diff options
author | Christian Grothoff <christian@grothoff.org> | 2020-10-20 23:53:13 +0200 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2020-10-20 23:53:13 +0200 |
commit | 7f5e4355ca96b0c6110c98d286fde207dc34f7dc (patch) | |
tree | 320f5fe9fdbff544ea73171c2cf1a1bf635e904b | |
parent | 7eb2566401f22a311962903d419b5064bc4bf531 (diff) | |
download | woocommerce-taler-7f5e4355ca96b0c6110c98d286fde207dc34f7dc.tar.gz woocommerce-taler-7f5e4355ca96b0c6110c98d286fde207dc34f7dc.tar.bz2 woocommerce-taler-7f5e4355ca96b0c6110c98d286fde207dc34f7dc.zip |
fixing issues found by WP reviewer
-rw-r--r-- | plugin/GNU-Taler-Payment-Gateway/class-wc-gnutaler-gateway.php | 169 |
1 files changed, 77 insertions, 92 deletions
diff --git a/plugin/GNU-Taler-Payment-Gateway/class-wc-gnutaler-gateway.php b/plugin/GNU-Taler-Payment-Gateway/class-wc-gnutaler-gateway.php index aa5493e..b80530c 100644 --- a/plugin/GNU-Taler-Payment-Gateway/class-wc-gnutaler-gateway.php +++ b/plugin/GNU-Taler-Payment-Gateway/class-wc-gnutaler-gateway.php @@ -37,12 +37,12 @@ * Which version of the Taler merchant protocol is implemented * by this implementation? Used to determine compatibility. */ -define( 'MERCHANT_PROTOCOL_CURRENT', 1 ); +define( 'GNU_TALER_MERCHANT_PROTOCOL_CURRENT', 1 ); /** * How many merchant protocol versions are we backwards compatible with? */ -define( 'MERCHANT_PROTOCOL_AGE', 0 ); +define( 'GNU_TALER_MERCHANT_PROTOCOL_AGE', 0 ); require_once ABSPATH . 'wp-admin/includes/plugin.php'; @@ -220,14 +220,14 @@ function gnutaler_init_gateway_class() { $this->gnu_taler_backend_url = substr( $this->gnu_taler_backend_url, 0, -1 ); } - // Make transaction ID a link. We use the public version - // here, as a user clicking on the link could not supply - // the authorization header. - // See also: https://woocommerce.wordpress.com/2014/08/05/wc-2-2-payment-gateways-adding-refund-support-and-transaction-ids/. - $this->view_transaction_url = $this->gnu_taler_backend_url . '/orders/%s'; + // Make transaction ID a link. We use the public version + // here, as a user clicking on the link could not supply + // the authorization header. + // See also: https://woocommerce.wordpress.com/2014/08/05/wc-2-2-payment-gateways-adding-refund-support-and-transaction-ids/. + $this->view_transaction_url = $this->gnu_taler_backend_url . '/orders/%s'; - // Register handler for the fulfillment URL. - $hname = 'woocommerce_api_' . strtolower( get_class( $this ) ); + // Register handler for the fulfillment URL. + $hname = 'woocommerce_api_' . strtolower( get_class( $this ) ); add_action( $hname, array( &$this, 'fulfillment_url_handler' ) @@ -395,92 +395,77 @@ function gnutaler_init_gateway_class() { * Sends a request to a url via HTTP. * * Sends a request to a GNU Taler Backend over HTTP and returns the result. - * The request can be sent as POST, GET, PUT or another method. + * The request can be sent as POST or GET. PATCH is not supported. * - * @param string $method POST, GET, PUT or another method. + * @param string $method POST or GET supported only. Thanks WordPress. * @param string $url URL for the request to make to the GNU Taler Backend. * @param string $body The content of the request (for POST). * * @return array The return array will either have the successful return value or a detailed error message. */ private function call_api( $method, $url, $body ): array { - // phpcs:disable WordPress.WP.AlternativeFunctions - $curl = curl_init(); + $apikey = $this->get_option( 'GNU_Taler_Backend_API_Key' ); + $args = array( + 'timeout' => 30, // In seconds. + 'redirection' => 2, // How often. + 'httpversion' => '1.1', // Taler will support. + 'user-agent' => '', // Minimize information leakage. + 'blocking' => true, // We do nothing without it. + 'headers' => array( + 'Authorization: ' . $apikey, + ), + 'decompress' => true, + 'limit_response_size' => 1024 * 1024, // More than enough. + ); + if ( $body ) { + $args['body'] = wp_json_encode( $body, JSON_UNESCAPED_SLASHES, 0, 16 ); + $args['headers'][] = 'Content-type: application/json'; + $args['compress'] = true; + } + $this->debug( 'Issuing HTTP ' . $method . ' request to ' . $url . ' with options ' . $args ); + switch ( $method ) { case 'POST': - curl_setopt( $curl, CURLOPT_POST, 1 ); - break; - case 'PUT': - curl_setopt( $curl, CURLOPT_CUSTOMREQUEST, 'PUT' ); - break; - case 'PATCH': - curl_setopt( $curl, CURLOPT_CUSTOMREQUEST, 'PATCH' ); + $response = wp_remote_post( $url, $args ); break; case 'GET': + $response = wp_remote_get( $url, $args ); break; default: - curl_setopt( $curl, CURLOPT_CUSTOMREQUEST, $method ); - break; + $this->debug( 'HTTP method ' . $method . ' not supported' ); + return null; } - if ( $body ) { - $jsonstr = wp_json_encode( $body, JSON_UNESCAPED_SLASHES, 0, 16 ); - $this->debug( 'Using POST body ' . $jsonstr . ' for upload to ' . $url ); - curl_setopt( - $curl, - CURLOPT_POSTFIELDS, - $jsonstr - ); - } else { - $this->debug( 'No request body with ' . $method . ' to ' . $url ); - } - $this->debug( 'Requesting URL ' . $url ); - curl_setopt( $curl, CURLOPT_URL, $url ); - $apikey = $this->get_option( 'GNU_Taler_Backend_API_Key' ); - curl_setopt( - $curl, - CURLOPT_HTTPHEADER, - array( - 'Authorization: ' . $apikey, - 'Content-Type: application/json', - ) - ); - curl_setopt( $curl, CURLOPT_RETURNTRANSFER, 1 ); - curl_setopt( $curl, CURLOPT_HTTPAUTH, CURLAUTH_BASIC ); - - $result = curl_exec( $curl ); - - $http_code = curl_getinfo( $curl, CURLINFO_HTTP_CODE ); - if ( curl_error( $curl ) ) { - $error_msg = curl_error( $curl ); + if ( is_wp_error( $response ) ) { + $error_code = $response->get_error_code(); + $error_data = $response->get_error_data( $error_code ); $this->warning( sprintf( - /* translators: first placeholder is the CURL error message, second the HTTP status code */ - __( 'CURL failure %1$s with HTTP status %2$s', 'gnutaler' ), - $error_msg, - $http_code + /* translators: first placeholder is the error code, second the error data */ + __( 'HTTP failure %1$s with data %2$s', 'gnutaler' ), + $error_code, + $error_data ) ); return array( - 'http_code' => $http_code, - 'message' => $error_msg, + 'http_code' => 0, + 'message' => $error_code, ); } + $http_code = wp_remote_retrieve_response_code( $response ); + $body = $wp_remote_retrieve_body( $response ); $this->debug( sprintf( /* translators: first placeholder is the HTTP status code, second the body of the HTTP reply */ __( 'HTTP status %1$s with response body %2$s', 'gnutaler' ), $http_code, - $result + $body ) ); - $message_array = array( + return array( 'http_code' => $http_code, - 'message' => $result, + 'message' => $body, ); - curl_close( $curl ); - // phpcs:enable - return $message_array; } /** @@ -537,9 +522,9 @@ function gnutaler_init_gateway_class() { $revision = $ver[1]; $age = $ver[2]; if ( ( ! is_numeric( $current ) ) - || ( ! is_numeric( $revision ) ) - || ( ! is_numeric( $age ) ) - ) { + || ( ! is_numeric( $revision ) ) + || ( ! is_numeric( $age ) ) + ) { $this->error( sprintf( /* translators: placeholder will be replaced with the (malformed) version number */ @@ -549,7 +534,7 @@ function gnutaler_init_gateway_class() { ); return false; } - if ( MERCHANT_PROTOCOL_CURRENT < $current - $age ) { + if ( GNU_TALER_MERCHANT_PROTOCOL_CURRENT < $current - $age ) { // Our implementation is too old! $this->error( sprintf( @@ -560,7 +545,7 @@ function gnutaler_init_gateway_class() { ); return false; } - if ( MERCHANT_PROTOCOL_CURRENT - MERCHANT_PROTOCOL_AGE > $current ) { + if ( GNU_TALER_MERCHANT_PROTOCOL_CURRENT - GNU_TALER_MERCHANT_PROTOCOL_AGE > $current ) { // Merchant implementation is too old! $this->error( sprintf( @@ -709,14 +694,14 @@ function gnutaler_init_gateway_class() { * @return array - return the JSON Format. */ public function convert_to_checkout_json( $order_id ): array { - $wc_order = wc_get_order( $order_id ); - $wc_order_total_amount = $wc_order->get_total(); - $wc_order_currency = $wc_order->get_currency(); - $wc_cart = WC()->cart->get_cart(); - $wc_order_id = $wc_order->get_order_key() . '-' . $wc_order->get_order_number(); - $wc_order_products_array = $this->mutate_products_to_json_format( $wc_cart, $wc_order_currency ); - $refund_delay = $this->get_option( 'GNU_Taler_refund_delay' ); - $order_json = array( + $wc_order = wc_get_order( $order_id ); + $wc_order_total_amount = $wc_order->get_total(); + $wc_order_currency = $wc_order->get_currency(); + $wc_cart = WC()->cart->get_cart(); + $wc_order_id = $wc_order->get_order_key() . '-' . $wc_order->get_order_number(); + $wc_order_products_array = $this->mutate_products_to_json_format( $wc_cart, $wc_order_currency ); + $refund_delay = $this->get_option( 'GNU_Taler_refund_delay' ); + $order_json = array( 'order' => array( 'amount' => $wc_order_currency . ':' . $wc_order_total_amount, 'summary' => sprintf( @@ -737,9 +722,9 @@ function gnutaler_init_gateway_class() { ), ); if ( isset( $refund_delay ) ) { - $order_json['refund_delay'] = array( - 'd_ms' => 1000 * 60 * 60 * 24 * intval( $refund_delay ), - ); + $order_json['refund_delay'] = array( + 'd_ms' => 1000 * 60 * 60 * 24 * intval( $refund_delay ), + ); } return $order_json; } @@ -803,13 +788,13 @@ function gnutaler_init_gateway_class() { 'building_number' => $shipping_address_street_nr, ); if ( null !== $wc_order->get_shipping_address_2() ) { - $address_lines = array( - $wc_order->get_shipping_address_1(), - $wc_order->get_shipping_address_2(), - ); - $ret['address_lines'] = $address_lines; + $address_lines = array( + $wc_order->get_shipping_address_1(), + $wc_order->get_shipping_address_2(), + ); + $ret['address_lines'] = $address_lines; } - return $ret; + return $ret; } /** @@ -954,7 +939,7 @@ function gnutaler_init_gateway_class() { default: $refund_error = json_decode( $refund_body, $assoc = true ); if ( ! $refund_error ) { - $ec = $refund_error['code']; + $ec = $refund_error['code']; } else { $ec = 0; } @@ -1026,22 +1011,22 @@ function gnutaler_init_gateway_class() { return; } if ( function_exists( 'wp_get_current_user()' ) ) { - $user_id = wp_get_current_user(); + $user_id = wp_get_current_user(); if ( ! isset( $user_id ) ) { $user_id = __( '<user ID not set>', 'gnutaler' ); } } else { $user_id = 'Guest'; } - // We intentionally do NOT verify the nonce here, as logging - // should always work. + // We intentionally do NOT verify the nonce here, as logging + // should always work. // phpcs:disable WordPress.Security.NonceVerification $order_id = sanitize_text_field( wp_unslash( $_GET['order_id'] ) ); // phpcs:enable if ( empty( self::$logger ) ) { - self::$logger = wc_get_logger(); + self::$logger = wc_get_logger(); } - self::$logger->log( $level, $user_id . '-' . $order_id . ': ' . $msg, array( 'source' => 'gnutaler' ) ); + self::$logger->log( $level, $user_id . '-' . $order_id . ': ' . $msg, array( 'source' => 'gnutaler' ) ); } } |