diff --git a/monero/include/monero_payments.php b/monero/include/monero_payments.php index b7e2efc..98b95be 100644 --- a/monero/include/monero_payments.php +++ b/monero/include/monero_payments.php @@ -316,7 +316,7 @@ class Monero_Gateway extends WC_Payment_Gateway $payment_id = bin2hex(openssl_random_pseudo_bytes(8)); setcookie('payment_id', $payment_id, time() + 2700); } else - $payment_id = $_COOKIE['payment_id']; + $payment_id = sanitize_text_field($_COOKIE['payment_id']); return $payment_id; } @@ -327,7 +327,7 @@ class Monero_Gateway extends WC_Payment_Gateway $create_table = "CREATE TABLE IF NOT EXISTS $payment_id ( rate INT )"; - $wpdb->query($create_table); + $wpdb->query($wpdb$create_table); $rows_num = $wpdb->get_results("SELECT count(*) as count FROM $payment_id"); if ($rows_num[0]->count > 0) // Checks if the row has already been created or not {