WordPress.org
Get WordPress

Plugin Directory

Changeset 3433889


Ignore:
Timestamp:
01/06/2026 07:53:03 PM (3 months ago)
Author:
peachpay
Message:

1.120.1

Location:
peachpay-for-woocommerce
Files:
924 added
4 edited

Legend:

Unmodified
Added
Removed

  • peachpay-for-woocommerce/trunk/changelog.txt

    r3433272 r3433889  
    11*** PeachPay for WooCommerce Changelog ***
     2
     32026-01-06 - version 1.120.1
     4* Fix: ConvesioPay webhook signature validation refactor
    25
    362026-01-06 - version 1.120.0

  • peachpay-for-woocommerce/trunk/core/payments/convesiopay/routes/class-peachpay-convesiopay-webhook.php

    r3432414 r3433889  
    233233        // Check if the payment method is a ConvesioPay gateway
    234234        $payment_method = $order->get_payment_method();
    235         if ( function_exists( 'PeachPay_ConvesioPay_Integration::is_payment_gateway' ) ) {
     235        if ( class_exists( 'PeachPay_ConvesioPay_Integration' ) && method_exists( 'PeachPay_ConvesioPay_Integration', 'is_payment_gateway' ) ) {
    236236            if ( PeachPay_ConvesioPay_Integration::is_payment_gateway( $payment_method ) ) {
    237237                return true;
     
    248248        // but only if ConvesioPay is connected
    249249        if ( empty( $payment_method ) ) {
    250             if ( function_exists( 'PeachPay_ConvesioPay_Integration::connected' ) ) {
     250            if ( class_exists( 'PeachPay_ConvesioPay_Integration' ) && method_exists( 'PeachPay_ConvesioPay_Integration', 'connected' ) ) {
    251251                return PeachPay_ConvesioPay_Integration::connected();
    252252            }
     
    346346        switch ( $normalized_status ) {
    347347            case 'succeeded':  // ConvesioPay documentation status
    348                 // For authorized payments, keep them pending for manual capture
    349                 if ( $normalized_status === 'authorized' ) {
    350                     $this->handle_payment_authorized( $order, $payment_id, $payment_data, $payment_method );
    351                 } else {
    352                     $this->handle_payment_success( $order, $payment_id, $payment_data, $payment_method );
    353                 }
    354                 break;
    355                
     348                $this->handle_payment_success( $order, $payment_id, $payment_data, $payment_method );
     349                break;
     350           
     351            case 'authorized': // Authorized payments wait for capture
     352                $this->handle_payment_authorized( $order, $payment_id, $payment_data, $payment_method );
     353                break;
    356354            // case 'captured':
    357355            //  $this->handle_payment_success( $order, $payment_id, $payment_data, $payment_method );
     
    983981        // SECURITY: Always require signature headers - no bypass allowed
    984982        if ( empty( $convesiopay_timestamp ) || empty( $convesiopay_signature ) ) {
    985             if ( function_exists( 'error_log' ) && defined( 'WP_DEBUG' ) && WP_DEBUG ) {
    986                 error_log( 'ConvesioPay: Missing required signature headers - rejecting webhook' );
     983            if ( defined( 'WP_DEBUG' ) && WP_DEBUG ) {
     984                error_log( 'ConvesioPay Webhook: Missing required signature headers - rejecting webhook' );
    987985            }
    988986            return false;
     
    990988       
    991989        // Get webhook signature key from configuration
    992         $config = function_exists( 'PeachPay_ConvesioPay_Integration::config' ) ? PeachPay_ConvesioPay_Integration::config() : array();
     990        $config = ( class_exists( 'PeachPay_ConvesioPay_Integration' ) && method_exists( 'PeachPay_ConvesioPay_Integration', 'config' ) ) ? PeachPay_ConvesioPay_Integration::config() : array();
    993991        // Check both possible locations for the signature key
    994992        $webhook_signature_key = $config['webhook_data']['signature_key'] ?? $config['webhook_signature'] ?? '';
     
    996994        // SECURITY: Require webhook signature to be configured - never allow unauthenticated webhooks
    997995        if ( empty( $webhook_signature_key ) ) {
    998             if ( function_exists( 'error_log' ) && defined( 'WP_DEBUG' ) && WP_DEBUG ) {
    999                 error_log( 'ConvesioPay: No webhook signature key configured - rejecting webhook for security' );
     996            if ( defined( 'WP_DEBUG' ) && WP_DEBUG ) {
     997                error_log( 'ConvesioPay Webhook: No webhook signature key configured - rejecting webhook for security' );
    1000998            }
    1001999            return false;
     
    10071005       
    10081006        // Use constant-time comparison to prevent timing attacks as recommended
    1009         $is_valid = function_exists( 'hash_equals' ) ? hash_equals( $convesiopay_signature, $expected_signature ) : ( $convesiopay_signature === $expected_signature );
    1010        
    1011         if ( ! $is_valid && function_exists( 'error_log' ) && defined( 'WP_DEBUG' ) && WP_DEBUG ) {
     1007        $is_valid = hash_equals( $convesiopay_signature, $expected_signature );
     1008       
     1009        if ( ! $is_valid && defined( 'WP_DEBUG' ) && WP_DEBUG ) {
    10121010            error_log( 'ConvesioPay: Signature mismatch - rejecting webhook' );
    10131011        }

  • peachpay-for-woocommerce/trunk/peachpay.php

    r3433272 r3433889  
    44 * Plugin URI: https://woocommerce.com/products/peachpay
    55 * Description: Connect and manage all your payment methods, offer shoppers a beautiful Express Checkout, and reduce cart abandonment.
    6  * Version: 1.120.0
     6 * Version: 1.120.1
    77 * Text Domain: peachpay-for-woocommerce
    88 * Domain Path: /languages

  • peachpay-for-woocommerce/trunk/readme.txt

    r3433272 r3433889  
    44Requires at least: 5.8
    55Tested up to: 6.8.1
    6 Stable tag: 1.120.0
     6Stable tag: 1.120.1
    77Requires PHP: 7.0
    88License: GPLv2 or later
     
    262262
    263263== Changelog ==
     264
     265= 1.120.1 =
     266* Fix: ConvesioPay webhook signature validation refactor
    264267
    265268= 1.120.0 =
Note: See TracChangeset for help on using the changeset viewer.