dynamic / foxystripe

code/admin/OrderAdmin.php

Indentation +5 added lines, -5 removed lines

@@ -2,13 +2,13 @@
 
 class OrderAdmin extends ModelAdmin {
 
-	public static $managed_models = array(
-		'Order'
-	);
+    public static $managed_models = array(
+        'Order'
+    );
 	
-	static $url_segment = 'orders';
+    static $url_segment = 'orders';
 	
-	static $menu_title = 'Orders';
+    static $menu_title = 'Orders';
 
     public function getEditForm($id = null, $fields = null) {
         $form = parent::getEditForm($id, $fields);

code/model/foxycart.cart_validation.php

Indentation +310 added lines, -310 removed lines

@@ -14,315 +14,315 @@
  *   - Empty textareas are assumed to be "open"
  */
 class FoxyCart_Helper {
-	/**
-	 * API Key (Secret)
-	 *
-	 * @var string
-	 **/
-	private static $secret;
-
-	/**
-	 * Cart URL
-	 *
-	 * @var string
-	 * Notes: Could be 'https://yourdomain.foxycart.com/cart' or 'https://secure.yourdomain.com/cart'
-	 **/
-	// protected static $cart_url = 'https://yourdomain.foxycart.com/cart';
-	protected static $cart_url;
-
-	public static function setCartURL($storeName = null){
-		self::$cart_url = 'https://'.$storeName.'.faxycart.com/cart';
-	}
-
-	public static function setSecret($secret = null){
-		self::$secret = $secret;
-	}
-
-	public function __construct(){
-		self::setCartURL(FoxyCart::getFoxyCartStoreName());
-		self::setSecret(FoxyCart::getStoreKey());
-	}
-
-	public static function getSecret(){
-		return FoxyCart::getStoreKey();
-	}
-
-
-	/**
-	 * Cart Excludes
-	 *
-	 * Arrays of values and prefixes that should be ignored when signing links and forms.
-	 * @var array
-	 */
-	protected static $cart_excludes = array(
-		// Cart values
-		'cart', 'fcsid', 'empty', 'coupon', 'output', 'sub_token', 'redirect', 'callback', '_',
-		// Checkout pre-population values
-		'customer_email', 'customer_first_name', 'customer_last_name', 'customer_address1', 'customer_address2',
-		'customer_city', 'customer_state', 'customer_postal_code', 'customer_country', 'customer_phone', 'customer_company',
-		'shipping_first_name', 'shipping_last_name', 'shipping_address1', 'shipping_address2',
-		'shipping_city', 'shipping_state', 'shipping_postal_code', 'shipping_country', 'shipping_phone', 'shipping_company',
-	);
-	protected static $cart_excludes_prefixes = array(
-		'h:', 'x:', '__',
-	);
-
-	/**
-	 * Debugging
-	 *
-	 * Set to $debug to TRUE to enable debug logging.
-	 *
-	 */
-	protected static $debug = FALSE;
-	protected static $log = array();
-
-
-	/**
-	 * "Link Method": Generate HMAC SHA256 for GET Query Strings
-	 *
-	 * Notes: Can't parse_str because PHP doesn't support non-alphanumeric characters as array keys.
-	 * @return string
-	 **/
-	public static function fc_hash_querystring($qs, $output = TRUE) {
-		self::$log[] = '<strong>Signing link</strong> with data: '.htmlspecialchars(substr($qs, 0, 150)).'...';
-		$fail = self::$cart_url.'?'.$qs;
-
-		// If the link appears to be hashed already, don't bother
-		if (strpos($qs, '||')) {
-			self::$log[] = '<strong>Link appears to be signed already</strong>: '.htmlspecialchars($code[0]);
-			return $fail;
-		}
-
-		// Stick an ampersand on the beginning of the querystring to make matching the first element a little easier
-		$qs = '&'.urldecode($qs);
-
-		// Get all the prefixes, codes, and name=value pairs
-		preg_match_all('%(?P<amp>&(?:amp;)?)(?P<prefix>[a-z0-9]{1,3}:)?(?P<name>[^=]+)=(?P<value>[^&]+)%', $qs, $pairs, PREG_SET_ORDER);
-		self::$log[] = 'Found the following pairs to sign:<pre>'.htmlspecialchars(print_r($pairs, true)).'</pre>';
-
-		// Get all the "code" values, set the matches in $codes
-		$codes = array();
-		foreach ($pairs as $pair) {
-			if ($pair['name'] == 'code') {
-				$codes[$pair['prefix']] = $pair['value'];
-			}
-		}
-		if ( ! count($codes)) {
-			self::$log[] = '<strong style="color:#600;">No code found</strong> for the above link.';
-			return $fail;
-		}
-		self::$log[] = '<strong style="color:orange;">CODES found:</strong> '.htmlspecialchars(print_r($codes, true));
-
-		// Sign the name/value pairs
-		foreach ($pairs as $pair) {
-			// Skip the cart excludes
-			if (in_array($pair['name'], self::$cart_excludes) || in_array($pair['prefix'], self::$cart_excludes_prefixes)) {
-				self::$log[] = '<strong style="color:purple;">Skipping</strong> the reserved parameter or prefix "'.$pair['prefix'].$pair['name'].'" = '.$pair['value'];
-				continue;
-			}
-
-			// Continue to sign the value and replace the name=value in the querystring with name=value||hash
-			$value = self::fc_hash_value($codes[$pair['prefix']], $pair['name'], $pair['value'], 'value', FALSE, 'urlencode');
-			$replacement = $pair['amp'].$pair['prefix'].urlencode($pair['name']).'='.$value;
-			$qs = str_replace($pair[0], $replacement, $qs);
-			self::$log[] = 'Signed <strong>'.$pair['name'].'</strong> = <strong>'.$pair['value'].'</strong> with '.$replacement.'.<br />Replacing: '.$pair[0].'<br />With... '.$replacement;
-		}
-		$qs = ltrim($qs, '&'); // Get rid of that leading ampersand we added earlier
-
-		if ($output) {
-			echo self::$cart_url.'?'.$qs;
-		} else {
-			return self::$cart_url.'?'.$qs;
-		}
-	}
-
-
-	/**
-	 * "Form Method": Generate HMAC SHA256 for form elements or individual <input />s
-	 *
-	 * @return string
-	 **/
-	public static function fc_hash_value($product_code, $option_name, $option_value = '', $method = 'name', $output = TRUE, $urlencode = false) {
-		if (!$product_code || !$option_name) {
-			return FALSE;
-		}
-		if ($option_value == '--OPEN--') {
-			$hash = hash_hmac('sha256', $product_code.$option_name.$option_value, self::getSecret());
-			$value = ($urlencode) ? urlencode($option_name).'||'.$hash.'||open' : $option_name.'||'.$hash.'||open';
-		} else {
-			$hash = hash_hmac('sha256', $product_code.$option_name.$option_value, self::getSecret());
-			if ($method == 'name') {
-				$value = ($urlencode) ? urlencode($option_name).'||'.$hash : $option_name.'||'.$hash;
-			} else {
-				$value = ($urlencode) ? urlencode($option_value).'||'.$hash : $option_value.'||'.$hash;
-			}
-		}
-
-		if ($output) {
-			echo $value;
-		} else {
-			return $value;
-		}
-	}
-
-	/**
-	 * Raw HTML Signing: Sign all links and form elements in a block of HTML
-	 *
-	 * Accepts a string of HTML and signs all links and forms.
-	 * Requires link 'href' and form 'action' attributes to use 'https' and not 'http'.
-	 * Requires a 'code' to be set in every form.
-	 *
-	 * @return string
-	 **/
-	public static function fc_hash_html($html) {
-		// Initialize some counting
-		$count['temp'] = 0; // temp counter
-		$count['links'] = 0;
-		$count['forms'] = 0;
-		$count['inputs'] = 0;
-		$count['lists'] = 0;
-		$count['textareas'] = 0;
-
-		// Find and sign all the links
-		preg_match_all('%<a .*?href=[\'"]'.preg_quote(self::$cart_url).'(?:\.php)?\?(.+?)[\'"].*?>%i', $html, $querystrings);
-		// print_r($querystrings);
-		foreach ($querystrings[1] as $querystring) {
-			// If it's already signed, skip it.
-			if (preg_match('%&(?:amp;)?hash=%i', $querystring)) {
-				continue;
-			}
-			$pattern = '%(href=[\'"])'.preg_quote(self::$cart_url, '%').'(?:\.php)?\?'.preg_quote($querystring, '%').'([\'"])%i';
-			$signed = self::fc_hash_querystring($querystring, FALSE);
-			$html = preg_replace($pattern, '$1'.$signed.'$2', $html, -1, $count['temp']);
-			$count['links'] += $count['temp'];
-		}
-		unset($querystrings);
-
-		// Find and sign all form values
-		preg_match_all('%<form [^>]*?action=[\'"]'.preg_quote(self::$cart_url).'?[\'"].*?>(.+?)</form>%is', $html, $forms);
-		foreach ($forms[1] as $form) {
-			$count['forms']++;
-			self::$log[] = '<strong>Signing form</strong> with data: '.htmlspecialchars(substr($form, 0, 150)).'...';
-
-			// Store the original form so we can replace it when we're done
-			$form_original = $form;
-
-			// Check for the "code" input, set the matches in $codes
-			if (!preg_match_all('%<[^>]*?name=([\'"])([0-9]{1,3}:)?code\1[^>]*?>%i', $form, $codes, PREG_SET_ORDER)) {
-				self::$log[] = '<strong style="color:#600;">No code found</strong> for the above form.';
-				continue;
-			}
-			// For each code found, sign the appropriate inputs
-			foreach ($codes as $code) {
-				// If the form appears to be hashed already, don't bother
-				if (strpos($code[0], '||')) {
-					self::$log[] = '<strong>Form appears to be signed already</strong>: '.htmlspecialchars($code[0]);
-					continue;
-				}
-				// Get the code and the prefix
-				$prefix = (isset($code[2])) ? $code[2] : '';
-				preg_match('%<[^>]*?value=([\'"])(.+?)\1[^>]*?>%i', $code[0], $code);
-				$code = trim($code[2]);
-				self::$log[] = '<strong>Prefix for '.htmlspecialchars($code).'</strong>: '.htmlspecialchars($prefix);
-				if (!$code) { // If the code is empty, skip this form or specific prefixed elements
-					continue;
-				}
-
-				// Sign all <input /> elements with matching prefix
-				preg_match_all('%<input [^>]*?name=([\'"])'.preg_quote($prefix).'(?![0-9]{1,3})(?:.+?)\1[^>]*>%i', $form, $inputs);
-				foreach ($inputs[0] as $input) {
-					$count['inputs']++;
-					// Test to make sure both name and value attributes are found
-					if (preg_match('%name=([\'"])'.preg_quote($prefix).'(?![0-9]{1,3})(.+?)\1%i', $input, $name) > 0) {
-						preg_match('%value=([\'"])(.*?)\1%i', $input, $value);
-						$value = (count($value) > 0) ? $value : array('', '', '');
-						preg_match('%type=([\'"])(.*?)\1%i', $input, $type);
-						$type = (count($type) > 0) ? $type : array('', '', '');
-						// Skip the cart excludes
-						if (in_array($prefix.$name[2], self::$cart_excludes) || in_array(substr($prefix.$name[2], 0, 2), self::$cart_excludes_prefixes)) {
-							self::$log[] = '<strong style="color:purple;">Skipping</strong> the reserved parameter or prefix "'.$prefix.$name[2].'" = '.$value[2];
-							continue;
-						}
-						self::$log[] = '<strong>INPUT['.$type[2].']:</strong> Name: <strong>'.$prefix.htmlspecialchars(preg_quote($name[2])).'</strong>';
-						self::$log[] = '<strong>Replacement Pattern:</strong> ([\'"])'.$prefix.preg_quote($name[2]).'\1';
-						$value[2] = ($value[2] == '') ? '--OPEN--' : $value[2];
-						if ($type[2] == 'radio') {
-							$input_signed = preg_replace('%([\'"])'.preg_quote($value[2]).'\1%', '${1}'.self::fc_hash_value($code, $name[2], $value[2], 'value', FALSE)."$1", $input);
-						} else {
-							$input_signed = preg_replace('%([\'"])'.$prefix.preg_quote($name[2]).'\1%', '${1}'.$prefix.self::fc_hash_value($code, $name[2], $value[2], 'name', FALSE)."$1", $input);
-						}
-						self::$log[] = '<strong>INPUT:</strong> Code: <strong>'.htmlspecialchars($prefix.$code).
-						               '</strong> :: Name: <strong>'.htmlspecialchars($prefix.$name[2]).
-						               '</strong> :: Value: <strong>'.htmlspecialchars($value[2]).
-						               '</strong><br />Initial input: '.htmlspecialchars($input).
-						               '<br />Signed: <span style="color:#060;">'.htmlspecialchars($input_signed).'</span>';
-						$form = str_replace($input, $input_signed, $form);
-					}
-				}
-				self::$log[] = '<strong>FORM after INPUTS:</strong> <pre>'.htmlspecialchars($form).'</pre>';
-
-				// Sign all <option /> elements
-				preg_match_all('%<select [^>]*name=([\'"])'.preg_quote($prefix).'(?![0-9]{1,3})(.+?)\1[^>]*>(.+?)</select>%is', $form, $lists, PREG_SET_ORDER);
-				foreach ($lists as $list) {
-					$count['lists']++;
-					preg_match_all('%<option [^>]*value=([\'"])(.+?)\1[^>]*>(?:.*?)</option>%i', $list[0], $options, PREG_SET_ORDER);
-					self::$log[] = '<strong>Options:</strong> <pre>'.htmlspecialchars(print_r($options, true)).'</pre>';
-					unset( $form_part_signed );
-					foreach ($options as $option) {
-						if( !isset($form_part_signed) ) $form_part_signed = $list[0];
-						$option_signed = preg_replace(
-							'%'.preg_quote($option[1]).preg_quote($option[2]).preg_quote($option[1]).'%',
-							$option[1].self::fc_hash_value($code, $list[2], $option[2], 'value', FALSE).$option[1],
-							$option[0]);
-						$form_part_signed = str_replace($option[0], $option_signed, $form_part_signed );
-						self::$log[] = '<strong>OPTION:</strong> Code: <strong>'.htmlspecialchars($prefix.$code).
-						               '</strong> :: Name: <strong>'.htmlspecialchars($prefix.$list[2]).
-						               '</strong> :: Value: <strong>'.htmlspecialchars($option[2]).
-						               '</strong><br />Initial option: '.htmlspecialchars($option[0]).
-						               '<br />Signed: <span style="color:#060;">'.htmlspecialchars($option_signed).'</span>';
-					}
-					$form = str_replace($list[0], $form_part_signed, $form);
-				}
-				self::$log[] = '<strong>FORM after OPTIONS:</strong> <pre>'.htmlspecialchars($form).'</pre>';
-
-				// Sign all <textarea /> elements
-				preg_match_all('%<textarea [^>]*name=([\'"])'.preg_quote($prefix).'(?![0-9]{1,3})(.+?)\1[^>]*>(.*?)</textarea>%is', $form, $textareas, PREG_SET_ORDER);
-				// echo "\n\nTextareas: ".print_r($textareas, true);
-				foreach ($textareas as $textarea) {
-					$count['textareas']++;
-					// Tackle implied "--OPEN--" first, if textarea is empty
-					$textarea[3] = ($textarea[3] == '') ? '--OPEN--' : $textarea[3];
-					$textarea_signed = preg_replace('%([\'"])'.preg_quote($prefix.$textarea[2]).'\1%', "$1".self::fc_hash_value($code, $textarea[2], $textarea[3], 'name', FALSE)."$1", $textarea[0]);
-					$form = str_replace($textarea[0], $textarea_signed, $form);
-					self::$log[] = '<strong>TEXTAREA:</strong> Code: <strong>'.htmlspecialchars($prefix.$code).
-					               '</strong> :: Name: <strong>'.htmlspecialchars($prefix.$textarea[2]).
-					               '</strong> :: Value: <strong>'.htmlspecialchars($textarea[3]).
-					               '</strong><br />Initial textarea: '.htmlspecialchars($textarea[0]).
-					               '<br />Signed: <span style="color:#060;">'.htmlspecialchars($textarea_signed).'</span>';
-				}
-				self::$log[] = '<strong>FORM after TEXTAREAS:</strong> <pre>'.htmlspecialchars($form).'</pre>';
-
-				// Exclude all <button> elements
-				$form = preg_replace('%<button ([^>]*)name=([\'"])(.*?)\1([^>]*>.*?</button>)%i', "<button $1name=$2x:$3$4", $form);
-
-			}
-			// Replace the entire form
-			self::$log[] = '<strong>FORM after ALL:</strong> <pre>'.htmlspecialchars($form).'</pre>'.'replacing <pre>'.htmlspecialchars($form_original).'</pre>';
-			$html = str_replace($form_original, $form, $html);
-			self::$log[] = '<strong>FORM end</strong><hr />';
-		}
-
-		// Return the signed output
-		$output = '';
-		if (self::$debug) {
-			self::$log['Summary'] = $count['links'].' links signed. '.$count['forms'].' forms signed. '.$count['inputs'].' inputs signed. '.$count['lists'].' lists signed. '.$count['textareas'].' textareas signed.';
-			$output .= '<h3>FoxyCart HMAC Debugging:</h3><ul>';
-			foreach (self::$log as $name => $value) {
-				$output .= '<li><strong>'.$name.':</strong> '.$value.'</li>';
-			}
-			$output .= '</ul><hr />';
-		}
-		return $output.$html;
-	}
+    /**
+     * API Key (Secret)
+     *
+     * @var string
+     **/
+    private static $secret;
+
+    /**
+     * Cart URL
+     *
+     * @var string
+     * Notes: Could be 'https://yourdomain.foxycart.com/cart' or 'https://secure.yourdomain.com/cart'
+     **/
+    // protected static $cart_url = 'https://yourdomain.foxycart.com/cart';
+    protected static $cart_url;
+
+    public static function setCartURL($storeName = null){
+        self::$cart_url = 'https://'.$storeName.'.faxycart.com/cart';
+    }
+
+    public static function setSecret($secret = null){
+        self::$secret = $secret;
+    }
+
+    public function __construct(){
+        self::setCartURL(FoxyCart::getFoxyCartStoreName());
+        self::setSecret(FoxyCart::getStoreKey());
+    }
+
+    public static function getSecret(){
+        return FoxyCart::getStoreKey();
+    }
+
+
+    /**
+     * Cart Excludes
+     *
+     * Arrays of values and prefixes that should be ignored when signing links and forms.
+     * @var array
+     */
+    protected static $cart_excludes = array(
+        // Cart values
+        'cart', 'fcsid', 'empty', 'coupon', 'output', 'sub_token', 'redirect', 'callback', '_',
+        // Checkout pre-population values
+        'customer_email', 'customer_first_name', 'customer_last_name', 'customer_address1', 'customer_address2',
+        'customer_city', 'customer_state', 'customer_postal_code', 'customer_country', 'customer_phone', 'customer_company',
+        'shipping_first_name', 'shipping_last_name', 'shipping_address1', 'shipping_address2',
+        'shipping_city', 'shipping_state', 'shipping_postal_code', 'shipping_country', 'shipping_phone', 'shipping_company',
+    );
+    protected static $cart_excludes_prefixes = array(
+        'h:', 'x:', '__',
+    );
+
+    /**
+     * Debugging
+     *
+     * Set to $debug to TRUE to enable debug logging.
+     *
+     */
+    protected static $debug = FALSE;
+    protected static $log = array();
+
+
+    /**
+     * "Link Method": Generate HMAC SHA256 for GET Query Strings
+     *
+     * Notes: Can't parse_str because PHP doesn't support non-alphanumeric characters as array keys.
+     * @return string
+     **/
+    public static function fc_hash_querystring($qs, $output = TRUE) {
+        self::$log[] = '<strong>Signing link</strong> with data: '.htmlspecialchars(substr($qs, 0, 150)).'...';
+        $fail = self::$cart_url.'?'.$qs;
+
+        // If the link appears to be hashed already, don't bother
+        if (strpos($qs, '||')) {
+            self::$log[] = '<strong>Link appears to be signed already</strong>: '.htmlspecialchars($code[0]);
+            return $fail;
+        }
+
+        // Stick an ampersand on the beginning of the querystring to make matching the first element a little easier
+        $qs = '&'.urldecode($qs);
+
+        // Get all the prefixes, codes, and name=value pairs
+        preg_match_all('%(?P<amp>&(?:amp;)?)(?P<prefix>[a-z0-9]{1,3}:)?(?P<name>[^=]+)=(?P<value>[^&]+)%', $qs, $pairs, PREG_SET_ORDER);
+        self::$log[] = 'Found the following pairs to sign:<pre>'.htmlspecialchars(print_r($pairs, true)).'</pre>';
+
+        // Get all the "code" values, set the matches in $codes
+        $codes = array();
+        foreach ($pairs as $pair) {
+            if ($pair['name'] == 'code') {
+                $codes[$pair['prefix']] = $pair['value'];
+            }
+        }
+        if ( ! count($codes)) {
+            self::$log[] = '<strong style="color:#600;">No code found</strong> for the above link.';
+            return $fail;
+        }
+        self::$log[] = '<strong style="color:orange;">CODES found:</strong> '.htmlspecialchars(print_r($codes, true));
+
+        // Sign the name/value pairs
+        foreach ($pairs as $pair) {
+            // Skip the cart excludes
+            if (in_array($pair['name'], self::$cart_excludes) || in_array($pair['prefix'], self::$cart_excludes_prefixes)) {
+                self::$log[] = '<strong style="color:purple;">Skipping</strong> the reserved parameter or prefix "'.$pair['prefix'].$pair['name'].'" = '.$pair['value'];
+                continue;
+            }
+
+            // Continue to sign the value and replace the name=value in the querystring with name=value||hash
+            $value = self::fc_hash_value($codes[$pair['prefix']], $pair['name'], $pair['value'], 'value', FALSE, 'urlencode');
+            $replacement = $pair['amp'].$pair['prefix'].urlencode($pair['name']).'='.$value;
+            $qs = str_replace($pair[0], $replacement, $qs);
+            self::$log[] = 'Signed <strong>'.$pair['name'].'</strong> = <strong>'.$pair['value'].'</strong> with '.$replacement.'.<br />Replacing: '.$pair[0].'<br />With... '.$replacement;
+        }
+        $qs = ltrim($qs, '&'); // Get rid of that leading ampersand we added earlier
+
+        if ($output) {
+            echo self::$cart_url.'?'.$qs;
+        } else {
+            return self::$cart_url.'?'.$qs;
+        }
+    }
+
+
+    /**
+     * "Form Method": Generate HMAC SHA256 for form elements or individual <input />s
+     *
+     * @return string
+     **/
+    public static function fc_hash_value($product_code, $option_name, $option_value = '', $method = 'name', $output = TRUE, $urlencode = false) {
+        if (!$product_code || !$option_name) {
+            return FALSE;
+        }
+        if ($option_value == '--OPEN--') {
+            $hash = hash_hmac('sha256', $product_code.$option_name.$option_value, self::getSecret());
+            $value = ($urlencode) ? urlencode($option_name).'||'.$hash.'||open' : $option_name.'||'.$hash.'||open';
+        } else {
+            $hash = hash_hmac('sha256', $product_code.$option_name.$option_value, self::getSecret());
+            if ($method == 'name') {
+                $value = ($urlencode) ? urlencode($option_name).'||'.$hash : $option_name.'||'.$hash;
+            } else {
+                $value = ($urlencode) ? urlencode($option_value).'||'.$hash : $option_value.'||'.$hash;
+            }
+        }
+
+        if ($output) {
+            echo $value;
+        } else {
+            return $value;
+        }
+    }
+
+    /**
+     * Raw HTML Signing: Sign all links and form elements in a block of HTML
+     *
+     * Accepts a string of HTML and signs all links and forms.
+     * Requires link 'href' and form 'action' attributes to use 'https' and not 'http'.
+     * Requires a 'code' to be set in every form.
+     *
+     * @return string
+     **/
+    public static function fc_hash_html($html) {
+        // Initialize some counting
+        $count['temp'] = 0; // temp counter
+        $count['links'] = 0;
+        $count['forms'] = 0;
+        $count['inputs'] = 0;
+        $count['lists'] = 0;
+        $count['textareas'] = 0;
+
+        // Find and sign all the links
+        preg_match_all('%<a .*?href=[\'"]'.preg_quote(self::$cart_url).'(?:\.php)?\?(.+?)[\'"].*?>%i', $html, $querystrings);
+        // print_r($querystrings);
+        foreach ($querystrings[1] as $querystring) {
+            // If it's already signed, skip it.
+            if (preg_match('%&(?:amp;)?hash=%i', $querystring)) {
+                continue;
+            }
+            $pattern = '%(href=[\'"])'.preg_quote(self::$cart_url, '%').'(?:\.php)?\?'.preg_quote($querystring, '%').'([\'"])%i';
+            $signed = self::fc_hash_querystring($querystring, FALSE);
+            $html = preg_replace($pattern, '$1'.$signed.'$2', $html, -1, $count['temp']);
+            $count['links'] += $count['temp'];
+        }
+        unset($querystrings);
+
+        // Find and sign all form values
+        preg_match_all('%<form [^>]*?action=[\'"]'.preg_quote(self::$cart_url).'?[\'"].*?>(.+?)</form>%is', $html, $forms);
+        foreach ($forms[1] as $form) {
+            $count['forms']++;
+            self::$log[] = '<strong>Signing form</strong> with data: '.htmlspecialchars(substr($form, 0, 150)).'...';
+
+            // Store the original form so we can replace it when we're done
+            $form_original = $form;
+
+            // Check for the "code" input, set the matches in $codes
+            if (!preg_match_all('%<[^>]*?name=([\'"])([0-9]{1,3}:)?code\1[^>]*?>%i', $form, $codes, PREG_SET_ORDER)) {
+                self::$log[] = '<strong style="color:#600;">No code found</strong> for the above form.';
+                continue;
+            }
+            // For each code found, sign the appropriate inputs
+            foreach ($codes as $code) {
+                // If the form appears to be hashed already, don't bother
+                if (strpos($code[0], '||')) {
+                    self::$log[] = '<strong>Form appears to be signed already</strong>: '.htmlspecialchars($code[0]);
+                    continue;
+                }
+                // Get the code and the prefix
+                $prefix = (isset($code[2])) ? $code[2] : '';
+                preg_match('%<[^>]*?value=([\'"])(.+?)\1[^>]*?>%i', $code[0], $code);
+                $code = trim($code[2]);
+                self::$log[] = '<strong>Prefix for '.htmlspecialchars($code).'</strong>: '.htmlspecialchars($prefix);
+                if (!$code) { // If the code is empty, skip this form or specific prefixed elements
+                    continue;
+                }
+
+                // Sign all <input /> elements with matching prefix
+                preg_match_all('%<input [^>]*?name=([\'"])'.preg_quote($prefix).'(?![0-9]{1,3})(?:.+?)\1[^>]*>%i', $form, $inputs);
+                foreach ($inputs[0] as $input) {
+                    $count['inputs']++;
+                    // Test to make sure both name and value attributes are found
+                    if (preg_match('%name=([\'"])'.preg_quote($prefix).'(?![0-9]{1,3})(.+?)\1%i', $input, $name) > 0) {
+                        preg_match('%value=([\'"])(.*?)\1%i', $input, $value);
+                        $value = (count($value) > 0) ? $value : array('', '', '');
+                        preg_match('%type=([\'"])(.*?)\1%i', $input, $type);
+                        $type = (count($type) > 0) ? $type : array('', '', '');
+                        // Skip the cart excludes
+                        if (in_array($prefix.$name[2], self::$cart_excludes) || in_array(substr($prefix.$name[2], 0, 2), self::$cart_excludes_prefixes)) {
+                            self::$log[] = '<strong style="color:purple;">Skipping</strong> the reserved parameter or prefix "'.$prefix.$name[2].'" = '.$value[2];
+                            continue;
+                        }
+                        self::$log[] = '<strong>INPUT['.$type[2].']:</strong> Name: <strong>'.$prefix.htmlspecialchars(preg_quote($name[2])).'</strong>';
+                        self::$log[] = '<strong>Replacement Pattern:</strong> ([\'"])'.$prefix.preg_quote($name[2]).'\1';
+                        $value[2] = ($value[2] == '') ? '--OPEN--' : $value[2];
+                        if ($type[2] == 'radio') {
+                            $input_signed = preg_replace('%([\'"])'.preg_quote($value[2]).'\1%', '${1}'.self::fc_hash_value($code, $name[2], $value[2], 'value', FALSE)."$1", $input);
+                        } else {
+                            $input_signed = preg_replace('%([\'"])'.$prefix.preg_quote($name[2]).'\1%', '${1}'.$prefix.self::fc_hash_value($code, $name[2], $value[2], 'name', FALSE)."$1", $input);
+                        }
+                        self::$log[] = '<strong>INPUT:</strong> Code: <strong>'.htmlspecialchars($prefix.$code).
+                                        '</strong> :: Name: <strong>'.htmlspecialchars($prefix.$name[2]).
+                                        '</strong> :: Value: <strong>'.htmlspecialchars($value[2]).
+                                        '</strong><br />Initial input: '.htmlspecialchars($input).
+                                        '<br />Signed: <span style="color:#060;">'.htmlspecialchars($input_signed).'</span>';
+                        $form = str_replace($input, $input_signed, $form);
+                    }
+                }
+                self::$log[] = '<strong>FORM after INPUTS:</strong> <pre>'.htmlspecialchars($form).'</pre>';
+
+                // Sign all <option /> elements
+                preg_match_all('%<select [^>]*name=([\'"])'.preg_quote($prefix).'(?![0-9]{1,3})(.+?)\1[^>]*>(.+?)</select>%is', $form, $lists, PREG_SET_ORDER);
+                foreach ($lists as $list) {
+                    $count['lists']++;
+                    preg_match_all('%<option [^>]*value=([\'"])(.+?)\1[^>]*>(?:.*?)</option>%i', $list[0], $options, PREG_SET_ORDER);
+                    self::$log[] = '<strong>Options:</strong> <pre>'.htmlspecialchars(print_r($options, true)).'</pre>';
+                    unset( $form_part_signed );
+                    foreach ($options as $option) {
+                        if( !isset($form_part_signed) ) $form_part_signed = $list[0];
+                        $option_signed = preg_replace(
+                            '%'.preg_quote($option[1]).preg_quote($option[2]).preg_quote($option[1]).'%',
+                            $option[1].self::fc_hash_value($code, $list[2], $option[2], 'value', FALSE).$option[1],
+                            $option[0]);
+                        $form_part_signed = str_replace($option[0], $option_signed, $form_part_signed );
+                        self::$log[] = '<strong>OPTION:</strong> Code: <strong>'.htmlspecialchars($prefix.$code).
+                                        '</strong> :: Name: <strong>'.htmlspecialchars($prefix.$list[2]).
+                                        '</strong> :: Value: <strong>'.htmlspecialchars($option[2]).
+                                        '</strong><br />Initial option: '.htmlspecialchars($option[0]).
+                                        '<br />Signed: <span style="color:#060;">'.htmlspecialchars($option_signed).'</span>';
+                    }
+                    $form = str_replace($list[0], $form_part_signed, $form);
+                }
+                self::$log[] = '<strong>FORM after OPTIONS:</strong> <pre>'.htmlspecialchars($form).'</pre>';
+
+                // Sign all <textarea /> elements
+                preg_match_all('%<textarea [^>]*name=([\'"])'.preg_quote($prefix).'(?![0-9]{1,3})(.+?)\1[^>]*>(.*?)</textarea>%is', $form, $textareas, PREG_SET_ORDER);
+                // echo "\n\nTextareas: ".print_r($textareas, true);
+                foreach ($textareas as $textarea) {
+                    $count['textareas']++;
+                    // Tackle implied "--OPEN--" first, if textarea is empty
+                    $textarea[3] = ($textarea[3] == '') ? '--OPEN--' : $textarea[3];
+                    $textarea_signed = preg_replace('%([\'"])'.preg_quote($prefix.$textarea[2]).'\1%', "$1".self::fc_hash_value($code, $textarea[2], $textarea[3], 'name', FALSE)."$1", $textarea[0]);
+                    $form = str_replace($textarea[0], $textarea_signed, $form);
+                    self::$log[] = '<strong>TEXTAREA:</strong> Code: <strong>'.htmlspecialchars($prefix.$code).
+                                    '</strong> :: Name: <strong>'.htmlspecialchars($prefix.$textarea[2]).
+                                    '</strong> :: Value: <strong>'.htmlspecialchars($textarea[3]).
+                                    '</strong><br />Initial textarea: '.htmlspecialchars($textarea[0]).
+                                    '<br />Signed: <span style="color:#060;">'.htmlspecialchars($textarea_signed).'</span>';
+                }
+                self::$log[] = '<strong>FORM after TEXTAREAS:</strong> <pre>'.htmlspecialchars($form).'</pre>';
+
+                // Exclude all <button> elements
+                $form = preg_replace('%<button ([^>]*)name=([\'"])(.*?)\1([^>]*>.*?</button>)%i', "<button $1name=$2x:$3$4", $form);
+
+            }
+            // Replace the entire form
+            self::$log[] = '<strong>FORM after ALL:</strong> <pre>'.htmlspecialchars($form).'</pre>'.'replacing <pre>'.htmlspecialchars($form_original).'</pre>';
+            $html = str_replace($form_original, $form, $html);
+            self::$log[] = '<strong>FORM end</strong><hr />';
+        }
+
+        // Return the signed output
+        $output = '';
+        if (self::$debug) {
+            self::$log['Summary'] = $count['links'].' links signed. '.$count['forms'].' forms signed. '.$count['inputs'].' inputs signed. '.$count['lists'].' lists signed. '.$count['textareas'].' textareas signed.';
+            $output .= '<h3>FoxyCart HMAC Debugging:</h3><ul>';
+            foreach (self::$log as $name => $value) {
+                $output .= '<li><strong>'.$name.':</strong> '.$value.'</li>';
+            }
+            $output .= '</ul><hr />';
+        }
+        return $output.$html;
+    }
 
 }
\ No newline at end of file

code/objects/ProductImage.php

Indentation +29 added lines, -29 removed lines

@@ -7,25 +7,25 @@ 
 
 class ProductImage extends DataObject{
 
-	private static $db = array(
-		'Title' => 'Text',
-		'SortOrder' => 'Int'
-	);
+    private static $db = array(
+        'Title' => 'Text',
+        'SortOrder' => 'Int'
+    );
 
-	private static $has_one = array(
-		'Image' => 'Image',
-		'Parent' => 'SiteTree'
-	);
+    private static $has_one = array(
+        'Image' => 'Image',
+        'Parent' => 'SiteTree'
+    );
 
-	private static $default_sort = 'SortOrder';
+    private static $default_sort = 'SortOrder';
 
-	private static $summary_fields = array(
-		'Image.CMSThumbnail' => 'Image',
-		'Title' => 'Caption'
-	);
+    private static $summary_fields = array(
+        'Image.CMSThumbnail' => 'Image',
+        'Title' => 'Caption'
+    );
 
-	public function getCMSFields(){
-		$fields = FieldList::create(
+    public function getCMSFields(){
+        $fields = FieldList::create(
             TextField::create('Title')
                 ->setTitle(_t('ProductImage.Title', 'Product Image Title')),
             UploadField::create('Image')
@@ -34,25 +34,25 @@ 
                 ->setAllowedExtensions(array('jpg', 'jpeg', 'gif', 'png'))
         );
 
-		$this->extend('updateCMSFields', $fields);
+        $this->extend('updateCMSFields', $fields);
 
         return $fields;
-	}
+    }
 
-	public function canView($member = false) {
-		return true;
-	}
+    public function canView($member = false) {
+        return true;
+    }
 
-	public function canEdit($member = null) {
-		return Permission::check('Product_CANCRUD');
-	}
+    public function canEdit($member = null) {
+        return Permission::check('Product_CANCRUD');
+    }
 
-	public function canDelete($member = null) {
-		return Permission::check('Product_CANCRUD');
-	}
+    public function canDelete($member = null) {
+        return Permission::check('Product_CANCRUD');
+    }
 
-	public function canCreate($member = null) {
-		return Permission::check('Product_CANCRUD');
-	}
+    public function canCreate($member = null) {
+        return Permission::check('Product_CANCRUD');
+    }
 
 }

code/objects/ProductCategory.php

Indentation +37 added lines, -37 removed lines

@@ -8,9 +8,9 @@ 
 class ProductCategory extends DataObject {
 
     private static $db = array(
-		'Title' => 'Varchar(255)',
-		'Code' => 'Varchar(50)'
-	);
+        'Title' => 'Varchar(255)',
+        'Code' => 'Varchar(50)'
+    );
 
     private static $singular_name = 'FoxyCart Category';
     private static $plural_name = 'FoxyCart Categories';
@@ -21,13 +21,13 @@ 
         'Code' => 'Code'
     );
 
-	private static $indexes = array(
-		'Code' => true
-	);
+    private static $indexes = array(
+        'Code' => true
+    );
 
     public function getCMSFields() {
 
-		$fields = FieldList::create(
+        $fields = FieldList::create(
             LiteralField::create(
                 'PCIntro',
                 _t(
@@ -50,35 +50,35 @@ 
         $this->extend('updateCMSFields', $fields);
 
         return $fields;
-	}
-
-	public function requireDefaultRecords() {
-		parent::requireDefaultRecords();
-		$allCats = DataObject::get('ProductCategory');
-		if(!$allCats->count()){
-			$cat = new ProductCategory();
-			$cat->Title = 'Default';
-			$cat->Code = 'DEFAULT';
-			$cat->write();
-		}
-	}
-
-	public function canView($member = false) {
-		return true;
-	}
-
-	public function canEdit($member = null) {
-		return Permission::check('Product_CANCRUD');
-	}
-
-	public function canDelete($member = null) {
-
-		//don't allow deletion of DEFAULT category
-		return ($this->Code == 'DEFAULT') ? false : Permission::check('Product_CANCRUD');
-	}
-
-	public function canCreate($member = null) {
-		return Permission::check('Product_CANCRUD');
-	}
+    }
+
+    public function requireDefaultRecords() {
+        parent::requireDefaultRecords();
+        $allCats = DataObject::get('ProductCategory');
+        if(!$allCats->count()){
+            $cat = new ProductCategory();
+            $cat->Title = 'Default';
+            $cat->Code = 'DEFAULT';
+            $cat->write();
+        }
+    }
+
+    public function canView($member = false) {
+        return true;
+    }
+
+    public function canEdit($member = null) {
+        return Permission::check('Product_CANCRUD');
+    }
+
+    public function canDelete($member = null) {
+
+        //don't allow deletion of DEFAULT category
+        return ($this->Code == 'DEFAULT') ? false : Permission::check('Product_CANCRUD');
+    }
+
+    public function canCreate($member = null) {
+        return Permission::check('Product_CANCRUD');
+    }
 
 }

code/form/FoxyStripeDropdownField.php

Indentation +33 added lines, -33 removed lines

@@ -50,39 +50,39 @@
  */
 class FoxyStripeDropdownField extends DropdownField{
 
-	/**
-	 * Mark certain elements as disabled,
-	 * regardless of the {@link setDisabled()} settings.
-	 *
-	 * @param array $items Collection of array keys, as defined in the $source array
-	 */
-	public function setDisabledItems($items){
-		$controller = Controller::curr();
-		$code = $controller->data()->Code;
-		$updated = [];
-		if(is_array($items) && !empty($items)){
-			foreach($items as $item){
-				array_push($updated, ProductPage::getGeneratedValue($code, $this->getName(), $item, 'value'));
-			}
-		}
-		$this->disabledItems = $updated;
-		return $this;
-	}
+    /**
+     * Mark certain elements as disabled,
+     * regardless of the {@link setDisabled()} settings.
+     *
+     * @param array $items Collection of array keys, as defined in the $source array
+     */
+    public function setDisabledItems($items){
+        $controller = Controller::curr();
+        $code = $controller->data()->Code;
+        $updated = [];
+        if(is_array($items) && !empty($items)){
+            foreach($items as $item){
+                array_push($updated, ProductPage::getGeneratedValue($code, $this->getName(), $item, 'value'));
+            }
+        }
+        $this->disabledItems = $updated;
+        return $this;
+    }
 
-	/**
-	 * @param array $source
-	 */
-	public function setSource($source) {
-		$controller = Controller::curr();
-		$code = $controller->data()->Code;
-		$updated = [];
-		if(is_array($source) && !empty($source)){
-			foreach($source as $key => $val){
-				$updated[ProductPage::getGeneratedValue($code, $this->getName(), $key, 'value')] = $val;
-			}
-		}
-		$this->source = $updated;
-		return $this;
-	}
+    /**
+     * @param array $source
+     */
+    public function setSource($source) {
+        $controller = Controller::curr();
+        $code = $controller->data()->Code;
+        $updated = [];
+        if(is_array($source) && !empty($source)){
+            foreach($source as $key => $val){
+                $updated[ProductPage::getGeneratedValue($code, $this->getName(), $key, 'value')] = $val;
+            }
+        }
+        $this->source = $updated;
+        return $this;
+    }
 
 }

code/pages/OrderHistoryPage.php

Indentation +6 added lines, -6 removed lines

@@ -11,14 +11,14 @@ 
     private static $plural_name = 'Order History Pages';
     private static $description = 'Show a customers past orders. Requires authentication';
 
-	public function getCMSFields(){
-		$fields = parent::getCMSFields();
+    public function getCMSFields(){
+        $fields = parent::getCMSFields();
 
 
 
-		$this->extend('updateCMSFields', $fields);
-		return $fields;
-	}
+        $this->extend('updateCMSFields', $fields);
+        return $fields;
+    }
 
     // return all current Member's Orders
     public function getOrders($limit = 10) {
@@ -36,7 +36,7 @@ 
 
 class OrderHistoryPage_Controller extends Page_Controller {
 	
-	private static $allowed_actions = array(
+    private static $allowed_actions = array(
         'index'
     );
 

code/extensions/CustomerExtension.php

Indentation +4 added lines, -4 removed lines

@@ -25,10 +25,10 @@
         $response = FoxyCart::putCustomer($this->owner);
 
         // Grab customer_id record from FoxyCart response, store in Member
-		if($response){
-        	$foxyResponse = new SimpleXMLElement($response);
-        	$this->owner->Customer_ID = (int) $foxyResponse->customer_id;
-		}
+        if($response){
+            $foxyResponse = new SimpleXMLElement($response);
+            $this->owner->Customer_ID = (int) $foxyResponse->customer_id;
+        }
     }
 
 }
\ No newline at end of file

tests/StoreSettingsTest.php

Indentation +15 added lines, -15 removed lines

@@ -2,30 +2,30 @@
 
 class StoreSettingsTest extends FS_Test{
 
-	protected static $use_draft_site = true;
+    protected static $use_draft_site = true;
 
-	function setUp(){
-		parent::setUp();
+    function setUp(){
+        parent::setUp();
 
-		$siteConf = SiteConfig::current_site_config();
-		$siteConf->StoreName = 'foxystripe';
+        $siteConf = SiteConfig::current_site_config();
+        $siteConf->StoreName = 'foxystripe';
         $siteConf->requireDefaultRecords();
-		$siteConf->write();
-	}
+        $siteConf->write();
+    }
 
-	function testStoreKey(){
-		$pref = FoxyCart::getKeyPrefix();
-		$siteConf = SiteConfig::current_site_config();
+    function testStoreKey(){
+        $pref = FoxyCart::getKeyPrefix();
+        $siteConf = SiteConfig::current_site_config();
 
-		$this->assertTrue(ctype_alnum($siteConf->StoreKey));
+        $this->assertTrue(ctype_alnum($siteConf->StoreKey));
         $this->assertEquals(strlen($siteConf->StoreKey), 60);
         $this->assertEquals(substr($siteConf->StoreKey, 0, 6), $pref);
-	}
+    }
 
-	function testStoreName(){
-		$siteConf = SiteConfig::current_site_config();
+    function testStoreName(){
+        $siteConf = SiteConfig::current_site_config();
 
         $this->assertEquals($siteConf->StoreName, 'foxystripe');
-	}
+    }
 
 }

tests/ProductPageTest.php

Indentation +145 added lines, -145 removed lines

@@ -2,242 +2,242 @@
 
 class ProductPageTest extends FS_Test{
 
-	protected static $use_draft_site = true;
+    protected static $use_draft_site = true;
 
-	function setUp(){
-		parent::setUp();
+    function setUp(){
+        parent::setUp();
 
-		$groupForItem = OptionGroup::create();
-		$groupForItem->Title = 'Sample-Group';
-		$groupForItem->write();
+        $groupForItem = OptionGroup::create();
+        $groupForItem->Title = 'Sample-Group';
+        $groupForItem->write();
 
-		/*$productHolder = ProductHolder::create();
+        /*$productHolder = ProductHolder::create();
 		$productHolder->Title = 'Product Holder';
 		$productHolder->write();*/
-	}
+    }
 
-	function testProductCreation(){
+    function testProductCreation(){
 
-		$this->logInWithPermission('Product_CANCRUD');
-		$default = $this->objFromFixture('ProductCategory', 'default');
-		$holder = $this->objFromFixture('ProductHolder', 'default');
-		$product1 = $this->objFromFixture('ProductPage', 'product1');
+        $this->logInWithPermission('Product_CANCRUD');
+        $default = $this->objFromFixture('ProductCategory', 'default');
+        $holder = $this->objFromFixture('ProductHolder', 'default');
+        $product1 = $this->objFromFixture('ProductPage', 'product1');
 
-		$product1->doPublish();
-		$this->assertTrue($product1->isPublished());
+        $product1->doPublish();
+        $this->assertTrue($product1->isPublished());
 
-	}
+    }
 
-	function testProductDeletion(){
+    function testProductDeletion(){
 
-		$this->logInWithPermission('Product_CANCRUD');
-		$holder = $this->objFromFixture('ProductHolder', 'default');
-		$holder->doPublish();
-		$product2 = $this->objFromFixture('ProductPage', 'product2');
-		$productID = $product2->ID;
+        $this->logInWithPermission('Product_CANCRUD');
+        $holder = $this->objFromFixture('ProductHolder', 'default');
+        $holder->doPublish();
+        $product2 = $this->objFromFixture('ProductPage', 'product2');
+        $productID = $product2->ID;
 
-		$product2->doPublish();
-		$this->assertTrue($product2->isPublished());
+        $product2->doPublish();
+        $this->assertTrue($product2->isPublished());
 
-		$versions = DB::query('Select * FROM "ProductPage_versions" WHERE "RecordID" = '. $productID);
-		$versionsPostPublish = array();
-		foreach($versions as $versionRow) $versionsPostPublish[] = $versionRow;
+        $versions = DB::query('Select * FROM "ProductPage_versions" WHERE "RecordID" = '. $productID);
+        $versionsPostPublish = array();
+        foreach($versions as $versionRow) $versionsPostPublish[] = $versionRow;
 
-		$product2->delete();
-		$this->assertTrue(!$product2->isPublished());
+        $product2->delete();
+        $this->assertTrue(!$product2->isPublished());
 
-		$versions = DB::query('Select * FROM "ProductPage_versions" WHERE "RecordID" = '. $productID);
-		$versionsPostDelete = array();
-		foreach($versions as $versionRow) $versionsPostDelete[] = $versionRow;
+        $versions = DB::query('Select * FROM "ProductPage_versions" WHERE "RecordID" = '. $productID);
+        $versionsPostDelete = array();
+        foreach($versions as $versionRow) $versionsPostDelete[] = $versionRow;
 
-		$this->assertTrue($versionsPostPublish == $versionsPostDelete);
+        $this->assertTrue($versionsPostPublish == $versionsPostDelete);
 
-	}
+    }
 
-	function testProductTitleLeadingWhiteSpace(){
+    function testProductTitleLeadingWhiteSpace(){
 
-		$this->logInWithPermission('ADMIN');
+        $this->logInWithPermission('ADMIN');
 
-		$holder = $this->objFromFixture('ProductHolder', 'default');
-		$holder->doPublish();
+        $holder = $this->objFromFixture('ProductHolder', 'default');
+        $holder->doPublish();
 
-		$product = $this->objFromFixture('ProductPage', 'product1');
-		$product->Title = " Test with leading space";
-		$product->doPublish();
+        $product = $this->objFromFixture('ProductPage', 'product1');
+        $product->Title = " Test with leading space";
+        $product->doPublish();
 
-		$this->assertTrue($product->Title == 'Test with leading space');
+        $this->assertTrue($product->Title == 'Test with leading space');
 
-	}
+    }
 
-	function testProductTitleTrailingWhiteSpace(){
+    function testProductTitleTrailingWhiteSpace(){
 
-		$this->logInWithPermission('ADMIN');
+        $this->logInWithPermission('ADMIN');
 
-		$holder = $this->objFromFixture('ProductHolder', 'default');
-		$holder->doPublish();
+        $holder = $this->objFromFixture('ProductHolder', 'default');
+        $holder->doPublish();
 
-		$product = $this->objFromFixture('ProductPage', 'product1');
-		$product->Title = "Test with trailing space ";
-		$product->doPublish();
+        $product = $this->objFromFixture('ProductPage', 'product1');
+        $product->Title = "Test with trailing space ";
+        $product->doPublish();
 
-		$this->assertTrue($product->Title == 'Test with trailing space');
+        $this->assertTrue($product->Title == 'Test with trailing space');
 
-	}
+    }
 
-	function testProductCategoryCreation(){
+    function testProductCategoryCreation(){
 
-		$this->logInWithPermission('Product_CANCRUD');
-		$category = $this->objFromFixture('ProductCategory', 'apparel');
-		$category->write();
-		$categoryID = $category->ID;
+        $this->logInWithPermission('Product_CANCRUD');
+        $category = $this->objFromFixture('ProductCategory', 'apparel');
+        $category->write();
+        $categoryID = $category->ID;
 
-		$productCategory = ProductCategory::get()->filter(array('Code'=>'APPAREL'))->first();
+        $productCategory = ProductCategory::get()->filter(array('Code'=>'APPAREL'))->first();
 
-		$this->assertTrue($categoryID == $productCategory->ID);
+        $this->assertTrue($categoryID == $productCategory->ID);
 
-	}
+    }
 
-	function testProductCategoryDeletion(){
+    function testProductCategoryDeletion(){
 
-		$this->logInWithPermission('Product_CANCRUD');
+        $this->logInWithPermission('Product_CANCRUD');
 
-		$category = $this->objFromFixture('ProductCategory', 'default');
-		$category->write();
+        $category = $this->objFromFixture('ProductCategory', 'default');
+        $category->write();
 
-		$this->assertFalse($category->canDelete());
+        $this->assertFalse($category->canDelete());
 
-		$category2 = $this->objFromFixture('ProductCategory', 'apparel');
-		$category2->write();
-		$category2ID = $category2->ID;
+        $category2 = $this->objFromFixture('ProductCategory', 'apparel');
+        $category2->write();
+        $category2ID = $category2->ID;
 
-		$this->assertTrue($category2->canDelete());
+        $this->assertTrue($category2->canDelete());
 
-		$this->logOut();
+        $this->logOut();
 
-		$this->logInWithPermission('ADMIN');
+        $this->logInWithPermission('ADMIN');
 
-		$this->assertFalse($category->canDelete());
-		$this->assertTrue($category2->canDelete());
+        $this->assertFalse($category->canDelete());
+        $this->assertTrue($category2->canDelete());
 
-		$this->logOut();
-		$this->logInWithPermission('Product_CANCRUD');
+        $this->logOut();
+        $this->logInWithPermission('Product_CANCRUD');
 
-		$category2->delete();
+        $category2->delete();
 
-		$this->assertFalse(in_array($category2ID,ProductCategory::get()->column('ID')));
+        $this->assertFalse(in_array($category2ID,ProductCategory::get()->column('ID')));
 
-	}
+    }
 
-	function testOptionGroupCreation(){
+    function testOptionGroupCreation(){
 
-		$this->logInWithPermission('Product_CANCRUD');
+        $this->logInWithPermission('Product_CANCRUD');
 
-		$group = $this->objFromFixture('OptionGroup', 'size');
-		$group->write();
+        $group = $this->objFromFixture('OptionGroup', 'size');
+        $group->write();
 
-		$this->assertNotNull(OptionGroup::get()->first());
+        $this->assertNotNull(OptionGroup::get()->first());
 
-	}
+    }
 
-	function testOptionGroupDeletion(){
+    function testOptionGroupDeletion(){
 
-		$this->logInWithPermission('ADMIN');
-		$group = $this->objFromFixture('OptionGroup', 'color');
-		$group->write();
-		$groupID = $group->ID;
+        $this->logInWithPermission('ADMIN');
+        $group = $this->objFromFixture('OptionGroup', 'color');
+        $group->write();
+        $groupID = $group->ID;
 
-		$this->assertTrue($group->canDelete());
+        $this->assertTrue($group->canDelete());
 
-		$this->logOut();
-		$this->logInWithPermission('Product_CANCRUD');
+        $this->logOut();
+        $this->logInWithPermission('Product_CANCRUD');
 
-		$this->assertTrue($group->canDelete());
-		$group->delete();
+        $this->assertTrue($group->canDelete());
+        $group->delete();
 
-		$this->assertFalse(in_array($groupID, OptionGroup::get()->column('ID')));
+        $this->assertFalse(in_array($groupID, OptionGroup::get()->column('ID')));
 
-	}
+    }
 
-	function testOptionItemCreation(){
+    function testOptionItemCreation(){
 
-		$this->logInWithPermission('Product_CANCRUD');
+        $this->logInWithPermission('Product_CANCRUD');
 
-		$optionGroup = OptionGroup::get()->filter(array('Title' => 'Sample-Group'))->first();
+        $optionGroup = OptionGroup::get()->filter(array('Title' => 'Sample-Group'))->first();
 
-		$option = $this->objFromFixture('OptionItem', 'large');
-		$option->ProductOptionGroupID = $optionGroup->ID;
-		$option->write();
+        $option = $this->objFromFixture('OptionItem', 'large');
+        $option->ProductOptionGroupID = $optionGroup->ID;
+        $option->write();
 
-		$optionID = $option->ID;
+        $optionID = $option->ID;
 
-		$optionItem = OptionItem::get()->filter(array('ProductOptionGroupID' => $optionGroup->ID))->first();
+        $optionItem = OptionItem::get()->filter(array('ProductOptionGroupID' => $optionGroup->ID))->first();
 
-		$this->assertEquals($optionID, $optionItem->ID);
+        $this->assertEquals($optionID, $optionItem->ID);
 
-	}
+    }
 
-	function testOptionItemDeletion(){
+    function testOptionItemDeletion(){
 
-		$this->logInWithPermission('ADMIN');
+        $this->logInWithPermission('ADMIN');
 
-		$optionGroup = $this->objFromFixture('OptionGroup', 'size');
-		$optionGroup->write();
+        $optionGroup = $this->objFromFixture('OptionGroup', 'size');
+        $optionGroup->write();
 
-		$option = $this->objFromFixture('OptionItem', 'small');
-		$option->write();
+        $option = $this->objFromFixture('OptionItem', 'small');
+        $option->write();
 
-		$optionID = $option->ID;
+        $optionID = $option->ID;
 
-		$this->assertTrue($option->canDelete());
+        $this->assertTrue($option->canDelete());
 
-		$this->logOut();
-		$this->logInWithPermission('Product_CANCRUD');
+        $this->logOut();
+        $this->logInWithPermission('Product_CANCRUD');
 
-		$this->assertTrue($option->canDelete());
-		$option->delete();
+        $this->assertTrue($option->canDelete());
+        $option->delete();
 
-		$this->assertFalse(in_array($optionID, OptionItem::get()->column('ID')));
+        $this->assertFalse(in_array($optionID, OptionItem::get()->column('ID')));
 
-	}
+    }
 
-	public function testProductDraftOptionDeletion(){
+    public function testProductDraftOptionDeletion(){
 
-		self::$use_draft_site = false;//make sure we can publish
+        self::$use_draft_site = false;//make sure we can publish
 
-		$this->logInWithPermission('ADMIN');
+        $this->logInWithPermission('ADMIN');
 
-		$holder = $this->objFromFixture('ProductHolder', 'default');//build holder page, ProductPage can't be on root level
-		$holder->doPublish();
+        $holder = $this->objFromFixture('ProductHolder', 'default');//build holder page, ProductPage can't be on root level
+        $holder->doPublish();
 
-		$product = $this->objFromFixture('ProductPage', 'product1');//build product page
-		$product->doPublish();
+        $product = $this->objFromFixture('ProductPage', 'product1');//build product page
+        $product->doPublish();
 
-		$productID = $product->ID;
+        $productID = $product->ID;
 
 
-		$optionGroup = $this->objFromFixture('OptionGroup', 'size');//build the group for the options
-		$optionGroup->write();
-		$option = $this->objFromFixture('OptionItem', 'small');//build first option
-		$option->write();
-		$option2 = $this->objFromFixture('OptionItem', 'large');//build second option
-		$option2->write();
+        $optionGroup = $this->objFromFixture('OptionGroup', 'size');//build the group for the options
+        $optionGroup->write();
+        $option = $this->objFromFixture('OptionItem', 'small');//build first option
+        $option->write();
+        $option2 = $this->objFromFixture('OptionItem', 'large');//build second option
+        $option2->write();
 
-		$this->assertTrue($product->isPublished());//check that product is published
+        $this->assertTrue($product->isPublished());//check that product is published
 
-		$product->deleteFromStage('Stage');//remove product from draft site
+        $product->deleteFromStage('Stage');//remove product from draft site
 
-		$this->assertTrue($product->isPublished());//check product is still published
+        $this->assertTrue($product->isPublished());//check product is still published
 
-		$testOption = $this->objFromFixture('OptionItem', 'large');
+        $testOption = $this->objFromFixture('OptionItem', 'large');
 
-		$this->assertThat($testOption->ID, $this->logicalNot($this->equalTo(0)));//make sure the first option still exists
+        $this->assertThat($testOption->ID, $this->logicalNot($this->equalTo(0)));//make sure the first option still exists
 
-		$product->doRestoreToStage();//restore page to draft site
-		$product->doUnpublish();//unpublish page
-		$product->deleteFromStage('Stage');//remove product from draft site
+        $product->doRestoreToStage();//restore page to draft site
+        $product->doUnpublish();//unpublish page
+        $product->deleteFromStage('Stage');//remove product from draft site
 
-		$checkDeleted = OptionItem::get()->filter(array('Title' => 'Large', 'ProductID' => $productID))->first();//query same option as above
+        $checkDeleted = OptionItem::get()->filter(array('Title' => 'Large', 'ProductID' => $productID))->first();//query same option as above
 
-		$this->assertEquals($checkDeleted->ID, 0);//check that the ID is 0 (empty object/non-existent)
-	}
+        $this->assertEquals($checkDeleted->ID, 0);//check that the ID is 0 (empty object/non-existent)
+    }
 }
\ No newline at end of file