Improve checks in voucher purchase flow

daledupreez · daledupreez · commit e401cbfa87f0 · 2025-06-23T10:08:13.000-04:00
diff --git a/changelog.txt b/changelog.txt
@@ -9,6 +9,7 @@
 * Fix - Fixes a possible fatal error with Multibanco purchases when generating the email instructions.
 * Fix - Fix buggy unsaved changes warning in settings page
 * Fix - Use the platform's payment method configuration id constant when rendering the Optimized Checkout
+* Update - Improve checks in voucher purchase flow
 
 = 9.5.2 - 2025-05-22 =
 * Add - Implement custom database cache for persistent caching with in-memory optimization.
diff --git a/client/classic/upe/payment-processing.js b/client/classic/upe/payment-processing.js
@@ -567,7 +567,8 @@ export const createAndConfirmSetupIntent = (
  * @param {Object} jQueryForm    The jQuery object for the form being submitted.
  */
 export const confirmVoucherPayment = async ( api, jQueryForm ) => {
-	const isOrderPay = getStripeServerData()?.isOrderPay;
+	const stripeServerData = getStripeServerData();
+	const isOrderPay = stripeServerData?.isOrderPay;
 
 	// The Order Pay page does a hard refresh when the hash changes, so we need to block the UI again.
 	if ( isOrderPay ) {
@@ -596,7 +597,7 @@ export const confirmVoucherPayment = async ( api, jQueryForm ) => {
 	// Verify the request using the data added to the URL.
 	if (
 		! clientSecret ||
-		( isOrderPay && orderId !== getStripeServerData()?.orderId )
+		( isOrderPay && orderId !== stripeServerData?.orderId )
 	) {
 		jQueryForm.removeClass( 'processing' ).unblock();
 		return;
@@ -624,13 +625,63 @@ export const confirmVoucherPayment = async ( api, jQueryForm ) => {
 		if ( confirmPayment.error ) {
 			throw confirmPayment.error;
 		}
-
-		// Once the customer closes the voucher and there are no errors, redirect them to the order received page.
-		window.location.href = decodeURIComponent( partials[ 4 ] );
 	} catch ( error ) {
 		jQueryForm.removeClass( 'processing' ).unblock();
 		showErrorCheckout( error.message );
+		return;
 	}
+
+	let postPaymentUrl = null;
+	try {
+		postPaymentUrl = decodeURIComponent( partials[ 4 ] || '' );
+	} catch ( error ) {}
+
+	let validatedRedirectUrl = null;
+	if ( postPaymentUrl ) {
+		try {
+			const redirectUrl = new URL(
+				postPaymentUrl,
+				window.location.origin
+			);
+
+			if ( redirectUrl.origin === window.location.origin ) {
+				validatedRedirectUrl = redirectUrl;
+			}
+		} catch ( error ) {}
+	}
+
+	if ( validatedRedirectUrl ) {
+		window.location.href = validatedRedirectUrl.toString();
+		return;
+	}
+
+	if ( ! stripeServerData?.orderReceivedURL ) {
+		showErrorCheckout(
+			__(
+				'There was a problem processing the payment. Please refresh the page to try again.',
+				'woocommerce-gateway-stripe'
+			)
+		);
+		return;
+	}
+
+	// We didn't get a valid redirect URL, so redirect to the order received page.
+	// If we have a numeric order ID, navigate to the order received page for that order.
+	if (
+		orderId &&
+		orderId !== 'NaN' &&
+		orderId === String( parseInt( orderId, 10 ) )
+	) {
+		window.location.href =
+			stripeServerData.orderReceivedURL +
+			'/' +
+			encodeURIComponent( orderId ) +
+			'/';
+		return;
+	}
+
+	// Otherwise go to the generic page.
+	window.location.href = stripeServerData.orderReceivedURL;
 };
 
 /**
diff --git a/includes/payment-methods/class-wc-stripe-upe-payment-gateway.php b/includes/payment-methods/class-wc-stripe-upe-payment-gateway.php
@@ -511,6 +511,7 @@ public function javascript_params() {
 		$stripe_params['genericErrorMessage']              = __( 'There was a problem processing the payment. Please check your email inbox and refresh the page to try again.', 'woocommerce-gateway-stripe' );
 		$stripe_params['accountDescriptor']                = $this->statement_descriptor;
 		$stripe_params['addPaymentReturnURL']              = wc_get_account_endpoint_url( 'payment-methods' );
+		$stripe_params['orderReceivedURL']                 = $this->get_return_url(); // $order argument is intentionally left empty as a fallback.
 		$stripe_params['enabledBillingFields']             = $enabled_billing_fields;
 		$stripe_params['cartContainsSubscription']         = $this->is_subscription_item_in_cart();
 		$stripe_params['accountCountry']                   = WC_Stripe::get_instance()->account->get_account_country();
diff --git a/readme.txt b/readme.txt
@@ -119,6 +119,7 @@ If you get stuck, you can ask for help in the [Plugin Forum](https://wordpress.o
 * Fix - Fixes a possible fatal error with Multibanco purchases when generating the email instructions
 * Fix - Fix buggy unsaved changes warning in settings page
 * Fix - Use the platform's payment method configuration id constant when rendering the Optimized Checkout
+* Update - Improve checks in voucher purchase flow
 * Tweak - Track charge completed via webhooks in order notes
 
 = 9.5.2 - 2025-05-22 =
