diff --git a/htdocs/paybox/lib/paybox.lib.php b/htdocs/paybox/lib/paybox.lib.php index 0e003f38d71..2a90ed791a9 100755 --- a/htdocs/paybox/lib/paybox.lib.php +++ b/htdocs/paybox/lib/paybox.lib.php @@ -61,8 +61,15 @@ function llxFooterPayBox() /** - * \brief Create a redirect form to paybox form - * \return int 1 if OK, -1 if ERROR + * Create a redirect form to paybox form + * + * @param $PRICE + * @param $CURRENCY + * @param $EMAIL + * @param $urlok + * @param $urlko + * @param $TAG + * @return int 1 if OK, -1 if ERROR */ function print_paybox_redirect($PRICE,$CURRENCY,$EMAIL,$urlok,$urlko,$TAG) { diff --git a/htdocs/paypal/lib/paypal.lib.php b/htdocs/paypal/lib/paypal.lib.php index 810d778e7e8..4bed91f60ca 100755 --- a/htdocs/paypal/lib/paypal.lib.php +++ b/htdocs/paypal/lib/paypal.lib.php @@ -132,6 +132,7 @@ function html_print_paypal_footer($fromcompany,$langs) /** * Send redirect to paypal to browser + * * @param $paymentAmount * @param $currencyCodeType * @param $paymentType diff --git a/htdocs/public/paybox/newpayment.php b/htdocs/public/paybox/newpayment.php index 5a135fe21f4..e09f0b1f174 100644 --- a/htdocs/public/paybox/newpayment.php +++ b/htdocs/public/paybox/newpayment.php @@ -53,10 +53,10 @@ $langs->load("paybox"); // tag (a free text, required if type is empty) // currency (iso code) -$suffix=GETPOST("suffix"); +$suffix=GETPOST("suffix",'alpha'); $amount=GETPOST("amount"); -if (! GETPOST("currency")) $currency=$conf->global->MAIN_MONNAIE; -else $currency=GETPOST("currency"); +if (! GETPOST("currency",'alpha')) $currency=$conf->global->MAIN_MONNAIE; +else $currency=GETPOST("currency",'alpha'); if (! GETPOST("action")) { @@ -81,18 +81,18 @@ $urlwithouturlroot=preg_replace('/'.preg_quote(DOL_URL_ROOT,'/').'$/i','',$dolib $urlok=$urlwithouturlroot.DOL_URL_ROOT.'/public/paypal/paymentok.php?'; $urlko=$urlwithouturlroot.DOL_URL_ROOT.'/public/paypal/paymentko.php?'; -$TAG=GETPOST("tag"); -$FULLTAG=GETPOST("fulltag"); // fulltag is tag with more informations +$TAG=GETPOST("tag",'alpha'); +$FULLTAG=GETPOST("fulltag",'alpha'); // fulltag is tag with more informations if (!empty($TAG)) { - $urlok.='tag='.$TAG.'&'; - $urlko.='tag='.$TAG.'&'; + $urlok.='tag='.urlencode($TAG).'&'; + $urlko.='tag='.urlencode($TAG).'&'; } if (!empty($FULLTAG)) { - $urlok.='fulltag='.$FULLTAG.'&'; - $urlko.='fulltag='.$FULLTAG.'&'; + $urlok.='fulltag='.urlencode($FULLTAG).'&'; + $urlko.='fulltag='.urlencode($FULLTAG).'&'; } @@ -103,7 +103,6 @@ if ($_REQUEST["action"] == 'dopayment') { $PRICE=price2num(GETPOST("newamount"),'MT'); $EMAIL=GETPOST("EMAIL"); - $ID=GETPOST("id"); $mesg=''; if (empty($PRICE) || ! is_numeric($PRICE)) $mesg=$langs->trans("ErrorFieldRequired",$langs->transnoentitiesnoconv("Amount")); @@ -115,7 +114,7 @@ if ($_REQUEST["action"] == 'dopayment') { dol_syslog("newpayment.php call paybox api and do redirect", LOG_DEBUG); - print_paybox_redirect($PRICE, $conf->monnaie, $EMAIL, $urlok, $urlko, $TAG, $ID); + print_paybox_redirect($PRICE, $conf->monnaie, $EMAIL, $urlok, $urlko, $TAG); session_destroy(); exit; @@ -142,9 +141,9 @@ print '
'; print '
'; print ''; print ''; -print ''; -print ''; -print ''; +print ''; +print ''; +print ''; print "\n"; print ''."\n"; print ''."\n"; diff --git a/htdocs/public/paypal/newpayment.php b/htdocs/public/paypal/newpayment.php index 3eca93b6bf4..6c9ebe9321c 100755 --- a/htdocs/public/paypal/newpayment.php +++ b/htdocs/public/paypal/newpayment.php @@ -59,10 +59,10 @@ $urlko=$urlwithouturlroot.DOL_URL_ROOT.'/public/paypal/paymentko.php?'; // tag (a free text, required if type is empty) // currency (iso code) -$suffix=GETPOST("suffix"); +$suffix=GETPOST("suffix",'alpha'); $amount=GETPOST("amount"); -if (! GETPOST("currency")) $currency=$conf->global->MAIN_MONNAIE; -else $currency=GETPOST("currency"); +if (! GETPOST("currency",'alpha')) $currency=$conf->global->MAIN_MONNAIE; +else $currency=GETPOST("currency",'alpha'); if (! GETPOST("action")) { @@ -84,8 +84,8 @@ if (! GETPOST("action")) } // Complete urls -$TAG=GETPOST("tag"); -$FULLTAG=GETPOST("fulltag"); // fulltag is tag with more informations +$TAG=GETPOST("tag",'alpha'); +$FULLTAG=GETPOST("fulltag",'alpha'); // fulltag is tag with more informations if (!empty($TAG)) { $urlok.='tag='.urlencode($TAG).'&'; @@ -136,7 +136,6 @@ if (GETPOST("action") == 'dopayment') { $PAYPAL_API_PRICE=price2num(GETPOST("newamount"),'MT'); $EMAIL=GETPOST("EMAIL"); - $ID=GETPOST("id"); $PAYPAL_PAYMENT_TYPE='Sale'; $shipToName=GETPOST("shipToName"); @@ -194,7 +193,7 @@ if (GETPOST("action") == 'dopayment') $_SESSION["Payment_Amount"]=$PAYPAL_API_PRICE; // A redirect is added if API call successfull - RedirectToPaypal($PAYPAL_API_PRICE,$PAYPAL_API_DEVISE,$PAYPAL_PAYMENT_TYPE,$PAYPAL_API_OK,$PAYPAL_API_KO, $FULLTAG); + print_paypal_redirect($PAYPAL_API_PRICE,$PAYPAL_API_DEVISE,$PAYPAL_PAYMENT_TYPE,$PAYPAL_API_OK,$PAYPAL_API_KO, $FULLTAG); print ''."\n"; print "\n"; @@ -223,9 +222,9 @@ print '
'."\n"; print ''."\n"; print ''."\n"; print ''."\n"; -print ''."\n"; -print ''."\n"; -print ''."\n"; +print ''."\n"; +print ''."\n"; +print ''."\n"; print "\n"; print ''."\n"; print ''."\n";