MDL-7536 add proper slashing to data from paypal callback

author skodak <skodak>

Tue, 14 Nov 2006 21:12:17 +0000 (21:12 +0000)

committer skodak <skodak>

Tue, 14 Nov 2006 21:12:17 +0000 (21:12 +0000)
author skodak <skodak>
Tue, 14 Nov 2006 21:12:17 +0000 (21:12 +0000)
committer skodak <skodak>
Tue, 14 Nov 2006 21:12:17 +0000 (21:12 +0000)
diff --git a/enrol/paypal/ipn.php b/enrol/paypal/ipn.php

index 6cde62a6df90b2c75f7a6672e850fc470c1c78b8..4f4ebd6111913db264426be3503a7ca8e6f531e1 100644 (file)
--- a/enrol/paypal/ipn.php
+++ b/enrol/paypal/ipn.php
@@ -118,7 +118,7 @@
  
  
  
-            if ($existing = get_record("enrol_paypal", "txn_id", $data->txn_id)) {   // Make sure this transaction doesn't exist already
+            if ($existing = get_record("enrol_paypal", "txn_id", addslashes($data->txn_id))) {   // Make sure this transaction doesn't exist already
                  email_paypal_error_to_admin("Transaction $data->txn_id is being repeated!", $data);
                  die;
  
@@ -156,7 +156,7 @@
  
              // ALL CLEAR !
  
-            if (!insert_record("enrol_paypal", $data)) {       // Insert a transaction record
+            if (!insert_record("enrol_paypal", addslashes_object($data))) {       // Insert a transaction record
                  email_paypal_error_to_admin("Error while trying to insert valid transaction", $data);
              }
  
@@ -194,7 +194,7 @@
  
  
          } else if (strcmp ($result, "INVALID") == 0) { // ERROR
-            insert_record("enrol_paypal", $data, false);
+            insert_record("enrol_paypal", addslashes_object($data), false);
              email_paypal_error_to_admin("Received an invalid payment notification!! (Fake payment?)", $data);
          }
      }
author	skodak <skodak>
	Tue, 14 Nov 2006 21:12:17 +0000 (21:12 +0000)
committer	skodak <skodak>
	Tue, 14 Nov 2006 21:12:17 +0000 (21:12 +0000)