diff --git a/endpoints/cronjobs/updatenextpayment.php b/endpoints/cronjobs/updatenextpayment.php index 6013103ed..422f424c5 100644 --- a/endpoints/cronjobs/updatenextpayment.php +++ b/endpoints/cronjobs/updatenextpayment.php @@ -19,7 +19,7 @@ $cycles[$cycleId] = $row; } -$query = "SELECT id, next_payment, frequency, cycle FROM subscriptions WHERE next_payment < :currentDate AND auto_renew = 1"; +$query = "SELECT id, next_payment, frequency, cycle FROM subscriptions WHERE next_payment < :currentDate AND auto_renew = 1 AND inactive = 0"; $stmt = $db->prepare($query); $stmt->bindValue(':currentDate', $currentDate->format('Y-m-d')); $result = $stmt->execute(); diff --git a/endpoints/user/save_user.php b/endpoints/user/save_user.php index 9ed644335..e10d97b63 100644 --- a/endpoints/user/save_user.php +++ b/endpoints/user/save_user.php @@ -231,7 +231,7 @@ function resizeAndUploadAvatar($uploadedFile, $uploadDir, $name) } } - $avatar = $_POST['avatar']; + $avatar = filter_var($_POST['avatar'], FILTER_SANITIZE_URL); $main_currency = $_POST['main_currency']; $language = $_POST['language']; diff --git a/includes/header.php b/includes/header.php index 194bc9d2b..20d1de0d7 100644 --- a/includes/header.php +++ b/includes/header.php @@ -161,7 +161,7 @@ function hex2rgb($hex)