Fixing XSS bug

IntinteDAO · Oct 30, 2020 · 79ff31b · 79ff31b
1 parent e8ade03
commit 79ff31b
Showing 1 changed file with 19 additions and 8 deletions.
diff --git a/withdraw.php b/withdraw.php
@@ -8,9 +8,9 @@
 if(empty($_SESSION['login'])) {
 	echo '<div class="col-12">You must be logged in to withdraw funds from your account</div>';
 
-} else if(!empty($_GET['lninvoice']) && empty($_GET['confirm'])) {
+} else if(!empty($_POST['lninvoice']) && empty($_POST['confirm'])) {
 
-	$lninvoice = trim(strtolower($_GET['lninvoice']));
+	$lninvoice = trim(strtolower($_POST['lninvoice']));
 
 	if (preg_match("/^[a-z0-9]{250,400}$/", $lninvoice)) {
 		include('functions/payment_providers/'.$payment_provider.'.php');
@@ -32,17 +32,28 @@
 		} else {
 			if($error['balance'] == 1) { echo '<div class="col-12">You want to pay out more than you have!</div>'; }
 			if($error['balance'] == 2) { echo '<div class="col-12">Your invoice requires "any amount" that DGameMarket does not support</div>'; }
-			if($error['expired'] == 1) { echo '<div class="col-12">This invoice is expired!</div>'; }
+			if(!empty($error['expired'])) { echo '<div class="col-12">This invoice is expired!</div>'; }
 		}
 	}
 
 
-} else if(!empty($_GET['lninvoice']) && !empty($_GET['confirm'])) {
+} else if(!empty($_POST['lninvoice']) && !empty($_POST['confirm'])) {
 
-			if (preg_match("/^[a-z0-9]{250,400}$/", strtolower($_GET['lninvoice']))) {
-				$lninvoice = trim(strtolower($_GET['lninvoice']));
-				pg_query("UPDATE withdraws SET status='1' WHERE lninvoice = '$lninvoice'"); // Set status 1 (confirmed withdraw)
-				echo '<div class="col-12">The withdrawal of funds was added to the payout system. In case of problems, contact the node administrators.</div>';
+			if (preg_match("/^[a-z0-9]{250,400}$/", strtolower($_POST['lninvoice']))) {
+				$lninvoice = trim(strtolower($_POST['lninvoice']));
+				$id_user = $_SESSION['id'];
+				$is_already_confirmed = pg_fetch_array(pg_query("SELECT status FROM withdraws WHERE (lninvoice = '$lninvoice' AND id_user = $id_user)"));
+
+				if(empty($is_already_confirmed[0])) {
+					pg_query("UPDATE withdraws SET status='1' WHERE (lninvoice = '$lninvoice' AND id_user = $id_user)"); // Set status 1 (confirmed withdraw)
+					echo '<div class="col-12">The withdrawal of funds was added to the payout system. In case of problems, contact the node administrators.</div>';
+				} else if ($is_already_confirmed[0] == "1") {
+					echo '<div class="col-12">This invoice is in progress, please wait (if it takes more than 5 minutes, contact the node administrator).</div>';
+				} else if ($is_already_confirmed[0] == "OK"){
+					echo '<div class="col-12">This invoice was executed correctly.</div>';
+				} else {
+					echo '<div class="col-12">This invoice was NOT executed correctly, check your user profile for more information.</div>';
+				}
 			}
 
 } else {