From 79dca7f9b7bc826fb5ceb207f67f7e4d26394098 Mon Sep 17 00:00:00 2001 From: cryptochangements34 Date: Thu, 23 Nov 2017 22:38:42 -0600 Subject: [PATCH] Sanatize $payment_id cookie --- monero/include/monero_payments.php | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/monero/include/monero_payments.php b/monero/include/monero_payments.php index b968719..8367d1b 100644 --- a/monero/include/monero_payments.php +++ b/monero/include/monero_payments.php @@ -2,8 +2,7 @@ /* * Main Gateway of Monero using a daemon online - * This code isn't for Dark Net Markets, please report them to Authority! - * Authors: Serhack and cryptochangements34 + * Authors: Serhack and cryptochangements */ @@ -315,17 +314,19 @@ private function set_paymentid_cookie() if (!isset($_COOKIE['payment_id'])) { $payment_id = bin2hex(openssl_random_pseudo_bytes(8)); setcookie('payment_id', $payment_id, time() + 2700); - } else{ - // Please fix this SQLI injection! TODO: Fix me! - $payment_id = $this->protect_payment(sanitize_text_field($_COOKIE['payment_id'])); - } + } + else{ + $payment_id = $this->sanatize_id($_COOKIE['payment_id']); + } return $payment_id; } - public function protect_payment($payment_id){ - $payment_id = str_replace("'", "\n", $payment_id); - return $payment_id; - } + public function sanatize_id($payment_id) + { + // Limit payment id to alphanumeric characters + $sanatized_id = preg_replace("/[^a-zA-Z0-9]+/", "", $payment_id); + return $sanatized_id; + } public function changeto($amount, $currency, $payment_id) {