fix: Update plugin parameter handling to ensure proper JSON encoding in confirmButton.php

Daniel Neto · Daniel Neto · commit fa0bc102493a · 2026-03-27T12:17:46.000-03:00
https://github.com/WWBN/AVideo/security/advisories/GHSA-pm37-62g7-p768#event-599634
diff --git a/plugin/YPTWallet/plugins/YPTWalletStripe/confirmButton.php b/plugin/YPTWallet/plugins/YPTWalletStripe/confirmButton.php
@@ -113,7 +113,7 @@
                 "value": $('#value<?php echo @$_GET['plans_id']; ?>').val(),
                 "description": $('#description<?php echo @$_GET['plans_id']; ?>').val(),
                 "plans_id": "<?php echo @$_GET['plans_id']; ?>",
-                "plugin": "<?php echo @$_REQUEST['plugin']; ?>",
+                "plugin": <?php echo json_encode((string)($_REQUEST['plugin'] ?? '')); ?>,
                 "user": "<?php echo User::getUserName() ?>",
                 "pass": "<?php echo User::getUserPass(); ?>",
                 "singlePayment": 1
