Changeset 3446489
- Timestamp:
- 01/25/2026 10:51:48 AM (2 months ago)
- Location:
- triplea-cryptocurrency-payment-gateway-for-woocommerce/trunk/includes/WooCommerce
- Files:
-
- 2 edited
-
TripleA_Payment_Gateway.php (modified) (3 diffs)
-
views/triplea_options.php (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
triplea-cryptocurrency-payment-gateway-for-woocommerce/trunk/includes/WooCommerce/TripleA_Payment_Gateway.php
r3446472 r3446489 146 146 public function save_plugin_options() 147 147 { 148 // Encrypt client_secret before saving 149 if (!empty($_POST['woocommerce_triplea_payment_gateway_client_secret'])) { 150 $client_secret_raw = $_POST['woocommerce_triplea_payment_gateway_client_secret']; 148 // Handle client_secret encryption with placeholder detection 149 $client_secret_raw = null; 150 $client_secret_posted = !empty($_POST['woocommerce_triplea_payment_gateway_client_secret']) ? $_POST['woocommerce_triplea_payment_gateway_client_secret'] : ''; 151 $client_secret_exists = !empty($_POST['clientSecretExists']) && $_POST['clientSecretExists'] === '1'; 152 153 // Detect placeholder pattern: **********XXXX (10 asterisks + last 4 chars) 154 $is_placeholder = (strlen($client_secret_posted) >= 10 && substr($client_secret_posted, 0, 10) === str_repeat('*', 10)); 155 156 // Only update client_secret if it's NOT the placeholder (i.e., user entered a new value) 157 if (!empty($client_secret_posted) && !$is_placeholder) { 158 // User entered a new secret - encrypt and save it 159 $client_secret_raw = $client_secret_posted; 151 160 $client_secret_encrypted = $this->encrypt_credential($client_secret_raw); 152 161 $this->settings['client_secret'] = $client_secret_encrypted; 153 } 162 } elseif ($is_placeholder && $client_secret_exists) { 163 // User left placeholder unchanged - keep existing encrypted value, decrypt for OAuth 164 $client_secret_raw = $this->decrypt_credential($this->get_option('client_secret')); 165 } 166 // If empty or other case, $client_secret_raw remains null 154 167 155 168 if (!empty($_POST['clientID']) && (isset($_POST['oAuthToken']) || isset($_POST['oAuthTokenExpiry']))) { … … 157 170 // {@see https://codex.wordpress.org/HTTP_API} 158 171 // Use raw (unencrypted) client_secret for OAuth request 172 // If $client_secret_raw is not set, decrypt existing value from database 173 if (empty($client_secret_raw)) { 174 $client_secret_raw = $this->decrypt_credential($this->get_option('client_secret')); 175 } 176 159 177 $response = wp_remote_post('https://api.triple-a.io/api/v2/oauth/token', array( 160 178 'headers' => array( … … 163 181 'body' => array( 164 182 'client_id' => $_POST['woocommerce_triplea_payment_gateway_client_id'], 165 'client_secret' => isset($client_secret_raw) ? $client_secret_raw : $_POST['woocommerce_triplea_payment_gateway_client_secret'],183 'client_secret' => $client_secret_raw, 166 184 'grant_type' => 'client_credentials', 167 185 ), -
triplea-cryptocurrency-payment-gateway-for-woocommerce/trunk/includes/WooCommerce/views/triplea_options.php
r3446472 r3446489 27 27 $merchantKey = ( !empty( $plugin_settings['merchant_key'] ) ) ? $plugin_settings['merchant_key'] : ''; 28 28 $clientID = ( !empty( $plugin_settings['client_id'] ) ) ? $plugin_settings['client_id'] : ''; 29 // Decrypt client_secret for display (prevents double encryption on re-save)29 // Use placeholder for security - show last 4 characters only 30 30 $clientSecret_encrypted = ( !empty( $plugin_settings['client_secret'] ) ) ? $plugin_settings['client_secret'] : ''; 31 $clientSecret = $this->decrypt_credential($clientSecret_encrypted); 31 $clientSecret_exists = !empty($clientSecret_encrypted); 32 33 if ($clientSecret_exists) { 34 // Decrypt temporarily to get last 4 characters for placeholder 35 $clientSecret_real = $this->decrypt_credential($clientSecret_encrypted); 36 $last4 = strlen($clientSecret_real) >= 4 ? substr($clientSecret_real, -4) : $clientSecret_real; 37 $clientSecret = str_repeat('*', 10) . $last4; // Format: **********9384 38 } else { 39 $clientSecret = ''; 40 } 32 41 33 42 //Settings Section … … 73 82 <div class="triplea-form-group"> 74 83 <label for="merchantKey"><?php _e( 'Merchant Key', 'wc-triplea-crypto-payment' ); ?></label> 75 <input id="merchantKey" type="text" name="merchantKey" value="<?php echo $merchantKey; ?>" >84 <input id="merchantKey" type="text" name="merchantKey" value="<?php echo $merchantKey; ?>" style="width:300px;"> 76 85 </div> 77 86 <div class="triplea-form-group"> 78 87 <label for="clientID"><?php _e( 'Client ID', 'wc-triplea-crypto-payment' ); ?></label> 79 <input id="clientID" type="text" name="clientID" value="<?php echo $clientID; ?>" >88 <input id="clientID" type="text" name="clientID" value="<?php echo $clientID; ?>" style="width:300px;"> 80 89 </div> 81 90 <div class="triplea-form-group"> 82 91 <label for="clientSecret"><?php _e( 'Client Secret', 'wc-triplea-crypto-payment' ); ?></label> 83 <input id="clientSecret" type="password" name="clientSecret" value="<?php echo $clientSecret; ?>"> 92 <input id="clientSecret" type="password" name="clientSecret" value="<?php echo $clientSecret; ?>" placeholder="<?php echo $clientSecret_exists ? __('Enter new secret to update', 'wc-triplea-crypto-payment') : __('Enter client secret', 'wc-triplea-crypto-payment'); ?>" style="width:300px;"> 93 <input type="hidden" name="clientSecretExists" value="<?php echo $clientSecret_exists ? '1' : '0'; ?>"> 94 <?php if ($clientSecret_exists): ?> 95 <small style="display:block;margin-top:5px;color:#666;"><?php _e('Leave unchanged to keep existing secret, or enter new value to update.', 'wc-triplea-crypto-payment'); ?></small> 96 <?php endif; ?> 84 97 </div> 85 98 <input type="hidden" name="oAuthToken" id="oAuthToken">
Note: See TracChangeset
for help on using the changeset viewer.