Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

merge #72

Open
wants to merge 4 commits into
base: develop
Choose a base branch
from
Open

merge #72

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
64ae738
Merge pull request #4 from mentores-digital/develop
MatheusKindrazki Feb 27, 2020
fdd34e3
Merge pull request #67 from mentores-digital/develop
MatheusKindrazki Jun 22, 2020
401091f
Ajuste dos campos malformados para a API
rodasistemas Oct 1, 2020
c42ab14
feat(admin-settings.html.php): upload com refresh quando ocorre a fal…
rodasistemas Oct 2, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Binary file added src/.DS_Store
View file
Open in desktop
Binary file not shown.
Binary file added src/assets/.DS_Store
View file
Open in desktop
Binary file not shown.
Binary file added src/assets/images/.DS_Store
View file
Open in desktop
Binary file not shown.
16 changes: 8 additions & 8 deletions src/controllers/PlansController.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -92,7 +92,7 @@ function create($post_id, $post, $update, $recreated = false)
$createdProduct = !empty($vindi_product_id) ?
$this->routes->findProductById($vindi_product_id) :
$this->routes->createProduct(array(
'name' => PREFIX_PRODUCT . $data['name'],
'name' => VINDI_PREFIX_PRODUCT . $data['name'],
'code' => 'WC-' . $data['id'],
'status' => ($data['status'] == 'publish') ? 'active' : 'inactive',
'description' => $data['description'],
Expand All @@ -106,7 +106,7 @@ function create($post_id, $post, $update, $recreated = false)

// Creates the plan within the Vindi
$createdPlan = $this->routes->createPlan(array(
'name' => PREFIX_PLAN . $data['name'],
'name' => VINDI_PREFIX_PLAN . $data['name'],
'interval' => $plan_interval['interval'],
'interval_count' => $plan_interval['interval_count'],
'billing_trigger_type' => 'beginning_of_period',
Expand Down Expand Up @@ -160,7 +160,7 @@ function create($post_id, $post, $update, $recreated = false)
$createdProduct = !empty($vindi_product_id) ?
$this->routes->findProductById($vindi_product_id) :
$this->routes->createProduct(array(
'name' => PREFIX_PRODUCT . $data['name'],
'name' => VINDI_PREFIX_PRODUCT . $data['name'],
'code' => 'WC-' . $data['id'],
'status' => ($data['status'] == 'publish') ? 'active' : 'inactive',
'description' => $data['description'],
Expand All @@ -174,7 +174,7 @@ function create($post_id, $post, $update, $recreated = false)

// Creates the plan within the Vindi
$createdPlan = $this->routes->createPlan(array(
'name' => PREFIX_PLAN . $data['name'],
'name' => VINDI_PREFIX_PLAN . $data['name'],
'interval' => $plan_interval['interval'],
'interval_count' => $plan_interval['interval_count'],
'billing_trigger_type' => 'beginning_of_period',
Expand Down Expand Up @@ -270,7 +270,7 @@ function update($post_id)
$updatedProduct = $this->routes->updateProduct(
$vindi_product_id,
array(
'name' => PREFIX_PRODUCT . $data['name'],
'name' => VINDI_PREFIX_PRODUCT . $data['name'],
'code' => 'WC-' . $data['id'],
'status' => ($data['status'] == 'publish') ? 'active' : 'inactive',
'description' => $data['description'],
Expand All @@ -286,7 +286,7 @@ function update($post_id)
$updatedPlan = $this->routes->updatePlan(
$vindi_plan_id,
array(
'name' => PREFIX_PLAN . $data['name'],
'name' => VINDI_PREFIX_PLAN . $data['name'],
'interval' => $plan_interval['interval'],
'interval_count' => $plan_interval['interval_count'],
'billing_trigger_type' => 'beginning_of_period',
Expand Down Expand Up @@ -333,7 +333,7 @@ function update($post_id)
$updatedProduct = $this->routes->updateProduct(
$vindi_product_id,
array(
'name' => PREFIX_PRODUCT . $data['name'],
'name' => VINDI_PREFIX_PRODUCT . $data['name'],
'code' => 'WC-' . $data['id'],
'status' => ($data['status'] == 'publish') ? 'active' : 'inactive',
'description' => $data['description'],
Expand All @@ -351,7 +351,7 @@ function update($post_id)
$updatedPlan = $this->routes->updatePlan(
$vindi_plan_id,
array(
'name' => PREFIX_PLAN . $data['name'],
'name' => VINDI_PREFIX_PLAN . $data['name'],
'interval' => $plan_interval['interval'],
'interval_count' => $plan_interval['interval_count'],
'billing_trigger_type' => 'beginning_of_period',
Expand Down
4 changes: 2 additions & 2 deletions src/controllers/ProductController.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,7 @@ function create($post_id, $post, $update, $recreated = false)

// Creates the product within the Vindi
$createdProduct = $this->routes->createProduct(array(
'name' => PREFIX_PRODUCT . $data['name'],
'name' => VINDI_PREFIX_PRODUCT . $data['name'],
'code' => 'WC-' . $data['id'],
'status' => ($data['status'] == 'publish') ? 'active' : 'inactive',
'description' => $data['description'],
Expand Down Expand Up @@ -120,7 +120,7 @@ function update($post_id)
$updatedProduct = $this->routes->updateProduct(
$vindi_product_id,
array(
'name' => PREFIX_PRODUCT . $data['name'],
'name' => VINDI_PREFIX_PRODUCT . $data['name'],
'code' => 'WC-' . $data['id'],
'status' => ($data['status'] == 'publish') ? 'active' : 'inactive',
'description' => $data['description'],
Expand Down
4 changes: 2 additions & 2 deletions src/includes/admin/CouponsMetaBox.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,11 +49,11 @@ public static function output( $coupon_id, $coupon )
public static function save($post_id, $post)
{
// Check the nonce (again).
if ( empty( $_POST['woocommerce_meta_nonce'] ) || ! wp_verify_nonce( $_POST['woocommerce_meta_nonce'], 'woocommerce_save_data' ) ) {
if ( empty( VindiHelpers::sanitize_xss($_POST['woocommerce_meta_nonce']) ) || ! wp_verify_nonce( VindiHelpers::sanitize_xss($_POST['woocommerce_meta_nonce']), 'woocommerce_save_data' ) ) {
return;
}
$coupon = new WC_Coupon( $post_id );
$coupon->update_meta_data('cycle_count', intval($_POST['cycle_count']));
$coupon->update_meta_data('cycle_count', intval(filter_var($_POST['cycle_count'], FILTER_SANITIZE_NUMBER_INT)));
$coupon->save();
}

Expand Down
36 changes: 20 additions & 16 deletions src/routes/RoutesApi.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,10 +30,9 @@ function __construct(VindiSettings $vindi_settings)
*/
public function findProductById($product_id)
{

$response = $this->api->request(sprintf(
'products/%s',
$product_id
filter_var($product_id, FILTER_SANITIZE_NUMBER_INT)
), 'GET');

$productExists = isset($response['product']['id']) ? $response['product'] : false;
Expand Down Expand Up @@ -69,7 +68,7 @@ public function updatePlan($plan_id, $data)

$response = $this->api->request(sprintf(
'plans/%s',
$plan_id
filter_var($plan_id, FILTER_SANITIZE_NUMBER_INT)
), 'PUT', $data);

return $response['plan'];
Expand Down Expand Up @@ -101,7 +100,7 @@ public function updateProduct($product_id, $data)

$response = $this->api->request(sprintf(
'products/%s',
$product_id
filter_var($product_id, FILTER_SANITIZE_NUMBER_INT)
), 'PUT', $data);
return $response['product'];
}
Expand Down Expand Up @@ -132,7 +131,7 @@ public function updateCustomer($user_id, $data)

$response = $this->api->request(sprintf(
'customers/%s',
$user_id
filter_var($user_id, FILTER_SANITIZE_NUMBER_INT)
), 'PUT', $data);

return $response['customer'];
Expand All @@ -150,7 +149,7 @@ public function deleteCustomer($user_id)

$response = $this->api->request(sprintf(
'customers/%s',
$user_id
filter_var($user_id, FILTER_SANITIZE_NUMBER_INT)
), 'DELETE');

return $response['customer'];
Expand All @@ -169,7 +168,7 @@ public function findCustomerById($id)

$response = $this->api->request(sprintf(
'customers/%s',
$id
filter_var($id, FILTER_SANITIZE_NUMBER_INT)
), 'GET');

$userExists = isset($response['customer']['id']) ? $response['customer'] : false;
Expand Down Expand Up @@ -210,7 +209,7 @@ public function suspendSubscription($subscription_id, $cancel_bills = false)
$query = '?cancel_bills=false';

$response = $this->api->request(
sprintf('subscriptions/%s%s', $subscription_id, $query), 'DELETE');
sprintf('subscriptions/%s%s', filter_var($subscription_id, FILTER_SANITIZE_NUMBER_INT), $query), 'DELETE');

return $response;
}
Expand All @@ -222,7 +221,7 @@ public function suspendSubscription($subscription_id, $cancel_bills = false)
*/
public function activateSubscription($subscription_id)
{
if ($response = $this->api->request('subscriptions/' . $subscription_id . '/reactivate', 'POST'))
if ($response = $this->api->request('subscriptions/' . filter_var($subscription_id, FILTER_SANITIZE_NUMBER_INT) . '/reactivate', 'POST'))
return $response;

return false;
Expand All @@ -235,7 +234,7 @@ public function activateSubscription($subscription_id)
*/
public function getSubscription($subscription_id)
{
if ($response = $this->api->request("subscriptions/{$subscription_id}",'GET')['subscription'])
if ($response = $this->api->request("subscriptions/". filter_var($subscription_id, FILTER_SANITIZE_NUMBER_INT),'GET')['subscription'])
return $response;

return false;
Expand All @@ -248,6 +247,7 @@ public function getSubscription($subscription_id)
*/
public function isSubscriptionActive($subscription_id)
{
$subscription_id = filter_var($subscription_id, FILTER_SANITIZE_NUMBER_INT);
if (isset($this->recentRequest)
&& $this->recentRequest['id'] == $subscription_id) {
if ($this->recentRequest['status'] != 'canceled')
Expand All @@ -270,7 +270,7 @@ public function verifyCustomerPaymentProfile($payment_profile_id)
{
return 'success' === $this->api->request(sprintf(
'payment_profiles/%s/verify',
$payment_profile_id
filter_var($payment_profile_id, FILTER_SANITIZE_NUMBER_INT)
), 'POST')['transaction']['status'];
}

Expand All @@ -288,6 +288,7 @@ public function createCustomerPaymentProfile($data)

public function findProductByCode($code)
{
$code = sanitize_text_field($code);
$transient_key = "vindi_product_{$code}";
$product = get_transient($transient_key);

Expand All @@ -306,6 +307,8 @@ public function findProductByCode($code)

public function findOrCreateProduct($name, $code)
{
$name = sanitize_text_field($name);
$code = sanitize_text_field($code);
$product = $this->findProductByCode($code);

if (false === $product)
Expand Down Expand Up @@ -340,7 +343,7 @@ public function deleteBill($bill_id, $comments = '')
$query = '?comments= ' . $comments;

if ($response = $this->api->request(
sprintf('bills/%s%s', $bill_id, $query), 'DELETE')
sprintf('bills/%s%s', filter_var($bill_id, FILTER_SANITIZE_NUMBER_INT), $query), 'DELETE')
) {
return $response;
}
Expand Down Expand Up @@ -416,7 +419,7 @@ public function getMerchant($is_config = false)

public function getCharge($charge_id)
{
$response = $this->api->request("charges/{$charge_id}", 'GET');
$response = $this->api->request("charges/" . filter_var($charge_id, FILTER_SANITIZE_NUMBER_INT), 'GET');

if (empty($response['charge']))
return false;
Expand All @@ -426,7 +429,7 @@ public function getCharge($charge_id)

public function getPlan($plan_id)
{
$response = $this->api->request("plans/{$plan_id}", 'GET');
$response = $this->api->request("plans/" . filter_var($plan_id, FILTER_SANITIZE_NUMBER_INT), 'GET');

if (empty($response['plan'])) {
$this->current_plan = false;
Expand All @@ -438,6 +441,7 @@ public function getPlan($plan_id)

public function getPaymentProfile($user_vindi_id)
{
$user_vindi_id = filter_var($user_vindi_id, FILTER_SANITIZE_NUMBER_INT);
$customer = $this->findCustomerById($user_vindi_id);

if (empty($customer))
Expand Down Expand Up @@ -473,7 +477,7 @@ public function findBillById($bill_id)

$response = $this->api->request(sprintf(
'bills/%s',
$bill_id
filter_var($bill_id, FILTER_SANITIZE_NUMBER_INT)
), 'GET');

if (isset($response['bill']))
Expand All @@ -484,7 +488,7 @@ public function findBillById($bill_id)

public function refundCharge($charge_id, $data)
{
$response = $this->api->request(sprintf('charges/%s/refund', $charge_id), 'POST', $data);
$response = $this->api->request(sprintf('charges/%s/refund', filter_var($charge_id, FILTER_SANITIZE_NUMBER_INT)), 'POST', $data);

if (isset($response['charge'])) {
return $response['charge'];
Expand Down
14 changes: 13 additions & 1 deletion src/services/VindiHelpers.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -155,5 +155,17 @@ public static function get_matching_subscription_item($subscription, $order_item
}

return $matching_item;
}
}

/**
* Sanitize user input to prevent XSS atacks.
*
* @since 1.0.0
* @param string $value. String to be sanitized.
*
* @return string
*/
public static function sanitize_xss($value) {
return htmlspecialchars(strip_tags($value));
}
}
4 changes: 2 additions & 2 deletions src/utils/DefinitionVariables.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,6 @@
define('VINDI_URL', plugins_url('/', VINDI_FILE));
}

define('PREFIX_PRODUCT', '[WC] ');
define('VINDI_PREFIX_PRODUCT', '[WC] ');

define('PREFIX_PLAN', '[WC] ');
define('VINDI_PREFIX_PLAN', '[WC] ');
6 changes: 3 additions & 3 deletions src/utils/InterestPriceHandler.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,18 +41,18 @@ public function calculate_cost($cart) {
}

if (isset($_POST['post_data'] ) ) {
parse_str($_POST['post_data'], $post_data );
parse_str(sanitize_text_field($_POST['post_data']), $post_data);
} else {
$post_data = $_POST;
}

if (isset($post_data['vindi_cc_installments']) &&
$post_data['vindi_cc_installments'] > 1 &&
filter_var($post_data['vindi_cc_installments'], FILTER_SANITIZE_NUMBER_INT) > 1 &&
$post_data['payment_method'] === 'vindi-credit-card'
) {
global $woocommerce;
$interest_rate = get_option('woocommerce_vindi-credit-card_settings', true)['interest_rate'];
$installments = intval($post_data['vindi_cc_installments']);
$installments = intval(filter_var($post_data['vindi_cc_installments'], FILTER_SANITIZE_NUMBER_INT));
$tax_total = 0;
$taxes = $cart->get_taxes();
foreach($taxes as $tax) $tax_total += $tax;
Expand Down
18 changes: 15 additions & 3 deletions src/utils/PaymentGateway.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -147,7 +147,7 @@ public function admin_options()
public function get_country_code()
{
if (isset($_GET['order_id'])) {
$order = new WC_Order($_GET['order_id']);
$order = new WC_Order(filter_var($_GET['order_id'], FILTER_SANITIZE_NUMBER_INT));
return $order->billing_country;
} elseif ($this->vindi_settings->woocommerce->customer->get_billing_country()) {
return $this->vindi_settings->woocommerce->customer->get_billing_country();
Expand All @@ -174,6 +174,7 @@ public function validate_settings()
*/
public function process_payment($order_id)
{
$order_id = filter_var($order_id, FILTER_SANITIZE_NUMBER_INT);
$this->logger->log(sprintf('Processando pedido %s.', $order_id));
$order = wc_get_order($order_id);
$payment = new VindiPaymentProcessor($order, $this, $this->vindi_settings, $this->controllers);
Expand Down Expand Up @@ -225,6 +226,9 @@ protected function is_single_order()
* @return bool|WP_Error
*/
public function process_refund($order_id, $amount = null, $reason = '') {
$order_id = filter_var($order_id, FILTER_SANITIZE_NUMBER_INT);
$amount = filter_var($amount, FILTER_SANITIZE_NUMBER_FLOAT);
$reason = sanitize_text_field($reason);
$order = wc_get_order($order_id);

if (!$this->can_refund_order($order)) {
Expand Down Expand Up @@ -262,12 +266,15 @@ public function process_refund($order_id, $amount = null, $reason = '') {
/**
* Get refund request args.
*
* @param WC_Order $order Order object.
* @param int $bill_id Order object.
* @param float $amount Refund amount.
* @param string $reason Refund reason.
* @return array
*/
public function get_refund_request($bill_id, $amount = null, $reason = '') {
$bill_id = filter_var($bill_id, FILTER_SANITIZE_NUMBER_INT);
$amount = filter_var($amount, FILTER_SANITIZE_NUMBER_FLOAT);
$reason = sanitize_text_field($reason);
$request = array(
'cancel_bill' => true,
'comments' => strip_tags(wc_trim_string($reason, 255)),
Expand All @@ -281,12 +288,16 @@ public function get_refund_request($bill_id, $amount = null, $reason = '') {
/**
* Refund an order via PayPal.
*
* @param WC_Order $order Order object.
* @param int $bill_id Order object.
* @param float $amount Refund amount.
* @param string $reason Refund reason.
* @return object Either an object of name value pairs for a success, or a WP_ERROR object.
*/
public function refund_transaction($bill_id, $amount = null, $reason = '') {
$bill_id = filter_var($bill_id, FILTER_SANITIZE_NUMBER_INT);
$amount = filter_var($amount, FILTER_SANITIZE_NUMBER_FLOAT);
$reason = sanitize_text_field($reason);

$data = $this->get_refund_request($bill_id, $amount, $reason);
$last_charge = $this->find_bill_last_charge($bill_id);
$charge_id = $last_charge['id'];
Expand All @@ -301,6 +312,7 @@ public function refund_transaction($bill_id, $amount = null, $reason = '') {

private function find_bill_last_charge($bill_id)
{
$bill_id = filter_var($bill_id, FILTER_SANITIZE_NUMBER_INT);
$bill = $this->routes->findBillById($bill_id);

if(!$bill) {
Expand Down
Loading