diff --git a/modules/ppcp-subscription/src/Helper/SubscriptionHelper.php b/modules/ppcp-subscription/src/Helper/SubscriptionHelper.php index 88f191d4c..cb4521f37 100644 --- a/modules/ppcp-subscription/src/Helper/SubscriptionHelper.php +++ b/modules/ppcp-subscription/src/Helper/SubscriptionHelper.php @@ -120,6 +120,7 @@ class SubscriptionHelper { * @return bool Whether page is change subscription or not. */ public function is_subscription_change_payment(): bool { + // phpcs:ignore WordPress.Security.NonceVerification.Recommended if ( ! isset( $_GET['pay_for_order'] ) || ! isset( $_GET['change_payment_method'] ) ) { return false; } diff --git a/modules/ppcp-subscription/src/SubscriptionModule.php b/modules/ppcp-subscription/src/SubscriptionModule.php index cf70a9848..aba7821d4 100644 --- a/modules/ppcp-subscription/src/SubscriptionModule.php +++ b/modules/ppcp-subscription/src/SubscriptionModule.php @@ -100,6 +100,7 @@ class SubscriptionModule implements ModuleInterface { add_filter( 'ppcp_create_order_request_body_data', function( array $data ) use ( $c ) { + // phpcs:ignore WordPress.Security.NonceVerification.Recommended $wc_order_action = wc_clean( wp_unslash( $_POST['wc_order_action'] ?? '' ) ); if ( $wc_order_action === 'wcs_process_renewal' diff --git a/modules/ppcp-wc-gateway/src/Assets/SettingsPageAssets.php b/modules/ppcp-wc-gateway/src/Assets/SettingsPageAssets.php index dbb48ae66..bab40245e 100644 --- a/modules/ppcp-wc-gateway/src/Assets/SettingsPageAssets.php +++ b/modules/ppcp-wc-gateway/src/Assets/SettingsPageAssets.php @@ -87,8 +87,10 @@ class SettingsPageAssets { return false; } + // phpcs:disable WordPress.Security.NonceVerification.Recommended $tab = wc_clean( wp_unslash( $_GET['tab'] ?? '' ) ); $section = wc_clean( wp_unslash( $_GET['section'] ?? '' ) ); + // phpcs:enable WordPress.Security.NonceVerification.Recommended return 'checkout' === $tab && 'ppcp-gateway' === $section; } diff --git a/modules/ppcp-wc-gateway/src/Gateway/CardButtonGateway.php b/modules/ppcp-wc-gateway/src/Gateway/CardButtonGateway.php index 616a2ea48..8b4412671 100644 --- a/modules/ppcp-wc-gateway/src/Gateway/CardButtonGateway.php +++ b/modules/ppcp-wc-gateway/src/Gateway/CardButtonGateway.php @@ -275,6 +275,7 @@ class CardButtonGateway extends \WC_Payment_Gateway { * If customer has chosen change Subscription payment. */ if ( $this->subscription_helper->has_subscription( $order_id ) && $this->subscription_helper->is_subscription_change_payment() ) { + // phpcs:ignore WordPress.Security.NonceVerification.Recommended $saved_paypal_payment = wc_clean( wp_unslash( $_POST['saved_paypal_payment'] ?? '' ) ); if ( $saved_paypal_payment ) { update_post_meta( $order_id, 'payment_token_id', $saved_paypal_payment ); diff --git a/modules/ppcp-wc-gateway/src/Gateway/CreditCardGateway.php b/modules/ppcp-wc-gateway/src/Gateway/CreditCardGateway.php index e204d52d7..e2c9c7c77 100644 --- a/modules/ppcp-wc-gateway/src/Gateway/CreditCardGateway.php +++ b/modules/ppcp-wc-gateway/src/Gateway/CreditCardGateway.php @@ -360,6 +360,7 @@ class CreditCardGateway extends \WC_Payment_Gateway_CC { /** * If customer has chosen a saved credit card payment. */ + // phpcs:ignore WordPress.Security.NonceVerification.Recommended $saved_credit_card = wc_clean( wp_unslash( $_POST['saved_credit_card'] ?? '' ) ); if ( $saved_credit_card ) { try { diff --git a/modules/ppcp-wc-gateway/src/Gateway/OXXO/OXXO.php b/modules/ppcp-wc-gateway/src/Gateway/OXXO/OXXO.php index 1ca22fc2b..d5ecdd8b0 100644 --- a/modules/ppcp-wc-gateway/src/Gateway/OXXO/OXXO.php +++ b/modules/ppcp-wc-gateway/src/Gateway/OXXO/OXXO.php @@ -138,6 +138,7 @@ class OXXO { 'add_meta_boxes', function( string $post_type ) { if ( $post_type === 'shop_order' ) { + // phpcs:ignore WordPress.Security.NonceVerification.Recommended $post_id = wc_clean( wp_unslash( $_GET['post'] ?? '' ) ); $order = wc_get_order( $post_id ); if ( is_a( $order, WC_Order::class ) && $order->get_payment_method() === OXXOGateway::ID ) { @@ -182,6 +183,7 @@ class OXXO { return false; } + // phpcs:ignore WordPress.Security.NonceVerification.Recommended $billing_country = wc_clean( wp_unslash( $_POST['country'] ?? '' ) ); if ( $billing_country && 'MX' !== $billing_country ) { return false; diff --git a/modules/ppcp-wc-gateway/src/Gateway/PayPalGateway.php b/modules/ppcp-wc-gateway/src/Gateway/PayPalGateway.php index e44b5aeb6..87c1b88fd 100644 --- a/modules/ppcp-wc-gateway/src/Gateway/PayPalGateway.php +++ b/modules/ppcp-wc-gateway/src/Gateway/PayPalGateway.php @@ -400,8 +400,8 @@ class PayPalGateway extends \WC_Payment_Gateway { ); } + // phpcs:ignore WordPress.Security.NonceVerification.Recommended $funding_source = wc_clean( wp_unslash( $_POST['ppcp-funding-source'] ?? '' ) ); - if ( 'card' !== $funding_source && $this->is_free_trial_order( $wc_order ) ) { $user_id = (int) $wc_order->get_customer_id(); $tokens = $this->payment_token_repository->all_for_user_id( $user_id ); @@ -423,6 +423,7 @@ class PayPalGateway extends \WC_Payment_Gateway { * If customer has chosen change Subscription payment. */ if ( $this->subscription_helper->has_subscription( $order_id ) && $this->subscription_helper->is_subscription_change_payment() ) { + // phpcs:ignore WordPress.Security.NonceVerification.Recommended $saved_paypal_payment = wc_clean( wp_unslash( $_POST['saved_paypal_payment'] ?? '' ) ); if ( $saved_paypal_payment ) { update_post_meta( $order_id, 'payment_token_id', $saved_paypal_payment ); diff --git a/modules/ppcp-wc-gateway/src/Gateway/PayUponInvoice/PayUponInvoice.php b/modules/ppcp-wc-gateway/src/Gateway/PayUponInvoice/PayUponInvoice.php index baf9de13e..fe83b58fe 100644 --- a/modules/ppcp-wc-gateway/src/Gateway/PayUponInvoice/PayUponInvoice.php +++ b/modules/ppcp-wc-gateway/src/Gateway/PayUponInvoice/PayUponInvoice.php @@ -409,6 +409,7 @@ class PayUponInvoice { add_action( 'woocommerce_after_checkout_validation', function( array $fields, WP_Error $errors ) { + // phpcs:ignore WordPress.Security.NonceVerification.Recommended $payment_method = wc_clean( wp_unslash( $_POST['payment_method'] ?? '' ) ); if ( PayUponInvoiceGateway::ID !== $payment_method ) { return; @@ -418,6 +419,7 @@ class PayUponInvoice { $errors->add( 'validation', __( 'Billing country not available.', 'woocommerce-paypal-payments' ) ); } + // phpcs:ignore WordPress.Security.NonceVerification.Recommended $birth_date = wc_clean( wp_unslash( $_POST['billing_birth_date'] ?? '' ) ); if ( ( $birth_date && ! $this->checkout_helper->validate_birth_date( $birth_date ) ) || $birth_date === '' ) { $errors->add( 'validation', __( 'Invalid birth date.', 'woocommerce-paypal-payments' ) ); @@ -484,18 +486,9 @@ class PayUponInvoice { add_action( 'woocommerce_update_options_checkout_ppcp-pay-upon-invoice-gateway', function () { - $customer_service_instructions = wc_clean( wp_unslash( $_POST['woocommerce_ppcp-pay-upon-invoice-gateway_customer_service_instructions'] ?? '' ) ); - if ( '' === $customer_service_instructions ) { - $gateway_settings = get_option( 'woocommerce_ppcp-pay-upon-invoice-gateway_settings' ); - $gateway_enabled = $gateway_settings['enabled'] ?? ''; - if ( 'yes' === $gateway_enabled ) { - $gateway_settings['enabled'] = 'no'; - update_option( 'woocommerce_ppcp-pay-upon-invoice-gateway_settings', $gateway_settings ); - - $redirect_url = admin_url( 'admin.php?page=wc-settings&tab=checkout§ion=ppcp-pay-upon-invoice-gateway' ); - wp_safe_redirect( $redirect_url ); - exit; - } + $gateway = WC()->payment_gateways()->payment_gateways()[ PayUponInvoiceGateway::ID ]; + if ( $gateway && $gateway->get_option( 'customer_service_instructions' ) === '' ) { + $gateway->update_option( 'enabled', 'no' ); } } ); @@ -537,6 +530,7 @@ class PayUponInvoice { 'add_meta_boxes', function( string $post_type ) { if ( $post_type === 'shop_order' ) { + // phpcs:ignore WordPress.Security.NonceVerification.Recommended $post_id = wc_clean( wp_unslash( $_GET['post'] ?? 0 ) ); $order = wc_get_order( $post_id ); if ( is_a( $order, WC_Order::class ) && $order->get_payment_method() === PayUponInvoiceGateway::ID ) { diff --git a/modules/ppcp-wc-gateway/src/Gateway/PayUponInvoice/PayUponInvoiceGateway.php b/modules/ppcp-wc-gateway/src/Gateway/PayUponInvoice/PayUponInvoiceGateway.php index 628184b5f..2afa61b78 100644 --- a/modules/ppcp-wc-gateway/src/Gateway/PayUponInvoice/PayUponInvoiceGateway.php +++ b/modules/ppcp-wc-gateway/src/Gateway/PayUponInvoice/PayUponInvoiceGateway.php @@ -203,8 +203,8 @@ class PayUponInvoiceGateway extends WC_Payment_Gateway { */ public function process_payment( $order_id ) { $wc_order = wc_get_order( $order_id ); + // phpcs:disable WordPress.Security.NonceVerification.Recommended $birth_date = wc_clean( wp_unslash( $_POST['billing_birth_date'] ?? '' ) ); - $pay_for_order = wc_clean( wp_unslash( $_GET['pay_for_order'] ?? '' ) ); if ( 'true' === $pay_for_order ) { if ( ! $this->checkout_helper->validate_birth_date( $birth_date ) ) { @@ -216,6 +216,7 @@ class PayUponInvoiceGateway extends WC_Payment_Gateway { } $phone_number = wc_clean( wp_unslash( $_POST['billing_phone'] ?? '' ) ); + // phpcs:enable WordPress.Security.NonceVerification.Recommended if ( $phone_number ) { $wc_order->set_billing_phone( $phone_number ); $wc_order->save(); diff --git a/modules/ppcp-wc-gateway/src/Helper/PayUponInvoiceHelper.php b/modules/ppcp-wc-gateway/src/Helper/PayUponInvoiceHelper.php index 6bf0d126b..439ce3ee1 100644 --- a/modules/ppcp-wc-gateway/src/Helper/PayUponInvoiceHelper.php +++ b/modules/ppcp-wc-gateway/src/Helper/PayUponInvoiceHelper.php @@ -54,6 +54,7 @@ class PayUponInvoiceHelper { return false; } + // phpcs:ignore WordPress.Security.NonceVerification.Recommended $billing_country = wc_clean( wp_unslash( $_POST['country'] ?? '' ) ); if ( $billing_country && 'DE' !== $billing_country ) { return false;