Update monero_payments.php

This commit is contained in:
serhack 2017-11-23 14:21:33 +01:00 committed by GitHub
parent 9fcf1cb1de
commit c29d63f52a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -317,11 +317,16 @@ class Monero_Gateway extends WC_Payment_Gateway
setcookie('payment_id', $payment_id, time() + 2700); setcookie('payment_id', $payment_id, time() + 2700);
} else{ } else{
// Please fix this SQLI injection! TODO: Fix me! // Please fix this SQLI injection! TODO: Fix me!
$payment_id = sanitize_text_field($_COOKIE['payment_id']); $payment_id = $this->protect_payment(sanitize_text_field($_COOKIE['payment_id']));
} }
return $payment_id; return $payment_id;
} }
public function protect_payment($payment_id){
$payment_id = str_replace("'", "\n", $payment_id);
return $payment_id;
}
public function changeto($amount, $currency, $payment_id) public function changeto($amount, $currency, $payment_id)
{ {
global $wpdb; global $wpdb;