From 52a7d20878861ab7babb0aba68936c6e450cf649 Mon Sep 17 00:00:00 2001 From: Marcel Werk Date: Thu, 18 Sep 2014 22:23:31 +0200 Subject: [PATCH] Added check for business address --- .../install/files/lib/action/PaypalCallbackAction.class.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/wcfsetup/install/files/lib/action/PaypalCallbackAction.class.php b/wcfsetup/install/files/lib/action/PaypalCallbackAction.class.php index 93e1bbf1cc..747be579d0 100644 --- a/wcfsetup/install/files/lib/action/PaypalCallbackAction.class.php +++ b/wcfsetup/install/files/lib/action/PaypalCallbackAction.class.php @@ -43,10 +43,10 @@ class PaypalCallbackAction extends AbstractAction { } // Check that receiver_email is your Primary PayPal email - if (!isset($_POST['receiver_email']) || (strtolower($_POST['receiver_email']) != strtolower(PAYPAL_EMAIL_ADDRESS))) { - throw new SystemException('invalid receiver_email'); + if (strtolower($_POST['business']) != strtolower(PAYPAL_EMAIL_ADDRESS) && (strtolower($_POST['receiver_email']) != strtolower(PAYPAL_EMAIL_ADDRESS))) { + throw new SystemException('invalid business or receiver_email'); } - + // get token if (!isset($_POST['custom'])) { throw new SystemException('invalid custom item'); -- 2.20.1