mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-04-13 20:42:22 +02:00
Code Issues Projects Releases Wiki Activity

MDL-61392 enrol_paypal: Improve IPN input parameters checking

Browse Source
This commit is contained in:
David Mudrák 2018-02-15 12:50:46 +01:00 committed by Andrew Nicols
parent 39a5fbeb01
commit d12cdcbd7d
1 changed files with 16 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
enrol/paypal/ipn.php
View File

@ -65,11 +65,27 @@ $req = 'cmd=_notify-validate';
$data = new stdClass();
foreach ($_POST as $key => $value) {
if ($key !== clean_param($key, PARAM_ALPHANUMEXT)) {
throw new moodle_exception('invalidrequest', 'core_error', '', null, $key);
}
if (is_array($value)) {
throw new moodle_exception('invalidrequest', 'core_error', '', null, 'Unexpected array param: '.$key);
}
$req .= "&$key=".urlencode($value);
$data->$key = fix_utf8($value);
}
if (empty($data->custom)) {
throw new moodle_exception('invalidrequest', 'core_error', '', null, 'Missing request param: custom');
}
$custom = explode('-', $data->custom);
unset($data->custom);
if (empty($custom) || count($custom) < 3) {
throw new moodle_exception('invalidrequest', 'core_error', '', null, 'Invalid value of the request param: custom');
}
$data->userid = (int)$custom[0];
$data->courseid = (int)$custom[1];
$data->instanceid = (int)$custom[2];