Direct access to $_GET and $_POST is typically not allowed -
this check could probably be replaced with a simple if (data_submitted()) { call:
https://github.com/PaystackHQ/plugin-moodle/blob/main/verify.php#L50
Ideally this should be rewritten to use Moodle's optional_param/required_param functions with appropriate PARAM cleaning on each known var - surely the API only returns some specific parameters in the response and you know what these are?
https://github.com/PaystackHQ/plugin-moodle/blob/main/verify.php#L60
Direct access to $_GET and $_POST is typically not allowed -
this check could probably be replaced with a simple if (data_submitted()) { call:
https://github.com/PaystackHQ/plugin-moodle/blob/main/verify.php#L50
Ideally this should be rewritten to use Moodle's optional_param/required_param functions with appropriate PARAM cleaning on each known var - surely the API only returns some specific parameters in the response and you know what these are?
https://github.com/PaystackHQ/plugin-moodle/blob/main/verify.php#L60