From 3c0d2267270182ba5fdfc4b862a6ef69d73ebad6 Mon Sep 17 00:00:00 2001 From: TheCartpenter Date: Sun, 2 Jun 2024 13:19:00 -0400 Subject: [PATCH] Added int casts on POST variables in PayPal Checkout --- .../controller/extension/payment/paypal.php | 4 ++-- .../controller/extension/payment/paypal.php | 24 +++++++++---------- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/upload/admin/controller/extension/payment/paypal.php b/upload/admin/controller/extension/payment/paypal.php index 51375cad2..68d01b667 100644 --- a/upload/admin/controller/extension/payment/paypal.php +++ b/upload/admin/controller/extension/payment/paypal.php @@ -2957,7 +2957,7 @@ public function createTracker() { $this->load->model('extension/payment/paypal'); - $order_id = $this->request->post['order_id']; + $order_id = (int)$this->request->post['order_id']; $country_code = $this->request->post['country_code']; $tracking_number = $this->request->post['tracking_number']; $carrier_name = $this->request->post['carrier_name']; @@ -3092,7 +3092,7 @@ public function cancelTracker() { $this->load->model('extension/payment/paypal'); - $order_id = $this->request->post['order_id']; + $order_id = (int)$this->request->post['order_id']; $tracking_number = $this->request->post['tracking_number']; $paypal_order_info = $this->model_extension_payment_paypal->getPayPalOrder($order_id); diff --git a/upload/catalog/controller/extension/payment/paypal.php b/upload/catalog/controller/extension/payment/paypal.php index bba259085..be099ee71 100644 --- a/upload/catalog/controller/extension/payment/paypal.php +++ b/upload/catalog/controller/extension/payment/paypal.php @@ -1183,7 +1183,7 @@ public function approveOrder() { if ($page_code != 'checkout') { if (isset($this->request->post['paypal_order_id'])) { - $this->session->data['paypal_order_id'] = $this->request->post['paypal_order_id']; + $this->session->data['paypal_order_id'] = (int)$this->request->post['paypal_order_id']; } else { $data['url'] = $this->url->link('checkout/cart', '', true); @@ -1504,7 +1504,7 @@ public function approveOrder() { if (!$paypal_order_info) { if (!empty($this->request->post['paypal_order_id'])) { - $paypal_order_id = $this->request->post['paypal_order_id']; + $paypal_order_id = (int)$this->request->post['paypal_order_id']; } if (($payment_type == 'card') && !empty($paypal_order_id)) { @@ -3281,12 +3281,12 @@ public function confirmPaymentAddress() { $this->session->data['payment_address']['address_2'] = $this->request->post['address_2']; $this->session->data['payment_address']['postcode'] = $this->request->post['postcode']; $this->session->data['payment_address']['city'] = $this->request->post['city']; - $this->session->data['payment_address']['country_id'] = $this->request->post['country_id']; - $this->session->data['payment_address']['zone_id'] = $this->request->post['zone_id']; + $this->session->data['payment_address']['country_id'] = (int)$this->request->post['country_id']; + $this->session->data['payment_address']['zone_id'] = (int)$this->request->post['zone_id']; $this->load->model('localisation/country'); - $country_info = $this->model_localisation_country->getCountry($this->request->post['country_id']); + $country_info = $this->model_localisation_country->getCountry((int)$this->request->post['country_id']); if ($country_info) { $this->session->data['payment_address']['country'] = $country_info['name']; @@ -3338,12 +3338,12 @@ public function confirmShippingAddress() { $this->session->data['shipping_address']['address_2'] = $this->request->post['address_2']; $this->session->data['shipping_address']['postcode'] = $this->request->post['postcode']; $this->session->data['shipping_address']['city'] = $this->request->post['city']; - $this->session->data['shipping_address']['country_id'] = $this->request->post['country_id']; - $this->session->data['shipping_address']['zone_id'] = $this->request->post['zone_id']; + $this->session->data['shipping_address']['country_id'] = (int)$this->request->post['country_id']; + $this->session->data['shipping_address']['zone_id'] = (int)$this->request->post['zone_id']; $this->load->model('localisation/country'); - $country_info = $this->model_localisation_country->getCountry($this->request->post['country_id']); + $country_info = $this->model_localisation_country->getCountry((int)$this->request->post['country_id']); if ($country_info) { $this->session->data['shipping_address']['country'] = $country_info['name']; @@ -4407,9 +4407,9 @@ private function validatePaymentAddress() { // Customer Group if (isset($this->request->post['customer_group_id']) && is_array($this->config->get('config_customer_group_display')) && in_array($this->request->post['customer_group_id'], $this->config->get('config_customer_group_display'))) { - $customer_group_id = $this->request->post['customer_group_id']; + $customer_group_id = (int)$this->request->post['customer_group_id']; } else { - $customer_group_id = $this->config->get('config_customer_group_id'); + $customer_group_id = (int)$this->config->get('config_customer_group_id'); } // Custom field validation @@ -4463,9 +4463,9 @@ private function validateShippingAddress() { // Customer Group if (isset($this->request->post['customer_group_id']) && is_array($this->config->get('config_customer_group_display')) && in_array($this->request->post['customer_group_id'], $this->config->get('config_customer_group_display'))) { - $customer_group_id = $this->request->post['customer_group_id']; + $customer_group_id = (int)$this->request->post['customer_group_id']; } else { - $customer_group_id = $this->config->get('config_customer_group_id'); + $customer_group_id = (int)$this->config->get('config_customer_group_id'); } // Custom field validation