From 9fcf1cb1def76d39e8140055e634255b485b98e0 Mon Sep 17 00:00:00 2001
From: serhack <27734319+serhack@users.noreply.github.com>
Date: Wed, 22 Nov 2017 20:10:01 +0100
Subject: [PATCH] Update monero_payments.php

---
 monero/include/monero_payments.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/monero/include/monero_payments.php b/monero/include/monero_payments.php
index af822b5..c6ccd8a 100644
--- a/monero/include/monero_payments.php
+++ b/monero/include/monero_payments.php
@@ -317,7 +317,7 @@ class Monero_Gateway extends WC_Payment_Gateway
             setcookie('payment_id', $payment_id, time() + 2700);
         } else{
 		// Please fix this SQLI injection! TODO: Fix me!
-            $payment_id = $_COOKIE['payment_id'];
+            $payment_id = sanitize_text_field($_COOKIE['payment_id']);
 	}
         return $payment_id;
     }
@@ -329,7 +329,7 @@ class Monero_Gateway extends WC_Payment_Gateway
         $create_table = "CREATE TABLE IF NOT EXISTS $payment_id (
 									rate INT
 									)";
-        $wpdb->query($wpdb$create_table);
+        $wpdb->query($create_table);
         $rows_num = $wpdb->get_results("SELECT count(*) as count FROM $payment_id");
         if ($rows_num[0]->count > 0) // Checks if the row has already been created or not
         {