From 4884512e6fcfd6c3efcb0be9af9f288c3e1c2e6e Mon Sep 17 00:00:00 2001
From: Mark Samman <mark.samman@gmail.com>
Date: Wed, 29 Oct 2014 19:42:16 +0100
Subject: [PATCH] Fix SQL injections in paygol_ipn.php

---
 paygol_ipn.php | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/paygol_ipn.php b/paygol_ipn.php
index 3fd715c..56af350 100644
--- a/paygol_ipn.php
+++ b/paygol_ipn.php
@@ -10,18 +10,18 @@ if(!in_array($_SERVER['REMOTE_ADDR'],
 }
 
 // get the variables from PayGol system
-$message_id	= $_GET['message_id'];
-$service_id	= $_GET['service_id'];
-$shortcode	= $_GET['shortcode'];
-$keyword	= $_GET['keyword'];
-$message	= $_GET['message'];
-$sender	 = $_GET['sender'];
-$operator	= $_GET['operator'];
-$country	= $_GET['country'];
-$custom	 = $_GET['custom'];
-$points	 = $_GET['points'];
-$price	 = $_GET['price'];
-$currency	= $_GET['currency'];
+$message_id	= getValue($_GET['message_id']);
+$service_id	= getValue($_GET['service_id']);
+$shortcode	= getValue($_GET['shortcode']);
+$keyword	= getValue($_GET['keyword']);
+$message	= getValue($_GET['message']);
+$sender	 = getValue($_GET['sender']);
+$operator	= getValue($_GET['operator']);
+$country	= getValue($_GET['country']);
+$custom	 = getValue($_GET['custom']);
+$points	 = getValue($_GET['points']);
+$price	 = getValue($_GET['price']);
+$currency	= getValue($_GET['currency']);
 
 $paygol = $config['paygol'];
 $new_points = $paygol['points'];