Edit File by line
/home/zeestwma/richards.../wp-conte.../plugins/woocomme.../src/Internal/Admin/Settings
File: PaymentsRestController.php
<?php
[0] Fix | Delete
declare( strict_types=1 );
[1] Fix | Delete
[2] Fix | Delete
namespace Automattic\WooCommerce\Internal\Admin\Settings;
[3] Fix | Delete
[4] Fix | Delete
use Automattic\WooCommerce\Internal\RestApiControllerBase;
[5] Fix | Delete
use Exception;
[6] Fix | Delete
use WP_Error;
[7] Fix | Delete
use WP_REST_Request;
[8] Fix | Delete
use WP_REST_Response;
[9] Fix | Delete
[10] Fix | Delete
/**
[11] Fix | Delete
* Controller for the REST endpoints to service the Payments settings page.
[12] Fix | Delete
*
[13] Fix | Delete
* @internal
[14] Fix | Delete
*/
[15] Fix | Delete
class PaymentsRestController extends RestApiControllerBase {
[16] Fix | Delete
[17] Fix | Delete
/**
[18] Fix | Delete
* The root namespace for the JSON REST API endpoints.
[19] Fix | Delete
*
[20] Fix | Delete
* @var string
[21] Fix | Delete
*/
[22] Fix | Delete
protected string $route_namespace = 'wc-admin';
[23] Fix | Delete
[24] Fix | Delete
/**
[25] Fix | Delete
* Route base.
[26] Fix | Delete
*
[27] Fix | Delete
* @var string
[28] Fix | Delete
*/
[29] Fix | Delete
protected string $rest_base = 'settings/payments';
[30] Fix | Delete
[31] Fix | Delete
/**
[32] Fix | Delete
* The payments settings page service.
[33] Fix | Delete
*
[34] Fix | Delete
* @var Payments
[35] Fix | Delete
*/
[36] Fix | Delete
private Payments $payments;
[37] Fix | Delete
[38] Fix | Delete
/**
[39] Fix | Delete
* Get the WooCommerce REST API namespace for the class.
[40] Fix | Delete
*
[41] Fix | Delete
* @return string
[42] Fix | Delete
*/
[43] Fix | Delete
protected function get_rest_api_namespace(): string {
[44] Fix | Delete
return 'wc-admin-settings-payments';
[45] Fix | Delete
}
[46] Fix | Delete
[47] Fix | Delete
/**
[48] Fix | Delete
* Register the REST API endpoints handled by this controller.
[49] Fix | Delete
*
[50] Fix | Delete
* @param bool $override Whether to override the existing routes. Useful for testing.
[51] Fix | Delete
*/
[52] Fix | Delete
public function register_routes( bool $override = false ) {
[53] Fix | Delete
register_rest_route(
[54] Fix | Delete
$this->route_namespace,
[55] Fix | Delete
'/' . $this->rest_base . '/country',
[56] Fix | Delete
array(
[57] Fix | Delete
array(
[58] Fix | Delete
'methods' => \WP_REST_Server::EDITABLE,
[59] Fix | Delete
'callback' => fn( $request ) => $this->run( $request, 'set_country' ),
[60] Fix | Delete
'validation_callback' => 'rest_validate_request_arg',
[61] Fix | Delete
'permission_callback' => fn( $request ) => $this->check_permissions( $request ),
[62] Fix | Delete
'args' => array(
[63] Fix | Delete
'location' => array(
[64] Fix | Delete
'description' => esc_html__( 'The ISO3166 alpha-2 country code to save for the current user.', 'woocommerce' ),
[65] Fix | Delete
'type' => 'string',
[66] Fix | Delete
'pattern' => '[a-zA-Z]{2}', // Two alpha characters.
[67] Fix | Delete
'required' => true,
[68] Fix | Delete
'validate_callback' => fn( $value, $request ) => $this->check_location_arg( $value, $request ),
[69] Fix | Delete
),
[70] Fix | Delete
),
[71] Fix | Delete
),
[72] Fix | Delete
),
[73] Fix | Delete
$override
[74] Fix | Delete
);
[75] Fix | Delete
register_rest_route(
[76] Fix | Delete
$this->route_namespace,
[77] Fix | Delete
'/' . $this->rest_base . '/providers',
[78] Fix | Delete
array(
[79] Fix | Delete
array(
[80] Fix | Delete
'methods' => \WP_REST_Server::CREATABLE,
[81] Fix | Delete
'callback' => fn( $request ) => $this->run( $request, 'get_providers' ),
[82] Fix | Delete
'validation_callback' => 'rest_validate_request_arg',
[83] Fix | Delete
'permission_callback' => fn( $request ) => $this->check_permissions( $request ),
[84] Fix | Delete
'args' => array(
[85] Fix | Delete
'location' => array(
[86] Fix | Delete
'description' => esc_html__( 'ISO3166 alpha-2 country code. Defaults to WooCommerce\'s base location country.', 'woocommerce' ),
[87] Fix | Delete
'type' => 'string',
[88] Fix | Delete
'pattern' => '[a-zA-Z]{2}', // Two alpha characters.
[89] Fix | Delete
'required' => false,
[90] Fix | Delete
'validate_callback' => fn( $value, $request ) => $this->check_location_arg( $value, $request ),
[91] Fix | Delete
),
[92] Fix | Delete
),
[93] Fix | Delete
),
[94] Fix | Delete
'schema' => fn() => $this->get_schema_for_get_payment_providers(),
[95] Fix | Delete
),
[96] Fix | Delete
$override
[97] Fix | Delete
);
[98] Fix | Delete
register_rest_route(
[99] Fix | Delete
$this->route_namespace,
[100] Fix | Delete
'/' . $this->rest_base . '/providers/order',
[101] Fix | Delete
array(
[102] Fix | Delete
array(
[103] Fix | Delete
'methods' => \WP_REST_Server::EDITABLE,
[104] Fix | Delete
'callback' => fn( $request ) => $this->run( $request, 'update_providers_order' ),
[105] Fix | Delete
'permission_callback' => fn( $request ) => $this->check_permissions( $request ),
[106] Fix | Delete
'args' => array(
[107] Fix | Delete
'order_map' => array(
[108] Fix | Delete
'description' => esc_html__( 'A map of provider ID to integer values representing the sort order.', 'woocommerce' ),
[109] Fix | Delete
'type' => 'object',
[110] Fix | Delete
'required' => true,
[111] Fix | Delete
'validate_callback' => fn( $value ) => $this->check_providers_order_map_arg( $value ),
[112] Fix | Delete
'sanitize_callback' => fn( $value ) => $this->sanitize_providers_order_arg( $value ),
[113] Fix | Delete
),
[114] Fix | Delete
),
[115] Fix | Delete
),
[116] Fix | Delete
),
[117] Fix | Delete
$override
[118] Fix | Delete
);
[119] Fix | Delete
register_rest_route(
[120] Fix | Delete
$this->route_namespace,
[121] Fix | Delete
'/' . $this->rest_base . '/suggestion/(?P<id>[\w\d\-]+)/attach',
[122] Fix | Delete
array(
[123] Fix | Delete
array(
[124] Fix | Delete
'methods' => \WP_REST_Server::EDITABLE,
[125] Fix | Delete
'callback' => fn( $request ) => $this->run( $request, 'attach_payment_extension_suggestion' ),
[126] Fix | Delete
'permission_callback' => fn( $request ) => $this->check_permissions( $request ),
[127] Fix | Delete
),
[128] Fix | Delete
),
[129] Fix | Delete
$override
[130] Fix | Delete
);
[131] Fix | Delete
register_rest_route(
[132] Fix | Delete
$this->route_namespace,
[133] Fix | Delete
'/' . $this->rest_base . '/suggestion/(?P<id>[\w\d\-]+)/hide',
[134] Fix | Delete
array(
[135] Fix | Delete
array(
[136] Fix | Delete
'methods' => \WP_REST_Server::EDITABLE,
[137] Fix | Delete
'callback' => fn( $request ) => $this->run( $request, 'hide_payment_extension_suggestion' ),
[138] Fix | Delete
'permission_callback' => fn( $request ) => $this->check_permissions( $request ),
[139] Fix | Delete
),
[140] Fix | Delete
),
[141] Fix | Delete
$override
[142] Fix | Delete
);
[143] Fix | Delete
register_rest_route(
[144] Fix | Delete
$this->route_namespace,
[145] Fix | Delete
'/' . $this->rest_base . '/suggestion/(?P<suggestion_id>[\w\d\-]+)/incentive/(?P<incentive_id>[\w\d\-]+)/dismiss',
[146] Fix | Delete
array(
[147] Fix | Delete
array(
[148] Fix | Delete
'methods' => \WP_REST_Server::EDITABLE,
[149] Fix | Delete
'callback' => fn( $request ) => $this->run( $request, 'dismiss_payment_extension_suggestion_incentive' ),
[150] Fix | Delete
'permission_callback' => fn( $request ) => $this->check_permissions( $request ),
[151] Fix | Delete
'args' => array(
[152] Fix | Delete
'context' => array(
[153] Fix | Delete
'description' => esc_html__( 'The context ID for which to dismiss the incentive. If not provided, will dismiss the incentive for all contexts.', 'woocommerce' ),
[154] Fix | Delete
'type' => 'string',
[155] Fix | Delete
'required' => false,
[156] Fix | Delete
'sanitize_callback' => 'sanitize_key',
[157] Fix | Delete
),
[158] Fix | Delete
'do_not_track' => array(
[159] Fix | Delete
'description' => esc_html__( 'If true, the incentive dismissal will be ignored by tracking.', 'woocommerce' ),
[160] Fix | Delete
'type' => 'boolean',
[161] Fix | Delete
'required' => false,
[162] Fix | Delete
'default' => false,
[163] Fix | Delete
'sanitize_callback' => 'rest_sanitize_boolean',
[164] Fix | Delete
),
[165] Fix | Delete
),
[166] Fix | Delete
),
[167] Fix | Delete
),
[168] Fix | Delete
$override
[169] Fix | Delete
);
[170] Fix | Delete
}
[171] Fix | Delete
[172] Fix | Delete
/**
[173] Fix | Delete
* Initialize the class instance.
[174] Fix | Delete
*
[175] Fix | Delete
* @param Payments $payments The payments settings page service.
[176] Fix | Delete
*
[177] Fix | Delete
* @internal
[178] Fix | Delete
*/
[179] Fix | Delete
final public function init( Payments $payments ): void {
[180] Fix | Delete
$this->payments = $payments;
[181] Fix | Delete
}
[182] Fix | Delete
[183] Fix | Delete
/**
[184] Fix | Delete
* Get the payment providers for the given location.
[185] Fix | Delete
*
[186] Fix | Delete
* @param WP_REST_Request $request The request object.
[187] Fix | Delete
* @return WP_Error|WP_REST_Response
[188] Fix | Delete
*/
[189] Fix | Delete
protected function get_providers( WP_REST_Request $request ) {
[190] Fix | Delete
$location = $request->get_param( 'location' );
[191] Fix | Delete
if ( empty( $location ) ) {
[192] Fix | Delete
// Fall back to the providers country if no location is provided.
[193] Fix | Delete
$location = $this->payments->get_country();
[194] Fix | Delete
}
[195] Fix | Delete
[196] Fix | Delete
try {
[197] Fix | Delete
$providers = $this->payments->get_payment_providers( $location );
[198] Fix | Delete
} catch ( Exception $e ) {
[199] Fix | Delete
return new WP_Error( 'woocommerce_rest_payment_providers_error', $e->getMessage(), array( 'status' => 500 ) );
[200] Fix | Delete
}
[201] Fix | Delete
[202] Fix | Delete
try {
[203] Fix | Delete
$suggestions = $this->get_extension_suggestions( $location );
[204] Fix | Delete
} catch ( Exception $e ) {
[205] Fix | Delete
return new WP_Error( 'woocommerce_rest_payment_providers_error', $e->getMessage(), array( 'status' => 500 ) );
[206] Fix | Delete
}
[207] Fix | Delete
[208] Fix | Delete
// Separate the offline PMs from the main providers list.
[209] Fix | Delete
$offline_payment_providers = array_values(
[210] Fix | Delete
array_filter(
[211] Fix | Delete
$providers,
[212] Fix | Delete
fn( $provider ) => PaymentsProviders::TYPE_OFFLINE_PM === $provider['_type']
[213] Fix | Delete
)
[214] Fix | Delete
);
[215] Fix | Delete
$providers = array_values(
[216] Fix | Delete
array_filter(
[217] Fix | Delete
$providers,
[218] Fix | Delete
fn( $provider ) => PaymentsProviders::TYPE_OFFLINE_PM !== $provider['_type']
[219] Fix | Delete
)
[220] Fix | Delete
);
[221] Fix | Delete
[222] Fix | Delete
$response = array(
[223] Fix | Delete
'providers' => $providers,
[224] Fix | Delete
'offline_payment_methods' => $offline_payment_providers,
[225] Fix | Delete
'suggestions' => $suggestions,
[226] Fix | Delete
'suggestion_categories' => $this->payments->get_payment_extension_suggestion_categories(),
[227] Fix | Delete
);
[228] Fix | Delete
[229] Fix | Delete
return rest_ensure_response( $this->prepare_payment_providers_response( $response ) );
[230] Fix | Delete
}
[231] Fix | Delete
[232] Fix | Delete
/**
[233] Fix | Delete
* Set the country for the payment providers.
[234] Fix | Delete
*
[235] Fix | Delete
* @param WP_REST_Request $request The request object.
[236] Fix | Delete
*
[237] Fix | Delete
* @return WP_Error|WP_REST_Response
[238] Fix | Delete
*/
[239] Fix | Delete
protected function set_country( WP_REST_Request $request ) {
[240] Fix | Delete
$location = $request->get_param( 'location' );
[241] Fix | Delete
[242] Fix | Delete
$result = $this->payments->set_country( $location );
[243] Fix | Delete
[244] Fix | Delete
return rest_ensure_response( array( 'success' => $result ) );
[245] Fix | Delete
}
[246] Fix | Delete
[247] Fix | Delete
/**
[248] Fix | Delete
* Update the payment providers order.
[249] Fix | Delete
*
[250] Fix | Delete
* @param WP_REST_Request $request The request object.
[251] Fix | Delete
*
[252] Fix | Delete
* @return WP_Error|WP_REST_Response
[253] Fix | Delete
*/
[254] Fix | Delete
protected function update_providers_order( WP_REST_Request $request ) {
[255] Fix | Delete
$order_map = $request->get_param( 'order_map' );
[256] Fix | Delete
[257] Fix | Delete
$result = $this->payments->update_payment_providers_order_map( $order_map );
[258] Fix | Delete
[259] Fix | Delete
return rest_ensure_response( array( 'success' => $result ) );
[260] Fix | Delete
}
[261] Fix | Delete
[262] Fix | Delete
/**
[263] Fix | Delete
* Attach a payment extension suggestion.
[264] Fix | Delete
*
[265] Fix | Delete
* @param WP_REST_Request $request The request object.
[266] Fix | Delete
*
[267] Fix | Delete
* @return WP_Error|WP_REST_Response
[268] Fix | Delete
*/
[269] Fix | Delete
protected function attach_payment_extension_suggestion( WP_REST_Request $request ) {
[270] Fix | Delete
$suggestion_id = $request->get_param( 'id' );
[271] Fix | Delete
[272] Fix | Delete
try {
[273] Fix | Delete
$result = $this->payments->attach_payment_extension_suggestion( $suggestion_id );
[274] Fix | Delete
} catch ( Exception $e ) {
[275] Fix | Delete
return new WP_Error( 'woocommerce_rest_payment_extension_suggestion_error', $e->getMessage(), array( 'status' => 400 ) );
[276] Fix | Delete
}
[277] Fix | Delete
[278] Fix | Delete
return rest_ensure_response( array( 'success' => $result ) );
[279] Fix | Delete
}
[280] Fix | Delete
[281] Fix | Delete
/**
[282] Fix | Delete
* Hide a payment extension suggestion.
[283] Fix | Delete
*
[284] Fix | Delete
* @param WP_REST_Request $request The request object.
[285] Fix | Delete
*
[286] Fix | Delete
* @return WP_Error|WP_REST_Response
[287] Fix | Delete
*/
[288] Fix | Delete
protected function hide_payment_extension_suggestion( WP_REST_Request $request ) {
[289] Fix | Delete
$suggestion_id = $request->get_param( 'id' );
[290] Fix | Delete
[291] Fix | Delete
try {
[292] Fix | Delete
$result = $this->payments->hide_payment_extension_suggestion( $suggestion_id );
[293] Fix | Delete
} catch ( Exception $e ) {
[294] Fix | Delete
return new WP_Error( 'woocommerce_rest_payment_extension_suggestion_error', $e->getMessage(), array( 'status' => 400 ) );
[295] Fix | Delete
}
[296] Fix | Delete
[297] Fix | Delete
return rest_ensure_response( array( 'success' => $result ) );
[298] Fix | Delete
}
[299] Fix | Delete
[300] Fix | Delete
/**
[301] Fix | Delete
* Dismiss a payment extension suggestion incentive.
[302] Fix | Delete
*
[303] Fix | Delete
* @param WP_REST_Request $request The request object.
[304] Fix | Delete
*
[305] Fix | Delete
* @return WP_Error|WP_REST_Response
[306] Fix | Delete
*/
[307] Fix | Delete
protected function dismiss_payment_extension_suggestion_incentive( WP_REST_Request $request ) {
[308] Fix | Delete
$suggestion_id = $request->get_param( 'suggestion_id' );
[309] Fix | Delete
$incentive_id = $request->get_param( 'incentive_id' );
[310] Fix | Delete
$context = $request->get_param( 'context' ) ?? 'all';
[311] Fix | Delete
$do_not_track = $request->get_param( 'do_not_track' ) ?? false;
[312] Fix | Delete
[313] Fix | Delete
try {
[314] Fix | Delete
$result = $this->payments->dismiss_extension_suggestion_incentive( $suggestion_id, $incentive_id, $context, $do_not_track );
[315] Fix | Delete
} catch ( Exception $e ) {
[316] Fix | Delete
return new WP_Error( 'woocommerce_rest_payment_extension_suggestion_incentive_error', $e->getMessage(), array( 'status' => 400 ) );
[317] Fix | Delete
}
[318] Fix | Delete
[319] Fix | Delete
return rest_ensure_response( array( 'success' => $result ) );
[320] Fix | Delete
}
[321] Fix | Delete
[322] Fix | Delete
/**
[323] Fix | Delete
* Get the payment extension suggestions (other) for the given location.
[324] Fix | Delete
*
[325] Fix | Delete
* @param string $location The location for which the suggestions are being fetched.
[326] Fix | Delete
*
[327] Fix | Delete
* @return array[] The payment extension suggestions for the given location,
[328] Fix | Delete
* excluding the ones part of the main providers list.
[329] Fix | Delete
* @throws Exception If there are malformed or invalid suggestions.
[330] Fix | Delete
*/
[331] Fix | Delete
private function get_extension_suggestions( string $location ): array {
[332] Fix | Delete
// If the requesting user can't install plugins, we don't suggest any extensions.
[333] Fix | Delete
if ( ! current_user_can( 'install_plugins' ) ) {
[334] Fix | Delete
return array();
[335] Fix | Delete
}
[336] Fix | Delete
[337] Fix | Delete
$suggestions = $this->payments->get_payment_extension_suggestions( $location );
[338] Fix | Delete
[339] Fix | Delete
return $suggestions['other'] ?? array();
[340] Fix | Delete
}
[341] Fix | Delete
[342] Fix | Delete
/**
[343] Fix | Delete
* General permissions check for payments settings REST API endpoint.
[344] Fix | Delete
*
[345] Fix | Delete
* @param WP_REST_Request $request The request for which the permission is checked.
[346] Fix | Delete
* @return bool|WP_Error True if the current user has the capability, otherwise an "Unauthorized" error or False if no error is available for the request method.
[347] Fix | Delete
*/
[348] Fix | Delete
private function check_permissions( WP_REST_Request $request ) {
[349] Fix | Delete
$context = 'read';
[350] Fix | Delete
if ( 'POST' === $request->get_method() ) {
[351] Fix | Delete
$context = 'edit';
[352] Fix | Delete
} elseif ( 'DELETE' === $request->get_method() ) {
[353] Fix | Delete
$context = 'delete';
[354] Fix | Delete
}
[355] Fix | Delete
[356] Fix | Delete
if ( wc_rest_check_manager_permissions( 'payment_gateways', $context ) ) {
[357] Fix | Delete
return true;
[358] Fix | Delete
}
[359] Fix | Delete
[360] Fix | Delete
$error_information = $this->get_authentication_error_by_method( $request->get_method() );
[361] Fix | Delete
if ( is_null( $error_information ) ) {
[362] Fix | Delete
return false;
[363] Fix | Delete
}
[364] Fix | Delete
[365] Fix | Delete
return new WP_Error(
[366] Fix | Delete
$error_information['code'],
[367] Fix | Delete
$error_information['message'],
[368] Fix | Delete
array( 'status' => rest_authorization_required_code() )
[369] Fix | Delete
);
[370] Fix | Delete
}
[371] Fix | Delete
[372] Fix | Delete
/**
[373] Fix | Delete
* Validate the location argument.
[374] Fix | Delete
*
[375] Fix | Delete
* @param mixed $value Value of the argument.
[376] Fix | Delete
* @param WP_REST_Request $request The current request object.
[377] Fix | Delete
*
[378] Fix | Delete
* @return WP_Error|true True if the location argument is valid, otherwise a WP_Error object.
[379] Fix | Delete
*/
[380] Fix | Delete
private function check_location_arg( $value, WP_REST_Request $request ) {
[381] Fix | Delete
// If the 'location' argument is not a string return an error.
[382] Fix | Delete
if ( ! is_string( $value ) ) {
[383] Fix | Delete
return new WP_Error( 'rest_invalid_param', esc_html__( 'The location argument must be a string.', 'woocommerce' ), array( 'status' => 400 ) );
[384] Fix | Delete
}
[385] Fix | Delete
[386] Fix | Delete
// Get the registered attributes for this endpoint request.
[387] Fix | Delete
$attributes = $request->get_attributes();
[388] Fix | Delete
[389] Fix | Delete
// Grab the location param schema.
[390] Fix | Delete
$args = $attributes['args']['location'];
[391] Fix | Delete
[392] Fix | Delete
// If the location param doesn't match the regex pattern then we should return an error as well.
[393] Fix | Delete
if ( ! preg_match( '/^' . $args['pattern'] . '$/', $value ) ) {
[394] Fix | Delete
return new WP_Error( 'rest_invalid_param', esc_html__( 'The location argument must be a valid ISO3166 alpha-2 country code.', 'woocommerce' ), array( 'status' => 400 ) );
[395] Fix | Delete
}
[396] Fix | Delete
[397] Fix | Delete
return true;
[398] Fix | Delete
}
[399] Fix | Delete
[400] Fix | Delete
/**
[401] Fix | Delete
* Validate the providers order map argument.
[402] Fix | Delete
*
[403] Fix | Delete
* @param mixed $value Value of the argument.
[404] Fix | Delete
*
[405] Fix | Delete
* @return WP_Error|true True if the providers order map argument is valid, otherwise a WP_Error object.
[406] Fix | Delete
*/
[407] Fix | Delete
private function check_providers_order_map_arg( $value ) {
[408] Fix | Delete
if ( ! is_array( $value ) ) {
[409] Fix | Delete
return new WP_Error( 'rest_invalid_param', esc_html__( 'The ordering argument must be an object.', 'woocommerce' ), array( 'status' => 400 ) );
[410] Fix | Delete
}
[411] Fix | Delete
[412] Fix | Delete
foreach ( $value as $provider_id => $order ) {
[413] Fix | Delete
if ( ! is_string( $provider_id ) || ! is_numeric( $order ) ) {
[414] Fix | Delete
return new WP_Error( 'rest_invalid_param', esc_html__( 'The ordering argument must be an object with provider IDs as keys and numeric values as values.', 'woocommerce' ), array( 'status' => 400 ) );
[415] Fix | Delete
}
[416] Fix | Delete
[417] Fix | Delete
if ( $this->sanitize_provider_id( $provider_id ) !== $provider_id ) {
[418] Fix | Delete
return new WP_Error( 'rest_invalid_param', esc_html__( 'The provider ID must be a string with only ASCII letters, digits, underscores, and dashes.', 'woocommerce' ), array( 'status' => 400 ) );
[419] Fix | Delete
}
[420] Fix | Delete
[421] Fix | Delete
if ( false === filter_var( $order, FILTER_VALIDATE_INT ) ) {
[422] Fix | Delete
return new WP_Error( 'rest_invalid_param', esc_html__( 'The order value must be an integer.', 'woocommerce' ), array( 'status' => 400 ) );
[423] Fix | Delete
}
[424] Fix | Delete
}
[425] Fix | Delete
[426] Fix | Delete
return true;
[427] Fix | Delete
}
[428] Fix | Delete
[429] Fix | Delete
/**
[430] Fix | Delete
* Sanitize the providers ordering argument.
[431] Fix | Delete
*
[432] Fix | Delete
* @param array $value Value of the argument.
[433] Fix | Delete
*
[434] Fix | Delete
* @return array
[435] Fix | Delete
*/
[436] Fix | Delete
private function sanitize_providers_order_arg( array $value ): array {
[437] Fix | Delete
// Sanitize the ordering object to ensure that the order values are integers and the provider IDs are safe strings.
[438] Fix | Delete
foreach ( $value as $provider_id => $order ) {
[439] Fix | Delete
$id = $this->sanitize_provider_id( $provider_id );
[440] Fix | Delete
$value[ $id ] = intval( $order );
[441] Fix | Delete
}
[442] Fix | Delete
[443] Fix | Delete
return $value;
[444] Fix | Delete
}
[445] Fix | Delete
[446] Fix | Delete
/**
[447] Fix | Delete
* Sanitize a provider ID.
[448] Fix | Delete
*
[449] Fix | Delete
* This method ensures that the provider ID is a safe string by removing any unwanted characters.
[450] Fix | Delete
* It strips all HTML tags, removes accents, percent-encoded characters, and HTML entities,
[451] Fix | Delete
* and allows only lowercase and uppercase letters, digits, underscores, and dashes.
[452] Fix | Delete
*
[453] Fix | Delete
* @param string $provider_id The provider ID to sanitize.
[454] Fix | Delete
*
[455] Fix | Delete
* @return string The sanitized provider ID.
[456] Fix | Delete
*/
[457] Fix | Delete
private function sanitize_provider_id( string $provider_id ): string {
[458] Fix | Delete
$provider_id = wp_strip_all_tags( $provider_id );
[459] Fix | Delete
$provider_id = remove_accents( $provider_id );
[460] Fix | Delete
// Remove percent-encoded characters.
[461] Fix | Delete
$provider_id = preg_replace( '|%([a-fA-F0-9][a-fA-F0-9])|', '', $provider_id );
[462] Fix | Delete
// Remove HTML entities.
[463] Fix | Delete
$provider_id = preg_replace( '/&.+?;/', '', $provider_id );
[464] Fix | Delete
[465] Fix | Delete
// Only lowercase and uppercase ASCII letters, digits, underscores, and dashes are allowed.
[466] Fix | Delete
$provider_id = preg_replace( '|[^a-z0-9_\-]|i', '', $provider_id );
[467] Fix | Delete
[468] Fix | Delete
return $provider_id;
[469] Fix | Delete
}
[470] Fix | Delete
[471] Fix | Delete
/**
[472] Fix | Delete
* Prepare the response for the GET payment providers request.
[473] Fix | Delete
*
[474] Fix | Delete
* @param array $response The response to prepare.
[475] Fix | Delete
*
[476] Fix | Delete
* @return array The prepared response.
[477] Fix | Delete
*/
[478] Fix | Delete
private function prepare_payment_providers_response( array $response ): array {
[479] Fix | Delete
$response = $this->prepare_payment_providers_response_recursive( $response, $this->get_schema_for_get_payment_providers() );
[480] Fix | Delete
[481] Fix | Delete
$response['providers'] = $this->add_provider_links( $response['providers'] );
[482] Fix | Delete
$response['suggestions'] = $this->add_suggestion_links( $response['suggestions'] );
[483] Fix | Delete
[484] Fix | Delete
return $response;
[485] Fix | Delete
}
[486] Fix | Delete
[487] Fix | Delete
/**
[488] Fix | Delete
* Recursively prepare the response items for the GET payment providers request.
[489] Fix | Delete
*
[490] Fix | Delete
* @param mixed $response_item The response item to prepare.
[491] Fix | Delete
* @param array $schema The schema to use for preparing the response.
[492] Fix | Delete
*
[493] Fix | Delete
* @return mixed The prepared response item.
[494] Fix | Delete
*/
[495] Fix | Delete
private function prepare_payment_providers_response_recursive( $response_item, array $schema ) {
[496] Fix | Delete
if ( is_null( $response_item ) ||
[497] Fix | Delete
! array_key_exists( 'properties', $schema ) ||
[498] Fix | Delete
! is_array( $schema['properties'] ) ) {
[499] Fix | Delete
123
It is recommended that you Edit text format, this type of Fix handles quite a lot in one request
Function