Update monero_payments.php

7 years ago · c29d63f52a
parent 9fcf1cb1de
commit c29d63f52a
1 changed files with 6 additions and 1 deletions
--- a/monero/include/monero_payments.php
+++ b/monero/include/monero_payments.php
@ -317,10 +317,15 @@ class Monero_Gateway extends WC_Payment_Gateway
            setcookie('payment_id', $payment_id, time() + 2700);
        } else{
 		// Please fix this SQLI injection! TODO: Fix me!
-            $payment_id = sanitize_text_field($_COOKIE['payment_id']);
+            $payment_id = $this->protect_payment(sanitize_text_field($_COOKIE['payment_id']));
 	}
        return $payment_id;
    }
+	
+	public function protect_payment($payment_id){
+		                $payment_id = str_replace("'", "\n", $payment_id);
+		return $payment_id;
+	}

    public function changeto($amount, $currency, $payment_id)
    {