Changeset 3163037

Timestamp:

10/05/2024 06:27:51 AM (15 months ago)

Author:

payuplugin

Message:

Security Update.

Location:

payu-india

Files:

• tags/3.8.3/includes/class-wc-gateway-payu.php (modified) (1 diff)
• trunk/includes/class-wc-gateway-payu.php (modified) (1 diff)

payu-india/tags/3.8.3/includes/class-wc-gateway-payu.php

@@ -474 +474 @@
     private function payuRedirectMethod($args_redirect)
     {
-        return '<form action="' . $args_redirect['action'] . '" method="post" id="payu_form" name="payu_form">
-                ' . $args_redirect['payu_payment_nonce'] . '
-                <input type="hidden" name="key" value="' . $args_redirect['key'] . '" />
-                <input type="hidden" name="txnid" value="' . $args_redirect['txnid'] . '" />
-                <input type="hidden" name="amount" value="' . $args_redirect['amount'] . '" />
-                <input type="hidden" name="productinfo" value="' . $args_redirect['productinfo'] . '" />
-                <input type="hidden" name="firstname" value="' . $args_redirect['firstname'] . '" />
-                <input type="hidden" name="Lastname" value="' . $args_redirect['Lastname'] . '" />
-                <input type="hidden" name="Zipcode" value="' . $args_redirect['zipcode'] . '" />
-                <input type="hidden" name="email" value="' . $args_redirect['email'] . '" />
-                <input type="hidden" name="phone" value="' . $args_redirect['phone'] . '" />
-                <input type="hidden" name="surl" value="' . sanitize_url($args_redirect['redirect_url']) . '" />
-                <input type="hidden" name="furl" value="' . sanitize_url($args_redirect['redirect_url']) . '" />
-                <input type="hidden" name="curl" value="' . sanitize_url($args_redirect['redirect_url']) . '" />
-                <input type="hidden" name="Hash" value="' . $args_redirect['Hash'] . '" />
-                <input type="hidden" name="Pg" value="' . $args_redirect['pG'] . '" />
-                <input type="hidden" name="address1" value="' . $args_redirect['address'] . '" />
+        return '<form action="' . esc_html($args_redirect['action']) . '" method="post" id="payu_form" name="payu_form">
+                ' . esc_html($args_redirect['payu_payment_nonce']) . '
+                <input type="hidden" name="key" value="' . esc_html($args_redirect['key']) . '" />
+                <input type="hidden" name="txnid" value="' . esc_html($args_redirect['txnid']) . '" />
+                <input type="hidden" name="amount" value="' . esc_html($args_redirect['amount']) . '" />
+                <input type="hidden" name="productinfo" value="' . esc_html($args_redirect['productinfo']) . '" />
+                <input type="hidden" name="firstname" value="' . esc_html($args_redirect['firstname']) . '" />
+                <input type="hidden" name="Lastname" value="' . esc_html($args_redirect['Lastname']) . '" />
+                <input type="hidden" name="Zipcode" value="' . esc_html($args_redirect['zipcode']) . '" />
+                <input type="hidden" name="email" value="' . esc_html($args_redirect['email']) . '" />
+                <input type="hidden" name="phone" value="' . esc_html($args_redirect['phone']) . '" />
+                <input type="hidden" name="surl" value="' . esc_url($args_redirect['redirect_url']) . '" />
+                <input type="hidden" name="furl" value="' . esc_url($args_redirect['redirect_url']) . '" />
+                <input type="hidden" name="curl" value="' . esc_url($args_redirect['redirect_url']) . '" />
+                <input type="hidden" name="Hash" value="' . esc_html($args_redirect['Hash']) . '" />
+                <input type="hidden" name="Pg" value="' . esc_html($args_redirect['pG']) . '" />
+                <input type="hidden" name="address1" value="' . esc_html($args_redirect['address']) . '" />
                 <input type="hidden" name="address2" value="" />
-                <input type="hidden" name="city" value="' . $args_redirect['city'] . '" />
-                <input type="hidden" name="country" value="' . $args_redirect['country'] . '" />
-                <input type="hidden" name="state" value="' . $args_redirect['state'] . '" />
+                <input type="hidden" name="city" value="' . esc_html($args_redirect['city']) . '" />
+                <input type="hidden" name="country" value="' . esc_html($args_redirect['country']) . '" />
+                <input type="hidden" name="state" value="' . esc_html($args_redirect['state']) . '" />
                 <input type="hidden" name="udf3" value="" />
-                <input type="hidden" name="udf4" value="' . $args_redirect['udf4'] . '" />
-                <input type="hidden" name="udf5" value="' . $args_redirect['udf5'] . '" />
+                <input type="hidden" name="udf4" value="' . esc_html($args_redirect['udf4']) . '" />
+                <input type="hidden" name="udf5" value="' . esc_html($args_redirect['udf5']) . '" />
                 <button style="display:none"
                 id="submit_payubiz_payment_form" name="submit_payubiz_payment_form">Pay Now</button>

payu-india/trunk/includes/class-wc-gateway-payu.php

@@ -474 +474 @@
     private function payuRedirectMethod($args_redirect)
     {
-        return '<form action="' . $args_redirect['action'] . '" method="post" id="payu_form" name="payu_form">
-                ' . $args_redirect['payu_payment_nonce'] . '
-                <input type="hidden" name="key" value="' . $args_redirect['key'] . '" />
-                <input type="hidden" name="txnid" value="' . $args_redirect['txnid'] . '" />
-                <input type="hidden" name="amount" value="' . $args_redirect['amount'] . '" />
-                <input type="hidden" name="productinfo" value="' . $args_redirect['productinfo'] . '" />
-                <input type="hidden" name="firstname" value="' . $args_redirect['firstname'] . '" />
-                <input type="hidden" name="Lastname" value="' . $args_redirect['Lastname'] . '" />
-                <input type="hidden" name="Zipcode" value="' . $args_redirect['zipcode'] . '" />
-                <input type="hidden" name="email" value="' . $args_redirect['email'] . '" />
-                <input type="hidden" name="phone" value="' . $args_redirect['phone'] . '" />
-                <input type="hidden" name="surl" value="' . sanitize_url($args_redirect['redirect_url']) . '" />
-                <input type="hidden" name="furl" value="' . sanitize_url($args_redirect['redirect_url']) . '" />
-                <input type="hidden" name="curl" value="' . sanitize_url($args_redirect['redirect_url']) . '" />
-                <input type="hidden" name="Hash" value="' . $args_redirect['Hash'] . '" />
-                <input type="hidden" name="Pg" value="' . $args_redirect['pG'] . '" />
-                <input type="hidden" name="address1" value="' . $args_redirect['address'] . '" />
+        return '<form action="' . esc_html($args_redirect['action']) . '" method="post" id="payu_form" name="payu_form">
+                ' . esc_html($args_redirect['payu_payment_nonce']) . '
+                <input type="hidden" name="key" value="' . esc_html($args_redirect['key']) . '" />
+                <input type="hidden" name="txnid" value="' . esc_html($args_redirect['txnid']) . '" />
+                <input type="hidden" name="amount" value="' . esc_html($args_redirect['amount']) . '" />
+                <input type="hidden" name="productinfo" value="' . esc_html($args_redirect['productinfo']) . '" />
+                <input type="hidden" name="firstname" value="' . esc_html($args_redirect['firstname']) . '" />
+                <input type="hidden" name="Lastname" value="' . esc_html($args_redirect['Lastname']) . '" />
+                <input type="hidden" name="Zipcode" value="' . esc_html($args_redirect['zipcode']) . '" />
+                <input type="hidden" name="email" value="' . esc_html($args_redirect['email']) . '" />
+                <input type="hidden" name="phone" value="' . esc_html($args_redirect['phone']) . '" />
+                <input type="hidden" name="surl" value="' . esc_url($args_redirect['redirect_url']) . '" />
+                <input type="hidden" name="furl" value="' . esc_url($args_redirect['redirect_url']) . '" />
+                <input type="hidden" name="curl" value="' . esc_url($args_redirect['redirect_url']) . '" />
+                <input type="hidden" name="Hash" value="' . esc_html($args_redirect['Hash']) . '" />
+                <input type="hidden" name="Pg" value="' . esc_html($args_redirect['pG']) . '" />
+                <input type="hidden" name="address1" value="' . esc_html($args_redirect['address']) . '" />
                 <input type="hidden" name="address2" value="" />
-                <input type="hidden" name="city" value="' . $args_redirect['city'] . '" />
-                <input type="hidden" name="country" value="' . $args_redirect['country'] . '" />
-                <input type="hidden" name="state" value="' . $args_redirect['state'] . '" />
+                <input type="hidden" name="city" value="' . esc_html($args_redirect['city']) . '" />
+                <input type="hidden" name="country" value="' . esc_html($args_redirect['country']) . '" />
+                <input type="hidden" name="state" value="' . esc_html($args_redirect['state']) . '" />
                 <input type="hidden" name="udf3" value="" />
-                <input type="hidden" name="udf4" value="' . $args_redirect['udf4'] . '" />
-                <input type="hidden" name="udf5" value="' . $args_redirect['udf5'] . '" />
+                <input type="hidden" name="udf4" value="' . esc_html($args_redirect['udf4']) . '" />
+                <input type="hidden" name="udf5" value="' . esc_html($args_redirect['udf5']) . '" />
                 <button style="display:none"
                 id="submit_payubiz_payment_form" name="submit_payubiz_payment_form">Pay Now</button>