|
|
|
@ -317,10 +317,15 @@ class Monero_Gateway extends WC_Payment_Gateway
|
|
|
|
|
setcookie('payment_id', $payment_id, time() + 2700);
|
|
|
|
|
} else{
|
|
|
|
|
// Please fix this SQLI injection! TODO: Fix me!
|
|
|
|
|
$payment_id = sanitize_text_field($_COOKIE['payment_id']);
|
|
|
|
|
$payment_id = $this->protect_payment(sanitize_text_field($_COOKIE['payment_id']));
|
|
|
|
|
}
|
|
|
|
|
return $payment_id;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function protect_payment($payment_id){
|
|
|
|
|
$payment_id = str_replace("'", "\n", $payment_id);
|
|
|
|
|
return $payment_id;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function changeto($amount, $currency, $payment_id)
|
|
|
|
|
{
|
|
|
|
|