?
           sig = Base64.strict_encode64(mac256(get_key(data[:ds_order].to_s), xml_signed_fields(data)))
-          sig.upcase == data[:ds_signature].to_s.upcase
+          sig.casecmp(data[:ds_signature].to_s).zero?
         else
           str = data[:ds_amount] +
             data[:ds_order].to_s +
             data[:ds_merchantcode] +
             data[:ds_currency] +
@@ -521,10 +521,10 @@
 
         if data[:ds_cardnumber]
           xml_signed_fields += data[:ds_cardnumber]
         end
 
-        xml_signed_fields += data[:ds_transactiontype] + data[:ds_securepayment]
+        xml_signed_fields + data[:ds_transactiontype] + data[:ds_securepayment]
       end
 
       def get_key(order_id)
         encrypt(@options[:secret_key], order_id)
       end