woocommerce/woocommerce-paypal-payments
2
0
Fork 0
mirror of https://github.com/woocommerce/woocommerce-paypal-payments.git synced 2025-09-06 13:44:42 +08:00
Code Issues Projects Packages Wiki Activity Actions

🦺 Add soft descriptor validation for PayPal API

Browse source
This commit is contained in:
Philipp Stracker 2024-11-27 15:14:57 +01:00
parent 7d0504e181
commit 7475b0ce1f
No known key found for this signature in database
1 changed files with 24 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

27
modules/ppcp-api-client/src/Factory/PurchaseUnitFactory.php
View file

@ -127,7 +127,7 @@ class PurchaseUnitFactory {
$description = '';
$custom_id = (string) $order->get_id();
$invoice_id = $this->prefix . $order->get_order_number();
$soft_descriptor = $this->soft_descriptor;
$soft_descriptor = $this->sanitize_soft_descriptor( $this->soft_descriptor );
$purchase_unit = new PurchaseUnit(
$amount,
@ -197,7 +197,7 @@ class PurchaseUnitFactory {
}
}
$invoice_id = '';
$soft_descriptor = $this->soft_descriptor;
$soft_descriptor = $this->sanitize_soft_descriptor( $this->soft_descriptor );
$purchase_unit = new PurchaseUnit(
$amount,
$items,
@ -233,7 +233,7 @@ class PurchaseUnitFactory {
$description = ( isset( $data->description ) ) ? $data->description : '';
$custom_id = ( isset( $data->custom_id ) ) ? $data->custom_id : '';
$invoice_id = ( isset( $data->invoice_id ) ) ? $data->invoice_id : '';
$soft_descriptor = ( isset( $data->soft_descriptor ) ) ? $data->soft_descriptor : $this->soft_descriptor;
$soft_descriptor = $this->sanitize_soft_descriptor( $data->soft_descriptor ?? $this->soft_descriptor );
$items = array();
if ( isset( $data->items ) && is_array( $data->items ) ) {
$items = array_map(
@ -316,4 +316,25 @@ class PurchaseUnitFactory {
$purchase_unit->set_sanitizer( $this->sanitizer );
}
}
/**
* Sanitizes a soft descriptor, ensuring it is limited to 22 chars.
*
* The soft descriptor in the DB is escaped using `wp_kses_post()` which
* escapes certain characters via `wp_kses_normalize_entities()`. This
* helper method reverts those normalized entities back to UTF characters.
*
* @param string $soft_descriptor Soft descriptor to sanitize.
*
* @return string The sanitized soft descriptor.
*/
private function sanitize_soft_descriptor( string $soft_descriptor ) : string {
$decoded = html_entity_decode(
$soft_descriptor,
ENT_QUOTES | ENT_HTML5 | ENT_SUBSTITUTE,
'UTF-8'
);
return substr( $decoded, 0, 22 ) ?: '';
}
}