This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | /** |
||
3 | * Abstract payment gateway |
||
4 | * |
||
5 | * Hanldes generic payment gateway functionality which is extended by idividual payment gateways. |
||
6 | * |
||
7 | * @class WC_Payment_Gateway |
||
8 | * @version 2.1.0 |
||
9 | * @package WooCommerce/Abstracts |
||
10 | */ |
||
11 | |||
12 | if ( ! defined( 'ABSPATH' ) ) { |
||
13 | exit; |
||
14 | } |
||
15 | |||
16 | /** |
||
17 | * WooCommerce Payment Gateway class. |
||
18 | * |
||
19 | * Extended by individual payment gateways to handle payments. |
||
20 | * |
||
21 | * @class WC_Payment_Gateway |
||
22 | * @extends WC_Settings_API |
||
23 | * @version 2.1.0 |
||
24 | * @package WooCommerce/Abstracts |
||
25 | */ |
||
26 | abstract class WC_Payment_Gateway extends WC_Settings_API { |
||
27 | |||
28 | /** |
||
29 | * Set if the place order button should be renamed on selection. |
||
30 | * |
||
31 | * @var string |
||
32 | */ |
||
33 | public $order_button_text; |
||
34 | |||
35 | /** |
||
36 | * Yes or no based on whether the method is enabled. |
||
37 | * |
||
38 | * @var string |
||
39 | */ |
||
40 | public $enabled = 'yes'; |
||
41 | |||
42 | /** |
||
43 | * Payment method title for the frontend. |
||
44 | * |
||
45 | * @var string |
||
46 | */ |
||
47 | public $title; |
||
48 | |||
49 | /** |
||
50 | * Payment method description for the frontend. |
||
51 | * |
||
52 | * @var string |
||
53 | */ |
||
54 | public $description; |
||
55 | |||
56 | /** |
||
57 | * Chosen payment method id. |
||
58 | * |
||
59 | * @var bool |
||
60 | */ |
||
61 | public $chosen; |
||
62 | |||
63 | /** |
||
64 | * Gateway title. |
||
65 | * |
||
66 | * @var string |
||
67 | */ |
||
68 | public $method_title = ''; |
||
69 | |||
70 | /** |
||
71 | * Gateway description. |
||
72 | * |
||
73 | * @var string |
||
74 | */ |
||
75 | public $method_description = ''; |
||
76 | |||
77 | /** |
||
78 | * True if the gateway shows fields on the checkout. |
||
79 | * |
||
80 | * @var bool |
||
81 | */ |
||
82 | public $has_fields; |
||
83 | |||
84 | /** |
||
85 | * Countries this gateway is allowed for. |
||
86 | * |
||
87 | * @var array |
||
88 | */ |
||
89 | public $countries; |
||
90 | |||
91 | /** |
||
92 | * Available for all counties or specific. |
||
93 | * |
||
94 | * @var string |
||
95 | */ |
||
96 | public $availability; |
||
97 | |||
98 | /** |
||
99 | * Icon for the gateway. |
||
100 | * |
||
101 | * @var string |
||
102 | */ |
||
103 | public $icon; |
||
104 | |||
105 | /** |
||
106 | * Supported features such as 'default_credit_card_form', 'refunds'. |
||
107 | * |
||
108 | * @var array |
||
109 | */ |
||
110 | public $supports = array( 'products' ); |
||
111 | |||
112 | /** |
||
113 | * Maximum transaction amount, zero does not define a maximum. |
||
114 | * |
||
115 | * @var int |
||
116 | */ |
||
117 | public $max_amount = 0; |
||
118 | |||
119 | /** |
||
120 | * Optional URL to view a transaction. |
||
121 | * |
||
122 | * @var string |
||
123 | */ |
||
124 | public $view_transaction_url = ''; |
||
125 | |||
126 | /** |
||
127 | * Optional label to show for "new payment method" in the payment |
||
128 | * method/token selection radio selection. |
||
129 | * |
||
130 | * @var string |
||
131 | */ |
||
132 | public $new_method_label = ''; |
||
133 | |||
134 | /** |
||
135 | * Contains a users saved tokens for this gateway. |
||
136 | * |
||
137 | * @var array |
||
138 | */ |
||
139 | protected $tokens = array(); |
||
140 | |||
141 | /** |
||
142 | * Returns a users saved tokens for this gateway. |
||
143 | * |
||
144 | * @since 2.6.0 |
||
145 | * @return array |
||
146 | */ |
||
147 | public function get_tokens() { |
||
148 | if ( count( $this->tokens ) > 0 ) { |
||
149 | return $this->tokens; |
||
150 | } |
||
151 | |||
152 | if ( is_user_logged_in() && $this->supports( 'tokenization' ) ) { |
||
153 | $this->tokens = WC_Payment_Tokens::get_customer_tokens( get_current_user_id(), $this->id ); |
||
154 | } |
||
155 | |||
156 | return $this->tokens; |
||
157 | } |
||
158 | |||
159 | /** |
||
160 | * Return the title for admin screens. |
||
161 | * |
||
162 | * @return string |
||
163 | */ |
||
164 | public function get_method_title() { |
||
165 | return apply_filters( 'woocommerce_gateway_method_title', $this->method_title, $this ); |
||
166 | } |
||
167 | |||
168 | /** |
||
169 | * Return the description for admin screens. |
||
170 | * |
||
171 | * @return string |
||
172 | */ |
||
173 | public function get_method_description() { |
||
174 | return apply_filters( 'woocommerce_gateway_method_description', $this->method_description, $this ); |
||
175 | } |
||
176 | |||
177 | /** |
||
178 | * Output the gateway settings screen. |
||
179 | */ |
||
180 | public function admin_options() { |
||
181 | echo '<h2>' . esc_html( $this->get_method_title() ); |
||
182 | wc_back_link( __( 'Return to payments', 'woocommerce' ), admin_url( 'admin.php?page=wc-settings&tab=checkout' ) ); |
||
183 | echo '</h2>'; |
||
184 | echo wp_kses_post( wpautop( $this->get_method_description() ) ); |
||
185 | parent::admin_options(); |
||
186 | } |
||
187 | |||
188 | /** |
||
189 | * Init settings for gateways. |
||
190 | */ |
||
191 | 4 | public function init_settings() { |
|
192 | 4 | parent::init_settings(); |
|
193 | 4 | $this->enabled = ! empty( $this->settings['enabled'] ) && 'yes' === $this->settings['enabled'] ? 'yes' : 'no'; |
|
194 | } |
||
195 | |||
196 | /** |
||
197 | * Return whether or not this gateway still requires setup to function. |
||
198 | * |
||
199 | * When this gateway is toggled on via AJAX, if this returns true a |
||
200 | * redirect will occur to the settings page instead. |
||
201 | * |
||
202 | * @since 3.4.0 |
||
203 | * @return bool |
||
204 | */ |
||
205 | public function needs_setup() { |
||
206 | return false; |
||
207 | } |
||
208 | |||
209 | /** |
||
210 | * Get the return url (thank you page). |
||
211 | * |
||
212 | * @param WC_Order $order Order object. |
||
213 | * @return string |
||
214 | */ |
||
215 | public function get_return_url( $order = null ) { |
||
216 | if ( $order ) { |
||
217 | $return_url = $order->get_checkout_order_received_url(); |
||
218 | } else { |
||
219 | $return_url = wc_get_endpoint_url( 'order-received', '', wc_get_checkout_url() ); |
||
220 | } |
||
221 | |||
222 | return apply_filters( 'woocommerce_get_return_url', $return_url, $order ); |
||
223 | } |
||
224 | |||
225 | /** |
||
226 | * Get a link to the transaction on the 3rd party gateway site (if applicable). |
||
227 | * |
||
228 | * @param WC_Order $order the order object. |
||
229 | * @return string transaction URL, or empty string. |
||
230 | */ |
||
231 | public function get_transaction_url( $order ) { |
||
232 | |||
233 | $return_url = ''; |
||
234 | $transaction_id = $order->get_transaction_id(); |
||
235 | |||
236 | if ( ! empty( $this->view_transaction_url ) && ! empty( $transaction_id ) ) { |
||
237 | $return_url = sprintf( $this->view_transaction_url, $transaction_id ); |
||
238 | } |
||
239 | |||
240 | return apply_filters( 'woocommerce_get_transaction_url', $return_url, $order, $this ); |
||
241 | } |
||
242 | |||
243 | /** |
||
244 | * Get the order total in checkout and pay_for_order. |
||
245 | * |
||
246 | * @return float |
||
247 | */ |
||
248 | 1 | protected function get_order_total() { |
|
249 | |||
250 | 1 | $total = 0; |
|
251 | 1 | $order_id = absint( get_query_var( 'order-pay' ) ); |
|
252 | |||
253 | // Gets order total from "pay for order" page. |
||
254 | 1 | if ( 0 < $order_id ) { |
|
255 | $order = wc_get_order( $order_id ); |
||
256 | $total = (float) $order->get_total(); |
||
257 | |||
258 | // Gets order total from cart/checkout. |
||
259 | 1 | } elseif ( 0 < WC()->cart->total ) { |
|
260 | $total = (float) WC()->cart->total; |
||
261 | } |
||
262 | |||
263 | 1 | return $total; |
|
264 | } |
||
265 | |||
266 | /** |
||
267 | * Check if the gateway is available for use. |
||
268 | * |
||
269 | * @return bool |
||
270 | */ |
||
271 | 1 | public function is_available() { |
|
272 | 1 | $is_available = ( 'yes' === $this->enabled ); |
|
273 | |||
274 | 1 | if ( WC()->cart && 0 < $this->get_order_total() && 0 < $this->max_amount && $this->max_amount < $this->get_order_total() ) { |
|
275 | $is_available = false; |
||
276 | } |
||
277 | |||
278 | 1 | return $is_available; |
|
279 | } |
||
280 | |||
281 | /** |
||
282 | * Check if the gateway has fields on the checkout. |
||
283 | * |
||
284 | * @return bool |
||
285 | */ |
||
286 | public function has_fields() { |
||
287 | return (bool) $this->has_fields; |
||
288 | } |
||
289 | |||
290 | /** |
||
291 | * Return the gateway's title. |
||
292 | * |
||
293 | * @return string |
||
294 | */ |
||
295 | 58 | public function get_title() { |
|
296 | 58 | return apply_filters( 'woocommerce_gateway_title', $this->title, $this->id ); |
|
297 | } |
||
298 | |||
299 | /** |
||
300 | * Return the gateway's description. |
||
301 | * |
||
302 | * @return string |
||
303 | */ |
||
304 | public function get_description() { |
||
305 | return apply_filters( 'woocommerce_gateway_description', $this->description, $this->id ); |
||
306 | } |
||
307 | |||
308 | /** |
||
309 | * Return the gateway's icon. |
||
310 | * |
||
311 | * @return string |
||
312 | */ |
||
313 | public function get_icon() { |
||
314 | |||
315 | $icon = $this->icon ? '<img src="' . WC_HTTPS::force_https_url( $this->icon ) . '" alt="' . esc_attr( $this->get_title() ) . '" />' : ''; |
||
316 | |||
317 | return apply_filters( 'woocommerce_gateway_icon', $icon, $this->id ); |
||
318 | } |
||
319 | |||
320 | /** |
||
321 | * Set as current gateway. |
||
322 | * |
||
323 | * Set this as the current gateway. |
||
324 | */ |
||
325 | public function set_current() { |
||
326 | $this->chosen = true; |
||
327 | } |
||
328 | |||
329 | /** |
||
330 | * Process Payment. |
||
331 | * |
||
332 | * Process the payment. Override this in your gateway. When implemented, this should. |
||
333 | * return the success and redirect in an array. e.g: |
||
334 | * |
||
335 | * return array( |
||
336 | * 'result' => 'success', |
||
337 | * 'redirect' => $this->get_return_url( $order ) |
||
338 | * ); |
||
339 | * |
||
340 | * @param int $order_id Order ID. |
||
341 | * @return array |
||
342 | */ |
||
343 | public function process_payment( $order_id ) { |
||
344 | return array(); |
||
345 | } |
||
346 | |||
347 | /** |
||
348 | * Process refund. |
||
349 | * |
||
350 | * If the gateway declares 'refunds' support, this will allow it to refund. |
||
351 | * a passed in amount. |
||
352 | * |
||
353 | * @param int $order_id Order ID. |
||
354 | * @param float $amount Refund amount. |
||
355 | * @param string $reason Refund reason. |
||
356 | * @return boolean True or false based on success, or a WP_Error object. |
||
357 | */ |
||
358 | public function process_refund( $order_id, $amount = null, $reason = '' ) { |
||
359 | return false; |
||
360 | } |
||
361 | |||
362 | /** |
||
363 | * Validate frontend fields. |
||
364 | * |
||
365 | * Validate payment fields on the frontend. |
||
366 | * |
||
367 | * @return bool |
||
368 | */ |
||
369 | public function validate_fields() { |
||
370 | return true; |
||
371 | } |
||
372 | |||
373 | /** |
||
374 | * If There are no payment fields show the description if set. |
||
375 | * Override this in your gateway if you have some. |
||
376 | */ |
||
377 | public function payment_fields() { |
||
378 | $description = $this->get_description(); |
||
379 | if ( $description ) { |
||
380 | echo wpautop( wptexturize( $description ) ); // @codingStandardsIgnoreLine. |
||
381 | } |
||
382 | |||
383 | if ( $this->supports( 'default_credit_card_form' ) ) { |
||
384 | $this->credit_card_form(); // Deprecated, will be removed in a future version. |
||
385 | } |
||
386 | } |
||
387 | |||
388 | /** |
||
389 | * Check if a gateway supports a given feature. |
||
390 | * |
||
391 | * Gateways should override this to declare support (or lack of support) for a feature. |
||
392 | * For backward compatibility, gateways support 'products' by default, but nothing else. |
||
393 | * |
||
394 | * @param string $feature string The name of a feature to test support for. |
||
395 | * @return bool True if the gateway supports the feature, false otherwise. |
||
396 | * @since 1.5.7 |
||
397 | */ |
||
398 | 2 | public function supports( $feature ) { |
|
399 | 2 | return apply_filters( 'woocommerce_payment_gateway_supports', in_array( $feature, $this->supports ), $feature, $this ); |
|
400 | } |
||
401 | |||
402 | /** |
||
403 | * Can the order be refunded via this gateway? |
||
404 | * |
||
405 | * Should be extended by gateways to do their own checks. |
||
406 | * |
||
407 | * @param WC_Order $order Order object. |
||
408 | * @return bool If false, the automatic refund button is hidden in the UI. |
||
409 | */ |
||
410 | 1 | public function can_refund_order( $order ) { |
|
411 | 1 | return $order && $this->supports( 'refunds' ); |
|
412 | } |
||
413 | |||
414 | /** |
||
415 | * Core credit card form which gateways can used if needed. Deprecated - inherit WC_Payment_Gateway_CC instead. |
||
416 | * |
||
417 | * @param array $args Arguments. |
||
418 | * @param array $fields Fields. |
||
419 | */ |
||
420 | public function credit_card_form( $args = array(), $fields = array() ) { |
||
0 ignored issues
–
show
|
|||
421 | wc_deprecated_function( 'credit_card_form', '2.6', 'WC_Payment_Gateway_CC->form' ); |
||
422 | $cc_form = new WC_Payment_Gateway_CC(); |
||
423 | $cc_form->id = $this->id; |
||
424 | $cc_form->supports = $this->supports; |
||
425 | $cc_form->form(); |
||
426 | } |
||
427 | |||
428 | /** |
||
429 | * Enqueues our tokenization script to handle some of the new form options. |
||
430 | * |
||
431 | * @since 2.6.0 |
||
432 | */ |
||
433 | public function tokenization_script() { |
||
434 | wp_enqueue_script( |
||
435 | 'woocommerce-tokenization-form', |
||
436 | plugins_url( '/assets/js/frontend/tokenization-form' . ( defined( 'SCRIPT_DEBUG' ) && SCRIPT_DEBUG ? '' : '.min' ) . '.js', WC_PLUGIN_FILE ), |
||
437 | array( 'jquery' ), |
||
438 | WC()->version |
||
439 | ); |
||
440 | |||
441 | wp_localize_script( |
||
442 | 'woocommerce-tokenization-form', 'wc_tokenization_form_params', array( |
||
443 | 'is_registration_required' => WC()->checkout()->is_registration_required(), |
||
444 | 'is_logged_in' => is_user_logged_in(), |
||
445 | ) |
||
446 | ); |
||
447 | } |
||
448 | |||
449 | /** |
||
450 | * Grab and display our saved payment methods. |
||
451 | * |
||
452 | * @since 2.6.0 |
||
453 | */ |
||
454 | public function saved_payment_methods() { |
||
455 | $html = '<ul class="woocommerce-SavedPaymentMethods wc-saved-payment-methods" data-count="' . esc_attr( count( $this->get_tokens() ) ) . '">'; |
||
456 | |||
457 | foreach ( $this->get_tokens() as $token ) { |
||
458 | $html .= $this->get_saved_payment_method_option_html( $token ); |
||
459 | } |
||
460 | |||
461 | $html .= $this->get_new_payment_method_option_html(); |
||
462 | $html .= '</ul>'; |
||
463 | |||
464 | echo apply_filters( 'wc_payment_gateway_form_saved_payment_methods_html', $html, $this ); // @codingStandardsIgnoreLine |
||
465 | } |
||
466 | |||
467 | /** |
||
468 | * Gets saved payment method HTML from a token. |
||
469 | * |
||
470 | * @since 2.6.0 |
||
471 | * @param WC_Payment_Token $token Payment Token. |
||
472 | * @return string Generated payment method HTML |
||
473 | */ |
||
474 | public function get_saved_payment_method_option_html( $token ) { |
||
475 | $html = sprintf( |
||
476 | '<li class="woocommerce-SavedPaymentMethods-token"> |
||
477 | <input id="wc-%1$s-payment-token-%2$s" type="radio" name="wc-%1$s-payment-token" value="%2$s" style="width:auto;" class="woocommerce-SavedPaymentMethods-tokenInput" %4$s /> |
||
478 | <label for="wc-%1$s-payment-token-%2$s">%3$s</label> |
||
479 | </li>', |
||
480 | esc_attr( $this->id ), |
||
481 | esc_attr( $token->get_id() ), |
||
482 | esc_html( $token->get_display_name() ), |
||
483 | checked( $token->is_default(), true, false ) |
||
484 | ); |
||
485 | |||
486 | return apply_filters( 'woocommerce_payment_gateway_get_saved_payment_method_option_html', $html, $token, $this ); |
||
487 | } |
||
488 | |||
489 | /** |
||
490 | * Displays a radio button for entering a new payment method (new CC details) instead of using a saved method. |
||
491 | * Only displayed when a gateway supports tokenization. |
||
492 | * |
||
493 | * @since 2.6.0 |
||
494 | */ |
||
495 | public function get_new_payment_method_option_html() { |
||
496 | $label = apply_filters( 'woocommerce_payment_gateway_get_new_payment_method_option_html_label', $this->new_method_label ? $this->new_method_label : __( 'Use a new payment method', 'woocommerce' ), $this ); |
||
497 | $html = sprintf( |
||
498 | '<li class="woocommerce-SavedPaymentMethods-new"> |
||
499 | <input id="wc-%1$s-payment-token-new" type="radio" name="wc-%1$s-payment-token" value="new" style="width:auto;" class="woocommerce-SavedPaymentMethods-tokenInput" /> |
||
500 | <label for="wc-%1$s-payment-token-new">%2$s</label> |
||
501 | </li>', |
||
502 | esc_attr( $this->id ), |
||
503 | esc_html( $label ) |
||
504 | ); |
||
505 | |||
506 | return apply_filters( 'woocommerce_payment_gateway_get_new_payment_method_option_html', $html, $this ); |
||
507 | } |
||
508 | |||
509 | /** |
||
510 | * Outputs a checkbox for saving a new payment method to the database. |
||
511 | * |
||
512 | * @since 2.6.0 |
||
513 | */ |
||
514 | public function save_payment_method_checkbox() { |
||
515 | $html = sprintf( |
||
516 | '<p class="form-row woocommerce-SavedPaymentMethods-saveNew"> |
||
517 | <input id="wc-%1$s-new-payment-method" name="wc-%1$s-new-payment-method" type="checkbox" value="true" style="width:auto;" /> |
||
518 | <label for="wc-%1$s-new-payment-method" style="display:inline;">%2$s</label> |
||
519 | </p>', |
||
520 | esc_attr( $this->id ), |
||
521 | esc_html__( 'Save to account', 'woocommerce' ) |
||
522 | ); |
||
523 | |||
524 | echo apply_filters( 'woocommerce_payment_gateway_save_new_payment_method_option_html', $html, $this ); |
||
525 | } |
||
526 | |||
527 | /** |
||
528 | * Add payment method via account screen. This should be extended by gateway plugins. |
||
529 | * |
||
530 | * @since 3.2.0 Included here from 3.2.0, but supported from 3.0.0. |
||
531 | * @return array |
||
532 | */ |
||
533 | public function add_payment_method() { |
||
534 | return array( |
||
535 | 'result' => 'failure', |
||
536 | 'redirect' => wc_get_endpoint_url( 'payment-methods' ), |
||
537 | ); |
||
538 | } |
||
539 | } |
||
540 |
This check looks from parameters that have been defined for a function or method, but which are not used in the method body.