WordPress.org
Get WordPress

Plugin Directory

Changeset 1794310


Ignore:
Timestamp:
12/29/2017 05:58:01 PM (8 years ago)
Author:
spicepay1
Message:

Post filters update

File:
1 edited

Legend:

Unmodified
Added
Removed

  • spicepay/trunk/spicepay.php

    r1794215 r1794310  
    137137&& isset($_POST['receivedAmountBTC']) && isset($_POST['receivedAmountUSD'])) {
    138138       
    139        
    140         $paymentId = sanitize_text_field($_POST['paymentId']);
    141         $orderId = sanitize_text_field($_POST['orderId']);
    142         $hash = sanitize_text_field($_POST['hash']);   
    143         $clientId = sanitize_text_field($_POST['clientId']);
    144         $paymentAmountBTC = filter_var($_POST['paymentAmountBTC'],FILTER_SANITIZE_NUMBER_FLOAT);
    145         $paymentAmountUSD = filter_var($_POST['paymentAmountUSD'],FILTER_SANITIZE_NUMBER_FLOAT);
    146         $receivedAmountBTC = filter_var($_POST['receivedAmountBTC'],FILTER_SANITIZE_NUMBER_FLOAT);
    147         $receivedAmountUSD = filter_var($_POST['receivedAmountUSD'],FILTER_SANITIZE_NUMBER_FLOAT);
    148         $status = sanitize_text_field($_POST['status']);
     139   
     140        $paymentId = addslashes(filter_input(INPUT_POST, 'paymentId', FILTER_SANITIZE_STRING));
     141        $orderId = addslashes(filter_input(INPUT_POST, 'orderId', FILTER_SANITIZE_STRING));
     142        $hash = addslashes(filter_input(INPUT_POST, 'hash', FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_HIGH));   
     143        $clientId = addslashes(filter_input(INPUT_POST, 'clientId', FILTER_SANITIZE_STRING));
     144        $paymentAmountBTC = addslashes(filter_input(INPUT_POST, 'paymentAmountBTC', FILTER_SANITIZE_NUMBER_INT));
     145        $paymentAmountUSD = addslashes(filter_input(INPUT_POST, 'paymentAmountUSD', FILTER_SANITIZE_STRING));
     146        $receivedAmountBTC = addslashes(filter_input(INPUT_POST, 'receivedAmountBTC', FILTER_SANITIZE_NUMBER_INT));
     147        $receivedAmountUSD = addslashes(filter_input(INPUT_POST, 'receivedAmountUSD', FILTER_SANITIZE_STRING));
     148        $status = addslashes(filter_input(INPUT_POST, 'status', FILTER_SANITIZE_STRING));
     149       
     150        if(isset($_POST['paymentCryptoAmount']) && isset($_POST['receivedCryptoAmount'])) {
     151            $paymentCryptoAmount = addslashes(filter_input(INPUT_POST, 'paymentCryptoAmount', FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION));
     152            $receivedCryptoAmount = addslashes(filter_input(INPUT_POST, 'receivedCryptoAmount', FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION));
     153        }
     154        else {
     155            $paymentCryptoAmount = addslashes(filter_input(INPUT_POST, 'paymentAmountBTC', FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION));
     156            $receivedCryptoAmount = addslashes(filter_input(INPUT_POST, 'receivedAmountBTC', FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION));
     157        }
     158       
    149159        $secretCode = $this->secret_key;
    150160        $order = new WC_Order( $orderId );
Note: See TracChangeset for help on using the changeset viewer.