Permalink
Browse files

Prevent SQL injetion with eWay + Gold Cart + theme engine v2.0. Likel…

…y zero users in this configuration, but better safe than sorry.
  • Loading branch information...
JustinSainton committed Nov 11, 2016
1 parent 5735992 commit 1ea8329a5617c8181490c3fad102cc81d75eb0d4
Showing with 1 addition and 2 deletions.
  1. +1 −2 wpsc-components/theme-engine-v2/helpers/checkout-results.php
@@ -97,8 +97,7 @@ function wpsc_transaction_theme() {
case 'wpsc_merchant_paymentexpress' :
// Payment Express sends back there own session id, which is temporarily stored in the Auth field
// so just swapping that over here
$query = "SELECT `sessionid` FROM `" .WPSC_TABLE_PURCHASE_LOGS. "` WHERE `authcode` ='" . $sessionid . "'";
$result = $wpdb->get_var($query);
$result = $wpdb->get_var( $wpdb->prepare( "SELECT `sessionid` FROM `" .WPSC_TABLE_PURCHASE_LOGS. "` WHERE `authcode` = %s", $sessionid ) );
if($result != null){
// just in case they are using an older version old gold cart (pre 2.9.5)
$sessionid = $result;

0 comments on commit 1ea8329

Please sign in to comment.