From 984d6e12a2d0f6767d6792135bdf982bb84aaf6d Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@users.sourceforge.net>
Date: Sun, 21 Nov 2010 13:55:18 +0000
Subject: [PATCH] Fix: Minor fix in paypal and paybox modules

---
 htdocs/paybox/lib/paybox.lib.php    | 11 +++++++++--
 htdocs/paypal/lib/paypal.lib.php    |  1 +
 htdocs/public/paybox/newpayment.php | 27 +++++++++++++--------------
 htdocs/public/paypal/newpayment.php | 19 +++++++++----------
 4 files changed, 32 insertions(+), 26 deletions(-)

diff --git a/htdocs/paybox/lib/paybox.lib.php b/htdocs/paybox/lib/paybox.lib.php
index 0e003f38d71..2a90ed791a9 100755
--- a/htdocs/paybox/lib/paybox.lib.php
+++ b/htdocs/paybox/lib/paybox.lib.php
@@ -61,8 +61,15 @@ function llxFooterPayBox()
 
 
 /**
- *		\brief  	Create a redirect form to paybox form
- *		\return 	int				1 if OK, -1 if ERROR
+ * Create a redirect form to paybox form
+ *
+ * @param   $PRICE
+ * @param   $CURRENCY
+ * @param   $EMAIL
+ * @param   $urlok
+ * @param   $urlko
+ * @param   $TAG
+ * @return  int              1 if OK, -1 if ERROR
  */
 function print_paybox_redirect($PRICE,$CURRENCY,$EMAIL,$urlok,$urlko,$TAG)
 {
diff --git a/htdocs/paypal/lib/paypal.lib.php b/htdocs/paypal/lib/paypal.lib.php
index 810d778e7e8..4bed91f60ca 100755
--- a/htdocs/paypal/lib/paypal.lib.php
+++ b/htdocs/paypal/lib/paypal.lib.php
@@ -132,6 +132,7 @@ function html_print_paypal_footer($fromcompany,$langs)
 
 /**
  * Send redirect to paypal to browser
+ *
  * @param       $paymentAmount
  * @param       $currencyCodeType
  * @param       $paymentType
diff --git a/htdocs/public/paybox/newpayment.php b/htdocs/public/paybox/newpayment.php
index 5a135fe21f4..e09f0b1f174 100644
--- a/htdocs/public/paybox/newpayment.php
+++ b/htdocs/public/paybox/newpayment.php
@@ -53,10 +53,10 @@ $langs->load("paybox");
 // tag (a free text, required if type is empty)
 // currency (iso code)
 
-$suffix=GETPOST("suffix");
+$suffix=GETPOST("suffix",'alpha');
 $amount=GETPOST("amount");
-if (! GETPOST("currency")) $currency=$conf->global->MAIN_MONNAIE;
-else $currency=GETPOST("currency");
+if (! GETPOST("currency",'alpha')) $currency=$conf->global->MAIN_MONNAIE;
+else $currency=GETPOST("currency",'alpha');
 
 if (! GETPOST("action"))
 {
@@ -81,18 +81,18 @@ $urlwithouturlroot=preg_replace('/'.preg_quote(DOL_URL_ROOT,'/').'$/i','',$dolib
 $urlok=$urlwithouturlroot.DOL_URL_ROOT.'/public/paypal/paymentok.php?';
 $urlko=$urlwithouturlroot.DOL_URL_ROOT.'/public/paypal/paymentko.php?';
 
-$TAG=GETPOST("tag");
-$FULLTAG=GETPOST("fulltag");  // fulltag is tag with more informations
+$TAG=GETPOST("tag",'alpha');
+$FULLTAG=GETPOST("fulltag",'alpha');  // fulltag is tag with more informations
 
 if (!empty($TAG))
 {
-    $urlok.='tag='.$TAG.'&';
-    $urlko.='tag='.$TAG.'&';
+    $urlok.='tag='.urlencode($TAG).'&';
+    $urlko.='tag='.urlencode($TAG).'&';
 }
 if (!empty($FULLTAG))
 {
-    $urlok.='fulltag='.$FULLTAG.'&';
-    $urlko.='fulltag='.$FULLTAG.'&';
+    $urlok.='fulltag='.urlencode($FULLTAG).'&';
+    $urlko.='fulltag='.urlencode($FULLTAG).'&';
 }
 
 
@@ -103,7 +103,6 @@ if ($_REQUEST["action"] == 'dopayment')
 {
     $PRICE=price2num(GETPOST("newamount"),'MT');
     $EMAIL=GETPOST("EMAIL");
-    $ID=GETPOST("id");
 
 	$mesg='';
 	if (empty($PRICE) || ! is_numeric($PRICE)) $mesg=$langs->trans("ErrorFieldRequired",$langs->transnoentitiesnoconv("Amount"));
@@ -115,7 +114,7 @@ if ($_REQUEST["action"] == 'dopayment')
 	{
 		dol_syslog("newpayment.php call paybox api and do redirect", LOG_DEBUG);
 
-		print_paybox_redirect($PRICE, $conf->monnaie, $EMAIL, $urlok, $urlko, $TAG, $ID);
+		print_paybox_redirect($PRICE, $conf->monnaie, $EMAIL, $urlok, $urlko, $TAG);
 
 		session_destroy();
 		exit;
@@ -142,9 +141,9 @@ print '<center>';
 print '<form id="dolpaymentform" name="paymentform" action="'.$_SERVER["PHP_SELF"].'" method="POST">';
 print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
 print '<input type="hidden" name="action" value="dopayment">';
-print '<input type="hidden" name="amount" value="'.$_REQUEST["amount"].'">';
-print '<input type="hidden" name="tag" value="'.$_REQUEST["tag"].'">';
-print '<input type="hidden" name="suffix" value="'.$_REQUEST["suffix"].'">';
+print '<input type="hidden" name="amount" value="'.GETPOST("amount",'int').'">';
+print '<input type="hidden" name="tag" value="'.GETPOST("tag",'alpha').'">';
+print '<input type="hidden" name="suffix" value="'.GETPOST("suffix",'alpha').'">';
 print "\n";
 print '<!-- Form to send a Paybox payment -->'."\n";
 print '<!-- PAYBOX_CREDITOR = '.$conf->global->PAYPAL_CREDITOR.' -->'."\n";
diff --git a/htdocs/public/paypal/newpayment.php b/htdocs/public/paypal/newpayment.php
index 3eca93b6bf4..6c9ebe9321c 100755
--- a/htdocs/public/paypal/newpayment.php
+++ b/htdocs/public/paypal/newpayment.php
@@ -59,10 +59,10 @@ $urlko=$urlwithouturlroot.DOL_URL_ROOT.'/public/paypal/paymentko.php?';
 // tag (a free text, required if type is empty)
 // currency (iso code)
 
-$suffix=GETPOST("suffix");
+$suffix=GETPOST("suffix",'alpha');
 $amount=GETPOST("amount");
-if (! GETPOST("currency")) $currency=$conf->global->MAIN_MONNAIE;
-else $currency=GETPOST("currency");
+if (! GETPOST("currency",'alpha')) $currency=$conf->global->MAIN_MONNAIE;
+else $currency=GETPOST("currency",'alpha');
 
 if (! GETPOST("action"))
 {
@@ -84,8 +84,8 @@ if (! GETPOST("action"))
 }
 
 // Complete urls
-$TAG=GETPOST("tag");
-$FULLTAG=GETPOST("fulltag");  // fulltag is tag with more informations
+$TAG=GETPOST("tag",'alpha');
+$FULLTAG=GETPOST("fulltag",'alpha');  // fulltag is tag with more informations
 if (!empty($TAG))
 {
     $urlok.='tag='.urlencode($TAG).'&';
@@ -136,7 +136,6 @@ if (GETPOST("action") == 'dopayment')
 {
 	$PAYPAL_API_PRICE=price2num(GETPOST("newamount"),'MT');
 	$EMAIL=GETPOST("EMAIL");
-	$ID=GETPOST("id");
     $PAYPAL_PAYMENT_TYPE='Sale';
 
     $shipToName=GETPOST("shipToName");
@@ -194,7 +193,7 @@ if (GETPOST("action") == 'dopayment')
 	    $_SESSION["Payment_Amount"]=$PAYPAL_API_PRICE;
 
 	    // A redirect is added if API call successfull
-        RedirectToPaypal($PAYPAL_API_PRICE,$PAYPAL_API_DEVISE,$PAYPAL_PAYMENT_TYPE,$PAYPAL_API_OK,$PAYPAL_API_KO, $FULLTAG);
+        print_paypal_redirect($PAYPAL_API_PRICE,$PAYPAL_API_DEVISE,$PAYPAL_PAYMENT_TYPE,$PAYPAL_API_OK,$PAYPAL_API_KO, $FULLTAG);
 
 	    print '</body></html>'."\n";
 	    print "\n";
@@ -223,9 +222,9 @@ print '<center>'."\n";
 print '<form id="dolpaymentform" name="paymentform" action="'.$_SERVER["PHP_SELF"].'" method="POST">'."\n";
 print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">'."\n";
 print '<input type="hidden" name="action" value="dopayment">'."\n";
-print '<input type="hidden" name="amount" value="'.$_REQUEST["amount"].'">'."\n";
-print '<input type="hidden" name="tag" value="'.$_REQUEST["tag"].'">'."\n";
-print '<input type="hidden" name="suffix" value="'.$_REQUEST["suffix"].'">'."\n";
+print '<input type="hidden" name="amount" value="'.GETPOST("amount",'int').'">'."\n";
+print '<input type="hidden" name="tag" value="'.GETPOST("tag",'alpha').'">'."\n";
+print '<input type="hidden" name="suffix" value="'.GETPOST("suffix",'alpha').'">'."\n";
 print "\n";
 print '<!-- Form to send a Paypal payment -->'."\n";
 print '<!-- PAYPAL_API_SANDBOX = '.$conf->global->PAYPAL_API_SANDBOX.' -->'."\n";