Verify if business argument is set in PayPal callback

diff --git a/wcfsetup/install/files/lib/action/PaypalCallbackAction.class.php b/wcfsetup/install/files/lib/action/PaypalCallbackAction.class.php
index a6868031e32c1b0d22db8b2355874d2624d7d998..caf99b399530c85083b7f948e7af5d831cf5088c 100644 (file)
--- a/wcfsetup/install/files/lib/action/PaypalCallbackAction.class.php
+++ b/wcfsetup/install/files/lib/action/PaypalCallbackAction.class.php
@@ -55,8 +55,14 @@ class PaypalCallbackAction extends AbstractAction {
                        }
                        
                        // Check that receiver_email is your Primary PayPal email
-                       if (strtolower($_POST['receiver_email']) != strtolower(PAYPAL_EMAIL_ADDRESS) && strtolower($_POST['business']) != strtolower(PAYPAL_EMAIL_ADDRESS)) {
-                               throw new SystemException("Mismatching receiver_email ('" . $_POST['receiver_email'] . "') and business ('" . $_POST['business'] . "'), expected '".PAYPAL_EMAIL_ADDRESS."'.");
+                       $paypalEmail = strtolower(PAYPAL_EMAIL_ADDRESS);
+                       if (strtolower($_POST['receiver_email']) != $paypalEmail && (!isset($_POST['business']) || strtolower($_POST['business']) != $paypalEmail)) {
+                               $exceptionMessage = "Mismatching receiver_email ('" . $_POST['receiver_email'] . "')";
+                               if (isset($_POST['business'])) {
+                                       $exceptionMessage .= " and business ('" . $_POST['business'] . "')";
+                               }
+                               $exceptionMessage .= ", expected '".PAYPAL_EMAIL_ADDRESS."'.";
+                               throw new SystemException($exceptionMessage);
                        }
                        
                        // get token