From 4c4858726c9f1ebe46c46aefb9fc74596954bad9 Mon Sep 17 00:00:00 2001
From: Remco Tolsma <869674+remcotolsma@users.noreply.github.com>
Date: Tue, 23 Jan 2024 11:56:49 +0100
Subject: [PATCH] Escape var values in exception messages.

---
 src/AbstractPaymentRequest.php |  2 +-
 src/Address.php                | 10 +++++-----
 src/Amount.php                 |  2 +-
 src/Client.php                 |  4 ++--
 src/Gateway.php                |  2 +-
 src/Name.php                   |  2 +-
 6 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/src/AbstractPaymentRequest.php b/src/AbstractPaymentRequest.php
index 3e5c2e1..fd4dd71 100644
--- a/src/AbstractPaymentRequest.php
+++ b/src/AbstractPaymentRequest.php
@@ -306,7 +306,7 @@ public function set_country_code( $country_code ) {
 			throw new InvalidArgumentException(
 				sprintf(
 					'Given country code `%s` not ISO 3166-1 alpha-2 value.',
-					$country_code
+					\esc_html( $country_code )
 				)
 			);
 		}
diff --git a/src/Address.php b/src/Address.php
index 313f351..06a3b48 100644
--- a/src/Address.php
+++ b/src/Address.php
@@ -82,7 +82,7 @@ public function __construct( $country, $street = null, $house_number_or_name = n
 			throw new InvalidArgumentException(
 				sprintf(
 					'Given country `%s` not ISO 3166-1 alpha-2 value.',
-					$country
+					\esc_html( $country )
 				)
 			);
 		}
@@ -124,8 +124,8 @@ public function __construct( $country, $street = null, $house_number_or_name = n
 				throw new InvalidArgumentException(
 					sprintf(
 						'Given postal code `%s` is longer then `%d` digits.',
-						$postal_code,
-						$max
+						\esc_html( $postal_code ),
+						\esc_html( $max )
 					)
 				);
 			}
@@ -164,8 +164,8 @@ public function __construct( $country, $street = null, $house_number_or_name = n
 				throw new InvalidArgumentException(
 					sprintf(
 						'Given state or province `%s` is longer then `%d` digits.',
-						$state_or_province,
-						$max
+						\esc_html( $state_or_province ),
+						\esc_html( $max )
 					)
 				);
 			}
diff --git a/src/Amount.php b/src/Amount.php
index 669b280..aa44a21 100644
--- a/src/Amount.php
+++ b/src/Amount.php
@@ -43,7 +43,7 @@ public function __construct( $currency, $value ) {
 			throw new \InvalidArgumentException(
 				sprintf(
 					'Given currency `%s` not a three-character ISO currency code.',
-					$currency
+					\esc_html( $currency )
 				)
 			);
 		}
diff --git a/src/Client.php b/src/Client.php
index 723afbd..4e8bfd3 100644
--- a/src/Client.php
+++ b/src/Client.php
@@ -73,8 +73,8 @@ private function send_request( $method, $request ) {
 			throw new \Exception(
 				\sprintf(
 					'Could not JSON decode Adyen response to an object, HTTP response: "%s", HTTP body: "%s".',
-					$response->status(),
-					$response->body()
+					\esc_html( $response->status() ),
+					\esc_html( $response->body() )
 				),
 				\intval( $response->status() )
 			);
diff --git a/src/Gateway.php b/src/Gateway.php
index d85454a..4b961f4 100644
--- a/src/Gateway.php
+++ b/src/Gateway.php
@@ -244,7 +244,7 @@ public function start( Payment $payment ) {
 			throw new \Exception(
 				\sprintf(
 					'The handling of the `%s` result code is not implemented.',
-					$result_code
+					\esc_html( $result_code )
 				)
 			);
 		}
diff --git a/src/Name.php b/src/Name.php
index a038b15..2bfe106 100644
--- a/src/Name.php
+++ b/src/Name.php
@@ -98,7 +98,7 @@ public function set_infix( $infix ) {
 			throw new InvalidArgumentException(
 				sprintf(
 					'Given infix `%s` is longer then 20 characters.',
-					$infix
+					\esc_html( $infix )
 				)
 			);
 		}