WooCommerce - Version 6.3.1

Version Description

Download this release

Release Info

Developer sadowski
Plugin Icon 128x128 WooCommerce
Version 6.3.1
Comparing to
See all releases

Code changes from version 6.3.0 to 6.3.1

Files changed (5) hide show
  1. includes/class-woocommerce.php +1 -1
  2. includes/gateways/paypal/class-wc-gateway-paypal.php +2 -1
  3. includes/gateways/paypal/includes/class-wc-gateway-paypal-pdt-handler.php +63 -12
  4. readme.txt +1 -1
  5. woocommerce.php +1 -1
includes/class-woocommerce.php CHANGED
@@ -27,7 +27,7 @@ final class WooCommerce {
27
  *
28
  * @var string
29
  */
30
- public $version = '6.3.0';
31
 
32
  /**
33
  * WooCommerce Schema version.
27
  *
28
  * @var string
29
  */
30
+ public $version = '6.3.1';
31
 
32
  /**
33
  * WooCommerce Schema version.
includes/gateways/paypal/class-wc-gateway-paypal.php CHANGED
@@ -83,7 +83,8 @@ class WC_Gateway_Paypal extends WC_Payment_Gateway {
83
 
84
  if ( $this->identity_token ) {
85
  include_once dirname( __FILE__ ) . '/includes/class-wc-gateway-paypal-pdt-handler.php';
86
- new WC_Gateway_Paypal_PDT_Handler( $this->testmode, $this->identity_token );
 
87
  }
88
  }
89
 
83
 
84
  if ( $this->identity_token ) {
85
  include_once dirname( __FILE__ ) . '/includes/class-wc-gateway-paypal-pdt-handler.php';
86
+ $pdt_handler = new WC_Gateway_Paypal_PDT_Handler( $this->testmode, $this->identity_token );
87
+ $pdt_handler->set_receiver_email( $this->receiver_email );
88
  }
89
  }
90
 
includes/gateways/paypal/includes/class-wc-gateway-paypal-pdt-handler.php CHANGED
@@ -25,6 +25,13 @@ class WC_Gateway_Paypal_PDT_Handler extends WC_Gateway_Paypal_Response {
25
  */
26
  protected $identity_token;
27
 
 
 
 
 
 
 
 
28
  /**
29
  * Constructor.
30
  *
@@ -32,12 +39,20 @@ class WC_Gateway_Paypal_PDT_Handler extends WC_Gateway_Paypal_Response {
32
  * @param string $identity_token Identity token for PDT support.
33
  */
34
  public function __construct( $sandbox = false, $identity_token = '' ) {
35
- add_action( 'woocommerce_thankyou_paypal', array( $this, 'check_response' ) );
36
-
37
  $this->identity_token = $identity_token;
38
  $this->sandbox = $sandbox;
39
  }
40
 
 
 
 
 
 
 
 
 
 
41
  /**
42
  * Validate a PDT transaction to ensure its authentic.
43
  *
@@ -82,26 +97,62 @@ class WC_Gateway_Paypal_PDT_Handler extends WC_Gateway_Paypal_Response {
82
  }
83
 
84
  /**
85
- * Check Response for PDT.
 
 
86
  */
87
  public function check_response() {
88
- if ( empty( $_REQUEST['cm'] ) || empty( $_REQUEST['tx'] ) || empty( $_REQUEST['st'] ) ) { // WPCS: Input var ok, CSRF ok, sanitization ok.
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
89
  return;
90
  }
91
 
92
- $order_id = wc_clean( wp_unslash( $_REQUEST['cm'] ) ); // WPCS: input var ok, CSRF ok, sanitization ok.
93
- $status = wc_clean( strtolower( wp_unslash( $_REQUEST['st'] ) ) ); // WPCS: input var ok, CSRF ok, sanitization ok.
94
- $amount = isset( $_REQUEST['amt'] ) ? wc_clean( wp_unslash( $_REQUEST['amt'] ) ) : 0; // WPCS: input var ok, CSRF ok, sanitization ok.
95
- $transaction = wc_clean( wp_unslash( $_REQUEST['tx'] ) ); // WPCS: input var ok, CSRF ok, sanitization ok.
96
- $order = $this->get_paypal_order( $order_id );
97
-
98
- if ( ! $order || ! $order->needs_payment() ) {
99
- return false;
100
  }
101
 
 
 
102
  $transaction_result = $this->validate_transaction( $transaction );
103
 
104
  if ( $transaction_result ) {
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
105
  WC_Gateway_Paypal::log( 'PDT Transaction Status: ' . wc_print_r( $status, true ) );
106
 
107
  $order->add_meta_data( '_paypal_status', $status );
25
  */
26
  protected $identity_token;
27
 
28
+ /**
29
+ * Receiver email address to validate.
30
+ *
31
+ * @var string Receiver email address.
32
+ */
33
+ protected $receiver_email;
34
+
35
  /**
36
  * Constructor.
37
  *
39
  * @param string $identity_token Identity token for PDT support.
40
  */
41
  public function __construct( $sandbox = false, $identity_token = '' ) {
42
+ add_action( 'woocommerce_thankyou_paypal', array( $this, 'check_response_for_order' ) );
 
43
  $this->identity_token = $identity_token;
44
  $this->sandbox = $sandbox;
45
  }
46
 
47
+ /**
48
+ * Set receiver email to enable more strict validation.
49
+ *
50
+ * @param string $receiver_email Email to receive PDT notification from.
51
+ */
52
+ public function set_receiver_email( $receiver_email = '' ) {
53
+ $this->receiver_email = $receiver_email;
54
+ }
55
+
56
  /**
57
  * Validate a PDT transaction to ensure its authentic.
58
  *
97
  }
98
 
99
  /**
100
+ * Check Response for PDT, taking the order id from the request.
101
+ *
102
+ * @deprecated 6.4 Use check_response_for_order instead.
103
  */
104
  public function check_response() {
105
+ global $wp;
106
+ $order_id = apply_filters( 'woocommerce_thankyou_order_id', absint( $wp->query_vars['order-received'] ) );
107
+
108
+ $this->check_response_for_order( $order_id );
109
+ }
110
+
111
+ /**
112
+ * Check Response for PDT.
113
+ *
114
+ * @since 6.4
115
+ *
116
+ * @param mixed $wc_order_id The order id to check the response against.
117
+ */
118
+ public function check_response_for_order( $wc_order_id ) {
119
+ // phpcs:ignore WordPress.Security.NonceVerification.Recommended
120
+ if ( empty( $_REQUEST['tx'] ) ) {
121
  return;
122
  }
123
 
124
+ $wc_order = wc_get_order( $wc_order_id );
125
+ if ( ! $wc_order->needs_payment() ) {
126
+ return;
 
 
 
 
 
127
  }
128
 
129
+ // phpcs:ignore WordPress.Security.NonceVerification.Recommended
130
+ $transaction = wc_clean( wp_unslash( $_REQUEST['tx'] ) );
131
  $transaction_result = $this->validate_transaction( $transaction );
132
 
133
  if ( $transaction_result ) {
134
+ $status = strtolower( $transaction_result['payment_status'] );
135
+ $amount = isset( $transaction_result['mc_gross'] ) ? $transaction_result['mc_gross'] : 0;
136
+ $order = $this->get_paypal_order( $transaction_result['custom'] );
137
+
138
+ if ( ! $order ) {
139
+ // No valid WC order found on tx data.
140
+ return;
141
+ }
142
+
143
+ if ( $wc_order->get_id() !== $order->get_id() ) {
144
+ /* translators: 1: order ID, 2: order ID. */
145
+ WC_Gateway_Paypal::log( sprintf( __( 'Received PDT notification for order %1$d on endpoint for order %2$d.', 'woocommerce' ), $order->get_id(), $wc_order_id ), 'error' );
146
+ return;
147
+ }
148
+
149
+ if ( 0 !== strcasecmp( trim( $transaction_result['receiver_email'] ), trim( $this->receiver_email ) ) ) {
150
+ /* translators: 1: email address, 2: order ID . */
151
+ WC_Gateway_Paypal::log( sprintf( __( 'Received PDT notification for another account: %1$s. Order ID: %2$d.', 'woocommerce' ), $transaction_result['receiver_email'], $order->get_id() ), 'error' );
152
+ return;
153
+ }
154
+
155
+ // We have a valid response from PayPal.
156
  WC_Gateway_Paypal::log( 'PDT Transaction Status: ' . wc_print_r( $status, true ) );
157
 
158
  $order->add_meta_data( '_paypal_status', $status );
readme.txt CHANGED
@@ -4,7 +4,7 @@ Tags: e-commerce, store, sales, sell, woo, shop, cart, checkout, downloadable, d
4
  Requires at least: 5.7
5
  Tested up to: 5.9
6
  Requires PHP: 7.0
7
- Stable tag: 6.3.0
8
  License: GPLv3
9
  License URI: https://www.gnu.org/licenses/gpl-3.0.html
10
 
4
  Requires at least: 5.7
5
  Tested up to: 5.9
6
  Requires PHP: 7.0
7
+ Stable tag: 6.3.1
8
  License: GPLv3
9
  License URI: https://www.gnu.org/licenses/gpl-3.0.html
10
 
woocommerce.php CHANGED
@@ -3,7 +3,7 @@
3
  * Plugin Name: WooCommerce
4
  * Plugin URI: https://woocommerce.com/
5
  * Description: An eCommerce toolkit that helps you sell anything. Beautifully.
6
- * Version: 6.3.0
7
  * Author: Automattic
8
  * Author URI: https://woocommerce.com
9
  * Text Domain: woocommerce
3
  * Plugin Name: WooCommerce
4
  * Plugin URI: https://woocommerce.com/
5
  * Description: An eCommerce toolkit that helps you sell anything. Beautifully.
6
+ * Version: 6.3.1
7
  * Author: Automattic
8
  * Author URI: https://woocommerce.com
9
  * Text Domain: woocommerce