From ae21627c11a09d8d558a79db2e163eaf539bde1b Mon Sep 17 00:00:00 2001
From: Daniel Dudzic <d.dudzic@syde.com>
Date: Thu, 26 Jun 2025 23:22:11 +0200
Subject: [PATCH] =?UTF-8?q?=F0=9F=8E=A8=20Fix=20Psalm=20errors?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 modules/ppcp-axo/src/Gateway/AxoGateway.php                | 1 -
 modules/ppcp-settings/src/Data/SettingsModel.php           | 4 ++--
 modules/ppcp-wc-gateway/src/Endpoint/ReturnUrlEndpoint.php | 3 +++
 3 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/modules/ppcp-axo/src/Gateway/AxoGateway.php b/modules/ppcp-axo/src/Gateway/AxoGateway.php
index 1db5ab56e..f43040ceb 100644
--- a/modules/ppcp-axo/src/Gateway/AxoGateway.php
+++ b/modules/ppcp-axo/src/Gateway/AxoGateway.php
@@ -245,7 +245,6 @@ class AxoGateway extends WC_Payment_Gateway {
 			);
 		}
 
-		// Check for tokens to determine if this is a 3DS return or initial payment.
 		// phpcs:ignore WordPress.Security.NonceVerification.Missing
 		$axo_nonce = wc_clean( wp_unslash( $_POST['axo_nonce'] ?? '' ) );
 		// phpcs:ignore WordPress.Security.NonceVerification.Missing
diff --git a/modules/ppcp-settings/src/Data/SettingsModel.php b/modules/ppcp-settings/src/Data/SettingsModel.php
index e7db8469d..8537ff917 100644
--- a/modules/ppcp-settings/src/Data/SettingsModel.php
+++ b/modules/ppcp-settings/src/Data/SettingsModel.php
@@ -233,8 +233,8 @@ class SettingsModel extends AbstractDataModel {
 	/**
 	 * Converts the 3D Secure setting value to the corresponding API enum string.
 	 *
-	 * @param string|null $three_d_secure The 3D Secure setting ('no-3d-secure', 'only-required-3d-secure', 'always-3d-secure')
-	 * @return string The corresponding API enum string ('NO_3D_SECURE', 'SCA_WHEN_REQUIRED', 'SCA_ALWAYS')
+	 * @param string|null $three_d_secure The 3D Secure setting ('no-3d-secure', 'only-required-3d-secure', 'always-3d-secure').
+	 * @return string The corresponding API enum string ('NO_3D_SECURE', 'SCA_WHEN_REQUIRED', 'SCA_ALWAYS').
 	 */
 	public function get_three_d_secure_enum( string $three_d_secure = null ): string {
 		// If no value is provided, use the current setting.
diff --git a/modules/ppcp-wc-gateway/src/Endpoint/ReturnUrlEndpoint.php b/modules/ppcp-wc-gateway/src/Endpoint/ReturnUrlEndpoint.php
index 2d0aaadc8..28fa6c341 100644
--- a/modules/ppcp-wc-gateway/src/Endpoint/ReturnUrlEndpoint.php
+++ b/modules/ppcp-wc-gateway/src/Endpoint/ReturnUrlEndpoint.php
@@ -78,12 +78,14 @@ class ReturnUrlEndpoint {
 	 * Handles the incoming request.
 	 */
 	public function handle_request(): void {
+		// phpcs:ignore WordPress.Security.NonceVerification.Recommended
 		if ( ! isset( $_GET['token'] ) ) {
 			wc_add_notice( __( 'Payment session expired. Please try placing your order again.', 'woocommerce-paypal-payments' ), 'error' );
 			wp_safe_redirect( wc_get_checkout_url() );
 			exit();
 		}
 
+		// phpcs:ignore WordPress.Security.NonceVerification.Recommended
 		$token = sanitize_text_field( wp_unslash( $_GET['token'] ) );
 
 		try {
@@ -184,6 +186,7 @@ class ReturnUrlEndpoint {
 	 * @param mixed $order The PayPal order.
 	 * @return mixed The processed order.
 	 * @throws Exception When 3DS completion fails.
+	 * @throws RuntimeException When API errors occur that don't match decline patterns.
 	 */
 	private function complete_3ds_verification( $order ) {
 		try {