Merge branch 'main' of https://github.com/pronamic/wp-pronamic-pay-adyen

pronamic · Oct 30, 2023 · 9c5810e · 9c5810e
2 parents 08294f1 + 15c5f85
commit 9c5810e
Show file tree

Hide file tree

Showing 7 changed files with 71 additions and 37 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,6 +6,20 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased][unreleased]
 
+## [4.4.7] - 2023-10-13
+
+### Commits
+
+- Use `wp_kses` to allow only <a href=""> element. ([171d841](https://github.com/pronamic/wp-pronamic-pay-adyen/commit/171d84103b4b719c95b734619c7351cf05b756a9))
+- No longer use `FILTER_UNSAFE_RAW`, instead use a custom input callback. ([d70823b](https://github.com/pronamic/wp-pronamic-pay-adyen/commit/d70823b38c2f70dc6e65393d7aba56257f8fcdfb))
+- The default sanitize function allows dobule quotes. ([ac99766](https://github.com/pronamic/wp-pronamic-pay-adyen/commit/ac99766b9e1505df22aae32ebe247801bec3fdf0))
+- No longer use `Server::get()` function, will be removed. ([6f7dda2](https://github.com/pronamic/wp-pronamic-pay-adyen/commit/6f7dda274dff811961aa9e487dd53568082f198d))
+- Use callback, since 'description' field type support was removed. ([451bb33](https://github.com/pronamic/wp-pronamic-pay-adyen/commit/451bb33187e372a62462d5d148e8b94349e75e60))
+
+Full set of changes: [`4.4.6...4.4.7`][4.4.7]
+
+[4.4.7]: https://github.com/pronamic/wp-pronamic-pay-adyen/compare/v4.4.6...v4.4.7
+
 ## [4.4.6] - 2023-07-12
 
 ### Commits

diff --git a/composer.json b/composer.json
@@ -54,7 +54,7 @@
 		"overtrue/phplint": "^4.5",
 		"php-coveralls/php-coveralls": "^2.5",
 		"phpmd/phpmd": "^2.13",
-		"pronamic/pronamic-cli": "dev-main",
+		"pronamic/pronamic-cli": "^1.1",
 		"pronamic/wp-coding-standards": "^1.3",
 		"roots/wordpress": "^6.0",
 		"sirbrillig/phpcs-import-detection": "^1.2",

diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "adyen",
-  "version": "4.4.6",
+  "version": "4.4.7",
   "description": "Adyen driver for the WordPress payment processing library.",
   "repository": {
     "type": "git",

diff --git a/pronamic-pay-adyen.php b/pronamic-pay-adyen.php
@@ -4,7 +4,7 @@
  * Plugin URI: https://www.pronamic.eu/plugins/pronamic-pay-adyen/
  * Description: Extend the Pronamic Pay plugin with the Adyen gateway to receive payments with Adyen through a variety of WordPress plugins.
  *
- * Version: 4.4.6
+ * Version: 4.4.7
  * Requires at least: 5.9
  * Requires PHP: 7.4
  *

diff --git a/readme.txt b/readme.txt
@@ -4,6 +4,6 @@ Tags: pronamic, pay, adyen, add-on
 Requires at least: 5.9
 Tested up to: 6.0
 Requires PHP: 7.4
-Stable tag: 4.4.6
+Stable tag: 4.4.7
 
 Extend the Pronamic Pay plugin with the Adyen gateway to receive payments with Adyen through a variety of WordPress plugins.
diff --git a/src/Integration.php b/src/Integration.php
@@ -241,12 +241,6 @@ public function get_settings_fields() {
 		// API Key.
 		$fields[] = [
 			'section'     => 'general',
-			/**
-			 * Filter Adyen API key unsafe raw to allow <> chars.
-			 *
-			 * @link https://github.com/pronamic/wp-pronamic-pay-adyen/issues/7
-			 */
-			'filter'      => \FILTER_UNSAFE_RAW,
 			'meta_key'    => '_pronamic_gateway_adyen_api_key',
 			'title'       => _x( 'API Key', 'adyen', 'pronamic_ideal' ),
 			'type'        => 'textarea',
@@ -258,6 +252,23 @@ public function get_settings_fields() {
 				esc_html__( 'Adyen documentation: "API credentials".', 'pronamic_ideal' )
 			),
 			'required'    => true,
+			/**
+			 * Filter Adyen API key unsafe raw to allow <> chars.
+			 *
+			 * @link https://github.com/pronamic/wp-pronamic-pay-adyen/issues/7
+			 */
+			'input'       => function ( $name ) {
+				// phpcs:disable WordPress.Security.NonceVerification.Missing
+
+				if ( ! \array_key_exists( $name, $_POST ) ) {
+					return '';
+				}
+
+				// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized -- API Key can contain whitespace, HTML tags and percent-encoded characters.
+				return $_POST[ $name ];
+
+				// phpcs:enable WordPress.Security.NonceVerification.Missing
+			},
 		];
 
 		if ( 'live' === $this->get_mode() ) {
@@ -315,10 +326,6 @@ public function get_settings_fields() {
 		// Merchant Order Reference.
 		$fields[] = [
 			'section'     => 'advanced',
-			/**
-			 * Filter Adyen merchant order reference unsafe raw to allow double quotes.
-			 */
-			'filter'      => \FILTER_UNSAFE_RAW,
 			'meta_key'    => '_pronamic_gateway_adyen_merchant_order_reference',
 			'title'       => __( 'Merchant Order Reference', 'pronamic_ideal' ),
 			'type'        => 'text',
@@ -366,10 +373,12 @@ public function get_settings_fields() {
 		 * @link https://www.howsmyssl.com/a/check
 		 */
 		$fields[] = [
-			'section' => 'feedback',
-			'title'   => __( 'SSL Version', 'pronamic_ideal' ),
-			'type'    => 'description',
-			'html'    => __( 'Choose the SSL Version of your server on the Adyen Customer Area.', 'pronamic_ideal' ),
+			'section'  => 'feedback',
+			'title'    => \__( 'SSL Version', 'pronamic_ideal' ),
+			'type'     => 'custom',
+			'callback' => function () {
+				\esc_html_e( 'Choose the SSL Version of your server on the Adyen Customer Area.', 'pronamic_ideal' );
+			},
 		];
 
 		/**
@@ -379,29 +388,40 @@ public function get_settings_fields() {
 		 * @link https://www.howsmyssl.com/a/check
 		 */
 		$fields[] = [
-			'section' => 'feedback',
-			'title'   => _x( 'Method', 'adyen notification', 'pronamic_ideal' ),
-			'type'    => 'description',
-			'html'    => __( 'JSON', 'pronamic_ideal' ),
+			'section'  => 'feedback',
+			'title'    => \_x( 'Method', 'adyen notification', 'pronamic_ideal' ),
+			'type'     => 'custom',
+			'callback' => function () {
+				\esc_html_e( 'JSON', 'pronamic_ideal' );
+			},
 		];
 
 		// Webhook authentication settings.
 		$fields[] = [
-			'section' => 'feedback',
-			'title'   => __( 'Authentication', 'pronamic_ideal' ),
-			'type'    => 'description',
-			'html'    => \sprintf(
-				/* translators: %s: Pronamic Pay settings page URL. */
-				__( 'Go to the <a href="%s">Pronamic Pay settings page</a> for webhook authentication settings.', 'pronamic_ideal' ),
-				\esc_url(
-					\add_query_arg(
-						[
-							'page' => 'pronamic_pay_settings',
+			'section'  => 'feedback',
+			'title'    => \__( 'Authentication', 'pronamic_ideal' ),
+			'type'     => 'custom',
+			'callback' => function () {
+				echo \wp_kses(
+					\sprintf(
+						/* translators: %s: Pronamic Pay settings page URL. */
+						__( 'Go to the <a href="%s">Pronamic Pay settings page</a> for webhook authentication settings.', 'pronamic_ideal' ),
+						\esc_url(
+							\add_query_arg(
+								[
+									'page' => 'pronamic_pay_settings',
+								],
+								\admin_url( 'admin.php' )
+							)
+						)
+					),
+					[
+						'a' => [
+							'href' => true,
 						],
-						\admin_url( 'admin.php' )
-					)
-				)
-			),
+					]
+				);
+			},
 		];
 
 		// Return fields.

diff --git a/src/NotificationsController.php b/src/NotificationsController.php
@@ -69,7 +69,7 @@ public function maybe_disable_application_passwords_for_api_request( $is_api_req
 		 * Check if request URI contains the integration REST route namespace,
 		 * parsed REST request is not yet available at this point during WordPress bootstrap.
 		*/
-		if ( false === \stripos( Server::get( 'REQUEST_URI' ), Integration::REST_ROUTE_NAMESPACE ) ) {
+		if ( false === \stripos( \get_self_link(), Integration::REST_ROUTE_NAMESPACE ) ) {
 			return $is_api_request;
 		}