From 94c360e041aa4c86c93596213ace205788c6953b Mon Sep 17 00:00:00 2001
From: Sam Bohler <sam@bitpay.com>
Date: Fri, 10 Oct 2014 17:12:36 -0400
Subject: [PATCH] Security Patch

---
 bitpay/bp_lib.php | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/bitpay/bp_lib.php b/bitpay/bp_lib.php
index 2cfcc40..dee7491 100644
--- a/bitpay/bp_lib.php
+++ b/bitpay/bp_lib.php
@@ -126,7 +126,12 @@ function bpVerifyNotification($apiKey = false) {
 		return array('error' => 'authentication failed (bad hash)');
 	$json['posData'] = $posData['posData'];
 		
-	return $json;
+	if (!array_key_exists('id', $json))
+        {
+            return 'Cannot find invoice ID';
+        }
+
+        return bpGetInvoice($json['id'], $apiKey);
 }
 
 // $options can include ('apiKey')
@@ -140,7 +145,10 @@ function bpGetInvoice($invoiceId, $apiKey=false) {
 		return array('error' => $response); 
 	//decode posData
 	$response['posData'] = json_decode($response['posData'], true);
-	$response['posData'] = $response['posData']['posData'];
+	if($bpOptions['verifyPos'])
+        {
+            $response['posData'] = $response['posData']['posData'];
+        }
 
 	return $response;	
 }