From: skodak <skodak>
Date: Tue, 14 Nov 2006 21:12:17 +0000 (+0000)
Subject: MDL-7536 add proper slashing to data from paypal callback
X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=919da6579c593c01e41d217d7c895bb2a45251bf;p=moodle.git

MDL-7536 add proper slashing to data from paypal callback
---

diff --git a/enrol/paypal/ipn.php b/enrol/paypal/ipn.php
index 6cde62a6df..4f4ebd6111 100644
--- a/enrol/paypal/ipn.php
+++ b/enrol/paypal/ipn.php
@@ -118,7 +118,7 @@
 
 
 
-            if ($existing = get_record("enrol_paypal", "txn_id", $data->txn_id)) {   // Make sure this transaction doesn't exist already
+            if ($existing = get_record("enrol_paypal", "txn_id", addslashes($data->txn_id))) {   // Make sure this transaction doesn't exist already
                 email_paypal_error_to_admin("Transaction $data->txn_id is being repeated!", $data);
                 die;
 
@@ -156,7 +156,7 @@
 
             // ALL CLEAR !
 
-            if (!insert_record("enrol_paypal", $data)) {       // Insert a transaction record
+            if (!insert_record("enrol_paypal", addslashes_object($data))) {       // Insert a transaction record
                 email_paypal_error_to_admin("Error while trying to insert valid transaction", $data);
             }
 
@@ -194,7 +194,7 @@
 
 
         } else if (strcmp ($result, "INVALID") == 0) { // ERROR
-            insert_record("enrol_paypal", $data, false);
+            insert_record("enrol_paypal", addslashes_object($data), false);
             email_paypal_error_to_admin("Received an invalid payment notification!! (Fake payment?)", $data);
         }
     }