diff --git a/guest_pay_invoice_stripe.php b/guest_pay_invoice_stripe.php
index 8974b865..79306047 100644
--- a/guest_pay_invoice_stripe.php
+++ b/guest_pay_invoice_stripe.php
@@ -252,22 +252,22 @@ if (isset($_GET['invoice_id'], $_GET['url_key']) && !isset($_GET['payment_intent
// Invoice exists - get details
$row = mysqli_fetch_array($invoice_sql);
$invoice_id = intval($row['invoice_id']);
- $invoice_prefix = nullable_htmlentities($row['invoice_prefix']);
+ $invoice_prefix = sanitizeInput(($row['invoice_prefix']);
$invoice_number = intval($row['invoice_number']);
$invoice_amount = floatval($row['invoice_amount']);
- $invoice_currency_code = nullable_htmlentities($row['invoice_currency_code']);
- $invoice_url_key = nullable_htmlentities($row['invoice_url_key']);
+ $invoice_currency_code = sanitizeInput($row['invoice_currency_code']);
+ $invoice_url_key = sanitizeInput($row['invoice_url_key']);
$client_id = intval($row['client_id']);
- $client_name = nullable_htmlentities($row['client_name']);
- $contact_name = $row['contact_name'];
- $contact_email = $row['contact_email'];
+ $client_name = sanitizeInput($row['client_name']);
+ $contact_name = sanitizeInput($row['contact_name']);
+ $contact_email = sanitizeInput($row['contact_email']);
$sql_company = mysqli_query($mysqli, "SELECT * FROM companies WHERE company_id = 1");
$row = mysqli_fetch_array($sql_company);
- $company_name = mysqli_real_escape_string($mysqli, nullable_htmlentities($row['company_name']));
- $company_phone = nullable_htmlentities($row['company_phone']);
- $company_locale = nullable_htmlentities($row['company_locale']);
+ $company_name = sanitizeInput($row['company_name']);
+ $company_phone = sanitizeInput(formatPhoneNumber($row['company_phone']));
+ $company_locale = sanitizeInput($row['company_locale']);
$config_stripe_client_pays_fees = intval(getSettingValue($mysqli, 'config_stripe_client_pays_fees'));
@@ -335,14 +335,13 @@ if (isset($_GET['invoice_id'], $_GET['url_key']) && !isset($_GET['payment_intent
$config_smtp_encryption = $row['config_smtp_encryption'];
$config_smtp_username = $row['config_smtp_username'];
$config_smtp_password = $row['config_smtp_password'];
- $config_mail_from_email = $row['config_mail_from_email'];
- $config_mail_from_name = $row['config_mail_from_name'];
- $config_invoice_from_name = $row['config_invoice_from_name'];
- $config_invoice_from_email = $row['config_invoice_from_email'];
+ $config_invoice_from_name = sanitizeInput($row['config_invoice_from_name']);
+ $config_invoice_from_email = sanitizeInput($row['config_invoice_from_email']);
+ $config_base_url = sanitizeInput($row['config_base_url']);
if (!empty($config_smtp_host)) {
$subject = "Payment Received - Invoice $invoice_prefix$invoice_number";
- $body = "Hello $contact_name,
We have received your payment in the amount of " . $pi_currency . $pi_amount_paid . " for invoice $invoice_prefix$invoice_number. Please keep this email as a receipt for your records.
Amount: " . numfmt_format_currency($currency_format, $pi_amount_paid, $invoice_currency_code) . "
Balance: " . numfmt_format_currency($currency_format, '0', $invoice_currency_code) . "
Thank you for your business!
~
$company_name
Billing Department
$config_invoice_from_email
$company_phone";
+ $body = "Hello $contact_name,
We have received your payment in the amount of " . $pi_currency . $pi_amount_paid . " for invoice $invoice_prefix$invoice_number. Please keep this email as a receipt for your records.
Amount: " . numfmt_format_currency($currency_format, $pi_amount_paid, $invoice_currency_code) . "
Balance: " . numfmt_format_currency($currency_format, '0', $invoice_currency_code) . "
Thank you for your business!
~
$company_name - Billing
$config_invoice_from_email
$company_phone";
$data = [
[