From c29d63f52a3beab84e8f53217b1a45daf7ba477f Mon Sep 17 00:00:00 2001
From: serhack <27734319+serhack@users.noreply.github.com>
Date: Thu, 23 Nov 2017 14:21:33 +0100
Subject: [PATCH] Update monero_payments.php

---
 monero/include/monero_payments.php | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/monero/include/monero_payments.php b/monero/include/monero_payments.php
index c6ccd8a..b968719 100644
--- a/monero/include/monero_payments.php
+++ b/monero/include/monero_payments.php
@@ -317,10 +317,15 @@ class Monero_Gateway extends WC_Payment_Gateway
             setcookie('payment_id', $payment_id, time() + 2700);
         } else{
 		// Please fix this SQLI injection! TODO: Fix me!
-            $payment_id = sanitize_text_field($_COOKIE['payment_id']);
+            $payment_id = $this->protect_payment(sanitize_text_field($_COOKIE['payment_id']));
 	}
         return $payment_id;
     }
+	
+	public function protect_payment($payment_id){
+		                $payment_id = str_replace("'", "\n", $payment_id);
+		return $payment_id;
+	}
 
     public function changeto($amount, $currency, $payment_id)
     {