Issues in class-wc-stripe-admin-notices.php (master) - Issues in master - woocommerce/woocommerce-gateway-stripe - Measure and Improve Code Quality continuously with Scrutinizer

Issues (197)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

includes/admin/class-wc-stripe-admin-notices.php (4 issues)

Labels

Duplication 4

Severity

Informational 4

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
if ( ! defined( 'ABSPATH' ) ) {
	exit;
}

/**
 * Class that represents admin notices.
 *
 * @since 4.1.0
 */
class WC_Stripe_Admin_Notices {
	/**
	 * Notices (array)
	 * @var array
	 */
	public $notices = array();

	/**
	 * Constructor
	 *
	 * @since 4.1.0
	 */
	public function __construct() {
		add_action( 'admin_notices', array( $this, 'admin_notices' ) );
		add_action( 'wp_loaded', array( $this, 'hide_notices' ) );
		add_action( 'woocommerce_stripe_updated', array( $this, 'stripe_updated' ) );
	}

	/**
	 * Allow this class and other classes to add slug keyed notices (to avoid duplication).
	 *
	 * @since 1.0.0
	 * @version 4.0.0
	 */
	public function add_admin_notice( $slug, $class, $message, $dismissible = false ) {
		$this->notices[ $slug ] = array(
			'class'       => $class,
			'message'     => $message,
			'dismissible' => $dismissible,
		);
	}

	/**
	 * Display any notices we've collected thus far.
	 *
	 * @since 1.0.0
	 * @version 4.0.0
	 */
	public function admin_notices() {
		if ( ! current_user_can( 'manage_woocommerce' ) ) {
			return;
		}

		// Main Stripe payment method.
		$this->stripe_check_environment();

		// All other payment methods.
		$this->payment_methods_check_environment();

		foreach ( (array) $this->notices as $notice_key => $notice ) {
			echo '<div class="' . esc_attr( $notice['class'] ) . '" style="position:relative;">';

			if ( $notice['dismissible'] ) {
				?>
				<a href="<?php echo esc_url( wp_nonce_url( add_query_arg( 'wc-stripe-hide-notice', $notice_key ), 'wc_stripe_hide_notices_nonce', '_wc_stripe_notice_nonce' ) ); ?>" class="woocommerce-message-close notice-dismiss" style="position:relative;float:right;padding:9px 0px 9px 9px 9px;text-decoration:none;"></a>
				<?php
			}

			echo '<p>';
			echo wp_kses( $notice['message'], array( 'a' => array( 'href' => array(), 'target' => array() ) ) );
			echo '</p></div>';
		}
	}

	/**
	 * List of available payment methods.
	 *
	 * @since 4.1.0
	 * @return array
	 */
	public function get_payment_methods() {
		return array(
			'Alipay'     => 'WC_Gateway_Stripe_Alipay',
			'Bancontact' => 'WC_Gateway_Stripe_Bancontact',
			'EPS'        => 'WC_Gateway_Stripe_EPS',
			'Giropay'    => 'WC_Gateway_Stripe_Giropay',
			'iDeal'      => 'WC_Gateway_Stripe_Ideal',
			'Multibanco' => 'WC_Gateway_Stripe_Multibanco',
			'P24'        => 'WC_Gateway_Stripe_p24',
			'SEPA'       => 'WC_Gateway_Stripe_Sepa',
			'SOFORT'     => 'WC_Gateway_Stripe_Sofort',
		);
	}

	/**
	 * The backup sanity check, in case the plugin is activated in a weird way,
	 * or the environment changes after activation. Also handles upgrade routines.
	 *
	 * @since 1.0.0
	 * @version 4.0.0
	 */
	public function stripe_check_environment() {
		$show_style_notice   = get_option( 'wc_stripe_show_style_notice' );
		$show_ssl_notice     = get_option( 'wc_stripe_show_ssl_notice' );
		$show_keys_notice    = get_option( 'wc_stripe_show_keys_notice' );
		$show_3ds_notice     = get_option( 'wc_stripe_show_3ds_notice' );
		$show_phpver_notice  = get_option( 'wc_stripe_show_phpver_notice' );
		$show_wcver_notice   = get_option( 'wc_stripe_show_wcver_notice' );
		$show_curl_notice    = get_option( 'wc_stripe_show_curl_notice' );
		$show_sca_notice     = get_option( 'wc_stripe_show_sca_notice' );
		$changed_keys_notice = get_option( 'wc_stripe_show_changed_keys_notice' );
		$options             = get_option( 'woocommerce_stripe_settings' );
		$testmode            = ( isset( $options['testmode'] ) && 'yes' === $options['testmode'] ) ? true : false;
		$test_pub_key        = isset( $options['test_publishable_key'] ) ? $options['test_publishable_key'] : '';
		$test_secret_key     = isset( $options['test_secret_key'] ) ? $options['test_secret_key'] : '';
		$live_pub_key        = isset( $options['publishable_key'] ) ? $options['publishable_key'] : '';
		$live_secret_key     = isset( $options['secret_key'] ) ? $options['secret_key'] : '';
		$three_d_secure      = isset( $options['three_d_secure'] ) && 'yes' === $options['three_d_secure'];

		if ( isset( $options['enabled'] ) && 'yes' === $options['enabled'] ) {
			if ( empty( $show_3ds_notice ) && $three_d_secure ) {
				$url = 'https://stripe.com/docs/payments/3d-secure#three-ds-radar';

				/* translators: 1) A URL that explains Stripe Radar. */
				$message = __( 'WooCommerce Stripe - We see that you had the "Require 3D secure when applicable" setting turned on. This setting is not available here anymore, because it is now replaced by Stripe Radar. You can learn more about it <a href="%s" target="_blank">here</a>.', 'woocommerce-gateway-stripe' );

				$this->add_admin_notice( '3ds', 'notice notice-warning', sprintf( $message, $url ), true );
			}

			if ( empty( $show_style_notice ) ) {

				/* translators: 1) int version 2) int version */
				$message = __( 'WooCommerce Stripe - We recently made changes to Stripe that may impact the appearance of your checkout. If your checkout has changed unexpectedly, please follow these <a href="https://docs.woocommerce.com/document/stripe/#styling" target="_blank">instructions</a> to fix.', 'woocommerce-gateway-stripe' );

				$this->add_admin_notice( 'style', 'notice notice-warning', $message, true );

				return;
			}

			if ( empty( $show_phpver_notice ) ) {
				if ( version_compare( phpversion(), WC_STRIPE_MIN_PHP_VER, '<' ) ) {
					/* translators: 1) int version 2) int version */
					$message = __( 'WooCommerce Stripe - The minimum PHP version required for this plugin is %1$s. You are running %2$s.', 'woocommerce-gateway-stripe' );

					$this->add_admin_notice( 'phpver', 'error', sprintf( $message, WC_STRIPE_MIN_PHP_VER, phpversion() ), true );

					return;
				}
			}

			if ( empty( $show_wcver_notice ) ) {
				if ( WC_Stripe_Helper::is_wc_lt( WC_STRIPE_FUTURE_MIN_WC_VER ) ) {
					/* translators: 1) int version 2) int version */
					$message = __( 'WooCommerce Stripe - This is the last version of the plugin compatible with WooCommerce %1$s. All furture versions of the plugin will require WooCommerce %2$s or greater.', 'woocommerce-gateway-stripe' );
					$this->add_admin_notice( 'wcver', 'notice notice-warning', sprintf( $message, WC_VERSION, WC_STRIPE_FUTURE_MIN_WC_VER ), true );
				}
			}

			if ( empty( $show_curl_notice ) ) {
				if ( ! function_exists( 'curl_init' ) ) {
					$this->add_admin_notice( 'curl', 'notice notice-warning', __( 'WooCommerce Stripe - cURL is not installed.', 'woocommerce-gateway-stripe' ), true );
				}
			}

			if ( empty( $show_keys_notice ) ) {
				$secret = WC_Stripe_API::get_secret_key();

				if ( empty( $secret ) && ! ( isset( $_GET['page'], $_GET['section'] ) && 'wc-settings' === $_GET['page'] && 'stripe' === $_GET['section'] ) ) {
					$setting_link = $this->get_setting_link();
					/* translators: 1) link */
					$this->add_admin_notice( 'keys', 'notice notice-warning', sprintf( __( 'Stripe is almost ready. To get started, <a href="%s">set your Stripe account keys</a>.', 'woocommerce-gateway-stripe' ), $setting_link ), true );
				}

				// Check if keys are entered properly per live/test mode.
				if ( $testmode ) {
					if (

						! empty( $test_pub_key ) && ! preg_match( '/^pk_test_/', $test_pub_key )
						|| ! empty( $test_secret_key ) && ! preg_match( '/^[rs]k_test_/', $test_secret_key ) ) {
						$setting_link = $this->get_setting_link();
						/* translators: 1) link */
						$this->add_admin_notice( 'keys', 'notice notice-error', sprintf( __( 'Stripe is in test mode however your test keys may not be valid. Test keys start with pk_test and sk_test or rk_test. Please go to your settings and, <a href="%s">set your Stripe account keys</a>.', 'woocommerce-gateway-stripe' ), $setting_link ), true );
					}
				} else {

					if (
						! empty( $live_pub_key ) && ! preg_match( '/^pk_live_/', $live_pub_key )
						|| ! empty( $live_secret_key ) && ! preg_match( '/^[rs]k_live_/', $live_secret_key ) ) {
						$setting_link = $this->get_setting_link();
						/* translators: 1) link */
						$this->add_admin_notice( 'keys', 'notice notice-error', sprintf( __( 'Stripe is in live mode however your live keys may not be valid. Live keys start with pk_live and sk_live or rk_live. Please go to your settings and, <a href="%s">set your Stripe account keys</a>.', 'woocommerce-gateway-stripe' ), $setting_link ), true );
					}
				}
			}

			if ( empty( $show_ssl_notice ) ) {
				// Show message if enabled and FORCE SSL is disabled and WordpressHTTPS plugin is not detected.
				if ( ! wc_checkout_is_https() ) {
					/* translators: 1) link */
					$this->add_admin_notice( 'ssl', 'notice notice-warning', sprintf( __( 'Stripe is enabled, but a SSL certificate is not detected. Your checkout may not be secure! Please ensure your server has a valid <a href="%1$s" target="_blank">SSL certificate</a>', 'woocommerce-gateway-stripe' ), 'https://en.wikipedia.org/wiki/Transport_Layer_Security' ), true );
				}
			}

			if ( empty( $show_sca_notice ) ) {

				$this->add_admin_notice( 'sca', 'notice notice-success', sprintf( __( 'Stripe is now ready for Strong Customer Authentication (SCA) and 3D Secure 2! <a href="%1$s" target="_blank">Read about SCA</a>', 'woocommerce-gateway-stripe' ), 'https://woocommerce.com/posts/introducing-strong-customer-authentication-sca/' ), true );
			}

			if ( 'yes' === $changed_keys_notice ) {
				// translators: %s is a the URL for the link.
				$this->add_admin_notice( 'changed_keys', 'notice notice-warning', sprintf( __( 'The public and/or secret keys for the Stripe gateway have been changed. This might cause errors for existing customers and saved payment methods. <a href="%s" target="_blank">Click here to learn more</a>.', 'woocommerce-gateway-stripe' ), 'https://docs.woocommerce.com/document/stripe-fixing-customer-errors/' ), true );
			}
		}
	}

	/**
	 * Environment check for all other payment methods.
	 *
	 * @since 4.1.0
	 */
	public function payment_methods_check_environment() {
		$payment_methods = $this->get_payment_methods();

		foreach ( $payment_methods as $method => $class ) {
			$show_notice = get_option( 'wc_stripe_show_' . strtolower( $method ) . '_notice' );
			$gateway     = new $class();

			if ( 'yes' !== $gateway->enabled || 'no' === $show_notice ) {
				continue;
			}

			if ( ! in_array( get_woocommerce_currency(), $gateway->get_supported_currency() ) ) {
				/* translators: %1$s Payment method, %2$s List of supported currencies */
				$this->add_admin_notice( $method, 'notice notice-error', sprintf( __( '%1$s is enabled - it requires store currency to be set to %2$s', 'woocommerce-gateway-stripe' ), $method, implode( ', ', $gateway->get_supported_currency() ) ), true );
			}
		}
	}

	/**
	 * Hides any admin notices.
	 *
	 * @since 4.0.0
	 * @version 4.0.0
	 */
	public function hide_notices() {
		if ( isset( $_GET['wc-stripe-hide-notice'] ) && isset( $_GET['_wc_stripe_notice_nonce'] ) ) {
			if ( ! wp_verify_nonce( $_GET['_wc_stripe_notice_nonce'], 'wc_stripe_hide_notices_nonce' ) ) {
				wp_die( __( 'Action failed. Please refresh the page and retry.', 'woocommerce-gateway-stripe' ) );
			}

			if ( ! current_user_can( 'manage_woocommerce' ) ) {
				wp_die( __( 'Cheatin&#8217; huh?', 'woocommerce-gateway-stripe' ) );
			}

			$notice = wc_clean( $_GET['wc-stripe-hide-notice'] );

			switch ( $notice ) {
				case 'style':
					update_option( 'wc_stripe_show_style_notice', 'no' );
					break;
				case 'phpver':
					update_option( 'wc_stripe_show_phpver_notice', 'no' );
					break;
				case 'wcver':
					update_option( 'wc_stripe_show_wcver_notice', 'no' );
					break;
				case 'curl':
					update_option( 'wc_stripe_show_curl_notice', 'no' );
					break;
				case 'ssl':
					update_option( 'wc_stripe_show_ssl_notice', 'no' );
					break;
				case 'keys':
					update_option( 'wc_stripe_show_keys_notice', 'no' );
					break;
				case '3ds':
					update_option( 'wc_stripe_show_3ds_notice', 'no' );
					break;
				case 'Alipay':
					update_option( 'wc_stripe_show_alipay_notice', 'no' );
					break;
				case 'Bancontact':
					update_option( 'wc_stripe_show_bancontact_notice', 'no' );
					break;
				case 'EPS':
					update_option( 'wc_stripe_show_eps_notice', 'no' );
					break;
				case 'Giropay':
					update_option( 'wc_stripe_show_giropay_notice', 'no' );
					break;
				case 'iDeal':
					update_option( 'wc_stripe_show_ideal_notice', 'no' );
					break;
				case 'Multibanco':
					update_option( 'wc_stripe_show_multibanco_notice', 'no' );
					break;
				case 'P24':
					update_option( 'wc_stripe_show_p24_notice', 'no' );
					break;
				case 'SEPA':
					update_option( 'wc_stripe_show_sepa_notice', 'no' );
					break;
				case 'SOFORT':
					update_option( 'wc_stripe_show_sofort_notice', 'no' );
					break;
				case 'sca':
					update_option( 'wc_stripe_show_sca_notice', 'no' );
					break;
				case 'changed_keys':
					update_option( 'wc_stripe_show_changed_keys_notice', 'no' );
			}
		}
	}

	/**
	 * Get setting link.
	 *
	 * @since 1.0.0
	 *
	 * @return string Setting link
	 */
	public function get_setting_link() {
		return admin_url( 'admin.php?page=wc-settings&tab=checkout&section=stripe' );
	}

	/**
	 * Saves options in order to hide notices based on the gateway's version.
	 *
	 * @since 4.3.0
	 */
	public function stripe_updated() {
		$previous_version = get_option( 'wc_stripe_version' );

		// Only show the style notice if the plugin was installed and older than 4.1.4.
		if ( empty( $previous_version ) || version_compare( $previous_version, '4.1.4', 'ge' ) ) {
			update_option( 'wc_stripe_show_style_notice', 'no' );
		}

		// Only show the SCA notice on pre-4.3.0 installs.
		if ( empty( $previous_version ) || version_compare( $previous_version, '4.3.0', 'ge' ) ) {
			update_option( 'wc_stripe_show_sca_notice', 'no' );
		}
	}
}

new WC_Stripe_Admin_Notices();


1		<?php
2		if ( ! defined( 'ABSPATH' ) ) {
3		exit;
4		}
5
6		/**
7		* Class that represents admin notices.
8		*
9		* @since 4.1.0
10		*/
11		class WC_Stripe_Admin_Notices {
12		/**
13		* Notices (array)
14		* @var array
15		*/
16		public $notices = array();
17
18		/**
19		* Constructor
20		*
21		* @since 4.1.0
22		*/
23		public function __construct() {
24		add_action( 'admin_notices', array( $this, 'admin_notices' ) );
25		add_action( 'wp_loaded', array( $this, 'hide_notices' ) );
26		add_action( 'woocommerce_stripe_updated', array( $this, 'stripe_updated' ) );
27		}
28
29		/**
30		* Allow this class and other classes to add slug keyed notices (to avoid duplication).
31		*
32		* @since 1.0.0
33		* @version 4.0.0
34		*/
35		public function add_admin_notice( $slug, $class, $message, $dismissible = false ) {
36		$this->notices[ $slug ] = array(
37		'class' => $class,
38		'message' => $message,
39		'dismissible' => $dismissible,
40		);
41		}
42
43		/**
44		* Display any notices we've collected thus far.
45		*
46		* @since 1.0.0
47		* @version 4.0.0
48		*/
49		public function admin_notices() {
50		if ( ! current_user_can( 'manage_woocommerce' ) ) {
51		return;
52		}
53
54		// Main Stripe payment method.
55		$this->stripe_check_environment();
56
57		// All other payment methods.
58		$this->payment_methods_check_environment();
59
60		foreach ( (array) $this->notices as $notice_key => $notice ) {
61		echo '<div class="' . esc_attr( $notice['class'] ) . '" style="position:relative;">';
62
63		if ( $notice['dismissible'] ) {
64		?>
65		<a href="<?php echo esc_url( wp_nonce_url( add_query_arg( 'wc-stripe-hide-notice', $notice_key ), 'wc_stripe_hide_notices_nonce', '_wc_stripe_notice_nonce' ) ); ?>" class="woocommerce-message-close notice-dismiss" style="position:relative;float:right;padding:9px 0px 9px 9px 9px;text-decoration:none;"></a>
66		<?php
67		}
68
69		echo '<p>';
70		echo wp_kses( $notice['message'], array( 'a' => array( 'href' => array(), 'target' => array() ) ) );
71		echo '</p></div>';
72		}
73		}
74
75		/**
76		* List of available payment methods.
77		*
78		* @since 4.1.0
79		* @return array
80		*/
81		public function get_payment_methods() {
82		return array(
83		'Alipay' => 'WC_Gateway_Stripe_Alipay',
84		'Bancontact' => 'WC_Gateway_Stripe_Bancontact',
85		'EPS' => 'WC_Gateway_Stripe_EPS',
86		'Giropay' => 'WC_Gateway_Stripe_Giropay',
87		'iDeal' => 'WC_Gateway_Stripe_Ideal',
88		'Multibanco' => 'WC_Gateway_Stripe_Multibanco',
89		'P24' => 'WC_Gateway_Stripe_p24',
90		'SEPA' => 'WC_Gateway_Stripe_Sepa',
91		'SOFORT' => 'WC_Gateway_Stripe_Sofort',
92		);
93		}
94
95		/**
96		* The backup sanity check, in case the plugin is activated in a weird way,
97		* or the environment changes after activation. Also handles upgrade routines.
98		*
99		* @since 1.0.0
100		* @version 4.0.0
101		*/
102		public function stripe_check_environment() {
103		$show_style_notice = get_option( 'wc_stripe_show_style_notice' );
104		$show_ssl_notice = get_option( 'wc_stripe_show_ssl_notice' );
105		$show_keys_notice = get_option( 'wc_stripe_show_keys_notice' );
106		$show_3ds_notice = get_option( 'wc_stripe_show_3ds_notice' );
107		$show_phpver_notice = get_option( 'wc_stripe_show_phpver_notice' );
108		$show_wcver_notice = get_option( 'wc_stripe_show_wcver_notice' );
109		$show_curl_notice = get_option( 'wc_stripe_show_curl_notice' );
110		$show_sca_notice = get_option( 'wc_stripe_show_sca_notice' );
111		$changed_keys_notice = get_option( 'wc_stripe_show_changed_keys_notice' );
112		$options = get_option( 'woocommerce_stripe_settings' );
113		$testmode = ( isset( $options['testmode'] ) && 'yes' === $options['testmode'] ) ? true : false;
114		$test_pub_key = isset( $options['test_publishable_key'] ) ? $options['test_publishable_key'] : '';
115		$test_secret_key = isset( $options['test_secret_key'] ) ? $options['test_secret_key'] : '';
116		$live_pub_key = isset( $options['publishable_key'] ) ? $options['publishable_key'] : '';
117		$live_secret_key = isset( $options['secret_key'] ) ? $options['secret_key'] : '';
118		$three_d_secure = isset( $options['three_d_secure'] ) && 'yes' === $options['three_d_secure'];
119
120		if ( isset( $options['enabled'] ) && 'yes' === $options['enabled'] ) {
121		if ( empty( $show_3ds_notice ) && $three_d_secure ) {
122		$url = 'https://stripe.com/docs/payments/3d-secure#three-ds-radar';
123
124		/* translators: 1) A URL that explains Stripe Radar. */
125		$message = __( 'WooCommerce Stripe - We see that you had the "Require 3D secure when applicable" setting turned on. This setting is not available here anymore, because it is now replaced by Stripe Radar. You can learn more about it <a href="%s" target="_blank">here</a>.', 'woocommerce-gateway-stripe' );
126
127		$this->add_admin_notice( '3ds', 'notice notice-warning', sprintf( $message, $url ), true );
128		}
129
130	View Code Duplication	if ( empty( $show_style_notice ) ) {
		0 ignored issues – show Duplication introduced 2019-10-07 16:45 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
131		/* translators: 1) int version 2) int version */
132		$message = __( 'WooCommerce Stripe - We recently made changes to Stripe that may impact the appearance of your checkout. If your checkout has changed unexpectedly, please follow these <a href="https://docs.woocommerce.com/document/stripe/#styling" target="_blank">instructions</a> to fix.', 'woocommerce-gateway-stripe' );
133
134		$this->add_admin_notice( 'style', 'notice notice-warning', $message, true );
135
136		return;
137		}
138
139		if ( empty( $show_phpver_notice ) ) {
140		if ( version_compare( phpversion(), WC_STRIPE_MIN_PHP_VER, '<' ) ) {
141		/* translators: 1) int version 2) int version */
142		$message = __( 'WooCommerce Stripe - The minimum PHP version required for this plugin is %1$s. You are running %2$s.', 'woocommerce-gateway-stripe' );
143
144		$this->add_admin_notice( 'phpver', 'error', sprintf( $message, WC_STRIPE_MIN_PHP_VER, phpversion() ), true );
145
146		return;
147		}
148		}
149
150		if ( empty( $show_wcver_notice ) ) {
151		if ( WC_Stripe_Helper::is_wc_lt( WC_STRIPE_FUTURE_MIN_WC_VER ) ) {
152		/* translators: 1) int version 2) int version */
153		$message = __( 'WooCommerce Stripe - This is the last version of the plugin compatible with WooCommerce %1$s. All furture versions of the plugin will require WooCommerce %2$s or greater.', 'woocommerce-gateway-stripe' );
154		$this->add_admin_notice( 'wcver', 'notice notice-warning', sprintf( $message, WC_VERSION, WC_STRIPE_FUTURE_MIN_WC_VER ), true );
155		}
156		}
157
158		if ( empty( $show_curl_notice ) ) {
159		if ( ! function_exists( 'curl_init' ) ) {
160		$this->add_admin_notice( 'curl', 'notice notice-warning', __( 'WooCommerce Stripe - cURL is not installed.', 'woocommerce-gateway-stripe' ), true );
161		}
162		}
163
164		if ( empty( $show_keys_notice ) ) {
165		$secret = WC_Stripe_API::get_secret_key();
166
167		if ( empty( $secret ) && ! ( isset( $_GET['page'], $_GET['section'] ) && 'wc-settings' === $_GET['page'] && 'stripe' === $_GET['section'] ) ) {
168		$setting_link = $this->get_setting_link();
169		/* translators: 1) link */
170		$this->add_admin_notice( 'keys', 'notice notice-warning', sprintf( __( 'Stripe is almost ready. To get started, <a href="%s">set your Stripe account keys</a>.', 'woocommerce-gateway-stripe' ), $setting_link ), true );
171		}
172
173		// Check if keys are entered properly per live/test mode.
174		if ( $testmode ) {
175	View Code Duplication	if (
		0 ignored issues – show Duplication introduced 2018-01-21 20:36 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
176		! empty( $test_pub_key ) && ! preg_match( '/^pk_test_/', $test_pub_key )
177		\|\| ! empty( $test_secret_key ) && ! preg_match( '/^[rs]k_test_/', $test_secret_key ) ) {
178		$setting_link = $this->get_setting_link();
179		/* translators: 1) link */
180		$this->add_admin_notice( 'keys', 'notice notice-error', sprintf( __( 'Stripe is in test mode however your test keys may not be valid. Test keys start with pk_test and sk_test or rk_test. Please go to your settings and, <a href="%s">set your Stripe account keys</a>.', 'woocommerce-gateway-stripe' ), $setting_link ), true );
181		}
182	View Code Duplication	} else {
		0 ignored issues – show Duplication introduced 2018-01-21 20:36 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
183		if (
184		! empty( $live_pub_key ) && ! preg_match( '/^pk_live_/', $live_pub_key )
185		\|\| ! empty( $live_secret_key ) && ! preg_match( '/^[rs]k_live_/', $live_secret_key ) ) {
186		$setting_link = $this->get_setting_link();
187		/* translators: 1) link */
188		$this->add_admin_notice( 'keys', 'notice notice-error', sprintf( __( 'Stripe is in live mode however your live keys may not be valid. Live keys start with pk_live and sk_live or rk_live. Please go to your settings and, <a href="%s">set your Stripe account keys</a>.', 'woocommerce-gateway-stripe' ), $setting_link ), true );
189		}
190		}
191		}
192
193		if ( empty( $show_ssl_notice ) ) {
194		// Show message if enabled and FORCE SSL is disabled and WordpressHTTPS plugin is not detected.
195		if ( ! wc_checkout_is_https() ) {
196		/* translators: 1) link */
197		$this->add_admin_notice( 'ssl', 'notice notice-warning', sprintf( __( 'Stripe is enabled, but a SSL certificate is not detected. Your checkout may not be secure! Please ensure your server has a valid <a href="%1$s" target="_blank">SSL certificate</a>', 'woocommerce-gateway-stripe' ), 'https://en.wikipedia.org/wiki/Transport_Layer_Security' ), true );
198		}
199		}
200
201	View Code Duplication	if ( empty( $show_sca_notice ) ) {
		0 ignored issues – show Duplication introduced 2019-10-07 16:45 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
202		$this->add_admin_notice( 'sca', 'notice notice-success', sprintf( __( 'Stripe is now ready for Strong Customer Authentication (SCA) and 3D Secure 2! <a href="%1$s" target="_blank">Read about SCA</a>', 'woocommerce-gateway-stripe' ), 'https://woocommerce.com/posts/introducing-strong-customer-authentication-sca/' ), true );
203		}
204
205		if ( 'yes' === $changed_keys_notice ) {
206		// translators: %s is a the URL for the link.
207		$this->add_admin_notice( 'changed_keys', 'notice notice-warning', sprintf( __( 'The public and/or secret keys for the Stripe gateway have been changed. This might cause errors for existing customers and saved payment methods. <a href="%s" target="_blank">Click here to learn more</a>.', 'woocommerce-gateway-stripe' ), 'https://docs.woocommerce.com/document/stripe-fixing-customer-errors/' ), true );
208		}
209		}
210		}
211
212		/**
213		* Environment check for all other payment methods.
214		*
215		* @since 4.1.0
216		*/
217		public function payment_methods_check_environment() {
218		$payment_methods = $this->get_payment_methods();
219
220		foreach ( $payment_methods as $method => $class ) {
221		$show_notice = get_option( 'wc_stripe_show_' . strtolower( $method ) . '_notice' );
222		$gateway = new $class();
223
224		if ( 'yes' !== $gateway->enabled \|\| 'no' === $show_notice ) {
225		continue;
226		}
227
228		if ( ! in_array( get_woocommerce_currency(), $gateway->get_supported_currency() ) ) {
229		/* translators: %1$s Payment method, %2$s List of supported currencies */
230		$this->add_admin_notice( $method, 'notice notice-error', sprintf( __( '%1$s is enabled - it requires store currency to be set to %2$s', 'woocommerce-gateway-stripe' ), $method, implode( ', ', $gateway->get_supported_currency() ) ), true );
231		}
232		}
233		}
234
235		/**
236		* Hides any admin notices.
237		*
238		* @since 4.0.0
239		* @version 4.0.0
240		*/
241		public function hide_notices() {
242		if ( isset( $_GET['wc-stripe-hide-notice'] ) && isset( $_GET['_wc_stripe_notice_nonce'] ) ) {
243		if ( ! wp_verify_nonce( $_GET['_wc_stripe_notice_nonce'], 'wc_stripe_hide_notices_nonce' ) ) {
244		wp_die( __( 'Action failed. Please refresh the page and retry.', 'woocommerce-gateway-stripe' ) );
245		}
246
247		if ( ! current_user_can( 'manage_woocommerce' ) ) {
248		wp_die( __( 'Cheatin’ huh?', 'woocommerce-gateway-stripe' ) );
249		}
250
251		$notice = wc_clean( $_GET['wc-stripe-hide-notice'] );
252
253		switch ( $notice ) {
254		case 'style':
255		update_option( 'wc_stripe_show_style_notice', 'no' );
256		break;
257		case 'phpver':
258		update_option( 'wc_stripe_show_phpver_notice', 'no' );
259		break;
260		case 'wcver':
261		update_option( 'wc_stripe_show_wcver_notice', 'no' );
262		break;
263		case 'curl':
264		update_option( 'wc_stripe_show_curl_notice', 'no' );
265		break;
266		case 'ssl':
267		update_option( 'wc_stripe_show_ssl_notice', 'no' );
268		break;
269		case 'keys':
270		update_option( 'wc_stripe_show_keys_notice', 'no' );
271		break;
272		case '3ds':
273		update_option( 'wc_stripe_show_3ds_notice', 'no' );
274		break;
275		case 'Alipay':
276		update_option( 'wc_stripe_show_alipay_notice', 'no' );
277		break;
278		case 'Bancontact':
279		update_option( 'wc_stripe_show_bancontact_notice', 'no' );
280		break;
281		case 'EPS':
282		update_option( 'wc_stripe_show_eps_notice', 'no' );
283		break;
284		case 'Giropay':
285		update_option( 'wc_stripe_show_giropay_notice', 'no' );
286		break;
287		case 'iDeal':
288		update_option( 'wc_stripe_show_ideal_notice', 'no' );
289		break;
290		case 'Multibanco':
291		update_option( 'wc_stripe_show_multibanco_notice', 'no' );
292		break;
293		case 'P24':
294		update_option( 'wc_stripe_show_p24_notice', 'no' );
295		break;
296		case 'SEPA':
297		update_option( 'wc_stripe_show_sepa_notice', 'no' );
298		break;
299		case 'SOFORT':
300		update_option( 'wc_stripe_show_sofort_notice', 'no' );
301		break;
302		case 'sca':
303		update_option( 'wc_stripe_show_sca_notice', 'no' );
304		break;
305		case 'changed_keys':
306		update_option( 'wc_stripe_show_changed_keys_notice', 'no' );
307		}
308		}
309		}
310
311		/**
312		* Get setting link.
313		*
314		* @since 1.0.0
315		*
316		* @return string Setting link
317		*/
318		public function get_setting_link() {
319		return admin_url( 'admin.php?page=wc-settings&tab=checkout&section=stripe' );
320		}
321
322		/**
323		* Saves options in order to hide notices based on the gateway's version.
324		*
325		* @since 4.3.0
326		*/
327		public function stripe_updated() {
328		$previous_version = get_option( 'wc_stripe_version' );
329
330		// Only show the style notice if the plugin was installed and older than 4.1.4.
331		if ( empty( $previous_version ) \|\| version_compare( $previous_version, '4.1.4', 'ge' ) ) {
332		update_option( 'wc_stripe_show_style_notice', 'no' );
333		}
334
335		// Only show the SCA notice on pre-4.3.0 installs.
336		if ( empty( $previous_version ) \|\| version_compare( $previous_version, '4.3.0', 'ge' ) ) {
337		update_option( 'wc_stripe_show_sca_notice', 'no' );
338		}
339		}
340		}
341
342		new WC_Stripe_Admin_Notices();
343

woocommerce / woocommerce-gateway-stripe

Issues (197)

Security Analysis not enabled

includes/admin/class-wc-stripe-admin-notices.php (4 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like