From 8c164db2f9a3b9f784654464fad934048dd34fd3 Mon Sep 17 00:00:00 2001
From: hystepik <lucas.marcouiller@gmail.com>
Date: Wed, 22 Mar 2023 10:31:55 +0100
Subject: [PATCH] fix CI

---
 htdocs/public/stripe/ipn.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/htdocs/public/stripe/ipn.php b/htdocs/public/stripe/ipn.php
index 6cb44dba352..3788bfd0585 100644
--- a/htdocs/public/stripe/ipn.php
+++ b/htdocs/public/stripe/ipn.php
@@ -387,8 +387,8 @@ if ($event->type == 'payout.created') {
 
 		$ispaymentdone = 0;
 		$sql = "SELECT p.id FROM llx_paiement as p";
-		$sql .= " WHERE p.ext_payment_id = '".$paiement->ext_payment_id."'";
-		$sql .= " AND p.ext_payment_site = '".$paiement->ext_payment_site."'";
+		$sql .= " WHERE p.ext_payment_id = '".$db->escape($paiement->ext_payment_id)."'";
+		$sql .= " AND p.ext_payment_site = '".$db->escape($paiement->ext_payment_site)."'";
 		$result = $db->query($sql);
 		if ($result) {
 			if ($db->num_rows($result)) {
@@ -415,8 +415,8 @@ if ($event->type == 'payout.created') {
 		if (!$error && isModEnabled('banque')) {
 			$ispaymentdone = 0;
 			$sql = "SELECT p.id, p.fk_bank FROM llx_paiement as p";
-			$sql .= " WHERE p.ext_payment_id = '".$paiement->ext_payment_id."'";
-			$sql .= " AND p.ext_payment_site = '".$paiement->ext_payment_site."'";
+			$sql .= " WHERE p.ext_payment_id = '".$db->escape($paiement->ext_payment_id)."'";
+			$sql .= " AND p.ext_payment_site = '".$db->escape($paiement->ext_payment_site)."'";
 			$sql .= " AND p.fk_bank <> '0'";
 			$result = $db->query($sql);
 			if ($result) {