Skip to content

Commit

Permalink
sanitize $_SERVERs
Browse files Browse the repository at this point in the history
  • Loading branch information
@greguly
greguly committed Apr 3, 2024
1 parent 9ffecbb commit 34e16f9
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 3 deletions.
2 changes: 1 addition & 1 deletion includes/addons/class-wc-monei-apple-pay-verification.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ public function apple_domain_register() {
}

try {
$domain = isset( $_SERVER['HTTP_HOST'] ) ? $_SERVER['HTTP_HOST'] : str_replace( array( 'https://', 'https://' ), '', get_site_url() ); // @codingStandardsIgnoreLine
$domain = isset( $_SERVER['HTTP_HOST'] ) ? sanitize_text_field( $_SERVER['HTTP_HOST'] ) : str_replace( array( 'https://', 'https://' ), '', get_site_url() ); // @codingStandardsIgnoreLine
WC_Monei_API::register_apple_domain( $domain );
} catch ( OpenAPI\Client\ApiException $e ) {
WC_Monei_Logger::log( $e, 'error' );
Expand Down
4 changes: 2 additions & 2 deletions includes/class-wc-monei-ipn.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ public function __construct() {
*/
public function check_ipn_request() {

if ( ( 'POST' !== $_SERVER['REQUEST_METHOD'] ) ) {
if ( ( 'POST' !== sanitize_text_field( $_SERVER['REQUEST_METHOD'] ) ) ) {
return;
}

Expand All @@ -36,7 +36,7 @@ public function check_ipn_request() {
$this->log_ipn_request( $headers, $raw_body );

try {
$payload = $this->verify_signature_get_payload( $raw_body, $_SERVER['HTTP_MONEI_SIGNATURE'] );
$payload = $this->verify_signature_get_payload( $raw_body, sanitize_text_field( $_SERVER['HTTP_MONEI_SIGNATURE'] ) );
WC_Monei_Logger::log( $payload, 'debug' );
$this->handle_valid_ipn( $payload );
do_action( 'woocommerce_monei_handle_valid_ipn', $payload );
Expand Down

0 comments on commit 34e16f9

Please sign in to comment.