New to php and have read up on $_REQUEST being strongly discouraged, due to the fact that it makes it nearly impossible to determine the source of the data, and also being a security risk as well.
Not sure what the best way would be to change the following code, to update the code, so that the $_REQUEST is replaced with something better?
public static function sales_data_postback() {
if ( ! isset( $_REQUEST['sales_data'] ) )
return;
$data = json_decode( stripslashes( $_POST['data'] ) );
$cart_contents = json_decode( stripslashes( $_POST['cart_contents'] ) );
//Unset purchase log ID, since we're inserting a new one.
$data = (array) $data;
unset( $data['id'] );
$purchase_log = wpsc_get_order( $data );
$purchase_log->save();
$purchase_log_id = $purchase_log->get( 'id' );
global $wpdb;
//We need to update the proper product ID, name and purchase ID
foreach ( $cart_contents as $cart_item ) {
$product = new WP_Query( array( 'post_type' => 'wpsc-product', 'pagename' => $cart_item->slug ) );
$product = $product->get_posts();
$product = $product[0];
$cart_item = ( array ) $cart_item;
unset( $cart_item['id'] );
unset( $cart_item['slug'] );
$cart_item['prodid'] = $product->ID;
$cart_item['name'] = $product->post_title;
$cart_item['purchaseid'] = $purchase_log_id;
$wpdb->insert( WPSC_TABLE_CART_CONTENTS, $cart_item );
}
die;
}