From bd7bbb36b27df85a643679182cb621a210ad36ad Mon Sep 17 00:00:00 2001
From: Philipp Stracker <p.stracker@syde.com>
Date: Wed, 8 Jan 2025 15:19:50 +0100
Subject: [PATCH] =?UTF-8?q?=E2=99=BB=EF=B8=8F=20Prevent=20upading=20client?=
 =?UTF-8?q?Id/secret=20via=20REST?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 modules/ppcp-settings/src/Data/CommonSettings.php  |  4 ++--
 .../src/Endpoint/CommonRestEndpoint.php            | 14 ++++++--------
 2 files changed, 8 insertions(+), 10 deletions(-)

diff --git a/modules/ppcp-settings/src/Data/CommonSettings.php b/modules/ppcp-settings/src/Data/CommonSettings.php
index 0935734b8..7d4c5a640 100644
--- a/modules/ppcp-settings/src/Data/CommonSettings.php
+++ b/modules/ppcp-settings/src/Data/CommonSettings.php
@@ -57,14 +57,14 @@ class CommonSettings extends AbstractDataModel {
 		return array(
 			'use_sandbox'           => false,
 			'use_manual_connection' => false,
-			'client_id'             => '',
-			'client_secret'         => '',
 
 			// Details about connected merchant account.
 			'merchant_connected'    => false,
 			'sandbox_merchant'      => false,
 			'merchant_id'           => '',
 			'merchant_email'        => '',
+			'client_id'             => '',
+			'client_secret'         => '',
 		);
 	}
 
diff --git a/modules/ppcp-settings/src/Endpoint/CommonRestEndpoint.php b/modules/ppcp-settings/src/Endpoint/CommonRestEndpoint.php
index 74b66ff16..0be2b4ad3 100644
--- a/modules/ppcp-settings/src/Endpoint/CommonRestEndpoint.php
+++ b/modules/ppcp-settings/src/Endpoint/CommonRestEndpoint.php
@@ -50,14 +50,6 @@ class CommonRestEndpoint extends RestEndpoint {
 			'js_name'  => 'useManualConnection',
 			'sanitize' => 'to_boolean',
 		),
-		'client_id'             => array(
-			'js_name'  => 'clientId',
-			'sanitize' => 'sanitize_text_field',
-		),
-		'client_secret'         => array(
-			'js_name'  => 'clientSecret',
-			'sanitize' => 'sanitize_text_field',
-		),
 		'webhooks'              => array(
 			'js_name' => 'webhooks',
 		),
@@ -81,6 +73,12 @@ class CommonRestEndpoint extends RestEndpoint {
 		'merchant_email'     => array(
 			'js_name' => 'email',
 		),
+		'client_id'          => array(
+			'js_name' => 'clientId',
+		),
+		'client_secret'      => array(
+			'js_name' => 'clientSecret',
+		),
 	);
 
 	/**