Changeset 3398802
- Timestamp:
- 11/19/2025 10:35:26 AM (4 months ago)
- Location:
- wc-peach-payments-gateway
- Files:
-
- 84 added
- 7 edited
-
assets/css/admin-peach.css (added)
-
assets/css/front-peach.css (added)
-
assets/images/1VOUCHER.png (added)
-
assets/images/BLINKBYEMTEL.png (added)
-
assets/images/CAPITECPAY.png (added)
-
assets/images/INSTANTEFT.png (added)
-
assets/images/MAUCAS.png (added)
-
assets/images/MCBJUICE.png (added)
-
assets/images/PAYFLEX.png (added)
-
assets/images/Peach_Payments_Primary_logo.png (added)
-
assets/images/Peach_Payments_Primary_logo_modal.png (added)
-
assets/images/SCANTOPAY.png (added)
-
assets/images/STICHEFT.png (added)
-
assets/images/VISA.png (modified) (previous)
-
assets/images/ZEROPAY.png (added)
-
assets/images/loader.gif (added)
-
assets/js/front-peach.js (modified) (2 diffs)
-
tags/3.3.7 (added)
-
tags/3.3.7/README.txt (added)
-
tags/3.3.7/assets (added)
-
tags/3.3.7/assets/css (added)
-
tags/3.3.7/assets/css/admin-peach.css (added)
-
tags/3.3.7/assets/css/front-peach.css (added)
-
tags/3.3.7/assets/images (added)
-
tags/3.3.7/assets/images/1FORYOU.png (added)
-
tags/3.3.7/assets/images/1VOUCHER.png (added)
-
tags/3.3.7/assets/images/AMEX.png (added)
-
tags/3.3.7/assets/images/APPLE.png (added)
-
tags/3.3.7/assets/images/BLINKBYEMTEL.png (added)
-
tags/3.3.7/assets/images/CAPITECPAY.png (added)
-
tags/3.3.7/assets/images/DINERS.png (added)
-
tags/3.3.7/assets/images/EFTSECURE.png (added)
-
tags/3.3.7/assets/images/FLOAT.png (added)
-
tags/3.3.7/assets/images/INSTANTEFT.png (added)
-
tags/3.3.7/assets/images/MAESTRO.png (added)
-
tags/3.3.7/assets/images/MASTER.png (added)
-
tags/3.3.7/assets/images/MASTERCARD.png (added)
-
tags/3.3.7/assets/images/MASTERPASS.png (added)
-
tags/3.3.7/assets/images/MAUCAS.png (added)
-
tags/3.3.7/assets/images/MCBJUICE.png (added)
-
tags/3.3.7/assets/images/MOBICRED.png (added)
-
tags/3.3.7/assets/images/MPESA.png (added)
-
tags/3.3.7/assets/images/PAYFLEX.png (added)
-
tags/3.3.7/assets/images/PAYPAL.png (added)
-
tags/3.3.7/assets/images/Peach_Payments_Primary_logo.png (added)
-
tags/3.3.7/assets/images/Peach_Payments_Primary_logo_modal.png (added)
-
tags/3.3.7/assets/images/SCANTOPAY.png (added)
-
tags/3.3.7/assets/images/SS_PeachPayments_Logo_Horizontal_Icon.svg (added)
-
tags/3.3.7/assets/images/SS_PeachPayments_Logo_Stacked.svg (added)
-
tags/3.3.7/assets/images/STICHEFT.png (added)
-
tags/3.3.7/assets/images/VISA.png (added)
-
tags/3.3.7/assets/images/ZEROPAY.png (added)
-
tags/3.3.7/assets/images/amex_card.png (added)
-
tags/3.3.7/assets/images/diners_card.png (added)
-
tags/3.3.7/assets/images/eft-secure.png (added)
-
tags/3.3.7/assets/images/loader.gif (added)
-
tags/3.3.7/assets/images/mastercard_card.png (added)
-
tags/3.3.7/assets/images/visa_card.png (added)
-
tags/3.3.7/assets/index.html (added)
-
tags/3.3.7/assets/js (added)
-
tags/3.3.7/assets/js/admin-peach.js (added)
-
tags/3.3.7/assets/js/front-peach.js (added)
-
tags/3.3.7/assets/screenshot-1.png (added)
-
tags/3.3.7/assets/screenshot-2.png (added)
-
tags/3.3.7/assets/screenshot-3.png (added)
-
tags/3.3.7/assets/wc-peach-payments-gateway.3.1.7.zip (added)
-
tags/3.3.7/changelog.txt (added)
-
tags/3.3.7/classes (added)
-
tags/3.3.7/classes/embeddedCheckout.php (added)
-
tags/3.3.7/classes/peach-pmprogateway.php (added)
-
tags/3.3.7/classes/pluginSupport.php (added)
-
tags/3.3.7/integrations (added)
-
tags/3.3.7/integrations/blocks (added)
-
tags/3.3.7/integrations/blocks/class-wc-peach-payments-blocks.php (added)
-
tags/3.3.7/integrations/blocks/frontend (added)
-
tags/3.3.7/integrations/blocks/frontend/blocks.asset.php (added)
-
tags/3.3.7/integrations/blocks/frontend/blocks.js (added)
-
tags/3.3.7/integrations/wcmv.php (added)
-
tags/3.3.7/languages (added)
-
tags/3.3.7/languages/wc-gateway-peach-payments 2.pot (added)
-
tags/3.3.7/languages/wc-gateway-peach-payments.pot (added)
-
tags/3.3.7/readme.md (added)
-
tags/3.3.7/templates (added)
-
tags/3.3.7/templates/checkout.php (added)
-
tags/3.3.7/woocommerce-gateway-peach-payments.php (added)
-
trunk/README.md (modified) (1 diff)
-
trunk/README.txt (modified) (2 diffs)
-
trunk/assets/images/MAUCAS.png (added)
-
trunk/assets/js/front-peach.js (modified) (2 diffs)
-
trunk/changelog.txt (modified) (1 diff)
-
trunk/woocommerce-gateway-peach-payments.php (modified) (28 diffs)
Legend:
- Unmodified
- Added
- Removed
-
wc-peach-payments-gateway/assets/js/front-peach.js
r3210369 r3398802 31 31 action: 'peachCardUpdateOrder', 32 32 cardID: card_id, 33 orderID: order_id 33 orderID: order_id, 34 ajax_nonce: peach_ajax_object.ajax_nonce 34 35 }, 35 36 success:function(data){ … … 112 113 mystatus: status, 113 114 transaction: transactionid, 114 mycode: code 115 mycode: code, 116 ajax_nonce: peach_ajax_object.ajax_nonce 115 117 }, 116 118 success:function(data){ -
wc-peach-payments-gateway/trunk/README.md
r3298475 r3398802 7 7 Tested up to: 6.8 8 8 Requires PHP: 7.4 9 Stable tag: 3.3. 610 Version: 3.3. 69 Stable tag: 3.3.7 10 Version: 3.3.7 11 11 License: GPLv3 12 12 ``` -
wc-peach-payments-gateway/trunk/README.txt
r3298475 r3398802 5 5 Tested up to: 6.8 6 6 Requires PHP: 7.4 7 Stable tag: 3.3. 68 Version: 3.3. 67 Stable tag: 3.3.7 8 Version: 3.3.7 9 9 License: GPLv3 10 10 … … 45 45 46 46 == Changelog == 47 48 = 3.3.7 = 49 * Enhancement - Added MauCas as a new payment method to Consolidated Payments. 50 * Enhancement - Showing first 6 payement logos now instead of 4. 51 * Enhancement - Add Card on File parameters for existing subscriptions 52 * Fix - Vulnerability checks for Ajax calls. 47 53 48 54 = 3.3.6 = -
wc-peach-payments-gateway/trunk/assets/js/front-peach.js
r3210369 r3398802 31 31 action: 'peachCardUpdateOrder', 32 32 cardID: card_id, 33 orderID: order_id 33 orderID: order_id, 34 ajax_nonce: peach_ajax_object.ajax_nonce 34 35 }, 35 36 success:function(data){ … … 112 113 mystatus: status, 113 114 transaction: transactionid, 114 mycode: code 115 mycode: code, 116 ajax_nonce: peach_ajax_object.ajax_nonce 115 117 }, 116 118 success:function(data){ -
wc-peach-payments-gateway/trunk/changelog.txt
r3298475 r3398802 1 1 *** Peach Payments Gateway Changelog *** 2 3 2025.11.19 - Version 3.3.7 4 * Enhancement - Added MauCas as a new payment method to Consolidated Payments. 5 * Enhancement - Showing first 6 payement logos now instead of 4. 6 * Enhancement - Add Card on File parameters for existing subscriptions 7 * Fix - Vulnerability checks for Ajax calls. 2 8 3 9 2025.05.22 - version 3.3.6 -
wc-peach-payments-gateway/trunk/woocommerce-gateway-peach-payments.php
r3298475 r3398802 6 6 * Author: Peach Payments 7 7 * Author URI: https://peachpayments.com 8 * Version: 3.3. 68 * Version: 3.3.7 9 9 * Requires at least: 6.8 10 10 * Tested up to: 6.8 … … 290 290 'BLINKBYEMTEL' => 'Blink by EMTEL', 291 291 'MCBJUICE' => 'MCB Juice', 292 'FLOAT' => 'Float' 292 'FLOAT' => 'Float', 293 'MAUCAS' => 'MauCAS' 293 294 ), 294 295 'default' => array('VISA','MASTER', 'CAPITECPAY', 'EFTSECURE', 'MOBICRED', 'SCANTOPAY'), … … 337 338 'BLINKBYEMTEL' => 'Blink by EMTEL', 338 339 'MCBJUICE' => 'MCB Juice', 339 'FLOAT' => 'Float' 340 'FLOAT' => 'Float', 341 'MAUCAS' => 'MauCAS' 340 342 ), 341 343 'default' => array('VISA','MASTER', 'CAPITECPAY', 'EFTSECURE'), … … 620 622 }else if($value == 'MCBJUICE'){ 621 623 $methodName = 'MCB Juice'; 624 }else if($value == 'MAUCAS'){ 625 $methodName = 'MauCAS'; 622 626 } 623 627 624 if($index < 4){628 if($index < 6){ 625 629 $payIcons .= '<div class="peach-method"><img name="" src="'.WC_PEACH_PLUGIN_URL.'/assets/images/'.$value.'.png" width="38" height="20" alt="" /><div class="peach-method-tooltip">'.$methodName.'</div></div>'; 626 630 }else{ … … 793 797 } 794 798 curl_close($ch); 799 800 $InitiatedTransactionID = ''; 801 if (isset($response->resultDetails)) { 802 if (isset($response->resultDetails->CardholderInitiatedTransactionID)) { 803 $InitiatedTransactionID = $response->resultDetails->CardholderInitiatedTransactionID; 804 } 805 }else if(isset($response->standingInstruction)){ 806 if(isset($response->standingInstruction->initialTransactionId)){ 807 $InitiatedTransactionID = $response->standingInstruction->initialTransactionId; 808 } 809 } 795 810 796 811 $paymentBrand = ''; … … 859 874 add_post_meta( $seqOrderID, 'payment_order_id', $response->id ); 860 875 add_post_meta( $seqOrderID, 'peach_api_trigger', 'process_payment' ); 861 update_post_meta($seqOrderID, "_checkout_payment_option", $paymentBrand); 876 update_post_meta($seqOrderID, "_checkout_payment_option", $paymentBrand); //$InitiatedTransactionID 877 update_post_meta($seqOrderID, "payment_initial_id", $InitiatedTransactionID); 862 878 863 879 if ( is_user_logged_in() ) { … … 973 989 add_post_meta( $seqOrderID, 'peach_api_trigger', 'process_payment' ); 974 990 991 if(isset($status[4])){ 992 update_post_meta($status[1], "payment_initial_id", $status[4]); 993 } 994 975 995 wp_safe_redirect($this->order_received_page_url.'/'.$orderNew->get_id().'/?key='.$orderNew->get_order_key() ); 976 996 exit; … … 1062 1082 update_post_meta($seqOrderID, "_checkout_payment_option", $paymentBrand); 1063 1083 1084 $InitiatedTransactionID = ''; 1085 if (isset($_POST['resultDetails'])) { 1086 if (isset($_POST['resultDetails']['CardholderInitiatedTransactionID'])) { 1087 $InitiatedTransactionID = $_POST['resultDetails']['CardholderInitiatedTransactionID']; 1088 } 1089 }else if(isset($_POST['standingInstruction'])){ 1090 if(isset($_POST['standingInstruction']['initialTransactionId'])){ 1091 $InitiatedTransactionID = $_POST['standingInstruction']['initialTransactionId']; 1092 } 1093 } 1094 1095 update_post_meta($seqOrderID, "payment_initial_id", $InitiatedTransactionID); 1096 1064 1097 wp_safe_redirect( $this->order_received_page_url.'/'.$orderNew->get_id().'/?key='.$orderNew->get_order_key() ); 1065 1098 exit; … … 1221 1254 1222 1255 if(isset($this->recurringid) && $this->recurringid != ''){ 1256 1223 1257 $url = $this->process_checkout_url."/v1/registrations/".$id."/payments"; 1224 1258 $data = "entityId=".$this->recurringid. … … 1229 1263 "&standingInstruction.mode=REPEATED" . 1230 1264 "&standingInstruction.type=RECURRING" . 1231 "&standingInstruction.source=MIT"; 1265 "&standingInstruction.source=MIT". 1266 "&standingInstruction.recurringType=SUBSCRIPTION"; 1267 1268 $payment_initial_id = get_post_meta( $parent_order_id, 'payment_initial_id', true ); 1269 $logger_id = array(); 1270 if ( ! empty( $payment_initial_id ) ) { 1271 $logger_id['initial_id'] = $payment_initial_id; 1272 $data .= "&standingInstruction.initialTransactionId=".$payment_initial_id; 1273 }else{ 1274 $entityId = $this->secureid; 1275 $transactionID = get_post_meta( $parent_order_id, 'payment_order_id', true ); 1276 1277 $payment_initial_id = $this->getInitialID($this->accesstoken, $entityId, $transactionID); 1278 1279 if(!empty($payment_initial_id)){ 1280 $data .= "&standingInstruction.initialTransactionId=".$payment_initial_id; 1281 $logger_id['initial_id'] = $payment_initial_id; 1282 }else{ 1283 $logger_id['initial_id'] = 'Could not retrieve id via Peach API'; 1284 $logger_id['api-data-sent'] = $data; 1285 } 1286 } 1287 $logger->info( "\n".print_r($logger_id, true)."\n\n", array( 'source' => 'peach-get-payment-initial-id' ) ); 1232 1288 1233 1289 $ch = curl_init(); … … 1288 1344 } 1289 1345 } 1290 1291 function receipt_page( $order_id ) { 1292 1293 global $woocommerce; 1294 1346 1347 function getInitialID($accesstoken, $entityId, $transactionID){ 1295 1348 $logger = wc_get_logger(); 1296 1349 $logger_info = array(); 1297 $logger_info['settings'] = $this->logger_info_settings; 1298 $logger_info['urls'] = array( 1299 'process_checkout' => $this->process_checkout_url, 1300 'request_checkout' => $this->request_checkout_url, 1301 'request_status' => $this->request_status_url, 1302 'request_pre_status' => $this->request_pre_status_url, 1303 'request_refund' => $this->request_refund_url, 1304 'checkout_page' => $this->checkout_page_url, 1305 'order_received_page' => $this->order_received_page_url, 1306 'order_pay_page' => $this->order_pay_page_url, 1307 'shopperResultUrl' => WC_PEACH_SITE_URL.'?wc-api=WC_Peach_Payments' 1308 ); 1350 1351 $url = $this->process_checkout_url.'/v3/query/'.$transactionID.'?entityId='.$entityId; 1352 1353 $headers = [ 1354 'Authorization: Bearer '.$accesstoken, 1355 'Content-Type: application/x-www-form-urlencoded' 1356 ]; 1357 1358 $data = http_build_query([ 1359 'entityId' => $entityId 1360 ]); 1361 1362 //First Test 1363 $ch = curl_init(); 1364 curl_setopt_array($ch, [ 1365 CURLOPT_URL => $url, 1366 CURLOPT_RETURNTRANSFER => true, 1367 CURLOPT_CUSTOMREQUEST => 'GET', 1368 CURLOPT_HTTPHEADER => $headers, 1369 CURLOPT_POSTFIELDS => $data, 1370 ]); 1371 1372 $responseData = curl_exec($ch); 1373 $response = json_decode($responseData); 1374 1375 $payment_initial_id = $CardholderInitiatedTransactionID = ''; 1376 1377 if (!empty($response->records) && is_array($response->records)) { 1378 foreach ($response->records as $record) { 1379 if(!empty($record->resultDetails->CardholderInitiatedTransactionID)) { 1380 $payment_initial_id = $record->resultDetails->CardholderInitiatedTransactionID; 1381 break; 1382 }else if(!empty($record->standingInstruction->initialTransactionId)){ 1383 $payment_initial_id = $record->standingInstruction->initialTransactionId; 1384 break; 1385 } 1386 } 1387 } 1388 1389 return $payment_initial_id; 1390 } 1391 1392 function receipt_page( $order_id ) { 1393 1394 global $woocommerce; 1395 1396 $logger = wc_get_logger(); 1397 $logger_info = array(); 1309 1398 1310 1399 $seqOrderID = $order_id; … … 1445 1534 if($subscribe_test[1]){ 1446 1535 $logger_info['errors'] = array( 1447 'Order ID' => $seqOrderID,1448 1536 'Response' => 'Mixed baskets detected.', 1449 1537 ); … … 1493 1581 $embed_errors = true; 1494 1582 $logger_info['errors'] = array( 1495 'order' => $order_id,1496 1583 'embed_token' => 'error', 1497 1584 ); … … 1505 1592 $embed_errors = true; 1506 1593 $logger_info['errors'] = array( 1507 'order' => $order_id,1508 1594 'embed_token' => 'token error', 1509 1595 ); … … 1611 1697 1612 1698 }else if($payOption == 'dontsave' || $payOption == 'saveinfo' || $payOption == 'savedcards'){ 1699 1613 1700 //New 3D Secure Rule. Address can't exceed 50 chars 1614 1701 $billing_address = substr($order->get_billing_address_1(),0,50); … … 1705 1792 curl_setopt($ch, CURLOPT_URL, $url); 1706 1793 curl_setopt($ch, CURLOPT_HTTPHEADER, array( 1707 1794 'Authorization:Bearer '. $this->accesstoken)); 1708 1795 curl_setopt($ch, CURLOPT_POST, 1); 1709 1796 curl_setopt($ch, CURLOPT_POSTFIELDS, $data); … … 1750 1837 var expiry = jQuery('.wpwl-control-expiry').val(); 1751 1838 expiry = expiry.replace(/\s/g, ''); 1752 1839 1753 1840 var currentDate = new Date(); 1754 1841 var inputYear = parseInt(expiry.substr(3, 2), 10) + 2000; … … 1782 1869 } 1783 1870 }, 1784 1871 onBeforeSubmitCard: function(e){ 1785 1872 return validateExpiry(e); 1786 1873 } 1787 1874 } 1788 1875 function validateExpiry(e){ … … 1791 1878 var expiry = jQuery('.wpwl-control-expiry').val(); 1792 1879 expiry = expiry.replace(/\s/g, ''); 1793 1880 1794 1881 var currentDate = new Date(); 1795 1882 var inputYear = parseInt(expiry.substr(3, 2), 10) + 2000; … … 1824 1911 } 1825 1912 1826 $brands_exclude = array("CAPITECPAY", "EFTSECURE", "MOBICRED", "1VOUCHER", "SCANTOPAY", "APPLE", "MPESA", "PAYFLEX", "ZEROPAY", "INSTANTEFT", "BLINKBYEMTEL", "MCBJUICE", "PAYPAL", "FLOAT" );1913 $brands_exclude = array("CAPITECPAY", "EFTSECURE", "MOBICRED", "1VOUCHER", "SCANTOPAY", "APPLE", "MPESA", "PAYFLEX", "ZEROPAY", "INSTANTEFT", "BLINKBYEMTEL", "MCBJUICE", "PAYPAL", "FLOAT", "MAUCAS" ); 1827 1914 $brands_opts = $this->consolidated_label_logos; 1828 1915 if($brands_opts && $brands_opts != ''){ … … 1837 1924 if(isset($responseData->result->description) && isset($responseData->result->code)){ 1838 1925 $logger_info['errors'] = array( 1839 'Order ID' => $order_id,1840 1926 'Response Code' => $responseCode, 1841 1927 'Response' => (array)$responseData, … … 1845 1931 }else if(isset($curlError)){ 1846 1932 $logger_info['errors'] = array( 1847 'Order ID' => $order_id,1848 1933 'Response' => 'Error [Curl] '.$curlError 1849 1934 ); … … 1852 1937 }else{ 1853 1938 $logger_info['errors'] = array( 1854 'Order ID' => $order_id,1855 1939 'Response' => (array)$responseData, 1856 1940 ); … … 1980 2064 1981 2065 if(isset($response->result->code)){ 1982 return array($response->result->code, $seqOrderID, $response->payments[0]->id, $response->payments[0]->paymentBrand); 2066 $result = [ 2067 $response->result->code, 2068 $seqOrderID, 2069 $response->payments[0]->id, 2070 $response->payments[0]->id 2071 ]; 2072 2073 $InitiatedTransactionID = ''; 2074 if (isset($response->resultDetails)) { 2075 if (isset($response->resultDetails->CardholderInitiatedTransactionID)) { 2076 $result[] = $response->resultDetails->CardholderInitiatedTransactionID; 2077 } 2078 }else if(isset($response->standingInstruction)){ 2079 if(isset($response->standingInstruction->initialTransactionId)){ 2080 $result[] = $response->standingInstruction->initialTransactionId; 2081 } 2082 } 2083 2084 return $result; 1983 2085 }else{ 1984 2086 $logger_info['error'] = array( … … 3533 3635 '; 3534 3636 3535 $brands_exclude = array("CAPITECPAY", "EFTSECURE", "MOBICRED", "1VOUCHER", "SCANTOPAY", "APPLE", "MPESA", "PAYFLEX", "ZEROPAY", "INSTANTEFT", "BLINKBYEMTEL", "MCBJUICE", "PAYPAL", "FLOAT" );3637 $brands_exclude = array("CAPITECPAY", "EFTSECURE", "MOBICRED", "1VOUCHER", "SCANTOPAY", "APPLE", "MPESA", "PAYFLEX", "ZEROPAY", "INSTANTEFT", "BLINKBYEMTEL", "MCBJUICE", "PAYPAL", "FLOAT", "MAUCAS" ); 3536 3638 $brands_opts = $peachOptions['consolidated_label_logos']; 3537 3639 if($brands_opts && $brands_opts != ''){ … … 3744 3846 } 3745 3847 3848 3849 /* Old Function */ 3850 /* 3746 3851 function peachCardUpdateOrder_funct(){ 3747 3852 $cardID = $_REQUEST['cardID']; … … 3753 3858 die(); 3754 3859 } 3755 add_action('wp_ajax_nopriv_peachCardUpdateOrder', 'peachCardUpdateOrder_funct'); 3860 */ 3861 /* New Function */ 3862 function peachCardUpdateOrder_funct() { 3863 3864 check_ajax_referer( 'ajax-nonce', 'ajax_nonce' ); 3865 3866 if ( ! is_user_logged_in() ) { 3867 wp_die( 3868 esc_html__( 'Unauthorized', 'woocommerce-gateway-peach-payments' ), 3869 '', 3870 array( 'response' => 403 ) 3871 ); 3872 } 3873 3874 $card_id = isset( $_REQUEST['cardID'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['cardID'] ) ) : ''; 3875 $order_id = isset( $_REQUEST['orderID'] ) ? absint( $_REQUEST['orderID'] ) : 0; 3876 3877 if ( ! $card_id || ! $order_id ) { 3878 wp_die( 3879 esc_html__( 'Invalid request parameters', 'woocommerce-gateway-peach-payments' ), 3880 '', 3881 array( 'response' => 400 ) 3882 ); 3883 } 3884 3885 $order = wc_get_order( $order_id ); 3886 3887 if ( ! $order ) { 3888 wp_die( 3889 esc_html__( 'Invalid order', 'woocommerce-gateway-peach-payments' ), 3890 '', 3891 array( 'response' => 404 ) 3892 ); 3893 } 3894 3895 // Authorisation: user must own the order or have manage_woocommerce capability. 3896 $current_user_id = get_current_user_id(); 3897 $order_user_id = (int) $order->get_user_id(); 3898 3899 if ( $order_user_id && $order_user_id !== $current_user_id && ! current_user_can( 'manage_woocommerce' ) ) { 3900 wp_die( 3901 esc_html__( 'You are not allowed to modify this order', 'woocommerce-gateway-peach-payments' ), 3902 '', 3903 array( 'response' => 403 ) 3904 ); 3905 } 3906 3907 // Guest orders (no user attached) can only be updated by privileged users. 3908 if ( ! $order_user_id && ! current_user_can( 'manage_woocommerce' ) ) { 3909 wp_die( 3910 esc_html__( 'You are not allowed to modify this order', 'woocommerce-gateway-peach-payments' ), 3911 '', 3912 array( 'response' => 403 ) 3913 ); 3914 } 3915 3916 $new_reg_id = update_post_meta( $order_id, 'payment_registration_id', $card_id ); 3917 3918 echo (int) $new_reg_id; 3919 wp_die(); 3920 } 3921 //add_action('wp_ajax_nopriv_peachCardUpdateOrder', 'peachCardUpdateOrder_funct'); Removed for Security 3756 3922 add_action('wp_ajax_peachCardUpdateOrder', 'peachCardUpdateOrder_funct'); 3757 3923 3924 /*Olf Function*/ 3925 /* 3758 3926 function peachEmbedUpdateOrder_funct(){ 3759 3927 $status = $_REQUEST['mystatus']; … … 3784 3952 echo $return_url; 3785 3953 die(); 3954 } 3955 */ 3956 3957 /*New Function*/ 3958 function peachEmbedUpdateOrder_funct() { 3959 3960 check_ajax_referer( 'ajax-nonce', 'ajax_nonce' ); 3961 3962 $status = isset( $_REQUEST['mystatus'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['mystatus'] ) ) : ''; 3963 $transactionID = isset( $_REQUEST['transaction'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['transaction'] ) ) : ''; 3964 $code = isset( $_REQUEST['mycode'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['mycode'] ) ) : ''; 3965 // Optional extra protection – front-end can send the order key as well. 3966 $order_key = isset( $_REQUEST['order_key'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['order_key'] ) ) : ''; 3967 3968 $return_url = ''; 3969 3970 if ( '' === $transactionID || '' === $status || '' === $code ) { 3971 wp_die( 3972 esc_html__( 'Invalid request', 'woocommerce-gateway-peach-payments' ), 3973 '', 3974 array( 'response' => 400 ) 3975 ); 3976 } 3977 3978 $originalid = str_replace( 'Checkout', '', $transactionID ); 3979 $id = absint( ltrim( $originalid, '0' ) ); 3980 3981 if ( ! $id ) { 3982 wp_die( 3983 esc_html__( 'Invalid transaction reference', 'woocommerce-gateway-peach-payments' ), 3984 '', 3985 array( 'response' => 400 ) 3986 ); 3987 } 3988 3989 $order = wc_get_order( $id ); 3990 3991 if ( ! $order ) { 3992 wp_die( 3993 esc_html__( 'Order not found', 'woocommerce-gateway-peach-payments' ), 3994 '', 3995 array( 'response' => 404 ) 3996 ); 3997 } 3998 3999 // If an order key is supplied, it must match this order. 4000 if ( $order_key && $order_key !== $order->get_order_key() ) { 4001 wp_die( 4002 esc_html__( 'Order verification failed', 'woocommerce-gateway-peach-payments' ), 4003 '', 4004 array( 'response' => 403 ) 4005 ); 4006 } 4007 4008 // If the order is attached to a user and the requester is logged in, 4009 // enforce ownership or manage_woocommerce capability. 4010 $order_user_id = (int) $order->get_user_id(); 4011 if ( is_user_logged_in() && $order_user_id ) { 4012 $current_user_id = get_current_user_id(); 4013 if ( $current_user_id !== $order_user_id && ! current_user_can( 'manage_woocommerce' ) ) { 4014 wp_die( 4015 esc_html__( 'You are not allowed to modify this order', 'woocommerce-gateway-peach-payments' ), 4016 '', 4017 array( 'response' => 403 ) 4018 ); 4019 } 4020 } 4021 4022 // Only accept known status/code combinations. 4023 if ( 'complete' === $status && '000.100.110' === $code ) { 4024 $order->add_order_note( 'Peach Embedded Payment Successfull.', 0, false ); 4025 $order->update_status( 'processing', __( 'Order being processed.', 'woocommerce' ) ); 4026 add_post_meta( $id, 'peach_api_trigger', 'process_embedded' ); 4027 $return_url = $order->get_checkout_order_received_url(); 4028 } elseif ( 'cancelled' === $status ) { 4029 $order->add_order_note( 'Peach Embedded Payment Cancelled.', 0, false ); 4030 $return_url = $order->get_cancel_order_url_raw(); 4031 } else { 4032 $order->add_order_note( 'Peach Embedded Payment Expired.', 0, false ); 4033 $return_url = $order->get_cancel_order_url_raw(); 4034 } 4035 4036 $order->save(); 4037 4038 echo esc_url_raw( $return_url ); 4039 wp_die(); 3786 4040 } 3787 4041 add_action('wp_ajax_nopriv_peachEmbedUpdateOrder', 'peachEmbedUpdateOrder_funct');
Note: See TracChangeset
for help on using the changeset viewer.