for testing and deploying your application
for finding and fixing issues
for empowering human code reviews
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
<?php
defined( 'ABSPATH' ) or die( 'This plugin must be run within the scope of WordPress.' );
require_once( __DIR__ . '/class-edu-sveawebpay-config.php' );
use Svea\WebPay\WebPay;
use Svea\WebPay\WebPayItem;
if ( ! class_exists( 'EDU_SveaWebPay' ) ):
/**
* EDU_SveaWebPay integrates EduAdmin-WordPress plugin with SveaWebPay as payment gateway
*/
class EDU_SveaWebPay extends EDU_Integration {
* Constructor
public function __construct() {
$this->id = 'eduadmin-sveawebpay';
$this->displayName = __( 'Svea Webpay (Checkout)', 'eduadmin-sveawebpay' );
$this->description = '';
$this->type = 'payment';
$this->init_form_fields();
$this->init_settings();
add_action( 'eduadmin-checkpaymentplugins', array( $this, 'intercept_booking' ) );
add_action( 'eduadmin-processbooking', array( $this, 'process_booking' ) );
add_action( 'eduadmin-bookingcompleted', array( $this, 'process_svearesponse' ) );
add_action( 'wp_loaded', array( $this, 'process_paymentstatus' ) );
add_shortcode( 'eduadmin-svea-testpage', array( $this, 'test_page' ) );
}
* @param $attributes
public function test_page( $attributes ) {
$attributes = shortcode_atts(
array(
'bookingid' => 0,
'programmebookingid' => 0,
),
normalize_empty_atts( $attributes ),
'test_page'
);
if ( $attributes['bookingid'] > 0 ) {
$event_booking = EDUAPI()->OData->Bookings->GetItem(
$attributes['bookingid'],
null,
'Customer($select=CustomerId;),ContactPerson($select=PersonId;),OrderRows',
false
} elseif ( $attributes['programmebookingid'] > 0 ) {
$event_booking = EDUAPI()->OData->ProgrammeBookings->GetItem(
$attributes['programmebookingid'],
$_customer = EDUAPI()->OData->Customers->GetItem(
$event_booking['Customer']['CustomerId'],
"BillingInfo",
$_contact = EDUAPI()->OData->Persons->GetItem(
$event_booking['ContactPerson']['PersonId'],
$ebi = new EduAdmin_BookingInfo( $event_booking, $_customer, $_contact );
if ( ! empty( EDU()->session['svea-order-id'] ) && ! empty( $_GET['svea_order_id'] ) && EDU()->session['svea-order-id'] === $_GET['svea_order_id'] ) {
do_action( 'eduadmin-bookingcompleted', $ebi );
} else {
do_action( 'eduadmin-processbooking', $ebi );
* @param EduAdmin_BookingInfo|null $ebi
public function intercept_booking( $ebi = null ) {
if ( 'no' === $this->get_option( 'enabled', 'no' ) ) {
return;
if ( ! empty( $_POST['act'] ) && ( 'bookCourse' === $_POST['act'] || 'bookProgramme' === $_POST['act'] ) ) {
$ebi->NoRedirect = true;
* Initializes the settingsfields
public function init_form_fields() {
$this->setting_fields = array(
'enabled' => array(
'title' => __( 'Enabled', 'eduadmin-sveawebpay' ),
'type' => 'checkbox',
'description' => __( 'Enables/Disables the integration with Svea WebPay', 'eduadmin-sveawebpay' ),
'default' => 'no',
'testrun' => array(
'title' => __( 'Sandbox mode', 'eduadmin-sveawebpay' ),
'description' => __( 'Activate sandbox mode', 'eduadmin-sveawebpay' ),
'merchant_key' => array(
'title' => __( 'Merchant key', 'eduadmin-sveawebpay' ),
'type' => 'text',
'description' => __( 'Please enter your merchant key from Svea WebPay.', 'eduadmin-sveawebpay' ),
'placeholder' => __( 'Merchant key', 'eduadmin-sveawebpay' ),
'merchant_secret' => array(
'title' => __( 'Merchant secret', 'eduadmin-sveawebpay' ),
'type' => 'password',
'description' => __( 'Please enter your merchant secret from Svea WebPay', 'eduadmin-sveawebpay' ),
'placeholder' => __( 'Merchant secret', 'eduadmin-sveawebpay' ),
*
public function process_svearesponse() {
if ( isset( $_REQUEST['edu-thankyou'] ) && isset( $_REQUEST['svea'] ) ) {
$booking_id = intval( $_GET['booking_id'] );
$programme_booking_id = intval( $_GET['programme_booking_id'] );
$deleted = $this->update_booking( intval( EDU()->session['svea-order-id'] ), $booking_id, $programme_booking_id );
EDU()->session['svea-order-id'] = null;
if ( $deleted ) {
$this->handle_cancelled_payment();
* @param $ebi EduAdmin_BookingInfo|null $bookingInfo
public function process_booking( $ebi = null ) {
if ( empty( $_GET['svea_order_id'] ) || empty( EDU()->session['svea-order-id'] ) ) {
$checkout = $this->create_checkout( $ebi );
$snippet = $checkout['Gui']['Snippet'];
echo "<div>{$snippet}</div>";
* @param $ebi EduAdmin_BookingInfo|null
* @returns array
public function create_checkout( $ebi ) {
$countries = EDUAPI()->OData->Countries->Search()['value'];
$selectedCountry = 'SE';
$selectedLocale = 'sv-SE';
$invoiceCountry = $ebi->Customer['BillingInfo']['Country'];
if ( empty( $invoiceCountry ) ) {
$invoiceCountry = $ebi->Customer['Country'];
foreach ( $countries as $country ) {
if ( $invoiceCountry == $country['CountryName'] ) {
$selectedCountry = $country['CountryCode'];
if ( ! empty( $country['CultureName'] ) ) {
$selectedLocale = $country['CultureName'];
break;
$booking_id = 0;
$programme_booking_id = 0;
$reference_id = 0;
$_event = null;
$_event
This check looks for variable assignements that are either overwritten by other assignments or where the variable is not used subsequently.
$myVar = 'Value'; $higher = false; if (rand(1, 6) > 3) { $higher = true; } else { $higher = false; }
Both the $myVar assignment in line 1 and the $higher assignment in line 2 are dead. The first because $myVar is never used and the second because $higher is always overwritten for every possible time line.
$myVar
$higher
$eventName = '';
if ( ! empty( $ebi->EventBooking['BookingId'] ) ) {
$booking_id = intval( $ebi->EventBooking['BookingId'] );
$reference_id = $booking_id;
$_event = EDUAPI()->OData->Events->GetItem( $ebi->EventBooking['EventId'], null );
$eventName = $_event['EventName'];
if ( ! empty( $ebi->EventBooking['ProgrammeBookingId'] ) ) {
$programme_booking_id = intval( $ebi->EventBooking['ProgrammeBookingId'] );
$reference_id = $programme_booking_id;
$_event = EDUAPI()->OData->ProgrammeStarts->GetItem( $ebi->EventBooking['ProgrammeStartId'] );
$eventName = $_event['ProgrammeStartName'];
$currency = EDU()->get_option( 'eduadmin-currency', 'SEK' );
if ( 'no' !== $this->get_option( 'testrun', 'no' ) ) {
$wpConfig = new EduSveaWebPayTestConfig( $this );
$wpConfig = new EduSveaWebPayProductionConfig( $this );
$wpOrder = WebPay::checkout( $wpConfig );
$orderRow = WebPayItem::orderRow();
$orderRow->setName( substr( $eventName, 0, 40 ) );
$orderRow->setQuantity( 1 );
$vatPercent = ( $ebi->EventBooking['VatSum'] / $ebi->EventBooking['TotalPriceExVat'] ) * 100;
$orderRow->setVatPercent( $vatPercent );
$orderRow->setAmountIncVat( (float) $ebi->EventBooking['TotalPriceIncVat'] );
$customer = WebPayItem::companyCustomer();
$customerName = ! empty( $ebi->Customer['BillingInfo']['InvoiceName'] ) ? $ebi->Customer['BillingInfo']['InvoiceName'] : $ebi->Customer['CustomerName'];
$streetAddress = ! empty( $ebi->Customer['BillingInfo']['Address'] ) ? $ebi->Customer['BillingInfo']['Address'] : $ebi->Customer['Address'];
$zipCode = ! empty( $ebi->Customer['BillingInfo']['Zip'] ) ? $ebi->Customer['BillingInfo']['Zip'] : $ebi->Customer['Zip'];
$city = $ebi->Customer['BillingInfo']['City'] ? $ebi->Customer['BillingInfo']['City'] : $ebi->Customer['City'];
$phone = $ebi->Customer['Phone'];
$email = ! empty( $ebi->Customer['BillingInfo']['Email'] ) ? $ebi->Customer['BillingInfo']['Email'] : $ebi->Customer['Email'];
$customer->setCompanyName( $customerName );
$customer->setStreetAddress( $streetAddress );
$customer->setZipCode( $zipCode );
$customer->setLocality( $city );
if ( ! empty( $phone ) ) {
$customer->setPhoneNumber( $phone );
$phonePreset = WebPayItem::presetValue()
->setTypeName( \Svea\WebPay\Checkout\Model\PresetValue::PHONE_NUMBER )
->setValue( $phone )
->setIsReadonly( false );
$wpOrder->addPresetValue( $phonePreset );
$customer->setEmail( $email );
$zipPreset = WebPayItem::presetValue()
->setTypeName( \Svea\WebPay\Checkout\Model\PresetValue::POSTAL_CODE )
->setValue( $zipCode )
$wpOrder->addPresetValue( $zipPreset );
$emailPreset = WebPayItem::presetValue()
->setTypeName( \Svea\WebPay\Checkout\Model\PresetValue::EMAIL_ADDRESS )
->setValue( $email )
$wpOrder->addPresetValue( $emailPreset );
$current_url = esc_url( "{$_SERVER['REQUEST_SCHEME']}://{$_SERVER['HTTP_HOST']}{$_SERVER['REQUEST_URI']}" );
$defaultThankYou = add_query_arg(
'edu-thankyou' => $reference_id,
'svea' => '1',
'booking_id' => $booking_id,
'programme_booking_id' => $programme_booking_id,
'edu-valid-form' => wp_create_nonce( 'edu-booking-confirm' ),
'act' => 'paymentCompleted',
@get_page_link( get_option( 'eduadmin-thankYouPage', '/' ) )
$defaultCancel = add_query_arg(
'status' => 'cancel'
$current_url
$defaultPushUrl = add_query_arg(
'svea_order_id' => '{checkout.order.uri}',
'status' => 'push'
$defaultTermsUrl = get_option( 'eduadmin-bookingTermsLink' );
$wpBuild = $wpOrder
->setCurrency( $currency )
->setCountryCode( $selectedCountry )
->setClientOrderNumber( $reference_id )
->addOrderRow( $orderRow )
->setLocale( $selectedLocale )
->setTermsUri( $defaultTermsUrl )
->setConfirmationUri( $defaultThankYou )
->setPushUri( $defaultPushUrl )
->setCheckoutUri( $defaultCancel ); // We have no "checkout"-url.. So we just cancel the booking instead.
$wpForm = $wpBuild->createOrder();
EDU()->session['svea-order-id'] = $wpForm['OrderId'];
return $wpForm;
public function process_paymentstatus() {
if ( ! empty( $_GET['svea_order_id'] ) && intval( $_GET['svea_order_id'] ) != 0 && ! empty( $_GET['status'] ) ) {
$this->update_booking( intval( $_GET['svea_order_id'] ), $booking_id, $programme_booking_id );
exit( 0 );
if ( isset( $_REQUEST['edu-thankyou'] ) && isset( $_REQUEST['svea'] ) && ! empty( $_GET['status'] ) ) {
private function handle_cancelled_payment() {
@wp_redirect( get_home_url() );
wp_add_inline_script( 'edu-svea-redirecthome', "location.href = '" . esc_js( get_home_url() ) . "';" );
wp_enqueue_script( 'edu-svea-redirecthome', false, array( 'jquery' ) );
* @param $order_id numeric SVEA WebPay OrderId
* @param $booking_id
* @param $programme_booking_id
* @return bool If the booking was deleted, due to cancellation
* @throws \Svea\WebPay\BuildOrder\Validator\ValidationException
private function update_booking( $order_id, $booking_id, $programme_booking_id ) {
$wpOrder->setCheckoutOrderId( $order_id );
$order = $wpOrder->getOrder();
$delete_booking = false;
$patch_booking = new stdClass();
$patch_booking->PaymentMethodId = 2;
if ( 'Cancelled' === $order['Status'] ) {
$patch_booking->Paid = false;
$delete_booking = true;
} else if ( 'Final' === $order['Status'] ) {
$patch_booking->Paid = true;
} else if ( 'Created' === $order['Status'] ) {
if ( isset( $_GET['status'] ) && 'cancel' === $_GET['status'] ) {
if ( $booking_id > 0 ) {
EDUAPI()->REST->Booking->PatchBooking(
$booking_id,
$patch_booking
if ( $delete_booking ) {
EDUAPI()->REST->Booking->DeleteBooking( $booking_id );
if ( $programme_booking_id > 0 ) {
EDUAPI()->REST->ProgrammeBooking->PatchBooking(
$programme_booking_id,
EDUAPI()->REST->ProgrammeBooking->DeleteBooking( $programme_booking_id );
return $delete_booking;
endif;
MultinetInteractive /
EduAdmin-WordPress-SveaWebPay
Chris Gårdenberg
This check looks for variable assignements that are either overwritten by other assignments or where the variable is not used subsequently.
Both the
$myVarassignment in line 1 and the$higherassignment in line 2 are dead. The first because$myVaris never used and the second because$higheris always overwritten for every possible time line.