diff --git a/modules/ppcp-vaulting/src/PaymentTokensMigration.php b/modules/ppcp-vaulting/src/PaymentTokensMigration.php index 792ab7bf1..b951d089c 100644 --- a/modules/ppcp-vaulting/src/PaymentTokensMigration.php +++ b/modules/ppcp-vaulting/src/PaymentTokensMigration.php @@ -39,7 +39,7 @@ class PaymentTokensMigration { * * @param int $id WooCommerce customer id. */ - public function migrate_payment_tokens_for_user( int $id ) { + public function migrate_payment_tokens_for_user( int $id ):void { $tokens = (array) get_user_meta( $id, PaymentTokenRepository::USER_META, true ); $tokens_migrated = 0; diff --git a/modules/ppcp-vaulting/src/VaultingModule.php b/modules/ppcp-vaulting/src/VaultingModule.php index c603d4f53..1cbf6a863 100644 --- a/modules/ppcp-vaulting/src/VaultingModule.php +++ b/modules/ppcp-vaulting/src/VaultingModule.php @@ -10,6 +10,7 @@ declare(strict_types=1); namespace WooCommerce\PayPalCommerce\Vaulting; use RuntimeException; +use WC_Payment_Token; use WC_Payment_Tokens; use WooCommerce\PayPalCommerce\Vendor\Dhii\Container\ServiceProvider; use WooCommerce\PayPalCommerce\Vendor\Dhii\Modular\Module\ModuleInterface; @@ -85,6 +86,11 @@ class VaultingModule implements ModuleInterface { add_filter( 'woocommerce_payment_token_class', + /** + * Param types removed to avoid third-party issues. + * + * @psalm-suppress MissingClosureParamType + */ function ( $type ) { if ( $type === 'WC_Payment_Token_PayPal' ) { return PaymentTokenPayPal::class; @@ -96,7 +102,16 @@ class VaultingModule implements ModuleInterface { add_filter( 'woocommerce_payment_methods_list_item', + /** + * Param types removed to avoid third-party issues. + * + * @psalm-suppress MissingClosureParamType + */ function( $item, $payment_token ) { + if ( ! is_array( $item ) || ! is_a( $payment_token, WC_Payment_Token::class ) ) { + return $item; + } + if ( strtolower( $payment_token->get_type() ) !== 'paypal' ) { return $item; } @@ -126,9 +141,12 @@ class VaultingModule implements ModuleInterface { } $wpnonce = wc_clean( wp_unslash( $_REQUEST['_wpnonce'] ?? '' ) ); + $token_id_string = (string) $token_id; + $action = 'delete-payment-method-' . $token_id_string; if ( $token->get_user_id() !== get_current_user_id() - || ! isset( $wpnonce ) || wp_verify_nonce( $wpnonce, 'delete-payment-method-' . $token_id ) === false + || ! isset( $wpnonce ) || ! is_string($wpnonce) + || wp_verify_nonce( $wpnonce, $action) === false ) { wc_add_notice( __( 'Invalid payment method.', 'woocommerce-paypal-payments' ), 'error' ); wp_safe_redirect( wc_get_account_endpoint_url( 'payment-methods' ) ); diff --git a/modules/ppcp-webhooks/src/Handler/VaultPaymentTokenCreated.php b/modules/ppcp-webhooks/src/Handler/VaultPaymentTokenCreated.php index 57f66c956..56ea614f9 100644 --- a/modules/ppcp-webhooks/src/Handler/VaultPaymentTokenCreated.php +++ b/modules/ppcp-webhooks/src/Handler/VaultPaymentTokenCreated.php @@ -117,8 +117,8 @@ class VaultPaymentTokenCreated implements RequestHandler { $wc_customer_id = (int) str_replace( $this->prefix, '', $customer_id ); $this->authorized_payments_processor->capture_authorized_payments_for_customer( $wc_customer_id ); - if ( isset( $request['resource']['id'] ) ) { - if ( isset( $request['resource']['source']['card'] ) ) { + if ( ! is_null( $request['resource'] ) && isset( $request['resource']['id'] ) ) { + if ( ! is_null( $request['resource']['source'] ) && isset( $request['resource']['source']['card'] ) ) { $token = new WC_Payment_Token_CC(); $token->set_token( $request['resource']['id'] ); $token->set_user_id( $wc_customer_id ); diff --git a/modules/ppcp-webhooks/src/Handler/VaultPaymentTokenDeleted.php b/modules/ppcp-webhooks/src/Handler/VaultPaymentTokenDeleted.php index 1a2fb8288..9a623081f 100644 --- a/modules/ppcp-webhooks/src/Handler/VaultPaymentTokenDeleted.php +++ b/modules/ppcp-webhooks/src/Handler/VaultPaymentTokenDeleted.php @@ -14,8 +14,11 @@ use WC_Payment_Tokens; use WP_REST_Request; use WP_REST_Response; -class VaultPaymentTokenDeleted implements RequestHandler -{ +/** + * Class VaultPaymentTokenDeleted + */ +class VaultPaymentTokenDeleted implements RequestHandler { + /** * The logger. * @@ -24,31 +27,56 @@ class VaultPaymentTokenDeleted implements RequestHandler private $logger; /** - * @param LoggerInterface $logger + * VaultPaymentTokenDeleted constructor. + * + * @param LoggerInterface $logger The logger. */ - public function __construct(LoggerInterface $logger) - { + public function __construct( LoggerInterface $logger ) { $this->logger = $logger; } - public function event_types(): array - { + /** + * The event types a handler handles. + * + * @return string[] + */ + public function event_types(): array { return array( 'VAULT.PAYMENT-TOKEN.DELETED', ); } - public function responsible_for_request(WP_REST_Request $request): bool - { + /** + * Whether a handler is responsible for a given request or not. + * + * @param WP_REST_Request $request The request. + * + * @return bool + */ + public function responsible_for_request( WP_REST_Request $request ): bool { return in_array( $request['event_type'], $this->event_types(), true ); } - public function handle_request(WP_REST_Request $request): WP_REST_Response { + /** + * Responsible for handling the request. + * + * @param WP_REST_Request $request The request. + * + * @return WP_REST_Response + */ + public function handle_request( WP_REST_Request $request ): WP_REST_Response { + $response = array( 'success' => false ); - if(isset($request['resource']['id'])) { - $token_id = wc_clean(wp_unslash($request['resource']['id'] ?? '')); + if ( ! is_null( $request['resource'] ) && isset( $request['resource']['id'] ) ) { + $token_id = wc_clean( wp_unslash( $request['resource']['id'] ?? '' ) ); + /** + * Needed for database query. + * + * @psalm-suppress InvalidGlobal + */ global $wpdb; + $token = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM {$wpdb->prefix}woocommerce_payment_tokens WHERE token=%s", @@ -56,7 +84,7 @@ class VaultPaymentTokenDeleted implements RequestHandler ) ); - if(isset($token->token_id)) { + if ( isset( $token->token_id ) ) { WC_Payment_Tokens::delete( $token->token_id ); } }