Paypal integration can be broken due to bad user input

[misaelnieto]

The function lfs.payment.utils.get_paypal_link_for_order() takes data directly from the order form that user filled in without proper URL encoding. If the user inputs characters like "#" or "&", this will potentially break the HTTP GET request to paypal.

Test case:

• Configure LFS, Paypal and add products.
• Add one product to cart and proceed to pay/checkout.
• In the shipping address1 field write something "Calle 14 #2244".
• Hit the "pay now" button.
• Browser gets redirected to paypal, but it never gets to the payment page, instead is redirected to some other paypal page because the "#" character got in the middle of the GET URL and is being interpreted by the browser as an anchor.

[misaelnieto]

Hi @diefenbach or @pigletto Have you had any chance to review this issue I have reported?