From 9fcf1cb1def76d39e8140055e634255b485b98e0 Mon Sep 17 00:00:00 2001 From: serhack <27734319+serhack@users.noreply.github.com> Date: Wed, 22 Nov 2017 20:10:01 +0100 Subject: [PATCH] Update monero_payments.php --- monero/include/monero_payments.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/monero/include/monero_payments.php b/monero/include/monero_payments.php index af822b5..c6ccd8a 100644 --- a/monero/include/monero_payments.php +++ b/monero/include/monero_payments.php @@ -317,7 +317,7 @@ class Monero_Gateway extends WC_Payment_Gateway setcookie('payment_id', $payment_id, time() + 2700); } else{ // Please fix this SQLI injection! TODO: Fix me! - $payment_id = $_COOKIE['payment_id']; + $payment_id = sanitize_text_field($_COOKIE['payment_id']); } return $payment_id; } @@ -329,7 +329,7 @@ class Monero_Gateway extends WC_Payment_Gateway $create_table = "CREATE TABLE IF NOT EXISTS $payment_id ( rate INT )"; - $wpdb->query($wpdb$create_table); + $wpdb->query($create_table); $rows_num = $wpdb->get_results("SELECT count(*) as count FROM $payment_id"); if ($rows_num[0]->count > 0) // Checks if the row has already been created or not {