dynamic / foxystripe

code/admin/OrderAdmin.php

Indentation +5 added lines, -5 removed lines

@@ -2,13 +2,13 @@
 
 class OrderAdmin extends ModelAdmin {
 
-	public static $managed_models = array(
-		'Order'
-	);
+    public static $managed_models = array(
+        'Order'
+    );
 	
-	static $url_segment = 'orders';
+    static $url_segment = 'orders';
 	
-	static $menu_title = 'Orders';
+    static $menu_title = 'Orders';
 
     public function getEditForm($id = null, $fields = null) {
         $form = parent::getEditForm($id, $fields);

code/model/foxycart.cart_validation.php

Indentation +310 added lines, -310 removed lines

@@ -14,315 +14,315 @@
  *   - Empty textareas are assumed to be "open"
  */
 class FoxyCart_Helper {
-	/**
-	 * API Key (Secret)
-	 *
-	 * @var string
-	 **/
-	private static $secret;
-
-	/**
-	 * Cart URL
-	 *
-	 * @var string
-	 * Notes: Could be 'https://yourdomain.foxycart.com/cart' or 'https://secure.yourdomain.com/cart'
-	 **/
-	// protected static $cart_url = 'https://yourdomain.foxycart.com/cart';
-	protected static $cart_url;
-
-	public static function setCartURL($storeName = null){
-		self::$cart_url = 'https://'.$storeName.'.faxycart.com/cart';
-	}
-
-	public static function setSecret($secret = null){
-		self::$secret = $secret;
-	}
-
-	public function __construct(){
-		self::setCartURL(FoxyCart::getFoxyCartStoreName());
-		self::setSecret(FoxyCart::getStoreKey());
-	}
-
-	public static function getSecret(){
-		return FoxyCart::getStoreKey();
-	}
-
-
-	/**
-	 * Cart Excludes
-	 *
-	 * Arrays of values and prefixes that should be ignored when signing links and forms.
-	 * @var array
-	 */
-	protected static $cart_excludes = array(
-		// Cart values
-		'cart', 'fcsid', 'empty', 'coupon', 'output', 'sub_token', 'redirect', 'callback', '_',
-		// Checkout pre-population values
-		'customer_email', 'customer_first_name', 'customer_last_name', 'customer_address1', 'customer_address2',
-		'customer_city', 'customer_state', 'customer_postal_code', 'customer_country', 'customer_phone', 'customer_company',
-		'shipping_first_name', 'shipping_last_name', 'shipping_address1', 'shipping_address2',
-		'shipping_city', 'shipping_state', 'shipping_postal_code', 'shipping_country', 'shipping_phone', 'shipping_company',
-	);
-	protected static $cart_excludes_prefixes = array(
-		'h:', 'x:', '__',
-	);
-
-	/**
-	 * Debugging
-	 *
-	 * Set to $debug to TRUE to enable debug logging.
-	 *
-	 */
-	protected static $debug = FALSE;
-	protected static $log = array();
-
-
-	/**
-	 * "Link Method": Generate HMAC SHA256 for GET Query Strings
-	 *
-	 * Notes: Can't parse_str because PHP doesn't support non-alphanumeric characters as array keys.
-	 * @return string
-	 **/
-	public static function fc_hash_querystring($qs, $output = TRUE) {
-		self::$log[] = '<strong>Signing link</strong> with data: '.htmlspecialchars(substr($qs, 0, 150)).'...';
-		$fail = self::$cart_url.'?'.$qs;
-
-		// If the link appears to be hashed already, don't bother
-		if (strpos($qs, '||')) {
-			self::$log[] = '<strong>Link appears to be signed already</strong>: '.htmlspecialchars($code[0]);
-			return $fail;
-		}
-
-		// Stick an ampersand on the beginning of the querystring to make matching the first element a little easier
-		$qs = '&'.urldecode($qs);
-
-		// Get all the prefixes, codes, and name=value pairs
-		preg_match_all('%(?P<amp>&(?:amp;)?)(?P<prefix>[a-z0-9]{1,3}:)?(?P<name>[^=]+)=(?P<value>[^&]+)%', $qs, $pairs, PREG_SET_ORDER);
-		self::$log[] = 'Found the following pairs to sign:<pre>'.htmlspecialchars(print_r($pairs, true)).'</pre>';
-
-		// Get all the "code" values, set the matches in $codes
-		$codes = array();
-		foreach ($pairs as $pair) {
-			if ($pair['name'] == 'code') {
-				$codes[$pair['prefix']] = $pair['value'];
-			}
-		}
-		if ( ! count($codes)) {
-			self::$log[] = '<strong style="color:#600;">No code found</strong> for the above link.';
-			return $fail;
-		}
-		self::$log[] = '<strong style="color:orange;">CODES found:</strong> '.htmlspecialchars(print_r($codes, true));
-
-		// Sign the name/value pairs
-		foreach ($pairs as $pair) {
-			// Skip the cart excludes
-			if (in_array($pair['name'], self::$cart_excludes) || in_array($pair['prefix'], self::$cart_excludes_prefixes)) {
-				self::$log[] = '<strong style="color:purple;">Skipping</strong> the reserved parameter or prefix "'.$pair['prefix'].$pair['name'].'" = '.$pair['value'];
-				continue;
-			}
-
-			// Continue to sign the value and replace the name=value in the querystring with name=value||hash
-			$value = self::fc_hash_value($codes[$pair['prefix']], $pair['name'], $pair['value'], 'value', FALSE, 'urlencode');
-			$replacement = $pair['amp'].$pair['prefix'].urlencode($pair['name']).'='.$value;
-			$qs = str_replace($pair[0], $replacement, $qs);
-			self::$log[] = 'Signed <strong>'.$pair['name'].'</strong> = <strong>'.$pair['value'].'</strong> with '.$replacement.'.<br />Replacing: '.$pair[0].'<br />With... '.$replacement;
-		}
-		$qs = ltrim($qs, '&'); // Get rid of that leading ampersand we added earlier
-
-		if ($output) {
-			echo self::$cart_url.'?'.$qs;
-		} else {
-			return self::$cart_url.'?'.$qs;
-		}
-	}
-
-
-	/**
-	 * "Form Method": Generate HMAC SHA256 for form elements or individual <input />s
-	 *
-	 * @return string
-	 **/
-	public static function fc_hash_value($product_code, $option_name, $option_value = '', $method = 'name', $output = TRUE, $urlencode = false) {
-		if (!$product_code || !$option_name) {
-			return FALSE;
-		}
-		if ($option_value == '--OPEN--') {
-			$hash = hash_hmac('sha256', $product_code.$option_name.$option_value, self::getSecret());
-			$value = ($urlencode) ? urlencode($option_name).'||'.$hash.'||open' : $option_name.'||'.$hash.'||open';
-		} else {
-			$hash = hash_hmac('sha256', $product_code.$option_name.$option_value, self::getSecret());
-			if ($method == 'name') {
-				$value = ($urlencode) ? urlencode($option_name).'||'.$hash : $option_name.'||'.$hash;
-			} else {
-				$value = ($urlencode) ? urlencode($option_value).'||'.$hash : $option_value.'||'.$hash;
-			}
-		}
-
-		if ($output) {
-			echo $value;
-		} else {
-			return $value;
-		}
-	}
-
-	/**
-	 * Raw HTML Signing: Sign all links and form elements in a block of HTML
-	 *
-	 * Accepts a string of HTML and signs all links and forms.
-	 * Requires link 'href' and form 'action' attributes to use 'https' and not 'http'.
-	 * Requires a 'code' to be set in every form.
-	 *
-	 * @return string
-	 **/
-	public static function fc_hash_html($html) {
-		// Initialize some counting
-		$count['temp'] = 0; // temp counter
-		$count['links'] = 0;
-		$count['forms'] = 0;
-		$count['inputs'] = 0;
-		$count['lists'] = 0;
-		$count['textareas'] = 0;
-
-		// Find and sign all the links
-		preg_match_all('%<a .*?href=[\'"]'.preg_quote(self::$cart_url).'(?:\.php)?\?(.+?)[\'"].*?>%i', $html, $querystrings);
-		// print_r($querystrings);
-		foreach ($querystrings[1] as $querystring) {
-			// If it's already signed, skip it.
-			if (preg_match('%&(?:amp;)?hash=%i', $querystring)) {
-				continue;
-			}
-			$pattern = '%(href=[\'"])'.preg_quote(self::$cart_url, '%').'(?:\.php)?\?'.preg_quote($querystring, '%').'([\'"])%i';
-			$signed = self::fc_hash_querystring($querystring, FALSE);
-			$html = preg_replace($pattern, '$1'.$signed.'$2', $html, -1, $count['temp']);
-			$count['links'] += $count['temp'];
-		}
-		unset($querystrings);
-
-		// Find and sign all form values
-		preg_match_all('%<form [^>]*?action=[\'"]'.preg_quote(self::$cart_url).'?[\'"].*?>(.+?)</form>%is', $html, $forms);
-		foreach ($forms[1] as $form) {
-			$count['forms']++;
-			self::$log[] = '<strong>Signing form</strong> with data: '.htmlspecialchars(substr($form, 0, 150)).'...';
-
-			// Store the original form so we can replace it when we're done
-			$form_original = $form;
-
-			// Check for the "code" input, set the matches in $codes
-			if (!preg_match_all('%<[^>]*?name=([\'"])([0-9]{1,3}:)?code\1[^>]*?>%i', $form, $codes, PREG_SET_ORDER)) {
-				self::$log[] = '<strong style="color:#600;">No code found</strong> for the above form.';
-				continue;
-			}
-			// For each code found, sign the appropriate inputs
-			foreach ($codes as $code) {
-				// If the form appears to be hashed already, don't bother
-				if (strpos($code[0], '||')) {
-					self::$log[] = '<strong>Form appears to be signed already</strong>: '.htmlspecialchars($code[0]);
-					continue;
-				}
-				// Get the code and the prefix
-				$prefix = (isset($code[2])) ? $code[2] : '';
-				preg_match('%<[^>]*?value=([\'"])(.+?)\1[^>]*?>%i', $code[0], $code);
-				$code = trim($code[2]);
-				self::$log[] = '<strong>Prefix for '.htmlspecialchars($code).'</strong>: '.htmlspecialchars($prefix);
-				if (!$code) { // If the code is empty, skip this form or specific prefixed elements
-					continue;
-				}
-
-				// Sign all <input /> elements with matching prefix
-				preg_match_all('%<input [^>]*?name=([\'"])'.preg_quote($prefix).'(?![0-9]{1,3})(?:.+?)\1[^>]*>%i', $form, $inputs);
-				foreach ($inputs[0] as $input) {
-					$count['inputs']++;
-					// Test to make sure both name and value attributes are found
-					if (preg_match('%name=([\'"])'.preg_quote($prefix).'(?![0-9]{1,3})(.+?)\1%i', $input, $name) > 0) {
-						preg_match('%value=([\'"])(.*?)\1%i', $input, $value);
-						$value = (count($value) > 0) ? $value : array('', '', '');
-						preg_match('%type=([\'"])(.*?)\1%i', $input, $type);
-						$type = (count($type) > 0) ? $type : array('', '', '');
-						// Skip the cart excludes
-						if (in_array($prefix.$name[2], self::$cart_excludes) || in_array(substr($prefix.$name[2], 0, 2), self::$cart_excludes_prefixes)) {
-							self::$log[] = '<strong style="color:purple;">Skipping</strong> the reserved parameter or prefix "'.$prefix.$name[2].'" = '.$value[2];
-							continue;
-						}
-						self::$log[] = '<strong>INPUT['.$type[2].']:</strong> Name: <strong>'.$prefix.htmlspecialchars(preg_quote($name[2])).'</strong>';
-						self::$log[] = '<strong>Replacement Pattern:</strong> ([\'"])'.$prefix.preg_quote($name[2]).'\1';
-						$value[2] = ($value[2] == '') ? '--OPEN--' : $value[2];
-						if ($type[2] == 'radio') {
-							$input_signed = preg_replace('%([\'"])'.preg_quote($value[2]).'\1%', '${1}'.self::fc_hash_value($code, $name[2], $value[2], 'value', FALSE)."$1", $input);
-						} else {
-							$input_signed = preg_replace('%([\'"])'.$prefix.preg_quote($name[2]).'\1%', '${1}'.$prefix.self::fc_hash_value($code, $name[2], $value[2], 'name', FALSE)."$1", $input);
-						}
-						self::$log[] = '<strong>INPUT:</strong> Code: <strong>'.htmlspecialchars($prefix.$code).
-						               '</strong> :: Name: <strong>'.htmlspecialchars($prefix.$name[2]).
-						               '</strong> :: Value: <strong>'.htmlspecialchars($value[2]).
-						               '</strong><br />Initial input: '.htmlspecialchars($input).
-						               '<br />Signed: <span style="color:#060;">'.htmlspecialchars($input_signed).'</span>';
-						$form = str_replace($input, $input_signed, $form);
-					}
-				}
-				self::$log[] = '<strong>FORM after INPUTS:</strong> <pre>'.htmlspecialchars($form).'</pre>';
-
-				// Sign all <option /> elements
-				preg_match_all('%<select [^>]*name=([\'"])'.preg_quote($prefix).'(?![0-9]{1,3})(.+?)\1[^>]*>(.+?)</select>%is', $form, $lists, PREG_SET_ORDER);
-				foreach ($lists as $list) {
-					$count['lists']++;
-					preg_match_all('%<option [^>]*value=([\'"])(.+?)\1[^>]*>(?:.*?)</option>%i', $list[0], $options, PREG_SET_ORDER);
-					self::$log[] = '<strong>Options:</strong> <pre>'.htmlspecialchars(print_r($options, true)).'</pre>';
-					unset( $form_part_signed );
-					foreach ($options as $option) {
-						if( !isset($form_part_signed) ) $form_part_signed = $list[0];
-						$option_signed = preg_replace(
-							'%'.preg_quote($option[1]).preg_quote($option[2]).preg_quote($option[1]).'%',
-							$option[1].self::fc_hash_value($code, $list[2], $option[2], 'value', FALSE).$option[1],
-							$option[0]);
-						$form_part_signed = str_replace($option[0], $option_signed, $form_part_signed );
-						self::$log[] = '<strong>OPTION:</strong> Code: <strong>'.htmlspecialchars($prefix.$code).
-						               '</strong> :: Name: <strong>'.htmlspecialchars($prefix.$list[2]).
-						               '</strong> :: Value: <strong>'.htmlspecialchars($option[2]).
-						               '</strong><br />Initial option: '.htmlspecialchars($option[0]).
-						               '<br />Signed: <span style="color:#060;">'.htmlspecialchars($option_signed).'</span>';
-					}
-					$form = str_replace($list[0], $form_part_signed, $form);
-				}
-				self::$log[] = '<strong>FORM after OPTIONS:</strong> <pre>'.htmlspecialchars($form).'</pre>';
-
-				// Sign all <textarea /> elements
-				preg_match_all('%<textarea [^>]*name=([\'"])'.preg_quote($prefix).'(?![0-9]{1,3})(.+?)\1[^>]*>(.*?)</textarea>%is', $form, $textareas, PREG_SET_ORDER);
-				// echo "\n\nTextareas: ".print_r($textareas, true);
-				foreach ($textareas as $textarea) {
-					$count['textareas']++;
-					// Tackle implied "--OPEN--" first, if textarea is empty
-					$textarea[3] = ($textarea[3] == '') ? '--OPEN--' : $textarea[3];
-					$textarea_signed = preg_replace('%([\'"])'.preg_quote($prefix.$textarea[2]).'\1%', "$1".self::fc_hash_value($code, $textarea[2], $textarea[3], 'name', FALSE)."$1", $textarea[0]);
-					$form = str_replace($textarea[0], $textarea_signed, $form);
-					self::$log[] = '<strong>TEXTAREA:</strong> Code: <strong>'.htmlspecialchars($prefix.$code).
-					               '</strong> :: Name: <strong>'.htmlspecialchars($prefix.$textarea[2]).
-					               '</strong> :: Value: <strong>'.htmlspecialchars($textarea[3]).
-					               '</strong><br />Initial textarea: '.htmlspecialchars($textarea[0]).
-					               '<br />Signed: <span style="color:#060;">'.htmlspecialchars($textarea_signed).'</span>';
-				}
-				self::$log[] = '<strong>FORM after TEXTAREAS:</strong> <pre>'.htmlspecialchars($form).'</pre>';
-
-				// Exclude all <button> elements
-				$form = preg_replace('%<button ([^>]*)name=([\'"])(.*?)\1([^>]*>.*?</button>)%i', "<button $1name=$2x:$3$4", $form);
-
-			}
-			// Replace the entire form
-			self::$log[] = '<strong>FORM after ALL:</strong> <pre>'.htmlspecialchars($form).'</pre>'.'replacing <pre>'.htmlspecialchars($form_original).'</pre>';
-			$html = str_replace($form_original, $form, $html);
-			self::$log[] = '<strong>FORM end</strong><hr />';
-		}
-
-		// Return the signed output
-		$output = '';
-		if (self::$debug) {
-			self::$log['Summary'] = $count['links'].' links signed. '.$count['forms'].' forms signed. '.$count['inputs'].' inputs signed. '.$count['lists'].' lists signed. '.$count['textareas'].' textareas signed.';
-			$output .= '<h3>FoxyCart HMAC Debugging:</h3><ul>';
-			foreach (self::$log as $name => $value) {
-				$output .= '<li><strong>'.$name.':</strong> '.$value.'</li>';
-			}
-			$output .= '</ul><hr />';
-		}
-		return $output.$html;
-	}
+    /**
+     * API Key (Secret)
+     *
+     * @var string
+     **/
+    private static $secret;
+
+    /**
+     * Cart URL
+     *
+     * @var string
+     * Notes: Could be 'https://yourdomain.foxycart.com/cart' or 'https://secure.yourdomain.com/cart'
+     **/
+    // protected static $cart_url = 'https://yourdomain.foxycart.com/cart';
+    protected static $cart_url;
+
+    public static function setCartURL($storeName = null){
+        self::$cart_url = 'https://'.$storeName.'.faxycart.com/cart';
+    }
+
+    public static function setSecret($secret = null){
+        self::$secret = $secret;
+    }
+
+    public function __construct(){
+        self::setCartURL(FoxyCart::getFoxyCartStoreName());
+        self::setSecret(FoxyCart::getStoreKey());
+    }
+
+    public static function getSecret(){
+        return FoxyCart::getStoreKey();
+    }
+
+
+    /**
+     * Cart Excludes
+     *
+     * Arrays of values and prefixes that should be ignored when signing links and forms.
+     * @var array
+     */
+    protected static $cart_excludes = array(
+        // Cart values
+        'cart', 'fcsid', 'empty', 'coupon', 'output', 'sub_token', 'redirect', 'callback', '_',
+        // Checkout pre-population values
+        'customer_email', 'customer_first_name', 'customer_last_name', 'customer_address1', 'customer_address2',
+        'customer_city', 'customer_state', 'customer_postal_code', 'customer_country', 'customer_phone', 'customer_company',
+        'shipping_first_name', 'shipping_last_name', 'shipping_address1', 'shipping_address2',
+        'shipping_city', 'shipping_state', 'shipping_postal_code', 'shipping_country', 'shipping_phone', 'shipping_company',
+    );
+    protected static $cart_excludes_prefixes = array(
+        'h:', 'x:', '__',
+    );
+
+    /**
+     * Debugging
+     *
+     * Set to $debug to TRUE to enable debug logging.
+     *
+     */
+    protected static $debug = FALSE;
+    protected static $log = array();
+
+
+    /**
+     * "Link Method": Generate HMAC SHA256 for GET Query Strings
+     *
+     * Notes: Can't parse_str because PHP doesn't support non-alphanumeric characters as array keys.
+     * @return string
+     **/
+    public static function fc_hash_querystring($qs, $output = TRUE) {
+        self::$log[] = '<strong>Signing link</strong> with data: '.htmlspecialchars(substr($qs, 0, 150)).'...';
+        $fail = self::$cart_url.'?'.$qs;
+
+        // If the link appears to be hashed already, don't bother
+        if (strpos($qs, '||')) {
+            self::$log[] = '<strong>Link appears to be signed already</strong>: '.htmlspecialchars($code[0]);
+            return $fail;
+        }
+
+        // Stick an ampersand on the beginning of the querystring to make matching the first element a little easier
+        $qs = '&'.urldecode($qs);
+
+        // Get all the prefixes, codes, and name=value pairs
+        preg_match_all('%(?P<amp>&(?:amp;)?)(?P<prefix>[a-z0-9]{1,3}:)?(?P<name>[^=]+)=(?P<value>[^&]+)%', $qs, $pairs, PREG_SET_ORDER);
+        self::$log[] = 'Found the following pairs to sign:<pre>'.htmlspecialchars(print_r($pairs, true)).'</pre>';
+
+        // Get all the "code" values, set the matches in $codes
+        $codes = array();
+        foreach ($pairs as $pair) {
+            if ($pair['name'] == 'code') {
+                $codes[$pair['prefix']] = $pair['value'];
+            }
+        }
+        if ( ! count($codes)) {
+            self::$log[] = '<strong style="color:#600;">No code found</strong> for the above link.';
+            return $fail;
+        }
+        self::$log[] = '<strong style="color:orange;">CODES found:</strong> '.htmlspecialchars(print_r($codes, true));
+
+        // Sign the name/value pairs
+        foreach ($pairs as $pair) {
+            // Skip the cart excludes
+            if (in_array($pair['name'], self::$cart_excludes) || in_array($pair['prefix'], self::$cart_excludes_prefixes)) {
+                self::$log[] = '<strong style="color:purple;">Skipping</strong> the reserved parameter or prefix "'.$pair['prefix'].$pair['name'].'" = '.$pair['value'];
+                continue;
+            }
+
+            // Continue to sign the value and replace the name=value in the querystring with name=value||hash
+            $value = self::fc_hash_value($codes[$pair['prefix']], $pair['name'], $pair['value'], 'value', FALSE, 'urlencode');
+            $replacement = $pair['amp'].$pair['prefix'].urlencode($pair['name']).'='.$value;
+            $qs = str_replace($pair[0], $replacement, $qs);
+            self::$log[] = 'Signed <strong>'.$pair['name'].'</strong> = <strong>'.$pair['value'].'</strong> with '.$replacement.'.<br />Replacing: '.$pair[0].'<br />With... '.$replacement;
+        }
+        $qs = ltrim($qs, '&'); // Get rid of that leading ampersand we added earlier
+
+        if ($output) {
+            echo self::$cart_url.'?'.$qs;
+        } else {
+            return self::$cart_url.'?'.$qs;
+        }
+    }
+
+
+    /**
+     * "Form Method": Generate HMAC SHA256 for form elements or individual <input />s
+     *
+     * @return string
+     **/
+    public static function fc_hash_value($product_code, $option_name, $option_value = '', $method = 'name', $output = TRUE, $urlencode = false) {
+        if (!$product_code || !$option_name) {
+            return FALSE;
+        }
+        if ($option_value == '--OPEN--') {
+            $hash = hash_hmac('sha256', $product_code.$option_name.$option_value, self::getSecret());
+            $value = ($urlencode) ? urlencode($option_name).'||'.$hash.'||open' : $option_name.'||'.$hash.'||open';
+        } else {
+            $hash = hash_hmac('sha256', $product_code.$option_name.$option_value, self::getSecret());
+            if ($method == 'name') {
+                $value = ($urlencode) ? urlencode($option_name).'||'.$hash : $option_name.'||'.$hash;
+            } else {
+                $value = ($urlencode) ? urlencode($option_value).'||'.$hash : $option_value.'||'.$hash;
+            }
+        }
+
+        if ($output) {
+            echo $value;
+        } else {
+            return $value;
+        }
+    }
+
+    /**
+     * Raw HTML Signing: Sign all links and form elements in a block of HTML
+     *
+     * Accepts a string of HTML and signs all links and forms.
+     * Requires link 'href' and form 'action' attributes to use 'https' and not 'http'.
+     * Requires a 'code' to be set in every form.
+     *
+     * @return string
+     **/
+    public static function fc_hash_html($html) {
+        // Initialize some counting
+        $count['temp'] = 0; // temp counter
+        $count['links'] = 0;
+        $count['forms'] = 0;
+        $count['inputs'] = 0;
+        $count['lists'] = 0;
+        $count['textareas'] = 0;
+
+        // Find and sign all the links
+        preg_match_all('%<a .*?href=[\'"]'.preg_quote(self::$cart_url).'(?:\.php)?\?(.+?)[\'"].*?>%i', $html, $querystrings);
+        // print_r($querystrings);
+        foreach ($querystrings[1] as $querystring) {
+            // If it's already signed, skip it.
+            if (preg_match('%&(?:amp;)?hash=%i', $querystring)) {
+                continue;
+            }
+            $pattern = '%(href=[\'"])'.preg_quote(self::$cart_url, '%').'(?:\.php)?\?'.preg_quote($querystring, '%').'([\'"])%i';
+            $signed = self::fc_hash_querystring($querystring, FALSE);
+            $html = preg_replace($pattern, '$1'.$signed.'$2', $html, -1, $count['temp']);
+            $count['links'] += $count['temp'];
+        }
+        unset($querystrings);
+
+        // Find and sign all form values
+        preg_match_all('%<form [^>]*?action=[\'"]'.preg_quote(self::$cart_url).'?[\'"].*?>(.+?)</form>%is', $html, $forms);
+        foreach ($forms[1] as $form) {
+            $count['forms']++;
+            self::$log[] = '<strong>Signing form</strong> with data: '.htmlspecialchars(substr($form, 0, 150)).'...';
+
+            // Store the original form so we can replace it when we're done
+            $form_original = $form;
+
+            // Check for the "code" input, set the matches in $codes
+            if (!preg_match_all('%<[^>]*?name=([\'"])([0-9]{1,3}:)?code\1[^>]*?>%i', $form, $codes, PREG_SET_ORDER)) {
+                self::$log[] = '<strong style="color:#600;">No code found</strong> for the above form.';
+                continue;
+            }
+            // For each code found, sign the appropriate inputs
+            foreach ($codes as $code) {
+                // If the form appears to be hashed already, don't bother
+                if (strpos($code[0], '||')) {
+                    self::$log[] = '<strong>Form appears to be signed already</strong>: '.htmlspecialchars($code[0]);
+                    continue;
+                }
+                // Get the code and the prefix
+                $prefix = (isset($code[2])) ? $code[2] : '';
+                preg_match('%<[^>]*?value=([\'"])(.+?)\1[^>]*?>%i', $code[0], $code);
+                $code = trim($code[2]);
+                self::$log[] = '<strong>Prefix for '.htmlspecialchars($code).'</strong>: '.htmlspecialchars($prefix);
+                if (!$code) { // If the code is empty, skip this form or specific prefixed elements
+                    continue;
+                }
+
+                // Sign all <input /> elements with matching prefix
+                preg_match_all('%<input [^>]*?name=([\'"])'.preg_quote($prefix).'(?![0-9]{1,3})(?:.+?)\1[^>]*>%i', $form, $inputs);
+                foreach ($inputs[0] as $input) {
+                    $count['inputs']++;
+                    // Test to make sure both name and value attributes are found
+                    if (preg_match('%name=([\'"])'.preg_quote($prefix).'(?![0-9]{1,3})(.+?)\1%i', $input, $name) > 0) {
+                        preg_match('%value=([\'"])(.*?)\1%i', $input, $value);
+                        $value = (count($value) > 0) ? $value : array('', '', '');
+                        preg_match('%type=([\'"])(.*?)\1%i', $input, $type);
+                        $type = (count($type) > 0) ? $type : array('', '', '');
+                        // Skip the cart excludes
+                        if (in_array($prefix.$name[2], self::$cart_excludes) || in_array(substr($prefix.$name[2], 0, 2), self::$cart_excludes_prefixes)) {
+                            self::$log[] = '<strong style="color:purple;">Skipping</strong> the reserved parameter or prefix "'.$prefix.$name[2].'" = '.$value[2];
+                            continue;
+                        }
+                        self::$log[] = '<strong>INPUT['.$type[2].']:</strong> Name: <strong>'.$prefix.htmlspecialchars(preg_quote($name[2])).'</strong>';
+                        self::$log[] = '<strong>Replacement Pattern:</strong> ([\'"])'.$prefix.preg_quote($name[2]).'\1';
+                        $value[2] = ($value[2] == '') ? '--OPEN--' : $value[2];
+                        if ($type[2] == 'radio') {
+                            $input_signed = preg_replace('%([\'"])'.preg_quote($value[2]).'\1%', '${1}'.self::fc_hash_value($code, $name[2], $value[2], 'value', FALSE)."$1", $input);
+                        } else {
+                            $input_signed = preg_replace('%([\'"])'.$prefix.preg_quote($name[2]).'\1%', '${1}'.$prefix.self::fc_hash_value($code, $name[2], $value[2], 'name', FALSE)."$1", $input);
+                        }
+                        self::$log[] = '<strong>INPUT:</strong> Code: <strong>'.htmlspecialchars($prefix.$code).
+                                        '</strong> :: Name: <strong>'.htmlspecialchars($prefix.$name[2]).
+                                        '</strong> :: Value: <strong>'.htmlspecialchars($value[2]).
+                                        '</strong><br />Initial input: '.htmlspecialchars($input).
+                                        '<br />Signed: <span style="color:#060;">'.htmlspecialchars($input_signed).'</span>';
+                        $form = str_replace($input, $input_signed, $form);
+                    }
+                }
+                self::$log[] = '<strong>FORM after INPUTS:</strong> <pre>'.htmlspecialchars($form).'</pre>';
+
+                // Sign all <option /> elements
+                preg_match_all('%<select [^>]*name=([\'"])'.preg_quote($prefix).'(?![0-9]{1,3})(.+?)\1[^>]*>(.+?)</select>%is', $form, $lists, PREG_SET_ORDER);
+                foreach ($lists as $list) {
+                    $count['lists']++;
+                    preg_match_all('%<option [^>]*value=([\'"])(.+?)\1[^>]*>(?:.*?)</option>%i', $list[0], $options, PREG_SET_ORDER);
+                    self::$log[] = '<strong>Options:</strong> <pre>'.htmlspecialchars(print_r($options, true)).'</pre>';
+                    unset( $form_part_signed );
+                    foreach ($options as $option) {
+                        if( !isset($form_part_signed) ) $form_part_signed = $list[0];
+                        $option_signed = preg_replace(
+                            '%'.preg_quote($option[1]).preg_quote($option[2]).preg_quote($option[1]).'%',
+                            $option[1].self::fc_hash_value($code, $list[2], $option[2], 'value', FALSE).$option[1],
+                            $option[0]);
+                        $form_part_signed = str_replace($option[0], $option_signed, $form_part_signed );
+                        self::$log[] = '<strong>OPTION:</strong> Code: <strong>'.htmlspecialchars($prefix.$code).
+                                        '</strong> :: Name: <strong>'.htmlspecialchars($prefix.$list[2]).
+                                        '</strong> :: Value: <strong>'.htmlspecialchars($option[2]).
+                                        '</strong><br />Initial option: '.htmlspecialchars($option[0]).
+                                        '<br />Signed: <span style="color:#060;">'.htmlspecialchars($option_signed).'</span>';
+                    }
+                    $form = str_replace($list[0], $form_part_signed, $form);
+                }
+                self::$log[] = '<strong>FORM after OPTIONS:</strong> <pre>'.htmlspecialchars($form).'</pre>';
+
+                // Sign all <textarea /> elements
+                preg_match_all('%<textarea [^>]*name=([\'"])'.preg_quote($prefix).'(?![0-9]{1,3})(.+?)\1[^>]*>(.*?)</textarea>%is', $form, $textareas, PREG_SET_ORDER);
+                // echo "\n\nTextareas: ".print_r($textareas, true);
+                foreach ($textareas as $textarea) {
+                    $count['textareas']++;
+                    // Tackle implied "--OPEN--" first, if textarea is empty
+                    $textarea[3] = ($textarea[3] == '') ? '--OPEN--' : $textarea[3];
+                    $textarea_signed = preg_replace('%([\'"])'.preg_quote($prefix.$textarea[2]).'\1%', "$1".self::fc_hash_value($code, $textarea[2], $textarea[3], 'name', FALSE)."$1", $textarea[0]);
+                    $form = str_replace($textarea[0], $textarea_signed, $form);
+                    self::$log[] = '<strong>TEXTAREA:</strong> Code: <strong>'.htmlspecialchars($prefix.$code).
+                                    '</strong> :: Name: <strong>'.htmlspecialchars($prefix.$textarea[2]).
+                                    '</strong> :: Value: <strong>'.htmlspecialchars($textarea[3]).
+                                    '</strong><br />Initial textarea: '.htmlspecialchars($textarea[0]).
+                                    '<br />Signed: <span style="color:#060;">'.htmlspecialchars($textarea_signed).'</span>';
+                }
+                self::$log[] = '<strong>FORM after TEXTAREAS:</strong> <pre>'.htmlspecialchars($form).'</pre>';
+
+                // Exclude all <button> elements
+                $form = preg_replace('%<button ([^>]*)name=([\'"])(.*?)\1([^>]*>.*?</button>)%i', "<button $1name=$2x:$3$4", $form);
+
+            }
+            // Replace the entire form
+            self::$log[] = '<strong>FORM after ALL:</strong> <pre>'.htmlspecialchars($form).'</pre>'.'replacing <pre>'.htmlspecialchars($form_original).'</pre>';
+            $html = str_replace($form_original, $form, $html);
+            self::$log[] = '<strong>FORM end</strong><hr />';
+        }
+
+        // Return the signed output
+        $output = '';
+        if (self::$debug) {
+            self::$log['Summary'] = $count['links'].' links signed. '.$count['forms'].' forms signed. '.$count['inputs'].' inputs signed. '.$count['lists'].' lists signed. '.$count['textareas'].' textareas signed.';
+            $output .= '<h3>FoxyCart HMAC Debugging:</h3><ul>';
+            foreach (self::$log as $name => $value) {
+                $output .= '<li><strong>'.$name.':</strong> '.$value.'</li>';
+            }
+            $output .= '</ul><hr />';
+        }
+        return $output.$html;
+    }
 
 }
\ No newline at end of file

code/model/FoxyCart.php

Indentation +43 added lines, -43 removed lines

@@ -7,46 +7,46 @@ 
 
 class FoxyCart extends Object {
 
-	private static $keyPrefix = 'dYnm1c';
-
-	public static function setStoreKey($length = 54, $count = 0){
-		$charset = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'.strtotime('now');
-		$strLength = strlen($charset);
-		$str = '';
-		while($count < $length){
-			$str .= $charset[mt_rand(0, $strLength-1)];
-			$count++;
-		}
-		return self::getKeyPrefix().substr(base64_encode($str),0,$length);
-	}
-
-	public static function getStoreKey(){
-		$config = SiteConfig::current_site_config();
-		if($config->StoreKey){
-			return $config->StoreKey;
-		}
-		return null;
-	}
-
-	public static function store_name_warning(){
-		$warning = null;
-		if(self::getFoxyCartStoreName()===null){
-			$warning = 'Must define FoxyCart Store Name in your site settings in the cms';
-		}
-		return $warning;
-	}
-
-	public static function getFoxyCartStoreName(){
-		$config = SiteConfig::current_site_config();
-		if($config->StoreName){
-			return $config->StoreName;
-		}
-		return null;
-	}
-
-	public static function FormActionURL() {
-		return sprintf('https://%s.foxycart.com/cart', self::getFoxyCartStoreName() );
-	}
+    private static $keyPrefix = 'dYnm1c';
+
+    public static function setStoreKey($length = 54, $count = 0){
+        $charset = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'.strtotime('now');
+        $strLength = strlen($charset);
+        $str = '';
+        while($count < $length){
+            $str .= $charset[mt_rand(0, $strLength-1)];
+            $count++;
+        }
+        return self::getKeyPrefix().substr(base64_encode($str),0,$length);
+    }
+
+    public static function getStoreKey(){
+        $config = SiteConfig::current_site_config();
+        if($config->StoreKey){
+            return $config->StoreKey;
+        }
+        return null;
+    }
+
+    public static function store_name_warning(){
+        $warning = null;
+        if(self::getFoxyCartStoreName()===null){
+            $warning = 'Must define FoxyCart Store Name in your site settings in the cms';
+        }
+        return $warning;
+    }
+
+    public static function getFoxyCartStoreName(){
+        $config = SiteConfig::current_site_config();
+        if($config->StoreName){
+            return $config->StoreName;
+        }
+        return null;
+    }
+
+    public static function FormActionURL() {
+        return sprintf('https://%s.foxycart.com/cart', self::getFoxyCartStoreName() );
+    }
 
     /**
      * FoxyCart API v1.1 functions
@@ -112,8 +112,8 @@ 
         return self::getAPIRequest($foxyData);
     }
 
-	public static function getKeyPrefix(){
-		return self::$keyPrefix;
-	}
+    public static function getKeyPrefix(){
+        return self::$keyPrefix;
+    }
 
 }

code/objects/ProductImage.php

Indentation +29 added lines, -29 removed lines

@@ -7,25 +7,25 @@ 
 
 class ProductImage extends DataObject{
 
-	private static $db = array(
-		'Title' => 'Text',
-		'SortOrder' => 'Int'
-	);
+    private static $db = array(
+        'Title' => 'Text',
+        'SortOrder' => 'Int'
+    );
 
-	private static $has_one = array(
-		'Image' => 'Image',
-		'Parent' => 'SiteTree'
-	);
+    private static $has_one = array(
+        'Image' => 'Image',
+        'Parent' => 'SiteTree'
+    );
 
-	private static $default_sort = 'SortOrder';
+    private static $default_sort = 'SortOrder';
 
-	private static $summary_fields = array(
-		'Image.CMSThumbnail' => 'Image',
-		'Title' => 'Caption'
-	);
+    private static $summary_fields = array(
+        'Image.CMSThumbnail' => 'Image',
+        'Title' => 'Caption'
+    );
 
-	public function getCMSFields(){
-		$fields = FieldList::create(
+    public function getCMSFields(){
+        $fields = FieldList::create(
             TextField::create('Title')
                 ->setTitle(_t('ProductImage.Title', 'Product Image Title')),
             UploadField::create('Image')
@@ -34,25 +34,25 @@ 
                 ->setAllowedExtensions(array('jpg', 'jpeg', 'gif', 'png'))
         );
 
-		$this->extend('updateCMSFields', $fields);
+        $this->extend('updateCMSFields', $fields);
 
         return $fields;
-	}
+    }
 
-	public function canView($member = false) {
-		return true;
-	}
+    public function canView($member = false) {
+        return true;
+    }
 
-	public function canEdit($member = null) {
-		return Permission::check('Product_CANCRUD');
-	}
+    public function canEdit($member = null) {
+        return Permission::check('Product_CANCRUD');
+    }
 
-	public function canDelete($member = null) {
-		return Permission::check('Product_CANCRUD');
-	}
+    public function canDelete($member = null) {
+        return Permission::check('Product_CANCRUD');
+    }
 
-	public function canCreate($member = null) {
-		return Permission::check('Product_CANCRUD');
-	}
+    public function canCreate($member = null) {
+        return Permission::check('Product_CANCRUD');
+    }
 
 }

code/objects/ProductCategory.php

Indentation +37 added lines, -37 removed lines

@@ -8,9 +8,9 @@ 
 class ProductCategory extends DataObject {
 
     private static $db = array(
-		'Title' => 'Varchar(255)',
-		'Code' => 'Varchar(50)'
-	);
+        'Title' => 'Varchar(255)',
+        'Code' => 'Varchar(50)'
+    );
 
     private static $singular_name = 'FoxyCart Category';
     private static $plural_name = 'FoxyCart Categories';
@@ -21,13 +21,13 @@ 
         'Code' => 'Code'
     );
 
-	private static $indexes = array(
-		'Code' => true
-	);
+    private static $indexes = array(
+        'Code' => true
+    );
 
     public function getCMSFields() {
 
-		$fields = FieldList::create(
+        $fields = FieldList::create(
             LiteralField::create(
                 'PCIntro',
                 _t(
@@ -50,35 +50,35 @@ 
         $this->extend('updateCMSFields', $fields);
 
         return $fields;
-	}
-
-	public function requireDefaultRecords() {
-		parent::requireDefaultRecords();
-		$allCats = DataObject::get('ProductCategory');
-		if(!$allCats->count()){
-			$cat = new ProductCategory();
-			$cat->Title = 'Default';
-			$cat->Code = 'DEFAULT';
-			$cat->write();
-		}
-	}
-
-	public function canView($member = false) {
-		return true;
-	}
-
-	public function canEdit($member = null) {
-		return Permission::check('Product_CANCRUD');
-	}
-
-	public function canDelete($member = null) {
-
-		//don't allow deletion of DEFAULT category
-		return ($this->Code == 'DEFAULT') ? false : Permission::check('Product_CANCRUD');
-	}
-
-	public function canCreate($member = null) {
-		return Permission::check('Product_CANCRUD');
-	}
+    }
+
+    public function requireDefaultRecords() {
+        parent::requireDefaultRecords();
+        $allCats = DataObject::get('ProductCategory');
+        if(!$allCats->count()){
+            $cat = new ProductCategory();
+            $cat->Title = 'Default';
+            $cat->Code = 'DEFAULT';
+            $cat->write();
+        }
+    }
+
+    public function canView($member = false) {
+        return true;
+    }
+
+    public function canEdit($member = null) {
+        return Permission::check('Product_CANCRUD');
+    }
+
+    public function canDelete($member = null) {
+
+        //don't allow deletion of DEFAULT category
+        return ($this->Code == 'DEFAULT') ? false : Permission::check('Product_CANCRUD');
+    }
+
+    public function canCreate($member = null) {
+        return Permission::check('Product_CANCRUD');
+    }
 
 }

code/form/FoxyStripeDropdownField.php

Indentation +33 added lines, -33 removed lines

@@ -50,39 +50,39 @@
  */
 class FoxyStripeDropdownField extends DropdownField{
 
-	/**
-	 * Mark certain elements as disabled,
-	 * regardless of the {@link setDisabled()} settings.
-	 *
-	 * @param array $items Collection of array keys, as defined in the $source array
-	 */
-	public function setDisabledItems($items){
-		$controller = Controller::curr();
-		$code = $controller->data()->Code;
-		$updated = [];
-		if(is_array($items) && !empty($items)){
-			foreach($items as $item){
-				array_push($updated, ProductPage::getGeneratedValue($code, $this->getName(), $item, 'value'));
-			}
-		}
-		$this->disabledItems = $updated;
-		return $this;
-	}
+    /**
+     * Mark certain elements as disabled,
+     * regardless of the {@link setDisabled()} settings.
+     *
+     * @param array $items Collection of array keys, as defined in the $source array
+     */
+    public function setDisabledItems($items){
+        $controller = Controller::curr();
+        $code = $controller->data()->Code;
+        $updated = [];
+        if(is_array($items) && !empty($items)){
+            foreach($items as $item){
+                array_push($updated, ProductPage::getGeneratedValue($code, $this->getName(), $item, 'value'));
+            }
+        }
+        $this->disabledItems = $updated;
+        return $this;
+    }
 
-	/**
-	 * @param array $source
-	 */
-	public function setSource($source) {
-		$controller = Controller::curr();
-		$code = $controller->data()->Code;
-		$updated = [];
-		if(is_array($source) && !empty($source)){
-			foreach($source as $key => $val){
-				$updated[ProductPage::getGeneratedValue($code, $this->getName(), $key, 'value')] = $val;
-			}
-		}
-		$this->source = $updated;
-		return $this;
-	}
+    /**
+     * @param array $source
+     */
+    public function setSource($source) {
+        $controller = Controller::curr();
+        $code = $controller->data()->Code;
+        $updated = [];
+        if(is_array($source) && !empty($source)){
+            foreach($source as $key => $val){
+                $updated[ProductPage::getGeneratedValue($code, $this->getName(), $key, 'value')] = $val;
+            }
+        }
+        $this->source = $updated;
+        return $this;
+    }
 
 }

code/controllers/FoxyStripe_Controller.php

Indentation +23 added lines, -23 removed lines

@@ -2,37 +2,37 @@ 
 
 class FoxyStripe_Controller extends Page_Controller {
 	
-	const URLSegment = 'foxystripe';
+    const URLSegment = 'foxystripe';
 
-	public function getURLSegment() {
-		return self::URLSegment;
-	}
+    public function getURLSegment() {
+        return self::URLSegment;
+    }
 	
-	static $allowed_actions = array(
-		'index',
+    static $allowed_actions = array(
+        'index',
         'sso'
-	);
+    );
 	
-	public function index() {
-	    // handle POST from FoxyCart API transaction
-		if ((isset($_POST["FoxyData"]) OR isset($_POST['FoxySubscriptionData']))) {
-			$FoxyData_encrypted = (isset($_POST["FoxyData"])) ?
+    public function index() {
+        // handle POST from FoxyCart API transaction
+        if ((isset($_POST["FoxyData"]) OR isset($_POST['FoxySubscriptionData']))) {
+            $FoxyData_encrypted = (isset($_POST["FoxyData"])) ?
                 urldecode($_POST["FoxyData"]) :
                 urldecode($_POST["FoxySubscriptionData"]);
-			$FoxyData_decrypted = rc4crypt::decrypt(FoxyCart::getStoreKey(),$FoxyData_encrypted);
-			self::handleDataFeed($FoxyData_encrypted, $FoxyData_decrypted);
+            $FoxyData_decrypted = rc4crypt::decrypt(FoxyCart::getStoreKey(),$FoxyData_encrypted);
+            self::handleDataFeed($FoxyData_encrypted, $FoxyData_decrypted);
 			
-			// extend to allow for additional integrations with Datafeed
-			$this->extend('addIntegrations', $FoxyData_encrypted);
+            // extend to allow for additional integrations with Datafeed
+            $this->extend('addIntegrations', $FoxyData_encrypted);
 			
-			return 'foxy';
+            return 'foxy';
 			
-		} else {
+        } else {
 			
-			return "No FoxyData or FoxySubscriptionData received.";
+            return "No FoxyData or FoxySubscriptionData received.";
 			
-		}
-	}
+        }
+    }
 
     public function handleDataFeed($encrypted, $decrypted){
         //handle encrypted & decrypted data
@@ -203,10 +203,10 @@ 
 
 
 
-	// Single Sign on integration with FoxyCart
+    // Single Sign on integration with FoxyCart
     public function sso() {
 
-	    // GET variables from FoxyCart Request
+        // GET variables from FoxyCart Request
         $fcsid = $this->request->getVar('fcsid');
         $timestampNew = strtotime('+30 days');
 
@@ -225,7 +225,7 @@ 
         $redirect_complete = 'https://' . FoxyCart::getFoxyCartStoreName() . '.foxycart.com/checkout?fc_auth_token=' . $auth_token .
             '&fcsid=' . $fcsid . '&fc_customer_id=' . $Member->Customer_ID . '&timestamp=' . $timestampNew;
 	
-	    $this->redirect($redirect_complete);
+        $this->redirect($redirect_complete);
 
     }
 	

code/pages/OrderHistoryPage.php

Indentation +6 added lines, -6 removed lines

@@ -11,14 +11,14 @@ 
     private static $plural_name = 'Order History Pages';
     private static $description = 'Show a customers past orders. Requires authentication';
 
-	public function getCMSFields(){
-		$fields = parent::getCMSFields();
+    public function getCMSFields(){
+        $fields = parent::getCMSFields();
 
 
 
-		$this->extend('updateCMSFields', $fields);
-		return $fields;
-	}
+        $this->extend('updateCMSFields', $fields);
+        return $fields;
+    }
 
     // return all current Member's Orders
     public function getOrders($limit = 10) {
@@ -36,7 +36,7 @@ 
 
 class OrderHistoryPage_Controller extends Page_Controller {
 	
-	private static $allowed_actions = array(
+    private static $allowed_actions = array(
         'index'
     );
 

code/extensions/FoxyStripeSiteConfig.php

Indentation +58 added lines, -58 removed lines

@@ -2,21 +2,21 @@ 
 
 class FoxyStripeSiteConfig extends DataExtension{
 
-	private static $db = array(
-		'StoreName' => 'Varchar(255)',
-		'StoreKey' => 'Varchar(60)',
-		'MultiGroup' => 'Boolean',
-		'ProductLimit' => 'Int',
-		'CartValidation' => 'Boolean',
-		'MaxQuantity' => 'Int'
-	);
+    private static $db = array(
+        'StoreName' => 'Varchar(255)',
+        'StoreKey' => 'Varchar(60)',
+        'MultiGroup' => 'Boolean',
+        'ProductLimit' => 'Int',
+        'CartValidation' => 'Boolean',
+        'MaxQuantity' => 'Int'
+    );
 
     // Set Default values
     private static $defaults = array(
         'ProductLimit' => 10
     );
 
-	public function updateCMSFields(FieldList $fields){
+    public function updateCMSFields(FieldList $fields){
 
         // set TabSet names to avoid spaces from camel case
         $fields->addFieldToTab('Root', new TabSet('FoxyStripe', 'FoxyStripe'));
@@ -24,103 +24,103 @@ 
         // settings tab
         $fields->addFieldsToTab('Root.FoxyStripe.Settings', array(
             // Store Details
-			HeaderField::create('StoreDetails', _t('FoxyStripeSiteConfig.StoreDetails', 'Store Settings'), 3),
-			LiteralField::create('DetailsIntro', _t(
-				'FoxyStripeSiteConfig.DetailsIntro',
+            HeaderField::create('StoreDetails', _t('FoxyStripeSiteConfig.StoreDetails', 'Store Settings'), 3),
+            LiteralField::create('DetailsIntro', _t(
+                'FoxyStripeSiteConfig.DetailsIntro',
                 '<p>Maps to data in your <a href="https://admin.foxycart.com/admin.php?ThisAction=EditStore" target="_blank">FoxyCart store settings</a>.'
             )),
-			TextField::create('StoreName')
-				->setTitle(_t('FoxyStripeSiteConfig.StoreName', 'Store Sub Domain'))
-				->setDescription(_t('FoxyStripeSiteConfig.StoreNameDescription', 'the sub domain for your FoxyCart store')),
+            TextField::create('StoreName')
+                ->setTitle(_t('FoxyStripeSiteConfig.StoreName', 'Store Sub Domain'))
+                ->setDescription(_t('FoxyStripeSiteConfig.StoreNameDescription', 'the sub domain for your FoxyCart store')),
 
-			// Advanced Settings
-			HeaderField::create('AdvanceHeader', _t('FoxyStripeSiteConfig.AdvancedHeader', 'Advanced Settings'), 3),
-			LiteralField::create('AdvancedIntro', _t(
+            // Advanced Settings
+            HeaderField::create('AdvanceHeader', _t('FoxyStripeSiteConfig.AdvancedHeader', 'Advanced Settings'), 3),
+            LiteralField::create('AdvancedIntro', _t(
                 'FoxyStripeSiteConfig.AdvancedIntro',
-				'<p>Maps to data in your <a href="https://admin.foxycart.com/admin.php?ThisAction=EditAdvancedFeatures" target="_blank">FoxyCart advanced store settings</a>.</p>'
-			)),
-			ReadonlyField::create('DataFeedLink', _t('FoxyStripeSiteConfig.DataFeedLink', 'FoxyCart DataFeed URL'), self::getDataFeedLink())
-				->setDescription(_t('FoxyStripeSiteConfig.DataFeedLinkDescription', 'copy/paste to FoxyCart')),
-			CheckboxField::create('CartValidation')
-				->setTitle(_t('FoxyStripeSiteConfig.CartValidation', 'Enable Cart Validation'))
-				->setDescription(_t(
+                '<p>Maps to data in your <a href="https://admin.foxycart.com/admin.php?ThisAction=EditAdvancedFeatures" target="_blank">FoxyCart advanced store settings</a>.</p>'
+            )),
+            ReadonlyField::create('DataFeedLink', _t('FoxyStripeSiteConfig.DataFeedLink', 'FoxyCart DataFeed URL'), self::getDataFeedLink())
+                ->setDescription(_t('FoxyStripeSiteConfig.DataFeedLinkDescription', 'copy/paste to FoxyCart')),
+            CheckboxField::create('CartValidation')
+                ->setTitle(_t('FoxyStripeSiteConfig.CartValidation', 'Enable Cart Validation'))
+                ->setDescription(_t(
                     'FoxyStripeSiteConfig.CartValidationDescription',
                     'You must <a href="https://admin.foxycart.com/admin.php?ThisAction=EditAdvancedFeatures#use_cart_validation" target="_blank">enable cart validation</a> in the FoxyCart admin.'
             )),
-			ReadonlyField::create('StoreKey')
-				->setTitle(_t('FoxyStripeSiteConfig.StoreKey', 'FoxyCart API Key'))
-				->setDescription(_t('FoxyStripeSiteConfig.StoreKeyDescription', 'copy/paste to FoxyCart')),
-			ReadonlyField::create('SSOLink', _t('FoxyStripeSiteConfig.SSOLink', 'Single Sign On URL'), self::getSSOLink())
-				->setDescription(_t('FoxyStripeSiteConfig.SSOLinkDescription', 'copy/paste to FoxyCart'))
+            ReadonlyField::create('StoreKey')
+                ->setTitle(_t('FoxyStripeSiteConfig.StoreKey', 'FoxyCart API Key'))
+                ->setDescription(_t('FoxyStripeSiteConfig.StoreKeyDescription', 'copy/paste to FoxyCart')),
+            ReadonlyField::create('SSOLink', _t('FoxyStripeSiteConfig.SSOLink', 'Single Sign On URL'), self::getSSOLink())
+                ->setDescription(_t('FoxyStripeSiteConfig.SSOLinkDescription', 'copy/paste to FoxyCart'))
         ));
 
         // configuration warning
-		if(FoxyCart::store_name_warning()!==null){
-			$fields->insertBefore(LiteralField::create(
+        if(FoxyCart::store_name_warning()!==null){
+            $fields->insertBefore(LiteralField::create(
                 "StoreSubDomainHeaderWarning",
                 _t(
                     'FoxyStripeSiteConfig.StoreSubDomainHeadingWarning',
                     "<p class=\"message error\">Store sub-domain must be entered in the <a href=\"/admin/settings/\">site settings</a></p>"
                 )
             ), 'StoreDetails');
-		}
+        }
 
         // products tab
-		$fields->addFieldsToTab('Root.FoxyStripe.Products', array(
-			HeaderField::create('ProductHeader', _t('FoxyStripeSiteConfig.ProductHeader', 'Products'), 3),
-			CheckboxField::create('MultiGroup')
-				->setTitle(_t('FoxyStripeSiteConfig.MultiGroup', 'Multiple Groups'))
-				->setDescription(_t(
+        $fields->addFieldsToTab('Root.FoxyStripe.Products', array(
+            HeaderField::create('ProductHeader', _t('FoxyStripeSiteConfig.ProductHeader', 'Products'), 3),
+            CheckboxField::create('MultiGroup')
+                ->setTitle(_t('FoxyStripeSiteConfig.MultiGroup', 'Multiple Groups'))
+                ->setDescription(_t(
                     'FoxyStripeSiteConfig.MultiGroupDescription',
                     'Allows products to be shown in multiple Product Groups'
                 )),
-			HeaderField::create('ProductGroupHD', _t('FoxyStripeSiteConfig.ProductGroupHD', 'Product Groups'), 3),
-			NumericField::create('ProductLimit')
-				->setTitle(_t('FoxyStripeSiteConfig.ProductLimit', 'Products per Page'))
-				->setDescription(_t(
+            HeaderField::create('ProductGroupHD', _t('FoxyStripeSiteConfig.ProductGroupHD', 'Product Groups'), 3),
+            NumericField::create('ProductLimit')
+                ->setTitle(_t('FoxyStripeSiteConfig.ProductLimit', 'Products per Page'))
+                ->setDescription(_t(
                     'FoxyStripeSiteConfig.ProductLimitDescription',
                     'Number of Products to show per page on a Product Group'
                 )),
-			HeaderField::create('ProductQuantityHD', _t('FoxyStripeSiteConfig.ProductQuantityHD', 'Product Form Max Quantity'), 3),
-			NumericField::create('MaxQuantity')
-				->setTitle(_t('FoxyStripeSiteConfig.MaxQuantity', 'Max Quantity'))
-				->setDescription(_t(
+            HeaderField::create('ProductQuantityHD', _t('FoxyStripeSiteConfig.ProductQuantityHD', 'Product Form Max Quantity'), 3),
+            NumericField::create('MaxQuantity')
+                ->setTitle(_t('FoxyStripeSiteConfig.MaxQuantity', 'Max Quantity'))
+                ->setDescription(_t(
                     'FoxyStripeSiteConfig.MaxQuantityDescription',
                     'Sets max quantity for product form dropdown (add to cart form - default 10)'
                 ))
-		));
+        ));
 
         // categories tab
-		$fields->addFieldsToTab('Root.FoxyStripe.Categories', array(
-			HeaderField::create('CategoryHD', _t('FoxyStripeSiteConfig.CategoryHD', 'FoxyStripe Categories'), 3),
-			LiteralField::create('CategoryDescrip', _t(
+        $fields->addFieldsToTab('Root.FoxyStripe.Categories', array(
+            HeaderField::create('CategoryHD', _t('FoxyStripeSiteConfig.CategoryHD', 'FoxyStripe Categories'), 3),
+            LiteralField::create('CategoryDescrip', _t(
                 'FoxyStripeSiteConfig.CategoryDescrip',
                 '<p>FoxyCart Categories offer a way to give products additional behaviors that cannot be accomplished by product options alone, including category specific coupon codes, shipping and handling fees, and email receipts. <a href="https://wiki.foxycart.com/v/2.0/categories" target="_blank">Learn More</a></p><p>Categories you\'ve created in FoxyStripe must also be created in your <a href="https://admin.foxycart.com/admin.php?ThisAction=ManageProductCategories" target="_blank">FoxyCart Categories</a> admin panel.</p>'
             )),
-			GridField::create(
+            GridField::create(
                 'ProductCategory',
                 _t('FoxyStripeSiteConfig.ProductCategory', 'FoxyCart Categories'),
                 ProductCategory::get(),
                 GridFieldConfig_RecordEditor::create()
             )
-		));
+        ));
 
         // option groups tab
-		$fields->addFieldsToTab('Root.FoxyStripe.Groups', array(
-			HeaderField::create('OptionGroupsHead', _t('FoxyStripeSiteConfig', 'Product Option Groups'), 3),
-			LiteralField::create('OptionGroupsDescrip', _t(
+        $fields->addFieldsToTab('Root.FoxyStripe.Groups', array(
+            HeaderField::create('OptionGroupsHead', _t('FoxyStripeSiteConfig', 'Product Option Groups'), 3),
+            LiteralField::create('OptionGroupsDescrip', _t(
                 'FoxyStripeSiteConfig.OptionGroupsDescrip',
                 '<p>Product Option Groups allow you to name a set of product options.</p>'
             )),
-			GridField::create(
+            GridField::create(
                 'OptionGroup',
                 _t('FoxyStripeSiteConfig.OptionGroup', 'Product Option Groups'),
                 OptionGroup::get(),
                 GridFieldConfig_RecordEditor::create()
             )
-		));
+        ));
 
-	}
+    }
 
     private static function getSSOLink() {
         return Director::absoluteBaseURL()."foxystripe/sso/";