Fix invalid IP address during mandate data creation (#4292)

annemirasol · daledupreez · annemirasol · commit ea01bfa0ebd5 · 2025-05-07T13:34:04.000-05:00
* Fix invalid IP address during mandate data creation

---------

Co-authored-by: daledupreez &lt;dale.du.preez@automattic.com&gt;
diff --git a/changelog.txt b/changelog.txt
@@ -28,6 +28,7 @@
 * Update - Add support for customer order notes and express checkout
 * Dev - Minor fix to e2e setup code
 * Dev - Make PHP error log from Docker container available in docker/logs/php/error.log
+* Fix - Fix invalid IP address error encountered during mandate data creation.
 
 = 9.4.1 - 2025-04-17 =
 * Dev - Forces rollback of version 9.4.0.
diff --git a/includes/class-wc-stripe-helper.php b/includes/class-wc-stripe-helper.php
@@ -1600,11 +1600,11 @@ public static function is_webhook_url( $url, $webhook_url = '' ) {
 		$url_parts         = wp_parse_url( $url );
 		$webhook_url_parts = wp_parse_url( $webhook_url );
 
-		$url_host     = $url_parts['host'] ?? '';
-		$url_path     = $url_parts['path'] ?? '';
-		$url_query    = $url_parts['query'] ?? '';
-		$webhook_host = $webhook_url_parts['host'] ?? '';
-		$webhook_path = $webhook_url_parts['path'] ?? '';
+		$url_host      = $url_parts['host'] ?? '';
+		$url_path      = $url_parts['path'] ?? '';
+		$url_query     = $url_parts['query'] ?? '';
+		$webhook_host  = $webhook_url_parts['host'] ?? '';
+		$webhook_path  = $webhook_url_parts['path'] ?? '';
 		$webhook_query = $webhook_url_parts['query'] ?? '';
 
 		if ( $url_host !== $webhook_host || $url_path !== $webhook_path ) {
@@ -1624,7 +1624,7 @@ public static function is_webhook_url( $url, $webhook_url = '' ) {
 			return false;
 		}
 
-		$url_query_parts = [];
+		$url_query_parts     = [];
 		$webhook_query_parts = [];
 
 		parse_str( $url_query, $url_query_parts );
@@ -1727,6 +1727,14 @@ public static function get_klarna_preferred_locale( $store_locale, $billing_coun
 	 */
 	public static function add_mandate_data( $request ) {
 		$ip_address = WC_Geolocation::get_ip_address();
+
+		// Handle cases where WC_Geolocation::get_ip_address() returns multiple, comma-separated IP addresses.
+		// This will be addressed upstream in WooCommerce 9.9.0 as of (https://github.com/woocommerce/woocommerce/pull/57284).
+		// TODO: Remove this block when WooCommerce 9.9.0 is released.
+		if ( str_contains( $ip_address, ',' ) ) {
+			$ip_address = trim( current( preg_split( '/,/', $ip_address ) ) );
+		}
+
 		self::maybe_log_ip_issues( $ip_address );
 
 		$request['mandate_data'] = [
diff --git a/readme.txt b/readme.txt
@@ -138,5 +138,6 @@ If you get stuck, you can ask for help in the [Plugin Forum](https://wordpress.o
 * Update - Add support for customer order notes and express checkout
 * Dev - Minor fix to e2e setup code
 * Dev - Make PHP error log from Docker container available in docker/logs/php/error.log
+* Fix - Fix invalid IP address error encountered during mandate data creation.
 
 [See changelog for all versions](https://raw.githubusercontent.com/woocommerce/woocommerce-gateway-stripe/trunk/changelog.txt).
diff --git a/tests/phpunit/test-wc-stripe-helper.php b/tests/phpunit/test-wc-stripe-helper.php
@@ -394,9 +394,9 @@ public function provide_is_wallet_payment_method(): array {
 	 * @return void
 	 */
 	public function test_handle_main_stripe_settings() {
-		WC_Stripe_Helper::update_main_stripe_settings( [ 'test' => 'test' ] );
+		WC_Stripe_Helper::update_main_stripe_settings( [ 'test' => 'abc' ] );
 		$current_settings = WC_Stripe_Helper::get_stripe_settings();
-		$this->assertSame( [ 'test' => 'test' ], $current_settings );
+		$this->assertSame( $current_settings['test'], 'abc' );
 
 		WC_Stripe_Helper::delete_main_stripe_settings();
 		$current_settings = WC_Stripe_Helper::get_stripe_settings();
@@ -507,4 +507,43 @@ public function test_add_stripe_methods_in_woocommerce_gateway_order() {
 		$this->assertTrue( $gateway_order['stripe'] < $gateway_order['stripe_affirm'] );
 		$this->assertTrue( $gateway_order['stripe_affirm'] < $gateway_order['cheque'] );
 	}
+
+	/**
+	 * Test for `add_mandate_data`.
+	 *
+	 * @param string $server_variable_key   The key of the server variable to set.
+	 * @param string $server_variable_value The value to set the server variable to.
+	 * @param string $expected_ip_address    The expected IP address.
+	 * @dataProvider provider_test_add_mandate_data
+	 * @return void
+	 */
+	public function test_add_mandate_data( $server_variable_key, $server_variable_value, $expected_ip_address ) {
+		unset( $_SERVER['REMOTE_ADDR'] );
+		unset( $_SERVER['HTTP_X_REAL_IP'] );
+		unset( $_SERVER['HTTP_X_FORWARDED_FOR'] );
+
+		$_SERVER[ $server_variable_key ] = $server_variable_value;
+		$request                         = WC_Stripe_Helper::add_mandate_data( [] );
+		$this->assertTrue( isset( $request['mandate_data']['customer_acceptance']['online']['ip_address'] ) );
+		$ip_address = $request['mandate_data']['customer_acceptance']['online']['ip_address'];
+		$this->assertSame( $expected_ip_address, $ip_address );
+	}
+
+	/**
+	 * Data provider for `test_add_mandate_data`.
+	 *
+	 * @return array
+	 */
+	public function provider_test_add_mandate_data() {
+		return [
+			[ 'REMOTE_ADDR', '192.168.1.1', '192.168.1.1' ],
+			[ 'REMOTE_ADDR', '192.168.1.1, 192.168.1.2, 192.168.1.3', '192.168.1.1' ],
+			[ 'HTTP_X_REAL_IP', '192.168.1.1', '192.168.1.1' ],
+			[ 'HTTP_X_REAL_IP', '192.168.1.1, 192.168.1.2, 192.168.1.3', '192.168.1.1' ],
+			[ 'HTTP_X_FORWARDED_FOR', '192.168.1.1, 192.168.1.2, 192.168.1.3', '192.168.1.1' ],
+			[ 'HTTP_X_FORWARDED_FOR', '192.168.1.1', '192.168.1.1' ],
+			[ 'HTTP_X_REAL_IP', 'invalid-ip-address', 'invalid-ip-address' ],
+			[ 'HTTP_X_REAL_IP', '', '' ],
+		];
+	}
 }
