Added check for business address
authorMarcel Werk <burntime@woltlab.com>
Thu, 18 Sep 2014 20:23:31 +0000 (22:23 +0200)
committerMarcel Werk <burntime@woltlab.com>
Thu, 18 Sep 2014 20:23:31 +0000 (22:23 +0200)
wcfsetup/install/files/lib/action/PaypalCallbackAction.class.php

index 93e1bbf1cc866aa09435fc7550c8fd2845e31230..747be579d0f0f85973a0e6260fae6a5d2e0c2021 100644 (file)
@@ -43,10 +43,10 @@ class PaypalCallbackAction extends AbstractAction {
                        }
                        
                        // Check that receiver_email is your Primary PayPal email
-                       if (!isset($_POST['receiver_email']) || (strtolower($_POST['receiver_email']) != strtolower(PAYPAL_EMAIL_ADDRESS))) {
-                               throw new SystemException('invalid receiver_email');
+                       if (strtolower($_POST['business']) != strtolower(PAYPAL_EMAIL_ADDRESS) && (strtolower($_POST['receiver_email']) != strtolower(PAYPAL_EMAIL_ADDRESS))) {
+                               throw new SystemException('invalid business or receiver_email');
                        }
-                               
+                       
                        // get token
                        if (!isset($_POST['custom'])) {
                                throw new SystemException('invalid custom item');