Merge pull request #94 from PaystackOSS/4.0.1-fixes

Fixes up to 4.0.4

Author: Andrew-Paystack

assets/css/pff-paystack.css

@@ -617,6 +617,7 @@
 /* Inputs
 =============================== */
 .j-forms input[type="text"],
+.j-forms input[type="number"],
 .j-forms input[type="password"],
 .j-forms input[type="email"],
 .j-forms input[type="search"],
@@ -650,6 +651,7 @@
     transition:all.4s;
 }
 .j-forms input[type="text"]:hover,
+.j-forms input[type="number"]:hover,
 .j-forms input[type="password"]:hover,
 .j-forms input[type="email"]:hover,
 .j-forms input[type="search"]:hover,
@@ -658,6 +660,7 @@
 .j-forms select:hover { border:2px solid #3676C8; }
 
 .j-forms input[type="text"]:focus,
+.j-forms input[type="number"]:focus,
 .j-forms input[type="password"]:focus,
 .j-forms input[type="email"]:focus,
 .j-forms input[type="search"]:focus,

assets/js/paystack-public.js

@@ -164,7 +164,11 @@ function PffPaystackFee()
                     }
                 }
             );
+
             if ($("#pf-quantity").length) {
+				$( "#pf-quantity" ).on( 'change', function(event){
+					checkMinimumVal();
+				} );
                 calculateTotal();
             };
 
@@ -202,7 +206,6 @@ function PffPaystackFee()
                         .find("#pf-amount")
                         .val();
                     }
-					
 
                     if (Number(amount) > 0) {
                     } else {
@@ -225,6 +228,7 @@ function PffPaystackFee()
                         );
                         return false;
                     }
+
                     if (checkMinimumVal() == false) {
                         $(this)
                         .find("#pf-amount")
@@ -593,11 +597,18 @@ function PffPaystackFee()
                 }
             );
 
-
 			function checkMinimumVal() {
-				if ($("#pf-minimum-hidden").length) {
-					var min_amount = Number($("#pf-minimum-hidden").val());
+				if ( $("#pf-amount").length ) {
+					var min_amount = Number($("#pf-amount").attr('min'));
 					var amt = Number($("#pf-amount").val());
+					var quantity = 1;
+
+					if ( $("#pf-quantity").length ) {
+						quantity = $("#pf-quantity").val();
+					}
+
+					amt = amt * quantity;
+
 					if (min_amount > 0 && amt < min_amount) {
 						$("#pf-min-val-warn").text( "Amount cannot be less than the minimum amount");
 						return false;
@@ -640,12 +651,14 @@ function PffPaystackFee()
 
 			function calculateTotal() {
 				var unit;
+
 				if ($("#pf-vamount").length) {
 					unit = $("#pf-vamount").val();
 				} else {
 					unit = $("#pf-amount").val();
 				}
 				var quant = $("#pf-quantity").val();
+
 				var newvalue = unit * quant;
 
 				if (quant == "" || quant == null) {

includes/classes/class-activation.php

@@ -66,6 +66,8 @@ public static function create_tables( $table_name ) {
 	public static function maybe_upgrade( $table_name ) {
 		global $wpdb;
 
+		$table_name = esc_sql( $table_name );
+
 		// Get the current version number, defaults to 1.0
 		$version = get_option( 'kkd_db_version', '1.0' );
 
@@ -87,7 +89,7 @@ public static function maybe_upgrade( $table_name ) {
 				$wpdb->query(
 					$wpdb->prepare(
 						// phpcs:ignore WordPress.DB.DirectDatabaseQuery
-						"ALTER TABLE %i ADD `plan` VARCHAR(255) NOT NULL AFTER `paid`;",
+						"ALTER TABLE `%s` ADD `plan` VARCHAR(255) NOT NULL AFTER `paid`;",
 						$table_name
 					)
 				);
@@ -109,7 +111,7 @@ public static function maybe_upgrade( $table_name ) {
 				$wpdb->query(
 					$wpdb->prepare(
 						// phpcs:ignore WordPress.DB.DirectDatabaseQuery
-						"ALTER TABLE %i ADD `txn_code_2` VARCHAR(255) DEFAULT '' NULL AFTER `txn_code`;",
+						"ALTER TABLE `%s` ADD `txn_code_2` VARCHAR(255) DEFAULT '' NULL AFTER `txn_code`;",
 						$table_name
 					)
 				);
@@ -131,7 +133,7 @@ public static function maybe_upgrade( $table_name ) {
 				$wpdb->query(
 					$wpdb->prepare(
 						// phpcs:ignore WordPress.DB.DirectDatabaseQuery
-						"ALTER TABLE %i ADD `paid_at` timestamp  AFTER `created_at`;",
+						"ALTER TABLE `%s` ADD `paid_at` timestamp  AFTER `created_at`;",
 						$table_name
 					)
 				);

includes/classes/class-confirm-payment.php

@@ -38,7 +38,7 @@ class Confirm_Payment {
 	protected $transaction = false;
 
 	/**
-	 * Holds the current payment meta retrieved from the DB.
+	 * Holds the verified payment meta from the DB
 	 *
 	 * @var object
 	 */
@@ -65,6 +65,13 @@ class Confirm_Payment {
 	 */
 	protected $oamount = 0;
 
+	/**
+	 * The quantity bought.
+	 *
+	 * @var integer
+	 */
+	protected $quantity = 1;
+
 	/**
 	 * The transaction column to update.
 	 * Defaults to 'txn_code' and 'txn_code_2' when a payment retry is triggered.
@@ -73,6 +80,14 @@ class Confirm_Payment {
 	 */
 	protected $txn_column = 'txn_code';
 
+	/**
+	 * The transaction reference
+	 * Defaults to the 'txn_code' and 'txn_code_2' when a payment retry is triggered.
+	 *
+	 * @var integer
+	 */
+	protected $reference = '';
+
 	/**
 	 * Constructor
 	 */
@@ -89,12 +104,12 @@ public function __construct() {
 	protected function setup_data( $payment ) {
 		$this->payment_meta = $payment;
 		$this->meta         = $this->helpers->parse_meta_values( get_post( $this->payment_meta->post_id ) );
-		$this->amount       = $this->payment_meta->amount;
-		$this->oamount      = $this->meta['amount'];
 		$this->form_id      = $this->payment_meta->post_id;
-
-		if ( 'customer' === $this->meta['txncharge'] ) {
-			$this->oamount = $this->helpers->process_transaction_fees( $this->oamount );
+		$this->amount       = $this->payment_meta->amount;
+		$this->oamount      = $this->amount;
+		$this->reference    = $this->payment_meta->txn_code;
+		if ( isset( $this->payment_meta->txn_code_2 ) && ! empty( $this->payment_meta->txn_code_2 ) ) {
+			$this->reference = $this->payment_meta->txn_code_2;
 		}
 	}
 
@@ -106,7 +121,7 @@ public function confirm_payment() {
 		if ( ! isset( $_POST['nonce'] ) || false === wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST['nonce'] ) ), 'pff-paystack-confirm' ) ) {
 			$response = array(
 				'error' => true,
-				'error_message' => __( 'Nonce verification is required.', 'pff-paystack' ),
+				'error_message' => esc_html__( 'Nonce verification is required.', 'pff-paystack' ),
 			);
 
 			exit( wp_json_encode( $response ) );	
@@ -117,16 +132,23 @@ public function confirm_payment() {
 		if ( ! isset( $_POST['code'] ) || '' === trim( wp_unslash( $_POST['code'] ) ) ) {
 			$response = array(
 				'error' => true,
-				'error_message' => __( 'Did you make a payment?', 'pff-paystack' ),
+				'error_message' => esc_html__( 'Did you make a payment?', 'pff-paystack' ),
 			);
 
 			exit( wp_json_encode( $response ) );
 		}
 
 		// If this is a retry payment then set the colum accordingly.
+		// phpcs:ignore WordPress.Security.ValidatedSanitizedInput
 		if ( isset( $_POST['retry'] ) ) {
 			$this->txn_column = 'txn_code_2';
 		}
+
+		// This is a false positive, we are using isset as WPCS suggest in the PCP plugin.
+		// phpcs:ignore WordPress.Security.ValidatedSanitizedInput
+		if ( isset( $_POST['quantity'] ) ) {
+			$this->quantity = sanitize_text_field( wp_unslash( $_POST['quantity'] ) );
+		}
 
 		$this->helpers = new Helpers();
 		$code          = sanitize_text_field( wp_unslash( $_POST['code'] ) );
@@ -147,62 +169,105 @@ public function confirm_payment() {
 				}
 			} else {
 				$response = [
-					'message' => __( 'Failed to connect to Paystack.', 'pff-paystack' ),
+					'message' => esc_html__( 'Failed to connect to Paystack.', 'pff-paystack' ),
 					'result'  => 'failed',
 				];	
 			}
 
 		} else {
 			$response = [
-				'message' => __( 'Payment Verification Failed', 'pff-paystack' ),
+				'message' => esc_html__( 'Payment Verification Failed', 'pff-paystack' ),
 				'result'  => 'failed',
 			];
 		}
-	
 
 		// Create plan and send reciept.
 		if ( 'success' === $response['result'] ) {
 
 			// Create a plan that the user will be subscribed to.
-			
-			/*$pstk_logger = new kkd_pff_paystack_plugin_tracker( 'pff-paystack', Kkd_Pff_Paystack_Public::fetchPublicKey() );
-			$pstk_logger->log_transaction_success( $code );*/
-
 			$this->maybe_create_subscription();
 
-			
 			$sendreceipt = $this->meta['sendreceipt'];
-			if ( 'yes' === $sendreceipt ) {
-				$decoded = json_decode( $this->payment_meta->metadata );
-				$fullname = $decoded[1]->value;
+			$decoded     = json_decode( $this->payment_meta->metadata );
+			$fullname    = $decoded[1]->value;
 
+			if ( 'yes' === $sendreceipt ) {
 				/**
 				 * Allow 3rd Party Plugins to hook into the email sending.
 				 * 
 				 * 10: Email_Receipt::send_receipt();
 				 * 11: Email_Receipt_Owner::send_receipt_owner();
 				 */
+
 				do_action( 'pff_paystack_send_receipt',
 					$this->payment_meta->post_id,
 					$this->payment_meta->currency,
-					$this->payment_meta->amount_paid,
+					$this->payment_meta->amount,
 					$fullname,
 					$this->payment_meta->email,
-					$this->payment_meta->reference,
+					$this->reference,
+					$this->payment_meta->metadata
+				);
+
+				/**
+				 * Allow 3rd Party Plugins to hook into the email sending.
+				 * 11: Email_Receipt_Owner::send_receipt_owner();
+				 */
+
+				do_action( 'pff_paystack_send_receipt_owner',
+					$this->payment_meta->post_id,
+					$this->payment_meta->currency,
+					$this->payment_meta->amount,
+					$fullname,
+					$this->payment_meta->email,
+					$this->reference,
 					$this->payment_meta->metadata
 				);
 			}
 		}
 
 		if ( 'success' === $response['result'] && '' !== $this->meta['redirect'] ) {
 			$response['result'] = 'success2';
-			$response['link']   = $this->meta['redirect'];
+			$response['link']   = $this->add_param_to_url( $this->meta['redirect'], $this->reference );
 		}
 
 		echo wp_json_encode( $response );
 		die();
 	}
 
+	/**
+	 * Adds parameters to a URL.
+	 *
+	 * @param string $url The original URL.
+	 * @param string $ref The reference value to add as a parameter.
+	 * @return string The modified URL with added parameters.
+	 */
+	public function add_param_to_url( $url, $ref ) {
+		// Parse the URL.
+		$parsed_url = wp_parse_url( $url );
+
+		// Parse query parameters into an array.
+		parse_str( isset( $parsed_url['query'] ) ? $parsed_url['query'] : '', $query_params );
+
+		// Add the "trxref" and "reference" parameters to the query parameters.
+		$query_params['trxref']    = $ref;
+		$query_params['reference'] = $ref;
+
+		// Rebuild the query string.
+		$query_string = http_build_query( $query_params );
+
+		// Construct the new URL.
+		$new_url  = ( isset( $parsed_url['scheme'] ) ? $parsed_url['scheme'] . '://' : '' );
+		$new_url .= ( isset( $parsed_url['user'] ) ? $parsed_url['user'] . ( isset( $parsed_url['pass'] ) ? ':' . $parsed_url['pass'] : '' ) . '@' : '' );
+		$new_url .= ( isset( $parsed_url['host'] ) ? $parsed_url['host'] : '' );
+		$new_url .= ( isset( $parsed_url['port'] ) ? ':' . $parsed_url['port'] : '' );
+		$new_url .= ( isset( $parsed_url['path'] ) ? $parsed_url['path'] : '' );
+		$new_url .= ( ! empty( $query_string ) ? '?' . $query_string : '' );
+		$new_url .= ( isset( $parsed_url['fragment'] ) ? '#' . $parsed_url['fragment'] : '' );
+
+		return $new_url;
+	}
+
 	/**
 	 * Update the sold invetory with the amount of payments made.
 	 *
@@ -220,10 +285,10 @@ protected function update_sold_inventory() {
 				// phpcs:ignore WordPress.Security.NonceVerification
 				$quantity = (int) sanitize_text_field( wp_unslash( $_POST['quantity'] ) );
 			}
-			$sold     = $this->meta['sold'];
+			$sold = $this->meta['sold'];
 
 			if ( '' === $sold ) {
-				$sold = '0';
+				$sold = 0;
 			}
 			$sold += $quantity;
 		} else {
@@ -247,7 +312,7 @@ protected function update_payment_dates( $data ) {
 		global $wpdb;
 		$table  = $wpdb->prefix . PFF_PAYSTACK_TABLE;
 		$return = [
-			'message' => __( 'DB not updated.', 'pff-paystack' ),
+			'message' => esc_html__( 'DB not updated.', 'pff-paystack' ),
 			'result' => 'failed',
 		];
 
@@ -287,10 +352,10 @@ protected function update_payment_dates( $data ) {
 					'result' => 'success',
 				];
 			} else {
-				if ( $this->oamount !== $amount_paid ) {
+				if ( (int) $this->oamount !== (int) $amount_paid ) {
 					$return = [
 						// translators: %1$s: currency, %2$s: formatted amount required
-						'message' => sprintf( __( 'Invalid amount Paid. Amount required is %1$s<b>%2$s</b>', 'pff-paystack' ), $this->meta['currency'], number_format( $this->oamount ) ),
+						'message' => sprintf( esc_html__( 'Invalid amount Paid. Amount required is %1$s<b>%2$s</b>', 'pff-paystack' ), $this->meta['currency'], number_format( $this->oamount ) ),
 						'result' => 'failed',
 					];
 				} else {

includes/classes/class-email-invoice.php

@@ -60,7 +60,7 @@ public function send_invoice( $form_id, $currency, $amount, $name, $email, $code
 
 		$this->subject = sprintf(
 			// Translators: %1$s is the currency code, %2$s is the formatted amount
-			__( 'Payment Invoice for %1$s %2$s', 'text-domain' ),
+			esc_html__( 'Payment Invoice for %1$s %2$s', 'text-domain' ),
 			$currency,
 			number_format( $amount )
 		);