From 8e2bc388b3048daff4d0c9ce12e86e6c97fdf745 Mon Sep 17 00:00:00 2001
From: Devdutta Bain <devdutta.bain@gmail.com>
Date: Wed, 26 Feb 2020 14:00:48 +0530
Subject: [PATCH] verifying checksum only with posted inputs.

Changing from `request->all()` to `request->post(`)  for verifying only posted input. In some cases callback URL may have some user defined parameters. in that case it wont be showing invalid checksum.
---
 src/Providers/PaytmWalletProvider.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Providers/PaytmWalletProvider.php b/src/Providers/PaytmWalletProvider.php
index adb0377..ffd4650 100644
--- a/src/Providers/PaytmWalletProvider.php
+++ b/src/Providers/PaytmWalletProvider.php
@@ -45,8 +45,8 @@ public function __construct(Request $request, $config){
 
 	public function response(){
 		$checksum = $this->request->get('CHECKSUMHASH');
-		if(verifychecksum_e($this->request->all(), $this->merchant_key, $checksum) == "TRUE"){
-		    return $this->response = $this->request->all();
+		if(verifychecksum_e($this->request->post(), $this->merchant_key, $checksum) == "TRUE"){
+		    return $this->response = $this->request->post();
 		}
         	throw new \Exception('Invalid checksum');
 	}