Issues in abstract-wc-payment-gateway.php (master) - Issues in master - woocommerce/woocommerce - Measure and Improve Code Quality continuously with Scrutinizer

Issues (942)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

includes/abstracts/abstract-wc-payment-gateway.php (2 issues)

Labels

Unused Code 2

Severity

Minor 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * Abstract payment gateway
 *
 * Hanldes generic payment gateway functionality which is extended by idividual payment gateways.
 *
 * @class WC_Payment_Gateway
 * @version 2.1.0
 * @package WooCommerce/Abstracts
 */

if ( ! defined( 'ABSPATH' ) ) {
	exit;
}

/**
 * WooCommerce Payment Gateway class.
 *
 * Extended by individual payment gateways to handle payments.
 *
 * @class       WC_Payment_Gateway
 * @extends     WC_Settings_API
 * @version     2.1.0
 * @package     WooCommerce/Abstracts
 */
abstract class WC_Payment_Gateway extends WC_Settings_API {

	/**
	 * Set if the place order button should be renamed on selection.
	 *
	 * @var string
	 */
	public $order_button_text;

	/**
	 * Yes or no based on whether the method is enabled.
	 *
	 * @var string
	 */
	public $enabled = 'yes';

	/**
	 * Payment method title for the frontend.
	 *
	 * @var string
	 */
	public $title;

	/**
	 * Payment method description for the frontend.
	 *
	 * @var string
	 */
	public $description;

	/**
	 * Chosen payment method id.
	 *
	 * @var bool
	 */
	public $chosen;

	/**
	 * Gateway title.
	 *
	 * @var string
	 */
	public $method_title = '';

	/**
	 * Gateway description.
	 *
	 * @var string
	 */
	public $method_description = '';

	/**
	 * True if the gateway shows fields on the checkout.
	 *
	 * @var bool
	 */
	public $has_fields;

	/**
	 * Countries this gateway is allowed for.
	 *
	 * @var array
	 */
	public $countries;

	/**
	 * Available for all counties or specific.
	 *
	 * @var string
	 */
	public $availability;

	/**
	 * Icon for the gateway.
	 *
	 * @var string
	 */
	public $icon;

	/**
	 * Supported features such as 'default_credit_card_form', 'refunds'.
	 *
	 * @var array
	 */
	public $supports = array( 'products' );

	/**
	 * Maximum transaction amount, zero does not define a maximum.
	 *
	 * @var int
	 */
	public $max_amount = 0;

	/**
	 * Optional URL to view a transaction.
	 *
	 * @var string
	 */
	public $view_transaction_url = '';

	/**
	 * Optional label to show for "new payment method" in the payment
	 * method/token selection radio selection.
	 *
	 * @var string
	 */
	public $new_method_label = '';

	/**
	 * Contains a users saved tokens for this gateway.
	 *
	 * @var array
	 */
	protected $tokens = array();

	/**
	 * Returns a users saved tokens for this gateway.
	 *
	 * @since 2.6.0
	 * @return array
	 */
	public function get_tokens() {
		if ( count( $this->tokens ) > 0 ) {
			return $this->tokens;
		}

		if ( is_user_logged_in() && $this->supports( 'tokenization' ) ) {
			$this->tokens = WC_Payment_Tokens::get_customer_tokens( get_current_user_id(), $this->id );
		}

		return $this->tokens;
	}

	/**
	 * Return the title for admin screens.
	 *
	 * @return string
	 */
	public function get_method_title() {
		return apply_filters( 'woocommerce_gateway_method_title', $this->method_title, $this );
	}

	/**
	 * Return the description for admin screens.
	 *
	 * @return string
	 */
	public function get_method_description() {
		return apply_filters( 'woocommerce_gateway_method_description', $this->method_description, $this );
	}

	/**
	 * Output the gateway settings screen.
	 */
	public function admin_options() {
		echo '<h2>' . esc_html( $this->get_method_title() );
		wc_back_link( __( 'Return to payments', 'woocommerce' ), admin_url( 'admin.php?page=wc-settings&tab=checkout' ) );
		echo '</h2>';
		echo wp_kses_post( wpautop( $this->get_method_description() ) );
		parent::admin_options();
	}

	/**
	 * Init settings for gateways.
	 */
	public function init_settings() {
		parent::init_settings();
		$this->enabled  = ! empty( $this->settings['enabled'] ) && 'yes' === $this->settings['enabled'] ? 'yes' : 'no';
	}

	/**
	 * Return whether or not this gateway still requires setup to function.
	 *
	 * When this gateway is toggled on via AJAX, if this returns true a
	 * redirect will occur to the settings page instead.
	 *
	 * @since 3.4.0
	 * @return bool
	 */
	public function needs_setup() {
		return false;
	}

	/**
	 * Get the return url (thank you page).
	 *
	 * @param WC_Order $order Order object.
	 * @return string
	 */
	public function get_return_url( $order = null ) {
		if ( $order ) {
			$return_url = $order->get_checkout_order_received_url();
		} else {
			$return_url = wc_get_endpoint_url( 'order-received', '', wc_get_checkout_url() );
		}

		return apply_filters( 'woocommerce_get_return_url', $return_url, $order );
	}

	/**
	 * Get a link to the transaction on the 3rd party gateway site (if applicable).
	 *
	 * @param  WC_Order $order the order object.
	 * @return string transaction URL, or empty string.
	 */
	public function get_transaction_url( $order ) {

		$return_url = '';
		$transaction_id = $order->get_transaction_id();

		if ( ! empty( $this->view_transaction_url ) && ! empty( $transaction_id ) ) {
			$return_url = sprintf( $this->view_transaction_url, $transaction_id );
		}

		return apply_filters( 'woocommerce_get_transaction_url', $return_url, $order, $this );
	}

	/**
	 * Get the order total in checkout and pay_for_order.
	 *
	 * @return float
	 */
	protected function get_order_total() {

		$total = 0;
		$order_id = absint( get_query_var( 'order-pay' ) );

		// Gets order total from "pay for order" page.
		if ( 0 < $order_id ) {
			$order = wc_get_order( $order_id );
			$total = (float) $order->get_total();

			// Gets order total from cart/checkout.
		} elseif ( 0 < WC()->cart->total ) {
			$total = (float) WC()->cart->total;
		}

		return $total;
	}

	/**
	 * Check if the gateway is available for use.
	 *
	 * @return bool
	 */
	public function is_available() {
		$is_available = ( 'yes' === $this->enabled );

		if ( WC()->cart && 0 < $this->get_order_total() && 0 < $this->max_amount && $this->max_amount < $this->get_order_total() ) {
			$is_available = false;
		}

		return $is_available;
	}

	/**
	 * Check if the gateway has fields on the checkout.
	 *
	 * @return bool
	 */
	public function has_fields() {
		return (bool) $this->has_fields;
	}

	/**
	 * Return the gateway's title.
	 *
	 * @return string
	 */
	public function get_title() {
		return apply_filters( 'woocommerce_gateway_title', $this->title, $this->id );
	}

	/**
	 * Return the gateway's description.
	 *
	 * @return string
	 */
	public function get_description() {
		return apply_filters( 'woocommerce_gateway_description', $this->description, $this->id );
	}

	/**
	 * Return the gateway's icon.
	 *
	 * @return string
	 */
	public function get_icon() {

		$icon = $this->icon ? '<img src="' . WC_HTTPS::force_https_url( $this->icon ) . '" alt="' . esc_attr( $this->get_title() ) . '" />' : '';

		return apply_filters( 'woocommerce_gateway_icon', $icon, $this->id );
	}

	/**
	 * Set as current gateway.
	 *
	 * Set this as the current gateway.
	 */
	public function set_current() {
		$this->chosen = true;
	}

	/**
	 * Process Payment.
	 *
	 * Process the payment. Override this in your gateway. When implemented, this should.
	 * return the success and redirect in an array. e.g:
	 *
	 *        return array(
	 *            'result'   => 'success',
	 *            'redirect' => $this->get_return_url( $order )
	 *        );
	 *
	 * @param int $order_id Order ID.
	 * @return array
	 */
	public function process_payment( $order_id ) {
		return array();
	}

	/**
	 * Process refund.
	 *
	 * If the gateway declares 'refunds' support, this will allow it to refund.
	 * a passed in amount.
	 *
	 * @param  int    $order_id Order ID.
	 * @param  float  $amount Refund amount.
	 * @param  string $reason Refund reason.
	 * @return boolean True or false based on success, or a WP_Error object.
	 */
	public function process_refund( $order_id, $amount = null, $reason = '' ) {
		return false;
	}

	/**
	 * Validate frontend fields.
	 *
	 * Validate payment fields on the frontend.
	 *
	 * @return bool
	 */
	public function validate_fields() {
		return true;
	}

	/**
	 * If There are no payment fields show the description if set.
	 * Override this in your gateway if you have some.
	 */
	public function payment_fields() {
		$description = $this->get_description();
		if ( $description ) {
			echo wpautop( wptexturize( $description ) ); // @codingStandardsIgnoreLine.
		}

		if ( $this->supports( 'default_credit_card_form' ) ) {
			$this->credit_card_form(); // Deprecated, will be removed in a future version.
		}
	}

	/**
	 * Check if a gateway supports a given feature.
	 *
	 * Gateways should override this to declare support (or lack of support) for a feature.
	 * For backward compatibility, gateways support 'products' by default, but nothing else.
	 *
	 * @param string $feature string The name of a feature to test support for.
	 * @return bool True if the gateway supports the feature, false otherwise.
	 * @since 1.5.7
	 */
	public function supports( $feature ) {
		return apply_filters( 'woocommerce_payment_gateway_supports', in_array( $feature, $this->supports ), $feature, $this );
	}

	/**
	 * Can the order be refunded via this gateway?
	 *
	 * Should be extended by gateways to do their own checks.
	 *
	 * @param  WC_Order $order Order object.
	 * @return bool If false, the automatic refund button is hidden in the UI.
	 */
	public function can_refund_order( $order ) {
		return $order && $this->supports( 'refunds' );
	}

	/**
	 * Core credit card form which gateways can used if needed. Deprecated - inherit WC_Payment_Gateway_CC instead.
	 *
	 * @param  array $args Arguments.
	 * @param  array $fields Fields.
	 */
	public function credit_card_form( $args = array(), $fields = array() ) {

		wc_deprecated_function( 'credit_card_form', '2.6', 'WC_Payment_Gateway_CC->form' );
		$cc_form           = new WC_Payment_Gateway_CC();
		$cc_form->id       = $this->id;
		$cc_form->supports = $this->supports;
		$cc_form->form();
	}

	/**
	 * Enqueues our tokenization script to handle some of the new form options.
	 *
	 * @since 2.6.0
	 */
	public function tokenization_script() {
		wp_enqueue_script(
			'woocommerce-tokenization-form',
			plugins_url( '/assets/js/frontend/tokenization-form' . ( defined( 'SCRIPT_DEBUG' ) && SCRIPT_DEBUG ? '' : '.min' ) . '.js', WC_PLUGIN_FILE ),
			array( 'jquery' ),
			WC()->version
		);

		wp_localize_script(
			'woocommerce-tokenization-form', 'wc_tokenization_form_params', array(
				'is_registration_required' => WC()->checkout()->is_registration_required(),
				'is_logged_in'             => is_user_logged_in(),
			)
		);
	}

	/**
	 * Grab and display our saved payment methods.
	 *
	 * @since 2.6.0
	 */
	public function saved_payment_methods() {
		$html = '<ul class="woocommerce-SavedPaymentMethods wc-saved-payment-methods" data-count="' . esc_attr( count( $this->get_tokens() ) ) . '">';

		foreach ( $this->get_tokens() as $token ) {
			$html .= $this->get_saved_payment_method_option_html( $token );
		}

		$html .= $this->get_new_payment_method_option_html();
		$html .= '</ul>';

		echo apply_filters( 'wc_payment_gateway_form_saved_payment_methods_html', $html, $this ); // @codingStandardsIgnoreLine
	}

	/**
	 * Gets saved payment method HTML from a token.
	 *
	 * @since 2.6.0
	 * @param  WC_Payment_Token $token Payment Token.
	 * @return string Generated payment method HTML
	 */
	public function get_saved_payment_method_option_html( $token ) {
		$html = sprintf(
			'<li class="woocommerce-SavedPaymentMethods-token">
				<input id="wc-%1$s-payment-token-%2$s" type="radio" name="wc-%1$s-payment-token" value="%2$s" style="width:auto;" class="woocommerce-SavedPaymentMethods-tokenInput" %4$s />
				<label for="wc-%1$s-payment-token-%2$s">%3$s</label>
			</li>',
			esc_attr( $this->id ),
			esc_attr( $token->get_id() ),
			esc_html( $token->get_display_name() ),
			checked( $token->is_default(), true, false )
		);

		return apply_filters( 'woocommerce_payment_gateway_get_saved_payment_method_option_html', $html, $token, $this );
	}

	/**
	 * Displays a radio button for entering a new payment method (new CC details) instead of using a saved method.
	 * Only displayed when a gateway supports tokenization.
	 *
	 * @since 2.6.0
	 */
	public function get_new_payment_method_option_html() {
		$label = apply_filters( 'woocommerce_payment_gateway_get_new_payment_method_option_html_label', $this->new_method_label ? $this->new_method_label : __( 'Use a new payment method', 'woocommerce' ), $this );
		$html  = sprintf(
			'<li class="woocommerce-SavedPaymentMethods-new">
				<input id="wc-%1$s-payment-token-new" type="radio" name="wc-%1$s-payment-token" value="new" style="width:auto;" class="woocommerce-SavedPaymentMethods-tokenInput" />
				<label for="wc-%1$s-payment-token-new">%2$s</label>
			</li>',
			esc_attr( $this->id ),
			esc_html( $label )
		);

		return apply_filters( 'woocommerce_payment_gateway_get_new_payment_method_option_html', $html, $this );
	}

	/**
	 * Outputs a checkbox for saving a new payment method to the database.
	 *
	 * @since 2.6.0
	 */
	public function save_payment_method_checkbox() {
		$html = sprintf(
			'<p class="form-row woocommerce-SavedPaymentMethods-saveNew">
				<input id="wc-%1$s-new-payment-method" name="wc-%1$s-new-payment-method" type="checkbox" value="true" style="width:auto;" />
				<label for="wc-%1$s-new-payment-method" style="display:inline;">%2$s</label>
			</p>',
			esc_attr( $this->id ),
			esc_html__( 'Save to account', 'woocommerce' )
		);

		echo apply_filters( 'woocommerce_payment_gateway_save_new_payment_method_option_html', $html, $this );
	}

	/**
	 * Add payment method via account screen. This should be extended by gateway plugins.
	 *
	 * @since 3.2.0 Included here from 3.2.0, but supported from 3.0.0.
	 * @return array
	 */
	public function add_payment_method() {
		return array(
			'result'   => 'failure',
			'redirect' => wc_get_endpoint_url( 'payment-methods' ),
		);
	}
}


1		<?php
2		/**
3		* Abstract payment gateway
4		*
5		* Hanldes generic payment gateway functionality which is extended by idividual payment gateways.
6		*
7		* @class WC_Payment_Gateway
8		* @version 2.1.0
9		* @package WooCommerce/Abstracts
10		*/
11
12		if ( ! defined( 'ABSPATH' ) ) {
13		exit;
14		}
15
16		/**
17		* WooCommerce Payment Gateway class.
18		*
19		* Extended by individual payment gateways to handle payments.
20		*
21		* @class WC_Payment_Gateway
22		* @extends WC_Settings_API
23		* @version 2.1.0
24		* @package WooCommerce/Abstracts
25		*/
26		abstract class WC_Payment_Gateway extends WC_Settings_API {
27
28		/**
29		* Set if the place order button should be renamed on selection.
30		*
31		* @var string
32		*/
33		public $order_button_text;
34
35		/**
36		* Yes or no based on whether the method is enabled.
37		*
38		* @var string
39		*/
40		public $enabled = 'yes';
41
42		/**
43		* Payment method title for the frontend.
44		*
45		* @var string
46		*/
47		public $title;
48
49		/**
50		* Payment method description for the frontend.
51		*
52		* @var string
53		*/
54		public $description;
55
56		/**
57		* Chosen payment method id.
58		*
59		* @var bool
60		*/
61		public $chosen;
62
63		/**
64		* Gateway title.
65		*
66		* @var string
67		*/
68		public $method_title = '';
69
70		/**
71		* Gateway description.
72		*
73		* @var string
74		*/
75		public $method_description = '';
76
77		/**
78		* True if the gateway shows fields on the checkout.
79		*
80		* @var bool
81		*/
82		public $has_fields;
83
84		/**
85		* Countries this gateway is allowed for.
86		*
87		* @var array
88		*/
89		public $countries;
90
91		/**
92		* Available for all counties or specific.
93		*
94		* @var string
95		*/
96		public $availability;
97
98		/**
99		* Icon for the gateway.
100		*
101		* @var string
102		*/
103		public $icon;
104
105		/**
106		* Supported features such as 'default_credit_card_form', 'refunds'.
107		*
108		* @var array
109		*/
110		public $supports = array( 'products' );
111
112		/**
113		* Maximum transaction amount, zero does not define a maximum.
114		*
115		* @var int
116		*/
117		public $max_amount = 0;
118
119		/**
120		* Optional URL to view a transaction.
121		*
122		* @var string
123		*/
124		public $view_transaction_url = '';
125
126		/**
127		* Optional label to show for "new payment method" in the payment
128		* method/token selection radio selection.
129		*
130		* @var string
131		*/
132		public $new_method_label = '';
133
134		/**
135		* Contains a users saved tokens for this gateway.
136		*
137		* @var array
138		*/
139		protected $tokens = array();
140
141		/**
142		* Returns a users saved tokens for this gateway.
143		*
144		* @since 2.6.0
145		* @return array
146		*/
147		public function get_tokens() {
148		if ( count( $this->tokens ) > 0 ) {
149		return $this->tokens;
150		}
151
152		if ( is_user_logged_in() && $this->supports( 'tokenization' ) ) {
153		$this->tokens = WC_Payment_Tokens::get_customer_tokens( get_current_user_id(), $this->id );
154		}
155
156		return $this->tokens;
157		}
158
159		/**
160		* Return the title for admin screens.
161		*
162		* @return string
163		*/
164		public function get_method_title() {
165		return apply_filters( 'woocommerce_gateway_method_title', $this->method_title, $this );
166		}
167
168		/**
169		* Return the description for admin screens.
170		*
171		* @return string
172		*/
173		public function get_method_description() {
174		return apply_filters( 'woocommerce_gateway_method_description', $this->method_description, $this );
175		}
176
177		/**
178		* Output the gateway settings screen.
179		*/
180		public function admin_options() {
181		echo '<h2>' . esc_html( $this->get_method_title() );
182		wc_back_link( __( 'Return to payments', 'woocommerce' ), admin_url( 'admin.php?page=wc-settings&tab=checkout' ) );
183		echo '</h2>';
184		echo wp_kses_post( wpautop( $this->get_method_description() ) );
185		parent::admin_options();
186		}
187
188		/**
189		* Init settings for gateways.
190		*/
191	4	public function init_settings() {
192	4	parent::init_settings();
193	4	$this->enabled = ! empty( $this->settings['enabled'] ) && 'yes' === $this->settings['enabled'] ? 'yes' : 'no';
194		}
195
196		/**
197		* Return whether or not this gateway still requires setup to function.
198		*
199		* When this gateway is toggled on via AJAX, if this returns true a
200		* redirect will occur to the settings page instead.
201		*
202		* @since 3.4.0
203		* @return bool
204		*/
205		public function needs_setup() {
206		return false;
207		}
208
209		/**
210		* Get the return url (thank you page).
211		*
212		* @param WC_Order $order Order object.
213		* @return string
214		*/
215		public function get_return_url( $order = null ) {
216		if ( $order ) {
217		$return_url = $order->get_checkout_order_received_url();
218		} else {
219		$return_url = wc_get_endpoint_url( 'order-received', '', wc_get_checkout_url() );
220		}
221
222		return apply_filters( 'woocommerce_get_return_url', $return_url, $order );
223		}
224
225		/**
226		* Get a link to the transaction on the 3rd party gateway site (if applicable).
227		*
228		* @param WC_Order $order the order object.
229		* @return string transaction URL, or empty string.
230		*/
231		public function get_transaction_url( $order ) {
232
233		$return_url = '';
234		$transaction_id = $order->get_transaction_id();
235
236		if ( ! empty( $this->view_transaction_url ) && ! empty( $transaction_id ) ) {
237		$return_url = sprintf( $this->view_transaction_url, $transaction_id );
238		}
239
240		return apply_filters( 'woocommerce_get_transaction_url', $return_url, $order, $this );
241		}
242
243		/**
244		* Get the order total in checkout and pay_for_order.
245		*
246		* @return float
247		*/
248	1	protected function get_order_total() {
249
250	1	$total = 0;
251	1	$order_id = absint( get_query_var( 'order-pay' ) );
252
253		// Gets order total from "pay for order" page.
254	1	if ( 0 < $order_id ) {
255		$order = wc_get_order( $order_id );
256		$total = (float) $order->get_total();
257
258		// Gets order total from cart/checkout.
259	1	} elseif ( 0 < WC()->cart->total ) {
260		$total = (float) WC()->cart->total;
261		}
262
263	1	return $total;
264		}
265
266		/**
267		* Check if the gateway is available for use.
268		*
269		* @return bool
270		*/
271	1	public function is_available() {
272	1	$is_available = ( 'yes' === $this->enabled );
273
274	1	if ( WC()->cart && 0 < $this->get_order_total() && 0 < $this->max_amount && $this->max_amount < $this->get_order_total() ) {
275		$is_available = false;
276		}
277
278	1	return $is_available;
279		}
280
281		/**
282		* Check if the gateway has fields on the checkout.
283		*
284		* @return bool
285		*/
286		public function has_fields() {
287		return (bool) $this->has_fields;
288		}
289
290		/**
291		* Return the gateway's title.
292		*
293		* @return string
294		*/
295	58	public function get_title() {
296	58	return apply_filters( 'woocommerce_gateway_title', $this->title, $this->id );
297		}
298
299		/**
300		* Return the gateway's description.
301		*
302		* @return string
303		*/
304		public function get_description() {
305		return apply_filters( 'woocommerce_gateway_description', $this->description, $this->id );
306		}
307
308		/**
309		* Return the gateway's icon.
310		*
311		* @return string
312		*/
313		public function get_icon() {
314
315		$icon = $this->icon ? '<img src="' . WC_HTTPS::force_https_url( $this->icon ) . '" alt="' . esc_attr( $this->get_title() ) . '" />' : '';
316
317		return apply_filters( 'woocommerce_gateway_icon', $icon, $this->id );
318		}
319
320		/**
321		* Set as current gateway.
322		*
323		* Set this as the current gateway.
324		*/
325		public function set_current() {
326		$this->chosen = true;
327		}
328
329		/**
330		* Process Payment.
331		*
332		* Process the payment. Override this in your gateway. When implemented, this should.
333		* return the success and redirect in an array. e.g:
334		*
335		* return array(
336		* 'result' => 'success',
337		* 'redirect' => $this->get_return_url( $order )
338		* );
339		*
340		* @param int $order_id Order ID.
341		* @return array
342		*/
343		public function process_payment( $order_id ) {
344		return array();
345		}
346
347		/**
348		* Process refund.
349		*
350		* If the gateway declares 'refunds' support, this will allow it to refund.
351		* a passed in amount.
352		*
353		* @param int $order_id Order ID.
354		* @param float $amount Refund amount.
355		* @param string $reason Refund reason.
356		* @return boolean True or false based on success, or a WP_Error object.
357		*/
358		public function process_refund( $order_id, $amount = null, $reason = '' ) {
359		return false;
360		}
361
362		/**
363		* Validate frontend fields.
364		*
365		* Validate payment fields on the frontend.
366		*
367		* @return bool
368		*/
369		public function validate_fields() {
370		return true;
371		}
372
373		/**
374		* If There are no payment fields show the description if set.
375		* Override this in your gateway if you have some.
376		*/
377		public function payment_fields() {
378		$description = $this->get_description();
379		if ( $description ) {
380		echo wpautop( wptexturize( $description ) ); // @codingStandardsIgnoreLine.
381		}
382
383		if ( $this->supports( 'default_credit_card_form' ) ) {
384		$this->credit_card_form(); // Deprecated, will be removed in a future version.
385		}
386		}
387
388		/**
389		* Check if a gateway supports a given feature.
390		*
391		* Gateways should override this to declare support (or lack of support) for a feature.
392		* For backward compatibility, gateways support 'products' by default, but nothing else.
393		*
394		* @param string $feature string The name of a feature to test support for.
395		* @return bool True if the gateway supports the feature, false otherwise.
396		* @since 1.5.7
397		*/
398	2	public function supports( $feature ) {
399	2	return apply_filters( 'woocommerce_payment_gateway_supports', in_array( $feature, $this->supports ), $feature, $this );
400		}
401
402		/**
403		* Can the order be refunded via this gateway?
404		*
405		* Should be extended by gateways to do their own checks.
406		*
407		* @param WC_Order $order Order object.
408		* @return bool If false, the automatic refund button is hidden in the UI.
409		*/
410	1	public function can_refund_order( $order ) {
411	1	return $order && $this->supports( 'refunds' );
412		}
413
414		/**
415		* Core credit card form which gateways can used if needed. Deprecated - inherit WC_Payment_Gateway_CC instead.
416		*
417		* @param array $args Arguments.
418		* @param array $fields Fields.
419		*/
420		public function credit_card_form( $args = array(), $fields = array() ) {
		0 ignored issues – show Unused Code introduced 2017-07-31 21:46 UTC by Report Bug Copy Issue Report Show Similar Issues like this The parameter `$args` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history... Unused Code introduced 2017-07-31 21:46 UTC by Report Bug Copy Issue Report Show Similar Issues like this The parameter `$fields` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history...
421		wc_deprecated_function( 'credit_card_form', '2.6', 'WC_Payment_Gateway_CC->form' );
422		$cc_form = new WC_Payment_Gateway_CC();
423		$cc_form->id = $this->id;
424		$cc_form->supports = $this->supports;
425		$cc_form->form();
426		}
427
428		/**
429		* Enqueues our tokenization script to handle some of the new form options.
430		*
431		* @since 2.6.0
432		*/
433		public function tokenization_script() {
434		wp_enqueue_script(
435		'woocommerce-tokenization-form',
436		plugins_url( '/assets/js/frontend/tokenization-form' . ( defined( 'SCRIPT_DEBUG' ) && SCRIPT_DEBUG ? '' : '.min' ) . '.js', WC_PLUGIN_FILE ),
437		array( 'jquery' ),
438		WC()->version
439		);
440
441		wp_localize_script(
442		'woocommerce-tokenization-form', 'wc_tokenization_form_params', array(
443		'is_registration_required' => WC()->checkout()->is_registration_required(),
444		'is_logged_in' => is_user_logged_in(),
445		)
446		);
447		}
448
449		/**
450		* Grab and display our saved payment methods.
451		*
452		* @since 2.6.0
453		*/
454		public function saved_payment_methods() {
455		$html = '<ul class="woocommerce-SavedPaymentMethods wc-saved-payment-methods" data-count="' . esc_attr( count( $this->get_tokens() ) ) . '">';
456
457		foreach ( $this->get_tokens() as $token ) {
458		$html .= $this->get_saved_payment_method_option_html( $token );
459		}
460
461		$html .= $this->get_new_payment_method_option_html();
462		$html .= '</ul>';
463
464		echo apply_filters( 'wc_payment_gateway_form_saved_payment_methods_html', $html, $this ); // @codingStandardsIgnoreLine
465		}
466
467		/**
468		* Gets saved payment method HTML from a token.
469		*
470		* @since 2.6.0
471		* @param WC_Payment_Token $token Payment Token.
472		* @return string Generated payment method HTML
473		*/
474		public function get_saved_payment_method_option_html( $token ) {
475		$html = sprintf(
476		'<li class="woocommerce-SavedPaymentMethods-token">
477		<input id="wc-%1$s-payment-token-%2$s" type="radio" name="wc-%1$s-payment-token" value="%2$s" style="width:auto;" class="woocommerce-SavedPaymentMethods-tokenInput" %4$s />
478		<label for="wc-%1$s-payment-token-%2$s">%3$s</label>
479		</li>',
480		esc_attr( $this->id ),
481		esc_attr( $token->get_id() ),
482		esc_html( $token->get_display_name() ),
483		checked( $token->is_default(), true, false )
484		);
485
486		return apply_filters( 'woocommerce_payment_gateway_get_saved_payment_method_option_html', $html, $token, $this );
487		}
488
489		/**
490		* Displays a radio button for entering a new payment method (new CC details) instead of using a saved method.
491		* Only displayed when a gateway supports tokenization.
492		*
493		* @since 2.6.0
494		*/
495		public function get_new_payment_method_option_html() {
496		$label = apply_filters( 'woocommerce_payment_gateway_get_new_payment_method_option_html_label', $this->new_method_label ? $this->new_method_label : __( 'Use a new payment method', 'woocommerce' ), $this );
497		$html = sprintf(
498		'<li class="woocommerce-SavedPaymentMethods-new">
499		<input id="wc-%1$s-payment-token-new" type="radio" name="wc-%1$s-payment-token" value="new" style="width:auto;" class="woocommerce-SavedPaymentMethods-tokenInput" />
500		<label for="wc-%1$s-payment-token-new">%2$s</label>
501		</li>',
502		esc_attr( $this->id ),
503		esc_html( $label )
504		);
505
506		return apply_filters( 'woocommerce_payment_gateway_get_new_payment_method_option_html', $html, $this );
507		}
508
509		/**
510		* Outputs a checkbox for saving a new payment method to the database.
511		*
512		* @since 2.6.0
513		*/
514		public function save_payment_method_checkbox() {
515		$html = sprintf(
516		'<p class="form-row woocommerce-SavedPaymentMethods-saveNew">
517		<input id="wc-%1$s-new-payment-method" name="wc-%1$s-new-payment-method" type="checkbox" value="true" style="width:auto;" />
518		<label for="wc-%1$s-new-payment-method" style="display:inline;">%2$s</label>
519		</p>',
520		esc_attr( $this->id ),
521		esc_html__( 'Save to account', 'woocommerce' )
522		);
523
524		echo apply_filters( 'woocommerce_payment_gateway_save_new_payment_method_option_html', $html, $this );
525		}
526
527		/**
528		* Add payment method via account screen. This should be extended by gateway plugins.
529		*
530		* @since 3.2.0 Included here from 3.2.0, but supported from 3.0.0.
531		* @return array
532		*/
533		public function add_payment_method() {
534		return array(
535		'result' => 'failure',
536		'redirect' => wc_get_endpoint_url( 'payment-methods' ),
537		);
538		}
539		}
540

woocommerce / woocommerce

Issues (942)

Security Analysis not enabled

includes/abstracts/abstract-wc-payment-gateway.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like