From 2616974c123c7b066716d73cec26a66b2d602cdc Mon Sep 17 00:00:00 2001
From: Narek Zakarian <narekzakarian@gmail.com>
Date: Fri, 21 Mar 2025 19:06:09 +0400
Subject: [PATCH] Restrict the BN code to return only the white listed values

---
 modules/ppcp-api-client/src/Helper/PartnerAttribution.php | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/modules/ppcp-api-client/src/Helper/PartnerAttribution.php b/modules/ppcp-api-client/src/Helper/PartnerAttribution.php
index 486c579a6..f83aeb292 100644
--- a/modules/ppcp-api-client/src/Helper/PartnerAttribution.php
+++ b/modules/ppcp-api-client/src/Helper/PartnerAttribution.php
@@ -80,6 +80,12 @@ class PartnerAttribution {
 	 * @return string The stored BN Code, or the default value if no path is detected.
 	 */
 	public function get_bn_code(): string {
-		return get_option( $this->bn_code_option_name, $this->default_bn_code ) ?? $this->default_bn_code;
+		$bn_code = get_option( $this->bn_code_option_name, $this->default_bn_code ) ?? $this->default_bn_code;
+
+		if ( ! in_array( $bn_code, $this->bn_codes, true ) && $bn_code !== $this->default_bn_code ) {
+			return $this->default_bn_code;
+		}
+
+		return $bn_code;
 	}
 }