Changeset 3454688

svea-checkout-for-woocommerce/tags/3.5.0/assets/js/frontend/application.min.js

r3320066	r3454688
1		(e=>{class t{constructor(e){this.$elm=e,this.isCompany="business"===wc_sco_params.default_company_type,this.validationCallbackListener=null,this.isCompanyListener=null,this.postalCodeListener=null,this.hasOngoingPayment=!1,this.syncZipCode=wc_sco_params.sync_zip_code,this.attributionKey=wc_sco_params.attribution_key,this.validationFailedMessage=wc_sco_params.validation_failed,this.ajaxUrl=wc_checkout_params.wc_ajax_url,this.refreshNonce=wc_sco_params.refresh_sco_snippet_nonce,this.checkoutNonce=wc_sco_params.sco_checkout_order,this.nShiftNonce=wc_sco_params.update_sco_order_nshift_information,this.checkoutNonceSelector="#woocommerce-process-checkout-nonce",this.attachEvents()}attachEvents(){const t=()=>{this.observeSveaData(),e(".svea-skeleton-loader").remove()};"scoApi"in window&&window.scoApi?t():e(document).on("checkoutReady",t),this.attachCheckoutEvents()}attachCheckoutEvents(){this.currentCountry=e(".wc-svea-checkout-page #billing_country").val(),this.currentState=e(".wc-svea-checkout-page #billing_state").val(),e(document).on("change",".wc-svea-checkout-page #billing_country",(t=>{const s=e(".wc-svea-checkout-page #billing_country").val();this.currentCountry!=s&&(this.refreshData(),this.currentCountry=s)})),e(document).on("change",".wc-svea-checkout-page #billing_state",(t=>{const s=e(".wc-svea-checkout-page #billing_state").val();this.currentState!=s&&(this.refreshData(),this.currentState=s)})),e(document).on("change",".wc-svea-checkout-page #shipping_method .shipping_method",this.refreshData.bind(this));if(e(document).on("change",[".woocommerce-additional-fields input",".woocommerce-additional-fields textarea",".woocommerce-additional-fields select"].join(", "),this.maybeTriggerReloadOfSvea.bind(this)),window.wc_sco_compat&&window.wc_sco_compat.fields_trigger_update.length){const t=window.wc_sco_compat.fields_trigger_update.join(", ");e(document).on("change",t,this.refreshData.bind(this))}e(document).on("sco_refresh_data",this.refreshData.bind(this)),e("body").on("update_checkout",this.refreshData.bind(this)),e("body").on("click","#sco-change-payment",this.changePaymentMethod.bind(this))}maybeTriggerReloadOfSvea(){this.hasOngoingPayment&&(window.scoApi.setCheckoutEnabled(!1),window.scoApi.setCheckoutEnabled(!0))}observeSveaData(){"1"===this.syncZipCode&&(this.postalCodeListener&&this.postalCodeListener(),this.postalCodeListener=window.scoApi.observeEvent("identity.postalCode",this.postalCodeChange.bind(this))),document.removeEventListener("sveaCheckout:errorValidationCallback",this.validationError.bind(this)),document.addEventListener("sveaCheckout:errorValidationCallback",this.validationError.bind(this)),document.removeEventListener("sveaCheckout:shippingConfirmed",this.shippingConfirmed.bind(this)),document.addEventListener("sveaCheckout:shippingConfirmed",this.shippingConfirmed.bind(this)),this.isCompanyListener&&this.isCompanyListener(),this.isCompanyListener=window.scoApi.observeEvent("identity.isCompany",this.isCompanyChange.bind(this)),this.validationCallbackListener&&this.validationCallbackListener(),this.validationCallbackListener=window.scoApi.observeEvent("order.validationCallback",this.submitOrder.bind(this))}submitOrder(t){this.hasOngoingPayment=!0;const s=e("form.woocommerce-checkout").serialize(),o=this.serializeFormToObject(s),a=Object.assign(o,{post_data:s,security:this.checkoutNonce,ship_to_different_address:1,payment_method:"svea_checkout"});e.ajax({type:"POST",url:this.ajaxUrl.toString().replace("%%endpoint%%","sco_checkout_order"),data:a,success:s=>{let o=!1;if(void 0!==s.result)if("failure"===s.result){if(s.reload)return void e.ajax({type:"GET",url:this.ajaxUrl.toString().replace("%%endpoint%%","sco_renew_nonce"),success:s=>{if(s.success)return e(this.checkoutNonceSelector).val(s.data.wc),this.checkoutNonce=s.data.sco,this.submitOrder(t)}});this.showErrors(s.messages)}else"success"===s.result&&(o=!0);t.callback&&t.callback({valid:o})}})}postalCodeChange(t){let s=e("#billing_postcode").val(),o=t.value\|\|"";(o&&s!==o\|\|"••••"===o)&&(e("#billing_postcode").val(o),this.refreshData())}isCompanyChange(e){void 0!==e.value&&e.value!==this.isCompany&&(this.isCompany=e.value,setTimeout((()=>{this.refreshData()})))}validationError(e){let t=e.detail.message\|\|this.validationFailedMessage;this.showErrors(t,!0),this.refreshData(null,!0)}shippingConfirmed(t){const s={security:this.nShiftNonce,price:t.detail.price,name:t.detail.name};this.setCheckoutUpdating(!0),e.ajax({type:"POST",url:this.ajaxUrl.toString().replace("%%endpoint%%","update_sco_order_nshift_information"),data:s,success:e=>{e&&e.fragments&&this.updateFragments(e.fragments),this.setCheckoutUpdating(!1)}})}refreshData(t,s=!1){const o=e("form.woocommerce-checkout").serialize(),a=this.serializeFormToObject(o,!1);"object"==typeof s&&(s=!0);const i=Object.assign(a,{security:this.refreshNonce,post_data:o,force:s});this.setCheckoutUpdating(!0),e.ajax({type:"POST",url:this.ajaxUrl.toString().replace("%%endpoint%%","refresh_sco_snippet"),data:i,success:t=>{this.isUpdating=!1,!0!==t.reload&&"true"!==t.reload?(e(".woocommerce-NoticeGroup-updateOrderReview").remove(),t&&t.fragments&&this.updateFragments(t.fragments),"failure"===t.result&&(this.removeErrors(),t.messages?this.showErrors(t.messages):this.showErrors(t)),e(document.body).trigger("updated_checkout",[t]),this.setCheckoutUpdating(!1)):window.location.reload()},complete:()=>{this.isUpdating=!1}})}updateFragments(t){e.each(t,(function(t,s){e(t).html(s),e(t).unblock()}))}showErrors(t,s=!1){this.removeErrors(),void 0===s&&(s=!0),s?this.$elm.prepend('<ul class="woocommerce-error"><li>'+t+"</li></ul>"):this.$elm.prepend(t),this.$elm.find(".input-text, select, input:checkbox").blur(),e("html, body").animate({scrollTop:this.$elm.offset().top-100},1e3)}setCheckoutUpdating(t){e(".wc-svea-checkout-page").toggleClass("updating",t),window.scoApi&&window.scoApi.setCheckoutEnabled(!t)}serializeFormToObject(e,t=!0){let s={};return e.split("&").forEach((e=>{let[o,a]=e.split("=");(t\|\|0!==o.indexOf(this.attributionKey))&&(s[decodeURIComponent(o)]=decodeURIComponent(a))})),s}removeErrors(){e(".woocommerce-error, .woocommerce-message").remove()}changePaymentMethod(t){t.preventDefault(),e.ajax({url:wc_checkout_params.wc_ajax_url.toString().replace("%%endpoint%%","sco_change_payment_method"),method:"POST",data:{svea:!1,security:wc_checkout_params.change_payment_method},success:e=>{e.success&&window.location.reload()}})}static instance(){e(this).length>0&&e(this).each(((s,o)=>{o.sveaCheckout=new t(e(o))}))}}function s(t){"svea_checkout"===t&&e.ajax({url:wc_checkout_params.wc_ajax_url.toString().replace("%%endpoint%%","sco_change_payment_method"),method:"POST",data:{svea:!0,security:wc_checkout_params.change_payment_method},success:e=>{e.success&&window.location.reload()}})}e.fn.sveaCheckout=t.instance,e(document).ready((t=>{e(".wc-svea-checkout-page").sveaCheckout(),e(document.body).on("init_checkout",(t=>{e("body").on("change","input[name=payment_method]",(t=>{s(e(t.target).val()),console.log("change")})),e(document.body).on("updated_checkout",(()=>{s(e("input[name=payment_method]:checked").val())}))}))}))})(jQuery);
	1	(e=>{class t{constructor(e){this.$elm=e,this.isCompany="business"===wc_sco_params.default_company_type,this.validationCallbackListener=null,this.isCompanyListener=null,this.postalCodeListener=null,this.hasOngoingPayment=!1,this.syncZipCode=wc_sco_params.sync_zip_code,this.attributionKey=wc_sco_params.attribution_key,this.validationFailedMessage=wc_sco_params.validation_failed,this.ajaxUrl=wc_checkout_params.wc_ajax_url,this.refreshNonce=wc_sco_params.refresh_sco_snippet_nonce,this.checkoutNonce=wc_sco_params.sco_checkout_order,this.nShiftNonce=wc_sco_params.update_sco_order_nshift_information,this.checkoutNonceSelector="#woocommerce-process-checkout-nonce",this.attachEvents()}attachEvents(){const t=()=>{this.observeSveaData(),e(".svea-skeleton-loader").remove()};"scoApi"in window&&window.scoApi?t():e(document).on("checkoutReady",t),this.attachCheckoutEvents()}attachCheckoutEvents(){this.currentCountry=e(".wc-svea-checkout-page #billing_country").val(),this.currentState=e(".wc-svea-checkout-page #billing_state").val(),e(document).on("change",".wc-svea-checkout-page #billing_country",(t=>{const s=e(".wc-svea-checkout-page #billing_country").val();this.currentCountry!=s&&(this.refreshData(),this.currentCountry=s)})),e(document).on("change",".wc-svea-checkout-page #billing_state",(t=>{const s=e(".wc-svea-checkout-page #billing_state").val();this.currentState!=s&&(this.refreshData(),this.currentState=s)})),e(document).on("change",".wc-svea-checkout-page #shipping_method .shipping_method",this.refreshData.bind(this));if(e(document).on("change",[".woocommerce-additional-fields input",".woocommerce-additional-fields textarea",".woocommerce-additional-fields select"].join(", "),this.maybeTriggerReloadOfSvea.bind(this)),window.wc_sco_compat&&window.wc_sco_compat.fields_trigger_update.length){const t=window.wc_sco_compat.fields_trigger_update.join(", ");e(document).on("change",t,this.refreshData.bind(this))}e(document).on("sco_refresh_data",this.refreshData.bind(this)),e("body").on("update_checkout",this.refreshData.bind(this)),e("body").on("click","#sco-change-payment",this.changePaymentMethod.bind(this))}maybeTriggerReloadOfSvea(){this.hasOngoingPayment&&(window.scoApi.setCheckoutEnabled(!1),window.scoApi.setCheckoutEnabled(!0))}observeSveaData(){"1"===this.syncZipCode&&(this.postalCodeListener&&this.postalCodeListener(),this.postalCodeListener=window.scoApi.observeEvent("identity.postalCode",this.postalCodeChange.bind(this))),document.removeEventListener("sveaCheckout:errorValidationCallback",this.validationError.bind(this)),document.addEventListener("sveaCheckout:errorValidationCallback",this.validationError.bind(this)),document.removeEventListener("sveaCheckout:shippingConfirmed",this.shippingConfirmed.bind(this)),document.addEventListener("sveaCheckout:shippingConfirmed",this.shippingConfirmed.bind(this)),this.isCompanyListener&&this.isCompanyListener(),this.isCompanyListener=window.scoApi.observeEvent("identity.isCompany",this.isCompanyChange.bind(this)),this.validationCallbackListener&&this.validationCallbackListener(),this.validationCallbackListener=window.scoApi.observeEvent("order.validationCallback",this.submitOrder.bind(this))}submitOrder(t){this.hasOngoingPayment=!0;const s=e("form.woocommerce-checkout").serialize(),o=this.serializeFormToObject(s),a=Object.assign(o,{post_data:s,security:this.checkoutNonce,ship_to_different_address:1,payment_method:"svea_checkout"});e.ajax({type:"POST",url:this.ajaxUrl.toString().replace("%%endpoint%%","sco_checkout_order"),data:a,success:s=>{let o=!1;if(void 0!==s.result)if("failure"===s.result){if(s.reload)return void e.ajax({type:"GET",url:this.ajaxUrl.toString().replace("%%endpoint%%","sco_renew_nonce"),success:s=>{if(s.success)return e(this.checkoutNonceSelector).val(s.data.wc),this.checkoutNonce=s.data.sco,this.submitOrder(t)}});this.showErrors(s.messages)}else"success"===s.result&&(o=!0);t.callback&&t.callback({valid:o})}})}postalCodeChange(t){let s=e("#billing_postcode").val(),o=t.value\|\|"";(o&&s!==o\|\|"••••"===o)&&(e("#billing_postcode").val(o),this.refreshData())}isCompanyChange(e){void 0!==e.value&&e.value!==this.isCompany&&(this.isCompany=e.value,setTimeout((()=>{this.refreshData()})))}validationError(e){let t=e.detail.message\|\|this.validationFailedMessage;this.showErrors(t,!0),this.refreshData(null,!0)}shippingConfirmed(t){const s={security:this.nShiftNonce,price:t.detail.price,name:t.detail.name};this.setCheckoutUpdating(!0),e.ajax({type:"POST",url:this.ajaxUrl.toString().replace("%%endpoint%%","update_sco_order_nshift_information"),data:s,success:e=>{e&&e.fragments&&this.updateFragments(e.fragments),this.setCheckoutUpdating(!1)}})}refreshData(t,s=!1){const o=e("form.woocommerce-checkout").serialize(),a=this.serializeFormToObject(o,!1);"object"==typeof s&&(s=!0);const i=Object.assign(a,{security:this.refreshNonce,post_data:o,force:s});this.setCheckoutUpdating(!0),e.ajax({type:"POST",url:this.ajaxUrl.toString().replace("%%endpoint%%","refresh_sco_snippet"),data:i,success:t=>{this.isUpdating=!1,!0!==t.reload&&"true"!==t.reload?(e(".woocommerce-NoticeGroup-updateOrderReview").remove(),t&&t.fragments&&this.updateFragments(t.fragments),"failure"===t.result&&(this.removeErrors(),t.messages?this.showErrors(t.messages):this.showErrors(t)),e(document.body).trigger("updated_checkout",[t]),this.setCheckoutUpdating(!1)):window.location.reload()},complete:()=>{this.isUpdating=!1}})}updateFragments(t){e.each(t,(function(t,s){e(t).html(s),e(t).unblock()}))}showErrors(t,s=!1){this.removeErrors(),void 0===s&&(s=!0),s?this.$elm.prepend('<ul class="woocommerce-error"><li>'+t+"</li></ul>"):this.$elm.prepend(t),this.$elm.find(".input-text, select, input:checkbox").blur(),e("html, body").animate({scrollTop:this.$elm.offset().top-100},1e3)}setCheckoutUpdating(t){e(".wc-svea-checkout-page").toggleClass("updating",t),window.scoApi&&window.scoApi.setCheckoutEnabled(!t)}serializeFormToObject(e,t=!0){let s={};return e.split("&").forEach((e=>{let[o,a]=e.split("=");(t\|\|0!==o.indexOf(this.attributionKey))&&(s[decodeURIComponent(o)]=decodeURIComponent(a))})),s}removeErrors(){e(".woocommerce-error, .woocommerce-message").remove()}changePaymentMethod(t){t.preventDefault(),e.ajax({url:wc_checkout_params.wc_ajax_url.toString().replace("%%endpoint%%","sco_change_payment_method"),method:"POST",data:{svea:!1,security:wc_sco_params.change_payment_method},success:e=>{e.success&&window.location.reload()}})}static instance(){e(this).length>0&&e(this).each(((s,o)=>{o.sveaCheckout=new t(e(o))}))}}function s(t){"svea_checkout"===t&&e.ajax({url:wc_checkout_params.wc_ajax_url.toString().replace("%%endpoint%%","sco_change_payment_method"),method:"POST",data:{svea:!0,security:wc_sco_params.change_payment_method},success:e=>{e.success&&window.location.reload()}})}e.fn.sveaCheckout=t.instance,e(document).ready((t=>{e(".wc-svea-checkout-page").sveaCheckout(),e(document.body).on("init_checkout",(t=>{e("body").on("change","input[name=payment_method]",(t=>{s(e(t.target).val())})),e(document.body).on("updated_checkout",(()=>{s(e("input[name=payment_method]:checked").val())}))}))}))})(jQuery);

svea-checkout-for-woocommerce/tags/3.5.0/inc/Admin.php

-                      r3398960
+                      r3454688
             $wc_order->update_status( 'cancelled', esc_html__( 'Payment not accepted in Svea', 'svea-checkout-for-woocommerce' ) );
         } else {
+            if ( $wc_order->get_status() === self::AWAITING_ORDER_STATUS ) {
+                // Move through WooCommerce pending to support third-party status listeners before completion.
+                $wc_order->update_status( 'pending' );
+            }
             $wc_order->payment_complete( $svea_order_id );
             wp_clear_scheduled_hook( 'sco_check_pa_order_status', [ $svea_order_id ] );

svea-checkout-for-woocommerce/tags/3.5.0/inc/Compat/Polylang_Compat.php

-                      r3202226
+                      r3454688
      */
     public function change_push_uri( $data ) {
         if ( ! empty( $data['MerchantSettings'] ) && \function_exists( 'pll_current_language' ) ) {
             $language_slug = \pll_current_language();
+        if ( ! empty( $data['MerchantSettings'] ) && function_exists( 'pll_current_language' ) ) {
+            $language_slug = pll_current_language();
             $args = [
 …
             ];
             $data['MerchantSettings']['PushUri'] = $data['MerchantSettings']['PushUri'] . '&' . http_build_query( $args );
             $data['MerchantSettings']['CheckoutValidationCallBackUri'] = $data['MerchantSettings']['CheckoutValidationCallBackUri'] . '&' . http_build_query( $args );
             $data['MerchantSettings']['WebhookUri'] = $data['MerchantSettings']['WebhookUri'] . '&' . http_build_query( $args );
+            $data['MerchantSettings']['PushUri'] = $this->restore_curly_braces( add_query_arg( $args, $data['MerchantSettings']['PushUri'] ) );
+            $data['MerchantSettings']['CheckoutValidationCallBackUri'] = $this->restore_curly_braces( add_query_arg( $args, $data['MerchantSettings']['CheckoutValidationCallBackUri'] ) );
+            $data['MerchantSettings']['WebhookUri'] = $this->restore_curly_braces( add_query_arg( $args, $data['MerchantSettings']['WebhookUri'] ) );
+        }
         return $data;
+    }
+    /**
+     * Restore the curly bracers that add_query_arg might have destroyed
+     *
+     * @param string $url
+     * @return string
+     */
+    private function restore_curly_braces( $url ) {
+        $url = str_replace( '%7B', '{', $url );
+        $url = str_replace( '%7D', '}', $url );
+        return $url;
+    }
+}

svea-checkout-for-woocommerce/tags/3.5.0/inc/Models/Svea_Checkout.php

-                      r3398960
+                      r3454688
             case isset( $checkout_data['Recurring'] ) && $checkout_data['Recurring'] !== $this->is_recurring():
             case ! isset( $checkout_data['CountryCode'] ) || $checkout_data['CountryCode'] !== WC()->customer->get_billing_country():
+            case $checkout_data['Status'] !== 'Created':
+            case $checkout_data['CountryCode'] !== WC()->customer->get_billing_country():
+            case $checkout_data['Status'] === 'Final':
+            case $checkout_data['Status'] === 'Cancelled':
+            case strtoupper( $checkout_data['Status'] ) !== 'CREATED':
             case ! isset( $checkout_data['MerchantSettings']['UseClientSideValidation'] ) || $checkout_data['MerchantSettings']['UseClientSideValidation'] !== true:
                 $need_new = true;

svea-checkout-for-woocommerce/tags/3.5.0/inc/Rule_Integration.php

-                      r3398960
+                      r3454688
+            }
+            /** @var \WC_Product $product */
             $product = $item['data'];
 …
         $is_company = ! empty( $svea_data['Customer']['IsCompany'] ) && $svea_data['Customer']['IsCompany'] === true;
         $first_name = $billing_address['FirstName'] ?? '';
+        $last_name = $billing_address['LastName'] ?? '';
         if ( ( empty( $first_name ) || empty( $last_name ) ) && ! empty( $billing_address['FullName'] ) ) {
 …
     private function send_event( $tag, array $subscriber, array $fields, $retrying = false, $action = null ) {
         $endpoint = self::ENDPOINT;
+        if ( empty( $endpoint ) ) {
+            return false;
+        }
+        $subscriber_id = '';
         if ( $action === null ) {
 …
         if ( $action === 'create' ) {
             $payload['update_on_duplicate'] = true;
+        } else {
+            if ( empty( $subscriber_id ) ) {
+                return false;
+            }
+        } else if ( empty( $subscriber_id ) ) {
+            return false;
+        }
 …
      * @param string     $method   HTTP method.
      * @param string     $endpoint Endpoint URL.
-     * @param string     $api_key  Rule API key.
      * @param array|null $payload  Optional payload.
      * @return array|WP_Error

svea-checkout-for-woocommerce/tags/3.5.0/inc/Template_Handler.php

-                      r3439569
+                      r3454688
+        }
+        // Check if there exists an order already
+        $current_order_id = WC()->session->get( 'order_awaiting_payment' );
+        $current_sco_id = WC()->session->get( 'sco_order_id' );
+        if ( $current_order_id && $current_sco_id ) {
+            // Load the order to see if it needs to be updated
+            $wc_order = wc_get_order( $current_order_id );
+            if ( $wc_order && $wc_order->get_meta( '_svea_co_order_id' ) !== $current_sco_id ) {
+                // Remove the current order awaiting payment ID and create a new order
+                WC()->session->set( 'order_awaiting_payment', null );
+            }
+        }
         WC()->checkout()->process_checkout();
         wp_die( 0 );
 …
         if ( $this->is_svea() && ! wp_doing_ajax() ) {
             // Flush checkout fields cache
             WC()->checkout()->checkout_fields = null;
+            WC()->checkout()->__set( 'checkout_fields', null );
             // Remove all default fields from WooCommerce to see what gets added by third party plugins
 …
      */
     public function change_payment_method() {
+        if ( ! isset( $_POST['security'] ) || ! wp_verify_nonce( $_POST['security'], 'change-payment-method' ) ) {
+            echo 'Nonce fail';
+            exit;
+        }
         $use_svea = isset( $_POST['svea'] ) && sanitize_text_field( $_POST['svea'] ) === 'true'; // phpcs:ignore WordPress.Security.NonceVerification.Missing

svea-checkout-for-woocommerce/tags/3.5.0/inc/WC_Gateway_Svea_Checkout.php

-                      r3409597
+                      r3454688
 use Svea_Checkout_For_Woocommerce\Models\Svea_Checkout;
 use Svea_Checkout_For_Woocommerce\Models\Svea_Payment_Admin;
+use WP_Filesystem_Direct;
 if ( ! defined( 'ABSPATH' ) ) {
 …
     /**
+     * Generate HTML for Apple Pay certificate upload field
+     *
+     * @param string $key Field key
+     * @param array  $data Field data
+     * @return string
+     */
+    public function generate_apple_pay_certificate_html( $key, $data ) {
+        $field_key = $this->get_field_key( $key );
+        $defaults  = [
+            'title'             => '',
+            'disabled'          => false,
+            'class'             => '',
+            'css'               => '',
+            'placeholder'       => '',
+            'type'              => 'file',
+            'desc_tip'          => false,
+            'description'       => '',
+            'custom_attributes' => [],
+        ];
+        $data = wp_parse_args( $data, $defaults );
+        // Check if certificate exists
+        $cert_path = ABSPATH . '.well-known/apple-developer-merchantid-domain-association';
+        $cert_exists = file_exists( $cert_path );
+        $description = sprintf(
+            /* translators: %s: file path */
+            esc_html__( 'The upload will try to put the file here, if that\'s not correct then please upload the certificate manually: %s', 'svea-checkout-for-woocommerce' ),
+            '<code>' . esc_html( $cert_path ) . '</code>'
+        );
+        if ( $cert_exists ) {
+            $description .= '<br><strong style="color: green;">' . esc_html__( 'Certificate is currently uploaded.', 'svea-checkout-for-woocommerce' ) . '</strong>';
+        }
+        ob_start();
+        ?>
+        <tr valign="top">
+            <th scope="row" class="titledesc">
+                <label for="<?php echo esc_attr( $field_key ); ?>"><?php echo wp_kses_post( $data['title'] ); ?></label>
+            </th>
+            <td class="forminp">
+                <fieldset>
+                    <legend class="screen-reader-text"><span><?php echo wp_kses_post( $data['title'] ); ?></span></legend>
+                    <input
+                        class="input-text regular-input <?php echo esc_attr( $data['class'] ); ?>"
+                        type="file"
+                        name="<?php echo esc_attr( $field_key ); ?>"
+                        id="<?php echo esc_attr( $field_key ); ?>"
+                        style="<?php echo esc_attr( $data['css'] ); ?>"
+                        <?php disabled( $data['disabled'], true ); ?>
+                        <?php echo $this->get_custom_attribute_html( $data ); // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped ?>
+                    />
+                    <p class="description"><?php echo wp_kses_post( $description ); ?></p>
+                </fieldset>
+            </td>
+        </tr>
+        <?php
+        return ob_get_clean();
+    }
+    /**
+     * Process admin options and handle Apple Pay certificate upload
+     *
+     * @return bool
+     */
+    public function process_admin_options() {
+        // Handle Apple Pay certificate upload
+        // Nonce verification is handled by WooCommerce parent class
+        $field_key = $this->get_field_key( 'apple_pay_certificate' );
+        // phpcs:ignore WordPress.Security.NonceVerification.Missing -- Nonce is verified by WooCommerce parent class
+        if ( ! isset( $_FILES[ $field_key ] ) || empty( $_FILES[ $field_key ]['tmp_name'] ) ) {
+            return parent::process_admin_options();
+        }
+        // phpcs:ignore WordPress.Security.NonceVerification.Missing, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized -- Nonce verified by parent, file validation done below
+        $file = $_FILES[ $field_key ];
+        // Validate file size (max 1MB for certificate files)
+        $max_size = MB_IN_BYTES;
+        if ( ! isset( $file['size'] ) || $file['size'] > $max_size ) {
+            \WC_Admin_Settings::add_error(
+                sprintf(
+                    /* translators: %s: maximum file size */
+                    esc_html__( 'Apple Pay certificate file is too large. Maximum size is %s.', 'svea-checkout-for-woocommerce' ),
+                    size_format( $max_size )
+                )
+            );
+            return parent::process_admin_options();
+        }
+        // Validate file upload
+        if ( $file['error'] !== UPLOAD_ERR_OK ) {
+            \WC_Admin_Settings::add_error(
+                esc_html__( 'Apple Pay certificate upload failed. Please try again.', 'svea-checkout-for-woocommerce' )
+            );
+        } else {
+            // Validate content type - strict validation for security
+            // Using finfo for MIME type detection as it's reliable and sufficient for this use case
+            $allowed_types = [
+                'application/octet-stream',
+                'text/plain',
+                'application/x-apple-aspen-config',
+            ];
+            $finfo = finfo_open( FILEINFO_MIME_TYPE );
+            if ( false === $finfo ) {
+                \WC_Admin_Settings::add_error(
+                    esc_html__( 'Failed to initialize file type detection. Please try again or contact your system administrator.', 'svea-checkout-for-woocommerce' )
+                );
+            } else {
+                $mime_type = finfo_file( $finfo, $file['tmp_name'] );
+                finfo_close( $finfo );
+                // Strict content type validation for security
+                if ( ! in_array( $mime_type, $allowed_types, true ) ) {
+                    \WC_Admin_Settings::add_error(
+                        sprintf(
+                            /* translators: %s: detected MIME type */
+                            esc_html__( 'Invalid file type detected: %s. Please upload the Apple Pay certificate file.', 'svea-checkout-for-woocommerce' ),
+                            esc_html( $mime_type )
+                        )
+                    );
+                } else {
+                    // Create .well-known directory if it doesn't exist
+                    $well_known_dir = ABSPATH . '.well-known';
+                    if ( ! file_exists( $well_known_dir ) ) {
+                        $mkdir_result = wp_mkdir_p( $well_known_dir );
+                        if ( false === $mkdir_result ) {
+                            \WC_Admin_Settings::add_error(
+                                esc_html__( 'Failed to create .well-known directory. Please check file permissions.', 'svea-checkout-for-woocommerce' )
+                            );
+                            return parent::process_admin_options();
+                        }
+                    }
+                    /** @var WP_Filesystem_direct $wp_filesystem */
+                    global $wp_filesystem;
+                    require_once ABSPATH . 'wp-admin/includes/file.php';
+                    // Initialize the WP filesystem
+                    WP_Filesystem();
+                    // Verify directory is writable
+                    if ( ! $wp_filesystem->is_writable( $well_known_dir ) ) {
+                        \WC_Admin_Settings::add_error(
+                            esc_html__( 'The .well-known directory is not writable. Please check file permissions.', 'svea-checkout-for-woocommerce' )
+                        );
+                        return parent::process_admin_options();
+                    }
+                    // Set target path - use fixed filename to prevent path traversal
+                    $target_filename = 'apple-developer-merchantid-domain-association';
+                    $target_path = $well_known_dir . '/' . $target_filename;
+                    // Verify target path is within expected directory (security check)
+                    $real_target_dir = realpath( dirname( $target_path ) );
+                    $real_expected_dir = realpath( $well_known_dir );
+                    if ( $real_target_dir !== $real_expected_dir ) {
+                        \WC_Admin_Settings::add_error(
+                            esc_html__( 'Invalid target path detected. Upload blocked for security.', 'svea-checkout-for-woocommerce' )
+                        );
+                        return parent::process_admin_options();
+                    }
+                    // Move the uploaded file
+                    if ( move_uploaded_file( $file['tmp_name'], $target_path ) ) {
+                        // Set appropriate permissions
+                        // phpcs:ignore WordPress.WP.AlternativeFunctions.file_system_operations_chmod -- Setting standard file permissions for uploaded certificate
+                        $chmod_result = chmod( $target_path, 0644 );
+                        if ( false === $chmod_result ) {
+                            // Log warning but don't fail the upload
+                            self::log( 'Failed to set permissions on Apple Pay certificate file', 'warning' );
+                        }
+                        \WC_Admin_Settings::add_message(
+                            esc_html__( 'Apple Pay certificate uploaded successfully.', 'svea-checkout-for-woocommerce' )
+                        );
+                    } else {
+                        \WC_Admin_Settings::add_error(
+                            esc_html__( 'Failed to move Apple Pay certificate to target location. Please check file permissions.', 'svea-checkout-for-woocommerce' )
+                        );
+                    }
+                }
+            }
+        }
+        // Call parent to handle other settings
+        return parent::process_admin_options();
+    }
+    /**
      * Initialize Gateway Settings Form Fields
      */

svea-checkout-for-woocommerce/tags/3.5.0/inc/Webhook_Handler.php

-                      r3409597
+                      r3454688
     /**
+     * Get caller IP
+     *
+     * @return string
+     * Get caller IP address for webhook validation.
+     *
+     * Security Note: IP restriction is only an additional defense layer and should not
+     * be the sole security measure. HTTP headers like X-Forwarded-For can be spoofed
+     * by attackers unless the server configuration properly strips client-supplied headers.
+     *
+     * For maximum security:
+     * - Use REMOTE_ADDR if not behind a reverse proxy
+     * - Ensure your reverse proxy/CDN strips client-supplied headers before adding its own
+     * - Consider implementing HMAC-based webhook authentication as the primary security control
+     *
+     * @return string IP address to validate
      */
     private function get_referer_ip() {
+        if ( ! empty( $_SERVER['HTTP_CLIENT_IP'] ) ) {
+            $ip = $_SERVER['HTTP_CLIENT_IP'];
+        } else if ( ! empty( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ) {
+            $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
+        } else {
+            $ip = $_SERVER['REMOTE_ADDR'];
+        }
+        return $ip;
+        $preferred_header = '';
+        if ( $this->gateway ) {
+            $preferred_header = $this->get_configured_ip_header();
+        }
+        $ip = $_SERVER['REMOTE_ADDR'];
+        if ( $preferred_header === 'yes' ) { // auto-detect
+            if ( ! empty( $_SERVER['HTTP_CLIENT_IP'] ) ) {
+                $ip = $_SERVER['HTTP_CLIENT_IP'];
+            } else if ( ! empty( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ) {
+                $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
+            }
+        } else if ( ! empty( $_SERVER[ $preferred_header ] ) ) {
+            $ip = $_SERVER[ $preferred_header ];
+        }
+        // Explode in case of multiple IPs from proxy
+        return explode( ',', $ip )[0];
+    }
+    /**
+     * Get configured proxy header to trust.
+     *
+     * @return string "yes" for auto-detect, or specific header name.
+     */
+    private function get_configured_ip_header() {
+        $header = $this->gateway->get_option( 'use_ip_restriction' );
+        if ( $header === 'custom' ) {
+            $header = $this->gateway->get_option( 'ip_restriction_header' );
+            if ( strpos( $header, 'HTTP_' ) !== 0 ) {
+                $header = 'HTTP_' . $header;
+            }
+            $header = str_replace( '-', '_', strtoupper( $header ) );
+            // Strip any characters that are not alphanumeric or underscore to prevent header injection attacks
+            $header = preg_replace( '/[^A-Z0-9_]/', '', $header );
+        }
+        return trim( $header );
+    }
 …
      */
     public function validate_referer() {
         if ( $this->gateway->get_option( 'use_ip_restriction' ) !== 'yes' ) {
+        if ( $this->gateway->get_option( 'use_ip_restriction' ) === 'no' ) {
             return;
+        }
         $ip_address = $this->get_referer_ip();
         $ref_ip = ip2long( $ip_address );
 …
         $webhook_data = json_decode( $raw_webhook );
-        $webhook_data->description = json_decode( $webhook_data->description );
-        // phpcs:disable WordPress.NamingConventions.ValidVariableName.UsedPropertyNotSnakeCase
-        $this->gateway::log( sprintf( 'Webhook callback received for Svea cart (%s) received', $webhook_data->orderId ) );
         $this->validate_referer();
+        if ( empty( $webhook_data->orderId ) ) {
+        $svea_order_id = absint( $webhook_data->orderId ?? 0 ); // phpcs:ignore WordPress.NamingConventions.ValidVariableName.UsedPropertyNotSnakeCase
+        if ( empty( $svea_order_id ) ) {
             $this->gateway::log( 'No orderID was found. Aborting' );
             exit;
+        }
+        $wc_order = self::get_order_by_svea_id( $webhook_data->orderId );
+        $wc_order = self::get_order_by_svea_id( $svea_order_id );
+        if ( empty( $wc_order ) ) {
+            $this->gateway::log( 'Received webhook but the order does not exists' );
+            exit;
+        }
+        // phpcs:disable WordPress.NamingConventions.ValidVariableName.UsedPropertyNotSnakeCase
+        $this->gateway::log( sprintf( 'Webhook callback received for Svea cart (%s) received', $svea_order_id ) );
         $svea_order = new Svea_Checkout( false );
 …
         try {
             self::$svea_order = $svea_order->get( $webhook_data->orderId );
+            self::$svea_order = $svea_order->get( $svea_order_id );
         } catch ( \Exception $e ) {
             WC_Gateway_Svea_Checkout::log( sprintf( 'Error in push webhook when getting order id %s. Message from Svea: %s', $this->svea_order_id, $e->getMessage() ) );
+            WC_Gateway_Svea_Checkout::log( sprintf( 'Error in push webhook when getting order id %s. Message from Svea: %s', $svea_order_id, $e->getMessage() ) );
             status_header( 404 );
             exit;
 …
+        }
+        if ( empty( $wc_order ) ) {
+            $this->gateway::log( sprintf( 'Received webhook but the order does not exists (%s)', $webhook_data->orderId ) );
+            exit;
+        $shipping_information = self::$svea_order['ShippingInformation'] ?? [];
+        $shipping_provider = $shipping_information['ShippingProvider'] ?? [];
+        $shipping_type = sanitize_text_field( $shipping_provider['Type'] ?? $shipping_provider['type'] ?? '' );
+        if ( ! empty( $shipping_type ) ) {
+            $wc_order->update_meta_data( '_sco_nshift_type', $shipping_type );
+        }
+        $shipping_description = $shipping_provider['Description'] ?? $shipping_provider['description'] ?? null;
+        if ( is_array( $shipping_description ) ) {
+            $shipping_description = (object) $shipping_description;
+        }
+        if ( is_object( $shipping_description ) && ! empty( $shipping_description->tmsReference ) ) {
+            $wc_order->update_meta_data( '_sco_nshift_tms_ref', sanitize_text_field( $shipping_description->tmsReference ) );
+        }
+        $selected_shipping_option = $shipping_provider['ShippingOption'] ?? [];
+        $carrier_id = '';
+        $carrier_name = '';
+        if ( empty( $selected_shipping_option ) && is_object( $shipping_description ) && ! empty( $shipping_description->selectedShippingOption ) ) {
+            $selected_shipping_option = $shipping_description->selectedShippingOption;
+        }
+        if ( is_array( $selected_shipping_option ) ) {
+            $carrier_id = sanitize_text_field( $selected_shipping_option['Id'] ?? $selected_shipping_option['id'] ?? '' );
+            $carrier_name = sanitize_text_field( $selected_shipping_option['Carrier'] ?? $selected_shipping_option['carrier'] ?? '' );
+        }
+        if ( ! empty( $carrier_id ) ) {
+            $wc_order->update_meta_data( '_sco_nshift_carrier_id', $carrier_id );
+        }
+        if ( ! empty( $carrier_name ) ) {
+            $wc_order->update_meta_data( '_sco_nshift_carrier_name', $carrier_name );
+        }
         // Save the data
+        if ( ! empty( $webhook_data->type ) ) {
+            $wc_order->update_meta_data( '_sco_nshift_type', $webhook_data->type );
+        }
+        if ( ! empty( $webhook_data->description->tmsReference ) ) {
+            $wc_order->update_meta_data( '_sco_nshift_tms_ref', $webhook_data->description->tmsReference );
+        }
+        if ( ! empty( $webhook_data->description->selectedShippingOption ) ) {
+            $wc_order->update_meta_data( '_sco_nshift_carrier_id', $webhook_data->description->selectedShippingOption->id );
+            $wc_order->update_meta_data( '_sco_nshift_carrier_name', $webhook_data->description->selectedShippingOption->carrier );
+        }
+        // Save the whole thing as a complete string
+        $wc_order->update_meta_data( '_sco_nshift_data', $webhook_data );
+        if ( ! empty( $shipping_information ) ) {
+            $wc_order->update_meta_data( '_sco_nshift_data', $shipping_information );
+        }
         $wc_order->save();
 …
+        }
+        if ( $this->gateway->get_option( 'use_ip_restriction' ) === 'yes' ) {
+            $this->validate_referer();
+        }
+        $this->validate_referer();
         $this->gateway::log( sprintf( 'Received push for order %s', $this->svea_order_id ) );
 …
+        }
+        if ( $this->gateway->get_option( 'use_ip_restriction' ) === 'yes' ) {
+            $this->validate_referer();
+        }
+        $this->validate_referer();
         $wc_order = wc_get_order( $wc_order_id );

svea-checkout-for-woocommerce/tags/3.5.0/inc/settings-svea-checkout.php

-                      r3398960
+                      r3454688
         ],
         'use_ip_restriction'              => [
+            'title'       => esc_html__( 'Use IP restriction', 'svea-checkout-for-woocommerce' ),
+            'type'        => 'checkbox',
+            'title'       => esc_html__( 'IP restriction', 'svea-checkout-for-woocommerce' ),
+            'type'        => 'select',
+            'options'     => [
+                'yes'                  => esc_html__( 'Yes (auto-detect)', 'svea-checkout-for-woocommerce' ),
+                'REMOTE_ADDR'          => esc_html__( 'REMOTE_ADDR (No reverse proxy)', 'svea-checkout-for-woocommerce' ),
+                'HTTP_CLIENT_IP'       => esc_html__( 'HTTP_CLIENT_IP', 'svea-checkout-for-woocommerce' ),
+                'HTTP_X_FORWARDED_FOR' => esc_html__( 'HTTP_X_FORWARDED_FOR', 'svea-checkout-for-woocommerce' ),
+                'custom'               => esc_html__( 'Custom header', 'svea-checkout-for-woocommerce' ),
+                'no'                   => esc_html__( 'Disable', 'svea-checkout-for-woocommerce' ),
+            ],
+            'default'     => 'REMOTE_ADDR',
             'description' => __(
+                'Verify the IP to one of Sveas server.<br />
+                        This functionality only works if you do not use a reverse proxy on your server. <br />
+                        <strong>Do not touch this if you do not know what you are doing</strong>.',
+                '<strong>Security Notice:</strong> IP restriction provides an additional layer of defense but is not a complete security measure. When using "auto-detect" or custom headers, ensure your server configuration properly strips client-supplied headers to prevent IP spoofing. Use "REMOTE_ADDR (No reverse proxy)" for the most secure option if not behind a proxy. For production environments, consider implementing additional webhook authentication mechanisms.',
                 'svea-checkout-for-woocommerce'
             ),
+            'default'     => 'yes',
+        ],
+        'ip_restriction_header'           => [
+            'title'       => esc_html__( 'IP restriction custom header', 'svea-checkout-for-woocommerce' ),
+            'type'        => 'text',
+            'description' => __(
+                '<strong>Warning:</strong> Custom headers can be spoofed by attackers unless your server is properly configured to strip client-supplied headers. Only use this option if you are certain your reverse proxy or CDN is configured to set this header and remove any client-provided values. Example: HTTP_X_REAL_IP or X-Real-IP.',
+                'svea-checkout-for-woocommerce'
+            ),
+            'default'     => '',
         ],
         'other_settings_hr'               => [
 …
             'default' => 'no',
         ],
+        'apple_pay_hr'                    => [
+            'title' => '<hr>',
+            'type'  => 'title',
+        ],
+        'apple_pay_title'                 => [
+            'title' => esc_html__( 'Apple Pay', 'svea-checkout-for-woocommerce' ),
+            'type'  => 'title',
+        ],
+        'apple_pay_certificate'           => [
+            'title' => esc_html__( 'Apple Pay Certificate', 'svea-checkout-for-woocommerce' ),
+            'type'  => 'apple_pay_certificate',
+        ],
+    ]
 );

svea-checkout-for-woocommerce/tags/3.5.0/readme.txt

-                      r3439569
+                      r3454688
 License: Apache 2.0
 License URI: https://www.apache.org/licenses/LICENSE-2.0
 Stable tag: 3.4.3
+Stable tag: 3.5.0
 Supercharge your WooCommerce Store with powerful features to pay via Svea Checkout!
 …
 == Upgrade Notice ==
+= 3.5.0 =
+.5.0 is a minor release
 = 3.4.3 =
 .4.3 is a patch release
 …
 == Changelog ==
+= 3.5.0 2026-02-05 =
+- Updated to the latest SDK version for Svea Checkout (1.7.0) which includes a timeout for API requests.
+- Allow custom headers to be used for IP-restriction.
+- Changed the order flow of a pending order to go via the "Awaiting payment" to ensure third party plugins can use the same hooks as for non pending orders.
+- Added Apple Pay certificate upload setting in gateway configuration.
+- Ensure the usage of nonces across all ajax requests.
+- Ensure escaping of all output in the template.
+- Use information from the Checkout API instead of post body when using nShift.
+- Removed legacy code for session table which isn't needed anymore.
 = 3.4.3 2026-01-14 =

svea-checkout-for-woocommerce/tags/3.5.0/svea-checkout-for-woocommerce.php

-                      r3439569
+                      r3454688
 namespace Svea_Checkout_For_Woocommerce;
+use Svea\Checkout\Transport\Connector;
 use Svea_Checkout_For_Woocommerce\Compat\Compat;
 …
  * Plugin URI: https://wordpress.org/plugins/svea-checkout-for-woocommerce/
  * Description: Process payments in WooCommerce via Svea Checkout.
  * Version: 3.4.3
+ * Version: 3.5.0
  * Requires Plugins: woocommerce
  * Author: The Generation AB
 …
          * Version of plugin
          */
         const VERSION = '3.4.3';
+        const VERSION = '3.5.0';
         /**
 …
          */
         public $instore;
-        /**
-         * Session_Table class
+         *
-         * @var Session_Table
-         */
-        public $session_table;
         /**
 …
             $this->instore = new Instore();
             $this->instore->init();
-            $this->session_table = new Session_Table();
-            $this->session_table->init();
+        }

svea-checkout-for-woocommerce/tags/3.5.0/templates/svea-checkout.php

r3320066	r3454688
68	68
69	69	<div class="order-review-wrapper">
70		<input id="billing_postcode" type="hidden" name="billing_postcode" value="<?php echo ~~WC()->customer->get_billing_postcode(~~); ?>">
	70	<input id="billing_postcode" type="hidden" name="billing_postcode" value="<?php echo esc_attr( WC()->customer->get_billing_postcode() ); ?>">
71	71
72	72	<?php do_action( 'woocommerce_checkout_before_order_review_heading' ); ?>

svea-checkout-for-woocommerce/tags/3.5.0/vendor/autoload.php

r3320066	r3454688
20	20	require_once __DIR__ . '/composer/autoload_real.php';
21	21
22		return ComposerAutoloaderInit~~4cfdf47045179a2c4f6ff86b1bce3df2~~::getLoader();
	22	return ComposerAutoloaderInit07e217451f0a071aa7dcb642a1b22b09::getLoader();

svea-checkout-for-woocommerce/tags/3.5.0/vendor/composer/autoload_classmap.php

r3398960	r3454688
212	212	'Svea_Checkout_For_Woocommerce\\Rule_Integration' => $baseDir . '/inc/Rule_Integration.php',
213	213	'Svea_Checkout_For_Woocommerce\\Scripts' => $baseDir . '/inc/Scripts.php',
214		~~'Svea_Checkout_For_Woocommerce\\Session_Table' => $baseDir . '/inc/Session_Table.php',~~
215	214	'Svea_Checkout_For_Woocommerce\\Template_Handler' => $baseDir . '/inc/Template_Handler.php',
216	215	'Svea_Checkout_For_Woocommerce\\Utils\\Array_Utils' => $baseDir . '/inc/Utils/Array_Utils.php',

svea-checkout-for-woocommerce/tags/3.5.0/vendor/composer/autoload_real.php

-                      r3320066
+                      r3454688
 // autoload_real.php @generated by Composer
 class ComposerAutoloaderInit4cfdf47045179a2c4f6ff86b1bce3df2
+class ComposerAutoloaderInit07e217451f0a071aa7dcb642a1b22b09
+{
     private static $loader;
 …
         require __DIR__ . '/platform_check.php';
         spl_autoload_register(array('ComposerAutoloaderInit4cfdf47045179a2c4f6ff86b1bce3df2', 'loadClassLoader'), true, true);
+        spl_autoload_register(array('ComposerAutoloaderInit07e217451f0a071aa7dcb642a1b22b09', 'loadClassLoader'), true, true);
         self::$loader = $loader = new \Composer\Autoload\ClassLoader(\dirname(__DIR__));
         spl_autoload_unregister(array('ComposerAutoloaderInit4cfdf47045179a2c4f6ff86b1bce3df2', 'loadClassLoader'));
+        spl_autoload_unregister(array('ComposerAutoloaderInit07e217451f0a071aa7dcb642a1b22b09', 'loadClassLoader'));
         require __DIR__ . '/autoload_static.php';
         call_user_func(\Composer\Autoload\ComposerStaticInit4cfdf47045179a2c4f6ff86b1bce3df2::getInitializer($loader));
+        call_user_func(\Composer\Autoload\ComposerStaticInit07e217451f0a071aa7dcb642a1b22b09::getInitializer($loader));
         $loader->register(true);
         $filesToLoad = \Composer\Autoload\ComposerStaticInit4cfdf47045179a2c4f6ff86b1bce3df2::$files;
+        $filesToLoad = \Composer\Autoload\ComposerStaticInit07e217451f0a071aa7dcb642a1b22b09::$files;
         $requireFile = \Closure::bind(static function ($fileIdentifier, $file) {
             if (empty($GLOBALS['__composer_autoload_files'][$fileIdentifier])) {

svea-checkout-for-woocommerce/tags/3.5.0/vendor/composer/autoload_static.php

-                      r3398960
+                      r3454688
 namespace Composer\Autoload;
 class ComposerStaticInit4cfdf47045179a2c4f6ff86b1bce3df2
+class ComposerStaticInit07e217451f0a071aa7dcb642a1b22b09
+{
     public static $files = array (
 …
         'Svea_Checkout_For_Woocommerce\\Rule_Integration' => __DIR__ . '/../..' . '/inc/Rule_Integration.php',
         'Svea_Checkout_For_Woocommerce\\Scripts' => __DIR__ . '/../..' . '/inc/Scripts.php',
-        'Svea_Checkout_For_Woocommerce\\Session_Table' => __DIR__ . '/../..' . '/inc/Session_Table.php',
         'Svea_Checkout_For_Woocommerce\\Template_Handler' => __DIR__ . '/../..' . '/inc/Template_Handler.php',
         'Svea_Checkout_For_Woocommerce\\Utils\\Array_Utils' => __DIR__ . '/../..' . '/inc/Utils/Array_Utils.php',
 …
+    {
         return \Closure::bind(function () use ($loader) {
             $loader->prefixLengthsPsr4 = ComposerStaticInit4cfdf47045179a2c4f6ff86b1bce3df2::$prefixLengthsPsr4;
             $loader->prefixDirsPsr4 = ComposerStaticInit4cfdf47045179a2c4f6ff86b1bce3df2::$prefixDirsPsr4;
             $loader->classMap = ComposerStaticInit4cfdf47045179a2c4f6ff86b1bce3df2::$classMap;
+            $loader->prefixLengthsPsr4 = ComposerStaticInit07e217451f0a071aa7dcb642a1b22b09::$prefixLengthsPsr4;
+            $loader->prefixDirsPsr4 = ComposerStaticInit07e217451f0a071aa7dcb642a1b22b09::$prefixDirsPsr4;
+            $loader->classMap = ComposerStaticInit07e217451f0a071aa7dcb642a1b22b09::$classMap;
         }, null, ClassLoader::class);

svea-checkout-for-woocommerce/tags/3.5.0/vendor/composer/installed.json

-                      r3320066
+                      r3454688
+        {
             "name": "guzzlehttp/guzzle",
             "version": "7.9.3",
             "version_normalized": "7.9.3.0",
+            "version": "7.10.0",
+            "version_normalized": "7.10.0.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/guzzle/guzzle.git",
                 "reference": "7b2f29fe81dc4da0ca0ea7d42107a0845946ea77"
             },
             "dist": {
                 "type": "zip",
                 "url": "https://api.github.com/repos/guzzle/guzzle/zipball/7b2f29fe81dc4da0ca0ea7d42107a0845946ea77",
                 "reference": "7b2f29fe81dc4da0ca0ea7d42107a0845946ea77",
+                "reference": "b51ac707cfa420b7bfd4e4d5e510ba8008e822b4"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/guzzle/guzzle/zipball/b51ac707cfa420b7bfd4e4d5e510ba8008e822b4",
+                "reference": "b51ac707cfa420b7bfd4e4d5e510ba8008e822b4",
                 "shasum": ""
             },
             "require": {
                 "ext-json": "*",
                 "guzzlehttp/promises": "^1.5.3 || ^2.0.3",
                 "guzzlehttp/psr7": "^2.7.0",
+                "guzzlehttp/promises": "^2.3",
+                "guzzlehttp/psr7": "^2.8",
                 "php": "^7.2.5 || ^8.0",
                 "psr/http-client": "^1.0",
 …
                 "psr/log": "Required for using the Log middleware"
             },
             "time": "2025-03-27T13:37:11+00:00",
+            "time": "2025-08-23T22:36:01+00:00",
             "type": "library",
             "extra": {
 …
             "support": {
                 "issues": "https://github.com/guzzle/guzzle/issues",
                 "source": "https://github.com/guzzle/guzzle/tree/7.9.3"
+                "source": "https://github.com/guzzle/guzzle/tree/7.10.0"
             },
             "funding": [
 …
+        {
             "name": "guzzlehttp/promises",
             "version": "2.2.0",
             "version_normalized": "2.2.0.0",
+            "version": "2.3.0",
+            "version_normalized": "2.3.0.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/guzzle/promises.git",
                 "reference": "7c69f28996b0a6920945dd20b3857e499d9ca96c"
             },
             "dist": {
                 "type": "zip",
                 "url": "https://api.github.com/repos/guzzle/promises/zipball/7c69f28996b0a6920945dd20b3857e499d9ca96c",
                 "reference": "7c69f28996b0a6920945dd20b3857e499d9ca96c",
+                "reference": "481557b130ef3790cf82b713667b43030dc9c957"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/guzzle/promises/zipball/481557b130ef3790cf82b713667b43030dc9c957",
+                "reference": "481557b130ef3790cf82b713667b43030dc9c957",
                 "shasum": ""
             },
 …
             "require-dev": {
                 "bamarni/composer-bin-plugin": "^1.8.2",
                 "phpunit/phpunit": "^8.5.39 || ^9.6.20"
             },
             "time": "2025-03-27T13:27:01+00:00",
+                "phpunit/phpunit": "^8.5.44 || ^9.6.25"
+            },
+            "time": "2025-08-22T14:34:08+00:00",
             "type": "library",
             "extra": {
 …
             "support": {
                 "issues": "https://github.com/guzzle/promises/issues",
                 "source": "https://github.com/guzzle/promises/tree/2.2.0"
+                "source": "https://github.com/guzzle/promises/tree/2.3.0"
             },
             "funding": [
 …
+        {
             "name": "guzzlehttp/psr7",
             "version": "2.7.1",
             "version_normalized": "2.7.1.0",
+            "version": "2.8.0",
+            "version_normalized": "2.8.0.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/guzzle/psr7.git",
                 "reference": "c2270caaabe631b3b44c85f99e5a04bbb8060d16"
             },
             "dist": {
                 "type": "zip",
                 "url": "https://api.github.com/repos/guzzle/psr7/zipball/c2270caaabe631b3b44c85f99e5a04bbb8060d16",
                 "reference": "c2270caaabe631b3b44c85f99e5a04bbb8060d16",
+                "reference": "21dc724a0583619cd1652f673303492272778051"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/guzzle/psr7/zipball/21dc724a0583619cd1652f673303492272778051",
+                "reference": "21dc724a0583619cd1652f673303492272778051",
                 "shasum": ""
             },
 …
                 "bamarni/composer-bin-plugin": "^1.8.2",
                 "http-interop/http-factory-tests": "0.9.0",
                 "phpunit/phpunit": "^8.5.39 || ^9.6.20"
+                "phpunit/phpunit": "^8.5.44 || ^9.6.25"
             },
             "suggest": {
                 "laminas/laminas-httphandlerrunner": "Emit PSR-7 responses"
             },
             "time": "2025-03-27T12:30:47+00:00",
+            "time": "2025-08-23T21:21:41+00:00",
             "type": "library",
             "extra": {
 …
             "support": {
                 "issues": "https://github.com/guzzle/psr7/issues",
                 "source": "https://github.com/guzzle/psr7/tree/2.7.1"
+                "source": "https://github.com/guzzle/psr7/tree/2.8.0"
             },
             "funding": [
 …
+        {
             "name": "sveaekonomi/checkout",
             "version": "1.6.0",
             "version_normalized": "1.6.0.0",
+            "version": "1.7.0",
+            "version_normalized": "1.7.0.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/sveawebpay/php-checkout.git",
                 "reference": "d184c949b60b96595cb786320bf049a5fbaf91df"
             },
             "dist": {
                 "type": "zip",
                 "url": "https://api.github.com/repos/sveawebpay/php-checkout/zipball/d184c949b60b96595cb786320bf049a5fbaf91df",
                 "reference": "d184c949b60b96595cb786320bf049a5fbaf91df",
+                "reference": "d6314fff51bee74154301be63d12918aa8e90ccc"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/sveawebpay/php-checkout/zipball/d6314fff51bee74154301be63d12918aa8e90ccc",
+                "reference": "d6314fff51bee74154301be63d12918aa8e90ccc",
                 "shasum": ""
             },
 …
                 "symfony/dependency-injection": "^2.7.51 || ^2.8.50 || ^3.4.26 || ^4.1.12 || ^4.2.7"
             },
             "time": "2025-06-30T13:03:15+00:00",
+            "time": "2026-02-05T10:57:04+00:00",
             "type": "library",
             "installation-source": "dist",
             "autoload": {
                 "psr-4": {
                     "Svea\\Checkout\\": "src"
+                    "Svea\\Checkout\\": "src/"
+                }
             },
 …
             "support": {
                 "issues": "https://github.com/sveawebpay/php-checkout/issues",
                 "source": "https://github.com/sveawebpay/php-checkout/tree/1.6.0"
+                "source": "https://github.com/sveawebpay/php-checkout/tree/1.7.0"
             },
             "install-path": "../sveaekonomi/checkout"

svea-checkout-for-woocommerce/tags/3.5.0/vendor/composer/installed.php

-                      r3320066
+                      r3454688
     'versions' => array(
         'guzzlehttp/guzzle' => array(
             'pretty_version' => '7.9.3',
             'version' => '7.9.3.0',
             'reference' => '7b2f29fe81dc4da0ca0ea7d42107a0845946ea77',
+            'pretty_version' => '7.10.0',
+            'version' => '7.10.0.0',
+            'reference' => 'b51ac707cfa420b7bfd4e4d5e510ba8008e822b4',
             'type' => 'library',
             'install_path' => __DIR__ . '/../guzzlehttp/guzzle',
 …
         ),
         'guzzlehttp/promises' => array(
             'pretty_version' => '2.2.0',
             'version' => '2.2.0.0',
             'reference' => '7c69f28996b0a6920945dd20b3857e499d9ca96c',
+            'pretty_version' => '2.3.0',
+            'version' => '2.3.0.0',
+            'reference' => '481557b130ef3790cf82b713667b43030dc9c957',
             'type' => 'library',
             'install_path' => __DIR__ . '/../guzzlehttp/promises',
 …
         ),
         'guzzlehttp/psr7' => array(
             'pretty_version' => '2.7.1',
             'version' => '2.7.1.0',
             'reference' => 'c2270caaabe631b3b44c85f99e5a04bbb8060d16',
+            'pretty_version' => '2.8.0',
+            'version' => '2.8.0.0',
+            'reference' => '21dc724a0583619cd1652f673303492272778051',
             'type' => 'library',
             'install_path' => __DIR__ . '/../guzzlehttp/psr7',
 …
         ),
         'sveaekonomi/checkout' => array(
             'pretty_version' => '1.6.0',
             'version' => '1.6.0.0',
             'reference' => 'd184c949b60b96595cb786320bf049a5fbaf91df',
+            'pretty_version' => '1.7.0',
+            'version' => '1.7.0.0',
+            'reference' => 'd6314fff51bee74154301be63d12918aa8e90ccc',
             'type' => 'library',
             'install_path' => __DIR__ . '/../sveaekonomi/checkout',

svea-checkout-for-woocommerce/tags/3.5.0/vendor/guzzlehttp/guzzle/CHANGELOG.md

-                      r3320066
+                      r3454688
 Please refer to [UPGRADING](UPGRADING.md) guide for upgrading to a major version.
+## 7.10.0 - 2025-08-23
+### Added
+- Support for PHP 8.5
+### Changed
+- Adjusted `guzzlehttp/promises` version constraint to `^2.3`
+- Adjusted `guzzlehttp/psr7` version constraint to `^2.8`

svea-checkout-for-woocommerce/tags/3.5.0/vendor/guzzlehttp/guzzle/composer.json

-                      r3172745
+                      r3454688
         "php": "^7.2.5 || ^8.0",
         "ext-json": "*",
         "guzzlehttp/promises": "^1.5.3 || ^2.0.3",
         "guzzlehttp/psr7": "^2.7.0",
+        "guzzlehttp/promises": "^2.3",
+        "guzzlehttp/psr7": "^2.8",
         "psr/http-client": "^1.0",
         "symfony/deprecation-contracts": "^2.2 || ^3.0"

svea-checkout-for-woocommerce/tags/3.5.0/vendor/guzzlehttp/guzzle/src/Handler/CurlFactory.php

-                      r3172745
+                      r3454688
         if (\count($this->handles) >= $this->maxHandles) {
+            \curl_close($resource);
+            if (PHP_VERSION_ID < 80000) {
+                \curl_close($resource);
+            }
         } else {
             // Remove all callback functions as they can hold onto references
 …
+    {
         foreach ($this->handles as $id => $handle) {
+            \curl_close($handle);
+            if (PHP_VERSION_ID < 80000) {
+                \curl_close($handle);
+            }
             unset($this->handles[$id]);
+        }

svea-checkout-for-woocommerce/tags/3.5.0/vendor/guzzlehttp/guzzle/src/Handler/CurlMultiHandler.php

-                      r3172745
+                      r3454688
         unset($this->delays[$id], $this->handles[$id]);
         \curl_multi_remove_handle($this->_mh, $handle);
+        \curl_close($handle);
+        if (PHP_VERSION_ID < 80000) {
+            \curl_close($handle);
+        }
         return true;

svea-checkout-for-woocommerce/tags/3.5.0/vendor/guzzlehttp/guzzle/src/Handler/StreamHandler.php

-                      r3320066
+                      r3454688
         return $this->createResource(
             function () use ($uri, &$http_response_header, $contextResource, $context, $options, $request) {
+            function () use ($uri, $contextResource, $context, $options, $request) {
                 $resource = @\fopen((string) $uri, 'r', false, $contextResource);
+                // See https://wiki.php.net/rfc/deprecations_php_8_5#deprecate_the_http_response_header_predefined_variable
+                if (function_exists('http_get_last_response_headers')) {
+                    /** @var array|null */
+                    $http_response_header = \http_get_last_response_headers();
+                }
                 $this->lastHeaders = $http_response_header ?? [];

svea-checkout-for-woocommerce/tags/3.5.0/vendor/guzzlehttp/guzzle/src/Middleware.php

-                      r3172745
+                      r3454688
      * formatter.
+     *
-     * @phpstan-param \Psr\Log\LogLevel::* $logLevel  Level at which to log requests.
+     *
      * @param LoggerInterface                            $logger    Logs messages.
      * @param MessageFormatterInterface|MessageFormatter $formatter Formatter used to create message strings.
      * @param string                                     $logLevel  Level at which to log requests.
+     *
+     * @phpstan-param \Psr\Log\LogLevel::* $logLevel Level at which to log requests.
+     *
      * @return callable Returns a function that accepts the next handler.

svea-checkout-for-woocommerce/tags/3.5.0/vendor/guzzlehttp/promises/CHANGELOG.md

-                      r3320066
+                      r3454688
 # CHANGELOG
+## 2.3.0 - 2025-08-22
+### Added
+- PHP 8.5 support

svea-checkout-for-woocommerce/tags/3.5.0/vendor/guzzlehttp/promises/README.md

r3172745	r3454688
42	42	\|---------\|---------------------\|--------------\|
43	43	\| 1.x \| Security fixes only \| >=5.5,<8.3 \|
44		\| 2.x \| Latest \| >=7.2.5,<8.5 \|
	44	\| 2.x \| Latest \| >=7.2.5,<8.6 \|
45	45
46	46

svea-checkout-for-woocommerce/tags/3.5.0/vendor/guzzlehttp/promises/composer.json

r3172745	r3454688
31	31	"require-dev": {
32	32	"bamarni/composer-bin-plugin": "^1.8.2",
33		"phpunit/phpunit": "^8.5.~~39 \|\| ^9.6.20~~"
	33	"phpunit/phpunit": "^8.5.44 \|\| ^9.6.25"
34	34	},
35	35	"autoload": {

svea-checkout-for-woocommerce/tags/3.5.0/vendor/guzzlehttp/psr7/CHANGELOG.md

-                      r3320066
+                      r3454688
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+## 2.8.0 - 2025-08-23
+### Added
+- Allow empty lists as header values
+### Changed
+- PHP 8.5 support
 ## 2.7.1 - 2025-03-27

svea-checkout-for-woocommerce/tags/3.5.0/vendor/guzzlehttp/psr7/README.md

r3172745	r3454688
26	26	\|---------\|---------------------\|--------------\|
27	27	\| 1.x \| EOL (2024-06-30) \| >=5.4,<8.2 \|
28		\| 2.x \| Latest \| >=7.2.5,<8.5 \|
	28	\| 2.x \| Latest \| >=7.2.5,<8.6 \|
29	29
30	30

svea-checkout-for-woocommerce/tags/3.5.0/vendor/guzzlehttp/psr7/composer.json

r3172745	r3454688
63	63	"bamarni/composer-bin-plugin": "^1.8.2",
64	64	"http-interop/http-factory-tests": "0.9.0",
65		"phpunit/phpunit": "^8.5.~~39 \|\| ^9.6.20~~"
	65	"phpunit/phpunit": "^8.5.44 \|\| ^9.6.25"
66	66	},
67	67	"suggest": {

svea-checkout-for-woocommerce/tags/3.5.0/vendor/guzzlehttp/psr7/src/MessageTrait.php

-                      r3088414
+                      r3454688
         if (!is_array($value)) {
             return $this->trimAndValidateHeaderValues([$value]);
+        }
-        if (count($value) === 0) {
-            throw new \InvalidArgumentException('Header value can not be an empty array.');
+        }

svea-checkout-for-woocommerce/tags/3.5.0/vendor/guzzlehttp/psr7/src/Utils.php

-                      r3172745
+                      r3454688
         if ($ex) {
             /** @var $ex \RuntimeException */
+            /** @var \RuntimeException $ex */
             throw $ex;
+        }
 …
         if ($ex) {
             /** @var $ex \RuntimeException */
+            /** @var \RuntimeException $ex */
             throw $ex;
+        }

svea-checkout-for-woocommerce/tags/3.5.0/vendor/sveaekonomi/checkout/README.md

-                      r3320066
+                      r3454688
 You can also download the library and upload it onto your server.
+### 1.3 Define API timeout (optional)
+The default timeout for API requests is set to 5 seconds. If you want to change this value you can define the constant `SVEA_CHECKOUT_API_TIMEOUT` before including the library.
+```php
+// Set timeout to 10 seconds
+define('SVEA_CHECKOUT_API_TIMEOUT', 10);
+// Include the library
+include 'vendor/autoload.php';
+```
 ### 2. General information
 …
 The connector defines what credentials should be used and which environment should be used.
 Parameters for creating Connector are: checkoutMerchantId, checkoutSecret and base API url(environment).
 …
 | LEASINGAPPROVED | Leasing (Automatically approved leasing contract)
 | TRUSTLY            | The customer paid with Trustly |
+| APPLEPAY         | The customer paid with Apple Pay |
+| APPLEPAY_PF         | The customer paid with Apple Pay via a payment facilitator |
 | Directbank (varies)  |    The customer paid the order with direct bank e.g. Nordea, SEB. See below for all available parameters |

svea-checkout-for-woocommerce/tags/3.5.0/vendor/sveaekonomi/checkout/VERSION

r3320066	r3454688
1		1.6.0
	1	1.7.0

svea-checkout-for-woocommerce/tags/3.5.0/vendor/sveaekonomi/checkout/composer.json

-                      r3320066
+                      r3454688
+{
   "name": "sveaekonomi/checkout",
   "version": "1.6.0",
+  "version": "1.7.0",
   "description": "Php integration library for Svea Checkout",
   "license": "Apache-2.0",
 …
   "autoload": {
     "psr-4": {
       "Svea\\Checkout\\": "src"
+      "Svea\\Checkout\\": "src/"
+    }
   },

svea-checkout-for-woocommerce/tags/3.5.0/vendor/sveaekonomi/checkout/src/CheckoutClient.php

r3320066	r3454688
26	26	namespace Svea\Checkout;
27	27
	28	use Indeed\Uap\PreviousRanks;
	29	use Opis\JsonSchema\Variables\RefVariablesContainer;
28	30	use Svea\Checkout\Implementation\ImplementationInterface;
29	31	use Svea\Checkout\Transport\Connector;

svea-checkout-for-woocommerce/tags/3.5.0/vendor/sveaekonomi/checkout/src/Transport/ApiClient.php

-                      r2005541
+                      r3454688
         $this->httpClient->setOption(CURLOPT_RETURNTRANSFER, 1);
         $this->httpClient->setOption(CURLOPT_HEADER, 1);
-        $this->httpClient->setOption(CURLOPT_SSL_VERIFYPEER, false);
         if ($request->getMethod() === 'POST') {
 …
             $this->httpClient->setOption(CURLOPT_POSTFIELDS, $request->getBody());
+        }
+        // Set a default timeout of 5 seconds if none is defined
+        $timeout = defined('SVEA_CHECKOUT_API_TIMEOUT') ? SVEA_CHECKOUT_API_TIMEOUT : 5;
+        $this->httpClient->setOption(CURLOPT_TIMEOUT, $timeout);
         $httpResponse = $this->httpClient->execute();

svea-checkout-for-woocommerce/tags/3.5.0/vendor/sveaekonomi/checkout/src/Transport/Http/CurlRequest.php

r1898244	r3454688
11	11	{
12	12	/**
13		* @var null\|~~resource~~
	13	* @var null\|mixed
14	14	*/
15	15	private $handle = null;

svea-checkout-for-woocommerce/tags/3.5.0/vendor/sveaekonomi/checkout/src/Validation/Admin/ValidateDeliverOrderData.php

r2846828	r3454688
19	19	$this->mustBeInteger($data['orderid'], 'Order Id');
20	20
21		$this->mustBeSet($data, 'orderrowids', 'Order Id');
	21	$this->mustBeSet($data, 'orderrowids', 'Order Row Ids');
22	22	$this->mustBeArray($data['orderrowids'], 'Order Row Ids');
23	23

svea-checkout-for-woocommerce/trunk/assets/js/frontend/application.min.js

r3320066	r3454688
1		(e=>{class t{constructor(e){this.$elm=e,this.isCompany="business"===wc_sco_params.default_company_type,this.validationCallbackListener=null,this.isCompanyListener=null,this.postalCodeListener=null,this.hasOngoingPayment=!1,this.syncZipCode=wc_sco_params.sync_zip_code,this.attributionKey=wc_sco_params.attribution_key,this.validationFailedMessage=wc_sco_params.validation_failed,this.ajaxUrl=wc_checkout_params.wc_ajax_url,this.refreshNonce=wc_sco_params.refresh_sco_snippet_nonce,this.checkoutNonce=wc_sco_params.sco_checkout_order,this.nShiftNonce=wc_sco_params.update_sco_order_nshift_information,this.checkoutNonceSelector="#woocommerce-process-checkout-nonce",this.attachEvents()}attachEvents(){const t=()=>{this.observeSveaData(),e(".svea-skeleton-loader").remove()};"scoApi"in window&&window.scoApi?t():e(document).on("checkoutReady",t),this.attachCheckoutEvents()}attachCheckoutEvents(){this.currentCountry=e(".wc-svea-checkout-page #billing_country").val(),this.currentState=e(".wc-svea-checkout-page #billing_state").val(),e(document).on("change",".wc-svea-checkout-page #billing_country",(t=>{const s=e(".wc-svea-checkout-page #billing_country").val();this.currentCountry!=s&&(this.refreshData(),this.currentCountry=s)})),e(document).on("change",".wc-svea-checkout-page #billing_state",(t=>{const s=e(".wc-svea-checkout-page #billing_state").val();this.currentState!=s&&(this.refreshData(),this.currentState=s)})),e(document).on("change",".wc-svea-checkout-page #shipping_method .shipping_method",this.refreshData.bind(this));if(e(document).on("change",[".woocommerce-additional-fields input",".woocommerce-additional-fields textarea",".woocommerce-additional-fields select"].join(", "),this.maybeTriggerReloadOfSvea.bind(this)),window.wc_sco_compat&&window.wc_sco_compat.fields_trigger_update.length){const t=window.wc_sco_compat.fields_trigger_update.join(", ");e(document).on("change",t,this.refreshData.bind(this))}e(document).on("sco_refresh_data",this.refreshData.bind(this)),e("body").on("update_checkout",this.refreshData.bind(this)),e("body").on("click","#sco-change-payment",this.changePaymentMethod.bind(this))}maybeTriggerReloadOfSvea(){this.hasOngoingPayment&&(window.scoApi.setCheckoutEnabled(!1),window.scoApi.setCheckoutEnabled(!0))}observeSveaData(){"1"===this.syncZipCode&&(this.postalCodeListener&&this.postalCodeListener(),this.postalCodeListener=window.scoApi.observeEvent("identity.postalCode",this.postalCodeChange.bind(this))),document.removeEventListener("sveaCheckout:errorValidationCallback",this.validationError.bind(this)),document.addEventListener("sveaCheckout:errorValidationCallback",this.validationError.bind(this)),document.removeEventListener("sveaCheckout:shippingConfirmed",this.shippingConfirmed.bind(this)),document.addEventListener("sveaCheckout:shippingConfirmed",this.shippingConfirmed.bind(this)),this.isCompanyListener&&this.isCompanyListener(),this.isCompanyListener=window.scoApi.observeEvent("identity.isCompany",this.isCompanyChange.bind(this)),this.validationCallbackListener&&this.validationCallbackListener(),this.validationCallbackListener=window.scoApi.observeEvent("order.validationCallback",this.submitOrder.bind(this))}submitOrder(t){this.hasOngoingPayment=!0;const s=e("form.woocommerce-checkout").serialize(),o=this.serializeFormToObject(s),a=Object.assign(o,{post_data:s,security:this.checkoutNonce,ship_to_different_address:1,payment_method:"svea_checkout"});e.ajax({type:"POST",url:this.ajaxUrl.toString().replace("%%endpoint%%","sco_checkout_order"),data:a,success:s=>{let o=!1;if(void 0!==s.result)if("failure"===s.result){if(s.reload)return void e.ajax({type:"GET",url:this.ajaxUrl.toString().replace("%%endpoint%%","sco_renew_nonce"),success:s=>{if(s.success)return e(this.checkoutNonceSelector).val(s.data.wc),this.checkoutNonce=s.data.sco,this.submitOrder(t)}});this.showErrors(s.messages)}else"success"===s.result&&(o=!0);t.callback&&t.callback({valid:o})}})}postalCodeChange(t){let s=e("#billing_postcode").val(),o=t.value\|\|"";(o&&s!==o\|\|"••••"===o)&&(e("#billing_postcode").val(o),this.refreshData())}isCompanyChange(e){void 0!==e.value&&e.value!==this.isCompany&&(this.isCompany=e.value,setTimeout((()=>{this.refreshData()})))}validationError(e){let t=e.detail.message\|\|this.validationFailedMessage;this.showErrors(t,!0),this.refreshData(null,!0)}shippingConfirmed(t){const s={security:this.nShiftNonce,price:t.detail.price,name:t.detail.name};this.setCheckoutUpdating(!0),e.ajax({type:"POST",url:this.ajaxUrl.toString().replace("%%endpoint%%","update_sco_order_nshift_information"),data:s,success:e=>{e&&e.fragments&&this.updateFragments(e.fragments),this.setCheckoutUpdating(!1)}})}refreshData(t,s=!1){const o=e("form.woocommerce-checkout").serialize(),a=this.serializeFormToObject(o,!1);"object"==typeof s&&(s=!0);const i=Object.assign(a,{security:this.refreshNonce,post_data:o,force:s});this.setCheckoutUpdating(!0),e.ajax({type:"POST",url:this.ajaxUrl.toString().replace("%%endpoint%%","refresh_sco_snippet"),data:i,success:t=>{this.isUpdating=!1,!0!==t.reload&&"true"!==t.reload?(e(".woocommerce-NoticeGroup-updateOrderReview").remove(),t&&t.fragments&&this.updateFragments(t.fragments),"failure"===t.result&&(this.removeErrors(),t.messages?this.showErrors(t.messages):this.showErrors(t)),e(document.body).trigger("updated_checkout",[t]),this.setCheckoutUpdating(!1)):window.location.reload()},complete:()=>{this.isUpdating=!1}})}updateFragments(t){e.each(t,(function(t,s){e(t).html(s),e(t).unblock()}))}showErrors(t,s=!1){this.removeErrors(),void 0===s&&(s=!0),s?this.$elm.prepend('<ul class="woocommerce-error"><li>'+t+"</li></ul>"):this.$elm.prepend(t),this.$elm.find(".input-text, select, input:checkbox").blur(),e("html, body").animate({scrollTop:this.$elm.offset().top-100},1e3)}setCheckoutUpdating(t){e(".wc-svea-checkout-page").toggleClass("updating",t),window.scoApi&&window.scoApi.setCheckoutEnabled(!t)}serializeFormToObject(e,t=!0){let s={};return e.split("&").forEach((e=>{let[o,a]=e.split("=");(t\|\|0!==o.indexOf(this.attributionKey))&&(s[decodeURIComponent(o)]=decodeURIComponent(a))})),s}removeErrors(){e(".woocommerce-error, .woocommerce-message").remove()}changePaymentMethod(t){t.preventDefault(),e.ajax({url:wc_checkout_params.wc_ajax_url.toString().replace("%%endpoint%%","sco_change_payment_method"),method:"POST",data:{svea:!1,security:wc_checkout_params.change_payment_method},success:e=>{e.success&&window.location.reload()}})}static instance(){e(this).length>0&&e(this).each(((s,o)=>{o.sveaCheckout=new t(e(o))}))}}function s(t){"svea_checkout"===t&&e.ajax({url:wc_checkout_params.wc_ajax_url.toString().replace("%%endpoint%%","sco_change_payment_method"),method:"POST",data:{svea:!0,security:wc_checkout_params.change_payment_method},success:e=>{e.success&&window.location.reload()}})}e.fn.sveaCheckout=t.instance,e(document).ready((t=>{e(".wc-svea-checkout-page").sveaCheckout(),e(document.body).on("init_checkout",(t=>{e("body").on("change","input[name=payment_method]",(t=>{s(e(t.target).val()),console.log("change")})),e(document.body).on("updated_checkout",(()=>{s(e("input[name=payment_method]:checked").val())}))}))}))})(jQuery);
	1	(e=>{class t{constructor(e){this.$elm=e,this.isCompany="business"===wc_sco_params.default_company_type,this.validationCallbackListener=null,this.isCompanyListener=null,this.postalCodeListener=null,this.hasOngoingPayment=!1,this.syncZipCode=wc_sco_params.sync_zip_code,this.attributionKey=wc_sco_params.attribution_key,this.validationFailedMessage=wc_sco_params.validation_failed,this.ajaxUrl=wc_checkout_params.wc_ajax_url,this.refreshNonce=wc_sco_params.refresh_sco_snippet_nonce,this.checkoutNonce=wc_sco_params.sco_checkout_order,this.nShiftNonce=wc_sco_params.update_sco_order_nshift_information,this.checkoutNonceSelector="#woocommerce-process-checkout-nonce",this.attachEvents()}attachEvents(){const t=()=>{this.observeSveaData(),e(".svea-skeleton-loader").remove()};"scoApi"in window&&window.scoApi?t():e(document).on("checkoutReady",t),this.attachCheckoutEvents()}attachCheckoutEvents(){this.currentCountry=e(".wc-svea-checkout-page #billing_country").val(),this.currentState=e(".wc-svea-checkout-page #billing_state").val(),e(document).on("change",".wc-svea-checkout-page #billing_country",(t=>{const s=e(".wc-svea-checkout-page #billing_country").val();this.currentCountry!=s&&(this.refreshData(),this.currentCountry=s)})),e(document).on("change",".wc-svea-checkout-page #billing_state",(t=>{const s=e(".wc-svea-checkout-page #billing_state").val();this.currentState!=s&&(this.refreshData(),this.currentState=s)})),e(document).on("change",".wc-svea-checkout-page #shipping_method .shipping_method",this.refreshData.bind(this));if(e(document).on("change",[".woocommerce-additional-fields input",".woocommerce-additional-fields textarea",".woocommerce-additional-fields select"].join(", "),this.maybeTriggerReloadOfSvea.bind(this)),window.wc_sco_compat&&window.wc_sco_compat.fields_trigger_update.length){const t=window.wc_sco_compat.fields_trigger_update.join(", ");e(document).on("change",t,this.refreshData.bind(this))}e(document).on("sco_refresh_data",this.refreshData.bind(this)),e("body").on("update_checkout",this.refreshData.bind(this)),e("body").on("click","#sco-change-payment",this.changePaymentMethod.bind(this))}maybeTriggerReloadOfSvea(){this.hasOngoingPayment&&(window.scoApi.setCheckoutEnabled(!1),window.scoApi.setCheckoutEnabled(!0))}observeSveaData(){"1"===this.syncZipCode&&(this.postalCodeListener&&this.postalCodeListener(),this.postalCodeListener=window.scoApi.observeEvent("identity.postalCode",this.postalCodeChange.bind(this))),document.removeEventListener("sveaCheckout:errorValidationCallback",this.validationError.bind(this)),document.addEventListener("sveaCheckout:errorValidationCallback",this.validationError.bind(this)),document.removeEventListener("sveaCheckout:shippingConfirmed",this.shippingConfirmed.bind(this)),document.addEventListener("sveaCheckout:shippingConfirmed",this.shippingConfirmed.bind(this)),this.isCompanyListener&&this.isCompanyListener(),this.isCompanyListener=window.scoApi.observeEvent("identity.isCompany",this.isCompanyChange.bind(this)),this.validationCallbackListener&&this.validationCallbackListener(),this.validationCallbackListener=window.scoApi.observeEvent("order.validationCallback",this.submitOrder.bind(this))}submitOrder(t){this.hasOngoingPayment=!0;const s=e("form.woocommerce-checkout").serialize(),o=this.serializeFormToObject(s),a=Object.assign(o,{post_data:s,security:this.checkoutNonce,ship_to_different_address:1,payment_method:"svea_checkout"});e.ajax({type:"POST",url:this.ajaxUrl.toString().replace("%%endpoint%%","sco_checkout_order"),data:a,success:s=>{let o=!1;if(void 0!==s.result)if("failure"===s.result){if(s.reload)return void e.ajax({type:"GET",url:this.ajaxUrl.toString().replace("%%endpoint%%","sco_renew_nonce"),success:s=>{if(s.success)return e(this.checkoutNonceSelector).val(s.data.wc),this.checkoutNonce=s.data.sco,this.submitOrder(t)}});this.showErrors(s.messages)}else"success"===s.result&&(o=!0);t.callback&&t.callback({valid:o})}})}postalCodeChange(t){let s=e("#billing_postcode").val(),o=t.value\|\|"";(o&&s!==o\|\|"••••"===o)&&(e("#billing_postcode").val(o),this.refreshData())}isCompanyChange(e){void 0!==e.value&&e.value!==this.isCompany&&(this.isCompany=e.value,setTimeout((()=>{this.refreshData()})))}validationError(e){let t=e.detail.message\|\|this.validationFailedMessage;this.showErrors(t,!0),this.refreshData(null,!0)}shippingConfirmed(t){const s={security:this.nShiftNonce,price:t.detail.price,name:t.detail.name};this.setCheckoutUpdating(!0),e.ajax({type:"POST",url:this.ajaxUrl.toString().replace("%%endpoint%%","update_sco_order_nshift_information"),data:s,success:e=>{e&&e.fragments&&this.updateFragments(e.fragments),this.setCheckoutUpdating(!1)}})}refreshData(t,s=!1){const o=e("form.woocommerce-checkout").serialize(),a=this.serializeFormToObject(o,!1);"object"==typeof s&&(s=!0);const i=Object.assign(a,{security:this.refreshNonce,post_data:o,force:s});this.setCheckoutUpdating(!0),e.ajax({type:"POST",url:this.ajaxUrl.toString().replace("%%endpoint%%","refresh_sco_snippet"),data:i,success:t=>{this.isUpdating=!1,!0!==t.reload&&"true"!==t.reload?(e(".woocommerce-NoticeGroup-updateOrderReview").remove(),t&&t.fragments&&this.updateFragments(t.fragments),"failure"===t.result&&(this.removeErrors(),t.messages?this.showErrors(t.messages):this.showErrors(t)),e(document.body).trigger("updated_checkout",[t]),this.setCheckoutUpdating(!1)):window.location.reload()},complete:()=>{this.isUpdating=!1}})}updateFragments(t){e.each(t,(function(t,s){e(t).html(s),e(t).unblock()}))}showErrors(t,s=!1){this.removeErrors(),void 0===s&&(s=!0),s?this.$elm.prepend('<ul class="woocommerce-error"><li>'+t+"</li></ul>"):this.$elm.prepend(t),this.$elm.find(".input-text, select, input:checkbox").blur(),e("html, body").animate({scrollTop:this.$elm.offset().top-100},1e3)}setCheckoutUpdating(t){e(".wc-svea-checkout-page").toggleClass("updating",t),window.scoApi&&window.scoApi.setCheckoutEnabled(!t)}serializeFormToObject(e,t=!0){let s={};return e.split("&").forEach((e=>{let[o,a]=e.split("=");(t\|\|0!==o.indexOf(this.attributionKey))&&(s[decodeURIComponent(o)]=decodeURIComponent(a))})),s}removeErrors(){e(".woocommerce-error, .woocommerce-message").remove()}changePaymentMethod(t){t.preventDefault(),e.ajax({url:wc_checkout_params.wc_ajax_url.toString().replace("%%endpoint%%","sco_change_payment_method"),method:"POST",data:{svea:!1,security:wc_sco_params.change_payment_method},success:e=>{e.success&&window.location.reload()}})}static instance(){e(this).length>0&&e(this).each(((s,o)=>{o.sveaCheckout=new t(e(o))}))}}function s(t){"svea_checkout"===t&&e.ajax({url:wc_checkout_params.wc_ajax_url.toString().replace("%%endpoint%%","sco_change_payment_method"),method:"POST",data:{svea:!0,security:wc_sco_params.change_payment_method},success:e=>{e.success&&window.location.reload()}})}e.fn.sveaCheckout=t.instance,e(document).ready((t=>{e(".wc-svea-checkout-page").sveaCheckout(),e(document.body).on("init_checkout",(t=>{e("body").on("change","input[name=payment_method]",(t=>{s(e(t.target).val())})),e(document.body).on("updated_checkout",(()=>{s(e("input[name=payment_method]:checked").val())}))}))}))})(jQuery);

svea-checkout-for-woocommerce/trunk/inc/Admin.php

-                      r3398960
+                      r3454688
             $wc_order->update_status( 'cancelled', esc_html__( 'Payment not accepted in Svea', 'svea-checkout-for-woocommerce' ) );
         } else {
+            if ( $wc_order->get_status() === self::AWAITING_ORDER_STATUS ) {
+                // Move through WooCommerce pending to support third-party status listeners before completion.
+                $wc_order->update_status( 'pending' );
+            }
             $wc_order->payment_complete( $svea_order_id );
             wp_clear_scheduled_hook( 'sco_check_pa_order_status', [ $svea_order_id ] );

svea-checkout-for-woocommerce/trunk/inc/Compat/Polylang_Compat.php

-                      r3202226
+                      r3454688
      */
     public function change_push_uri( $data ) {
         if ( ! empty( $data['MerchantSettings'] ) && \function_exists( 'pll_current_language' ) ) {
             $language_slug = \pll_current_language();
+        if ( ! empty( $data['MerchantSettings'] ) && function_exists( 'pll_current_language' ) ) {
+            $language_slug = pll_current_language();
             $args = [
 …
             ];
             $data['MerchantSettings']['PushUri'] = $data['MerchantSettings']['PushUri'] . '&' . http_build_query( $args );
             $data['MerchantSettings']['CheckoutValidationCallBackUri'] = $data['MerchantSettings']['CheckoutValidationCallBackUri'] . '&' . http_build_query( $args );
             $data['MerchantSettings']['WebhookUri'] = $data['MerchantSettings']['WebhookUri'] . '&' . http_build_query( $args );
+            $data['MerchantSettings']['PushUri'] = $this->restore_curly_braces( add_query_arg( $args, $data['MerchantSettings']['PushUri'] ) );
+            $data['MerchantSettings']['CheckoutValidationCallBackUri'] = $this->restore_curly_braces( add_query_arg( $args, $data['MerchantSettings']['CheckoutValidationCallBackUri'] ) );
+            $data['MerchantSettings']['WebhookUri'] = $this->restore_curly_braces( add_query_arg( $args, $data['MerchantSettings']['WebhookUri'] ) );
+        }
         return $data;
+    }
+    /**
+     * Restore the curly bracers that add_query_arg might have destroyed
+     *
+     * @param string $url
+     * @return string
+     */
+    private function restore_curly_braces( $url ) {
+        $url = str_replace( '%7B', '{', $url );
+        $url = str_replace( '%7D', '}', $url );
+        return $url;
+    }
+}

svea-checkout-for-woocommerce/trunk/inc/Models/Svea_Checkout.php

-                      r3398960
+                      r3454688
             case isset( $checkout_data['Recurring'] ) && $checkout_data['Recurring'] !== $this->is_recurring():
             case ! isset( $checkout_data['CountryCode'] ) || $checkout_data['CountryCode'] !== WC()->customer->get_billing_country():
+            case $checkout_data['Status'] !== 'Created':
+            case $checkout_data['CountryCode'] !== WC()->customer->get_billing_country():
+            case $checkout_data['Status'] === 'Final':
+            case $checkout_data['Status'] === 'Cancelled':
+            case strtoupper( $checkout_data['Status'] ) !== 'CREATED':
             case ! isset( $checkout_data['MerchantSettings']['UseClientSideValidation'] ) || $checkout_data['MerchantSettings']['UseClientSideValidation'] !== true:
                 $need_new = true;

svea-checkout-for-woocommerce/trunk/inc/Rule_Integration.php

-                      r3398960
+                      r3454688
+            }
+            /** @var \WC_Product $product */
             $product = $item['data'];
 …
         $is_company = ! empty( $svea_data['Customer']['IsCompany'] ) && $svea_data['Customer']['IsCompany'] === true;
         $first_name = $billing_address['FirstName'] ?? '';
+        $last_name = $billing_address['LastName'] ?? '';
         if ( ( empty( $first_name ) || empty( $last_name ) ) && ! empty( $billing_address['FullName'] ) ) {
 …
     private function send_event( $tag, array $subscriber, array $fields, $retrying = false, $action = null ) {
         $endpoint = self::ENDPOINT;
+        if ( empty( $endpoint ) ) {
+            return false;
+        }
+        $subscriber_id = '';
         if ( $action === null ) {
 …
         if ( $action === 'create' ) {
             $payload['update_on_duplicate'] = true;
+        } else {
+            if ( empty( $subscriber_id ) ) {
+                return false;
+            }
+        } else if ( empty( $subscriber_id ) ) {
+            return false;
+        }
 …
      * @param string     $method   HTTP method.
      * @param string     $endpoint Endpoint URL.
-     * @param string     $api_key  Rule API key.
      * @param array|null $payload  Optional payload.
      * @return array|WP_Error

svea-checkout-for-woocommerce/trunk/inc/Template_Handler.php

-                      r3439569
+                      r3454688
+        }
+        // Check if there exists an order already
+        $current_order_id = WC()->session->get( 'order_awaiting_payment' );
+        $current_sco_id = WC()->session->get( 'sco_order_id' );
+        if ( $current_order_id && $current_sco_id ) {
+            // Load the order to see if it needs to be updated
+            $wc_order = wc_get_order( $current_order_id );
+            if ( $wc_order && $wc_order->get_meta( '_svea_co_order_id' ) !== $current_sco_id ) {
+                // Remove the current order awaiting payment ID and create a new order
+                WC()->session->set( 'order_awaiting_payment', null );
+            }
+        }
         WC()->checkout()->process_checkout();
         wp_die( 0 );
 …
         if ( $this->is_svea() && ! wp_doing_ajax() ) {
             // Flush checkout fields cache
             WC()->checkout()->checkout_fields = null;
+            WC()->checkout()->__set( 'checkout_fields', null );
             // Remove all default fields from WooCommerce to see what gets added by third party plugins
 …
      */
     public function change_payment_method() {
+        if ( ! isset( $_POST['security'] ) || ! wp_verify_nonce( $_POST['security'], 'change-payment-method' ) ) {
+            echo 'Nonce fail';
+            exit;
+        }
         $use_svea = isset( $_POST['svea'] ) && sanitize_text_field( $_POST['svea'] ) === 'true'; // phpcs:ignore WordPress.Security.NonceVerification.Missing

svea-checkout-for-woocommerce/trunk/inc/WC_Gateway_Svea_Checkout.php

-                      r3409597
+                      r3454688
 use Svea_Checkout_For_Woocommerce\Models\Svea_Checkout;
 use Svea_Checkout_For_Woocommerce\Models\Svea_Payment_Admin;
+use WP_Filesystem_Direct;
 if ( ! defined( 'ABSPATH' ) ) {
 …
     /**
+     * Generate HTML for Apple Pay certificate upload field
+     *
+     * @param string $key Field key
+     * @param array  $data Field data
+     * @return string
+     */
+    public function generate_apple_pay_certificate_html( $key, $data ) {
+        $field_key = $this->get_field_key( $key );
+        $defaults  = [
+            'title'             => '',
+            'disabled'          => false,
+            'class'             => '',
+            'css'               => '',
+            'placeholder'       => '',
+            'type'              => 'file',
+            'desc_tip'          => false,
+            'description'       => '',
+            'custom_attributes' => [],
+        ];
+        $data = wp_parse_args( $data, $defaults );
+        // Check if certificate exists
+        $cert_path = ABSPATH . '.well-known/apple-developer-merchantid-domain-association';
+        $cert_exists = file_exists( $cert_path );
+        $description = sprintf(
+            /* translators: %s: file path */
+            esc_html__( 'The upload will try to put the file here, if that\'s not correct then please upload the certificate manually: %s', 'svea-checkout-for-woocommerce' ),
+            '<code>' . esc_html( $cert_path ) . '</code>'
+        );
+        if ( $cert_exists ) {
+            $description .= '<br><strong style="color: green;">' . esc_html__( 'Certificate is currently uploaded.', 'svea-checkout-for-woocommerce' ) . '</strong>';
+        }
+        ob_start();
+        ?>
+        <tr valign="top">
+            <th scope="row" class="titledesc">
+                <label for="<?php echo esc_attr( $field_key ); ?>"><?php echo wp_kses_post( $data['title'] ); ?></label>
+            </th>
+            <td class="forminp">
+                <fieldset>
+                    <legend class="screen-reader-text"><span><?php echo wp_kses_post( $data['title'] ); ?></span></legend>
+                    <input
+                        class="input-text regular-input <?php echo esc_attr( $data['class'] ); ?>"
+                        type="file"
+                        name="<?php echo esc_attr( $field_key ); ?>"
+                        id="<?php echo esc_attr( $field_key ); ?>"
+                        style="<?php echo esc_attr( $data['css'] ); ?>"
+                        <?php disabled( $data['disabled'], true ); ?>
+                        <?php echo $this->get_custom_attribute_html( $data ); // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped ?>
+                    />
+                    <p class="description"><?php echo wp_kses_post( $description ); ?></p>
+                </fieldset>
+            </td>
+        </tr>
+        <?php
+        return ob_get_clean();
+    }
+    /**
+     * Process admin options and handle Apple Pay certificate upload
+     *
+     * @return bool
+     */
+    public function process_admin_options() {
+        // Handle Apple Pay certificate upload
+        // Nonce verification is handled by WooCommerce parent class
+        $field_key = $this->get_field_key( 'apple_pay_certificate' );
+        // phpcs:ignore WordPress.Security.NonceVerification.Missing -- Nonce is verified by WooCommerce parent class
+        if ( ! isset( $_FILES[ $field_key ] ) || empty( $_FILES[ $field_key ]['tmp_name'] ) ) {
+            return parent::process_admin_options();
+        }
+        // phpcs:ignore WordPress.Security.NonceVerification.Missing, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized -- Nonce verified by parent, file validation done below
+        $file = $_FILES[ $field_key ];
+        // Validate file size (max 1MB for certificate files)
+        $max_size = MB_IN_BYTES;
+        if ( ! isset( $file['size'] ) || $file['size'] > $max_size ) {
+            \WC_Admin_Settings::add_error(
+                sprintf(
+                    /* translators: %s: maximum file size */
+                    esc_html__( 'Apple Pay certificate file is too large. Maximum size is %s.', 'svea-checkout-for-woocommerce' ),
+                    size_format( $max_size )
+                )
+            );
+            return parent::process_admin_options();
+        }
+        // Validate file upload
+        if ( $file['error'] !== UPLOAD_ERR_OK ) {
+            \WC_Admin_Settings::add_error(
+                esc_html__( 'Apple Pay certificate upload failed. Please try again.', 'svea-checkout-for-woocommerce' )
+            );
+        } else {
+            // Validate content type - strict validation for security
+            // Using finfo for MIME type detection as it's reliable and sufficient for this use case
+            $allowed_types = [
+                'application/octet-stream',
+                'text/plain',
+                'application/x-apple-aspen-config',
+            ];
+            $finfo = finfo_open( FILEINFO_MIME_TYPE );
+            if ( false === $finfo ) {
+                \WC_Admin_Settings::add_error(
+                    esc_html__( 'Failed to initialize file type detection. Please try again or contact your system administrator.', 'svea-checkout-for-woocommerce' )
+                );
+            } else {
+                $mime_type = finfo_file( $finfo, $file['tmp_name'] );
+                finfo_close( $finfo );
+                // Strict content type validation for security
+                if ( ! in_array( $mime_type, $allowed_types, true ) ) {
+                    \WC_Admin_Settings::add_error(
+                        sprintf(
+                            /* translators: %s: detected MIME type */
+                            esc_html__( 'Invalid file type detected: %s. Please upload the Apple Pay certificate file.', 'svea-checkout-for-woocommerce' ),
+                            esc_html( $mime_type )
+                        )
+                    );
+                } else {
+                    // Create .well-known directory if it doesn't exist
+                    $well_known_dir = ABSPATH . '.well-known';
+                    if ( ! file_exists( $well_known_dir ) ) {
+                        $mkdir_result = wp_mkdir_p( $well_known_dir );
+                        if ( false === $mkdir_result ) {
+                            \WC_Admin_Settings::add_error(
+                                esc_html__( 'Failed to create .well-known directory. Please check file permissions.', 'svea-checkout-for-woocommerce' )
+                            );
+                            return parent::process_admin_options();
+                        }
+                    }
+                    /** @var WP_Filesystem_direct $wp_filesystem */
+                    global $wp_filesystem;
+                    require_once ABSPATH . 'wp-admin/includes/file.php';
+                    // Initialize the WP filesystem
+                    WP_Filesystem();
+                    // Verify directory is writable
+                    if ( ! $wp_filesystem->is_writable( $well_known_dir ) ) {
+                        \WC_Admin_Settings::add_error(
+                            esc_html__( 'The .well-known directory is not writable. Please check file permissions.', 'svea-checkout-for-woocommerce' )
+                        );
+                        return parent::process_admin_options();
+                    }
+                    // Set target path - use fixed filename to prevent path traversal
+                    $target_filename = 'apple-developer-merchantid-domain-association';
+                    $target_path = $well_known_dir . '/' . $target_filename;
+                    // Verify target path is within expected directory (security check)
+                    $real_target_dir = realpath( dirname( $target_path ) );
+                    $real_expected_dir = realpath( $well_known_dir );
+                    if ( $real_target_dir !== $real_expected_dir ) {
+                        \WC_Admin_Settings::add_error(
+                            esc_html__( 'Invalid target path detected. Upload blocked for security.', 'svea-checkout-for-woocommerce' )
+                        );
+                        return parent::process_admin_options();
+                    }
+                    // Move the uploaded file
+                    if ( move_uploaded_file( $file['tmp_name'], $target_path ) ) {
+                        // Set appropriate permissions
+                        // phpcs:ignore WordPress.WP.AlternativeFunctions.file_system_operations_chmod -- Setting standard file permissions for uploaded certificate
+                        $chmod_result = chmod( $target_path, 0644 );
+                        if ( false === $chmod_result ) {
+                            // Log warning but don't fail the upload
+                            self::log( 'Failed to set permissions on Apple Pay certificate file', 'warning' );
+                        }
+                        \WC_Admin_Settings::add_message(
+                            esc_html__( 'Apple Pay certificate uploaded successfully.', 'svea-checkout-for-woocommerce' )
+                        );
+                    } else {
+                        \WC_Admin_Settings::add_error(
+                            esc_html__( 'Failed to move Apple Pay certificate to target location. Please check file permissions.', 'svea-checkout-for-woocommerce' )
+                        );
+                    }
+                }
+            }
+        }
+        // Call parent to handle other settings
+        return parent::process_admin_options();
+    }
+    /**
      * Initialize Gateway Settings Form Fields
      */

svea-checkout-for-woocommerce/trunk/inc/Webhook_Handler.php

-                      r3409597
+                      r3454688
     /**
+     * Get caller IP
+     *
+     * @return string
+     * Get caller IP address for webhook validation.
+     *
+     * Security Note: IP restriction is only an additional defense layer and should not
+     * be the sole security measure. HTTP headers like X-Forwarded-For can be spoofed
+     * by attackers unless the server configuration properly strips client-supplied headers.
+     *
+     * For maximum security:
+     * - Use REMOTE_ADDR if not behind a reverse proxy
+     * - Ensure your reverse proxy/CDN strips client-supplied headers before adding its own
+     * - Consider implementing HMAC-based webhook authentication as the primary security control
+     *
+     * @return string IP address to validate
      */
     private function get_referer_ip() {
+        if ( ! empty( $_SERVER['HTTP_CLIENT_IP'] ) ) {
+            $ip = $_SERVER['HTTP_CLIENT_IP'];
+        } else if ( ! empty( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ) {
+            $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
+        } else {
+            $ip = $_SERVER['REMOTE_ADDR'];
+        }
+        return $ip;
+        $preferred_header = '';
+        if ( $this->gateway ) {
+            $preferred_header = $this->get_configured_ip_header();
+        }
+        $ip = $_SERVER['REMOTE_ADDR'];
+        if ( $preferred_header === 'yes' ) { // auto-detect
+            if ( ! empty( $_SERVER['HTTP_CLIENT_IP'] ) ) {
+                $ip = $_SERVER['HTTP_CLIENT_IP'];
+            } else if ( ! empty( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ) {
+                $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
+            }
+        } else if ( ! empty( $_SERVER[ $preferred_header ] ) ) {
+            $ip = $_SERVER[ $preferred_header ];
+        }
+        // Explode in case of multiple IPs from proxy
+        return explode( ',', $ip )[0];
+    }
+    /**
+     * Get configured proxy header to trust.
+     *
+     * @return string "yes" for auto-detect, or specific header name.
+     */
+    private function get_configured_ip_header() {
+        $header = $this->gateway->get_option( 'use_ip_restriction' );
+        if ( $header === 'custom' ) {
+            $header = $this->gateway->get_option( 'ip_restriction_header' );
+            if ( strpos( $header, 'HTTP_' ) !== 0 ) {
+                $header = 'HTTP_' . $header;
+            }
+            $header = str_replace( '-', '_', strtoupper( $header ) );
+            // Strip any characters that are not alphanumeric or underscore to prevent header injection attacks
+            $header = preg_replace( '/[^A-Z0-9_]/', '', $header );
+        }
+        return trim( $header );
+    }
 …
      */
     public function validate_referer() {
         if ( $this->gateway->get_option( 'use_ip_restriction' ) !== 'yes' ) {
+        if ( $this->gateway->get_option( 'use_ip_restriction' ) === 'no' ) {
             return;
+        }
         $ip_address = $this->get_referer_ip();
         $ref_ip = ip2long( $ip_address );
 …
         $webhook_data = json_decode( $raw_webhook );
-        $webhook_data->description = json_decode( $webhook_data->description );
-        // phpcs:disable WordPress.NamingConventions.ValidVariableName.UsedPropertyNotSnakeCase
-        $this->gateway::log( sprintf( 'Webhook callback received for Svea cart (%s) received', $webhook_data->orderId ) );
         $this->validate_referer();
+        if ( empty( $webhook_data->orderId ) ) {
+        $svea_order_id = absint( $webhook_data->orderId ?? 0 ); // phpcs:ignore WordPress.NamingConventions.ValidVariableName.UsedPropertyNotSnakeCase
+        if ( empty( $svea_order_id ) ) {
             $this->gateway::log( 'No orderID was found. Aborting' );
             exit;
+        }
+        $wc_order = self::get_order_by_svea_id( $webhook_data->orderId );
+        $wc_order = self::get_order_by_svea_id( $svea_order_id );
+        if ( empty( $wc_order ) ) {
+            $this->gateway::log( 'Received webhook but the order does not exists' );
+            exit;
+        }
+        // phpcs:disable WordPress.NamingConventions.ValidVariableName.UsedPropertyNotSnakeCase
+        $this->gateway::log( sprintf( 'Webhook callback received for Svea cart (%s) received', $svea_order_id ) );
         $svea_order = new Svea_Checkout( false );
 …
         try {
             self::$svea_order = $svea_order->get( $webhook_data->orderId );
+            self::$svea_order = $svea_order->get( $svea_order_id );
         } catch ( \Exception $e ) {
             WC_Gateway_Svea_Checkout::log( sprintf( 'Error in push webhook when getting order id %s. Message from Svea: %s', $this->svea_order_id, $e->getMessage() ) );
+            WC_Gateway_Svea_Checkout::log( sprintf( 'Error in push webhook when getting order id %s. Message from Svea: %s', $svea_order_id, $e->getMessage() ) );
             status_header( 404 );
             exit;
 …
+        }
+        if ( empty( $wc_order ) ) {
+            $this->gateway::log( sprintf( 'Received webhook but the order does not exists (%s)', $webhook_data->orderId ) );
+            exit;
+        $shipping_information = self::$svea_order['ShippingInformation'] ?? [];
+        $shipping_provider = $shipping_information['ShippingProvider'] ?? [];
+        $shipping_type = sanitize_text_field( $shipping_provider['Type'] ?? $shipping_provider['type'] ?? '' );
+        if ( ! empty( $shipping_type ) ) {
+            $wc_order->update_meta_data( '_sco_nshift_type', $shipping_type );
+        }
+        $shipping_description = $shipping_provider['Description'] ?? $shipping_provider['description'] ?? null;
+        if ( is_array( $shipping_description ) ) {
+            $shipping_description = (object) $shipping_description;
+        }
+        if ( is_object( $shipping_description ) && ! empty( $shipping_description->tmsReference ) ) {
+            $wc_order->update_meta_data( '_sco_nshift_tms_ref', sanitize_text_field( $shipping_description->tmsReference ) );
+        }
+        $selected_shipping_option = $shipping_provider['ShippingOption'] ?? [];
+        $carrier_id = '';
+        $carrier_name = '';
+        if ( empty( $selected_shipping_option ) && is_object( $shipping_description ) && ! empty( $shipping_description->selectedShippingOption ) ) {
+            $selected_shipping_option = $shipping_description->selectedShippingOption;
+        }
+        if ( is_array( $selected_shipping_option ) ) {
+            $carrier_id = sanitize_text_field( $selected_shipping_option['Id'] ?? $selected_shipping_option['id'] ?? '' );
+            $carrier_name = sanitize_text_field( $selected_shipping_option['Carrier'] ?? $selected_shipping_option['carrier'] ?? '' );
+        }
+        if ( ! empty( $carrier_id ) ) {
+            $wc_order->update_meta_data( '_sco_nshift_carrier_id', $carrier_id );
+        }
+        if ( ! empty( $carrier_name ) ) {
+            $wc_order->update_meta_data( '_sco_nshift_carrier_name', $carrier_name );
+        }
         // Save the data
+        if ( ! empty( $webhook_data->type ) ) {
+            $wc_order->update_meta_data( '_sco_nshift_type', $webhook_data->type );
+        }
+        if ( ! empty( $webhook_data->description->tmsReference ) ) {
+            $wc_order->update_meta_data( '_sco_nshift_tms_ref', $webhook_data->description->tmsReference );
+        }
+        if ( ! empty( $webhook_data->description->selectedShippingOption ) ) {
+            $wc_order->update_meta_data( '_sco_nshift_carrier_id', $webhook_data->description->selectedShippingOption->id );
+            $wc_order->update_meta_data( '_sco_nshift_carrier_name', $webhook_data->description->selectedShippingOption->carrier );
+        }
+        // Save the whole thing as a complete string
+        $wc_order->update_meta_data( '_sco_nshift_data', $webhook_data );
+        if ( ! empty( $shipping_information ) ) {
+            $wc_order->update_meta_data( '_sco_nshift_data', $shipping_information );
+        }
         $wc_order->save();
 …
+        }
+        if ( $this->gateway->get_option( 'use_ip_restriction' ) === 'yes' ) {
+            $this->validate_referer();
+        }
+        $this->validate_referer();
         $this->gateway::log( sprintf( 'Received push for order %s', $this->svea_order_id ) );
 …
+        }
+        if ( $this->gateway->get_option( 'use_ip_restriction' ) === 'yes' ) {
+            $this->validate_referer();
+        }
+        $this->validate_referer();
         $wc_order = wc_get_order( $wc_order_id );

svea-checkout-for-woocommerce/trunk/inc/settings-svea-checkout.php

-                      r3398960
+                      r3454688
         ],
         'use_ip_restriction'              => [
+            'title'       => esc_html__( 'Use IP restriction', 'svea-checkout-for-woocommerce' ),
+            'type'        => 'checkbox',
+            'title'       => esc_html__( 'IP restriction', 'svea-checkout-for-woocommerce' ),
+            'type'        => 'select',
+            'options'     => [
+                'yes'                  => esc_html__( 'Yes (auto-detect)', 'svea-checkout-for-woocommerce' ),
+                'REMOTE_ADDR'          => esc_html__( 'REMOTE_ADDR (No reverse proxy)', 'svea-checkout-for-woocommerce' ),
+                'HTTP_CLIENT_IP'       => esc_html__( 'HTTP_CLIENT_IP', 'svea-checkout-for-woocommerce' ),
+                'HTTP_X_FORWARDED_FOR' => esc_html__( 'HTTP_X_FORWARDED_FOR', 'svea-checkout-for-woocommerce' ),
+                'custom'               => esc_html__( 'Custom header', 'svea-checkout-for-woocommerce' ),
+                'no'                   => esc_html__( 'Disable', 'svea-checkout-for-woocommerce' ),
+            ],
+            'default'     => 'REMOTE_ADDR',
             'description' => __(
+                'Verify the IP to one of Sveas server.<br />
+                        This functionality only works if you do not use a reverse proxy on your server. <br />
+                        <strong>Do not touch this if you do not know what you are doing</strong>.',
+                '<strong>Security Notice:</strong> IP restriction provides an additional layer of defense but is not a complete security measure. When using "auto-detect" or custom headers, ensure your server configuration properly strips client-supplied headers to prevent IP spoofing. Use "REMOTE_ADDR (No reverse proxy)" for the most secure option if not behind a proxy. For production environments, consider implementing additional webhook authentication mechanisms.',
                 'svea-checkout-for-woocommerce'
             ),
+            'default'     => 'yes',
+        ],
+        'ip_restriction_header'           => [
+            'title'       => esc_html__( 'IP restriction custom header', 'svea-checkout-for-woocommerce' ),
+            'type'        => 'text',
+            'description' => __(
+                '<strong>Warning:</strong> Custom headers can be spoofed by attackers unless your server is properly configured to strip client-supplied headers. Only use this option if you are certain your reverse proxy or CDN is configured to set this header and remove any client-provided values. Example: HTTP_X_REAL_IP or X-Real-IP.',
+                'svea-checkout-for-woocommerce'
+            ),
+            'default'     => '',
         ],
         'other_settings_hr'               => [
 …
             'default' => 'no',
         ],
+        'apple_pay_hr'                    => [
+            'title' => '<hr>',
+            'type'  => 'title',
+        ],
+        'apple_pay_title'                 => [
+            'title' => esc_html__( 'Apple Pay', 'svea-checkout-for-woocommerce' ),
+            'type'  => 'title',
+        ],
+        'apple_pay_certificate'           => [
+            'title' => esc_html__( 'Apple Pay Certificate', 'svea-checkout-for-woocommerce' ),
+            'type'  => 'apple_pay_certificate',
+        ],
+    ]
 );

svea-checkout-for-woocommerce/trunk/readme.txt

-                      r3439569
+                      r3454688
 License: Apache 2.0
 License URI: https://www.apache.org/licenses/LICENSE-2.0
 Stable tag: 3.4.3
+Stable tag: 3.5.0
 Supercharge your WooCommerce Store with powerful features to pay via Svea Checkout!
 …
 == Upgrade Notice ==
+= 3.5.0 =
+.5.0 is a minor release
 = 3.4.3 =
 .4.3 is a patch release
 …
 == Changelog ==
+= 3.5.0 2026-02-05 =
+- Updated to the latest SDK version for Svea Checkout (1.7.0) which includes a timeout for API requests.
+- Allow custom headers to be used for IP-restriction.
+- Changed the order flow of a pending order to go via the "Awaiting payment" to ensure third party plugins can use the same hooks as for non pending orders.
+- Added Apple Pay certificate upload setting in gateway configuration.
+- Ensure the usage of nonces across all ajax requests.
+- Ensure escaping of all output in the template.
+- Use information from the Checkout API instead of post body when using nShift.
+- Removed legacy code for session table which isn't needed anymore.
 = 3.4.3 2026-01-14 =

svea-checkout-for-woocommerce/trunk/svea-checkout-for-woocommerce.php

-                      r3439569
+                      r3454688
 namespace Svea_Checkout_For_Woocommerce;
+use Svea\Checkout\Transport\Connector;
 use Svea_Checkout_For_Woocommerce\Compat\Compat;
 …
  * Plugin URI: https://wordpress.org/plugins/svea-checkout-for-woocommerce/
  * Description: Process payments in WooCommerce via Svea Checkout.
  * Version: 3.4.3
+ * Version: 3.5.0
  * Requires Plugins: woocommerce
  * Author: The Generation AB
 …
          * Version of plugin
          */
         const VERSION = '3.4.3';
+        const VERSION = '3.5.0';
         /**
 …
          */
         public $instore;
-        /**
-         * Session_Table class
+         *
-         * @var Session_Table
-         */
-        public $session_table;
         /**
 …
             $this->instore = new Instore();
             $this->instore->init();
-            $this->session_table = new Session_Table();
-            $this->session_table->init();
+        }

svea-checkout-for-woocommerce/trunk/templates/svea-checkout.php

r3320066	r3454688
68	68
69	69	<div class="order-review-wrapper">
70		<input id="billing_postcode" type="hidden" name="billing_postcode" value="<?php echo ~~WC()->customer->get_billing_postcode(~~); ?>">
	70	<input id="billing_postcode" type="hidden" name="billing_postcode" value="<?php echo esc_attr( WC()->customer->get_billing_postcode() ); ?>">
71	71
72	72	<?php do_action( 'woocommerce_checkout_before_order_review_heading' ); ?>

svea-checkout-for-woocommerce/trunk/vendor/autoload.php

r3320066	r3454688
20	20	require_once __DIR__ . '/composer/autoload_real.php';
21	21
22		return ComposerAutoloaderInit~~4cfdf47045179a2c4f6ff86b1bce3df2~~::getLoader();
	22	return ComposerAutoloaderInit07e217451f0a071aa7dcb642a1b22b09::getLoader();

svea-checkout-for-woocommerce/trunk/vendor/composer/autoload_classmap.php

r3398960	r3454688
212	212	'Svea_Checkout_For_Woocommerce\\Rule_Integration' => $baseDir . '/inc/Rule_Integration.php',
213	213	'Svea_Checkout_For_Woocommerce\\Scripts' => $baseDir . '/inc/Scripts.php',
214		~~'Svea_Checkout_For_Woocommerce\\Session_Table' => $baseDir . '/inc/Session_Table.php',~~
215	214	'Svea_Checkout_For_Woocommerce\\Template_Handler' => $baseDir . '/inc/Template_Handler.php',
216	215	'Svea_Checkout_For_Woocommerce\\Utils\\Array_Utils' => $baseDir . '/inc/Utils/Array_Utils.php',

svea-checkout-for-woocommerce/trunk/vendor/composer/autoload_real.php

-                      r3320066
+                      r3454688
 // autoload_real.php @generated by Composer
 class ComposerAutoloaderInit4cfdf47045179a2c4f6ff86b1bce3df2
+class ComposerAutoloaderInit07e217451f0a071aa7dcb642a1b22b09
+{
     private static $loader;
 …
         require __DIR__ . '/platform_check.php';
         spl_autoload_register(array('ComposerAutoloaderInit4cfdf47045179a2c4f6ff86b1bce3df2', 'loadClassLoader'), true, true);
+        spl_autoload_register(array('ComposerAutoloaderInit07e217451f0a071aa7dcb642a1b22b09', 'loadClassLoader'), true, true);
         self::$loader = $loader = new \Composer\Autoload\ClassLoader(\dirname(__DIR__));
         spl_autoload_unregister(array('ComposerAutoloaderInit4cfdf47045179a2c4f6ff86b1bce3df2', 'loadClassLoader'));
+        spl_autoload_unregister(array('ComposerAutoloaderInit07e217451f0a071aa7dcb642a1b22b09', 'loadClassLoader'));
         require __DIR__ . '/autoload_static.php';
         call_user_func(\Composer\Autoload\ComposerStaticInit4cfdf47045179a2c4f6ff86b1bce3df2::getInitializer($loader));
+        call_user_func(\Composer\Autoload\ComposerStaticInit07e217451f0a071aa7dcb642a1b22b09::getInitializer($loader));
         $loader->register(true);
         $filesToLoad = \Composer\Autoload\ComposerStaticInit4cfdf47045179a2c4f6ff86b1bce3df2::$files;
+        $filesToLoad = \Composer\Autoload\ComposerStaticInit07e217451f0a071aa7dcb642a1b22b09::$files;
         $requireFile = \Closure::bind(static function ($fileIdentifier, $file) {
             if (empty($GLOBALS['__composer_autoload_files'][$fileIdentifier])) {

svea-checkout-for-woocommerce/trunk/vendor/composer/autoload_static.php

-                      r3398960
+                      r3454688
 namespace Composer\Autoload;
 class ComposerStaticInit4cfdf47045179a2c4f6ff86b1bce3df2
+class ComposerStaticInit07e217451f0a071aa7dcb642a1b22b09
+{
     public static $files = array (
 …
         'Svea_Checkout_For_Woocommerce\\Rule_Integration' => __DIR__ . '/../..' . '/inc/Rule_Integration.php',
         'Svea_Checkout_For_Woocommerce\\Scripts' => __DIR__ . '/../..' . '/inc/Scripts.php',
-        'Svea_Checkout_For_Woocommerce\\Session_Table' => __DIR__ . '/../..' . '/inc/Session_Table.php',
         'Svea_Checkout_For_Woocommerce\\Template_Handler' => __DIR__ . '/../..' . '/inc/Template_Handler.php',
         'Svea_Checkout_For_Woocommerce\\Utils\\Array_Utils' => __DIR__ . '/../..' . '/inc/Utils/Array_Utils.php',
 …
+    {
         return \Closure::bind(function () use ($loader) {
             $loader->prefixLengthsPsr4 = ComposerStaticInit4cfdf47045179a2c4f6ff86b1bce3df2::$prefixLengthsPsr4;
             $loader->prefixDirsPsr4 = ComposerStaticInit4cfdf47045179a2c4f6ff86b1bce3df2::$prefixDirsPsr4;
             $loader->classMap = ComposerStaticInit4cfdf47045179a2c4f6ff86b1bce3df2::$classMap;
+            $loader->prefixLengthsPsr4 = ComposerStaticInit07e217451f0a071aa7dcb642a1b22b09::$prefixLengthsPsr4;
+            $loader->prefixDirsPsr4 = ComposerStaticInit07e217451f0a071aa7dcb642a1b22b09::$prefixDirsPsr4;
+            $loader->classMap = ComposerStaticInit07e217451f0a071aa7dcb642a1b22b09::$classMap;
         }, null, ClassLoader::class);

svea-checkout-for-woocommerce/trunk/vendor/composer/installed.json

-                      r3320066
+                      r3454688
+        {
             "name": "guzzlehttp/guzzle",
             "version": "7.9.3",
             "version_normalized": "7.9.3.0",
+            "version": "7.10.0",
+            "version_normalized": "7.10.0.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/guzzle/guzzle.git",
                 "reference": "7b2f29fe81dc4da0ca0ea7d42107a0845946ea77"
             },
             "dist": {
                 "type": "zip",
                 "url": "https://api.github.com/repos/guzzle/guzzle/zipball/7b2f29fe81dc4da0ca0ea7d42107a0845946ea77",
                 "reference": "7b2f29fe81dc4da0ca0ea7d42107a0845946ea77",
+                "reference": "b51ac707cfa420b7bfd4e4d5e510ba8008e822b4"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/guzzle/guzzle/zipball/b51ac707cfa420b7bfd4e4d5e510ba8008e822b4",
+                "reference": "b51ac707cfa420b7bfd4e4d5e510ba8008e822b4",
                 "shasum": ""
             },
             "require": {
                 "ext-json": "*",
                 "guzzlehttp/promises": "^1.5.3 || ^2.0.3",
                 "guzzlehttp/psr7": "^2.7.0",
+                "guzzlehttp/promises": "^2.3",
+                "guzzlehttp/psr7": "^2.8",
                 "php": "^7.2.5 || ^8.0",
                 "psr/http-client": "^1.0",
 …
                 "psr/log": "Required for using the Log middleware"
             },
             "time": "2025-03-27T13:37:11+00:00",
+            "time": "2025-08-23T22:36:01+00:00",
             "type": "library",
             "extra": {
 …
             "support": {
                 "issues": "https://github.com/guzzle/guzzle/issues",
                 "source": "https://github.com/guzzle/guzzle/tree/7.9.3"
+                "source": "https://github.com/guzzle/guzzle/tree/7.10.0"
             },
             "funding": [
 …
+        {
             "name": "guzzlehttp/promises",
             "version": "2.2.0",
             "version_normalized": "2.2.0.0",
+            "version": "2.3.0",
+            "version_normalized": "2.3.0.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/guzzle/promises.git",
                 "reference": "7c69f28996b0a6920945dd20b3857e499d9ca96c"
             },
             "dist": {
                 "type": "zip",
                 "url": "https://api.github.com/repos/guzzle/promises/zipball/7c69f28996b0a6920945dd20b3857e499d9ca96c",
                 "reference": "7c69f28996b0a6920945dd20b3857e499d9ca96c",
+                "reference": "481557b130ef3790cf82b713667b43030dc9c957"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/guzzle/promises/zipball/481557b130ef3790cf82b713667b43030dc9c957",
+                "reference": "481557b130ef3790cf82b713667b43030dc9c957",
                 "shasum": ""
             },
 …
             "require-dev": {
                 "bamarni/composer-bin-plugin": "^1.8.2",
                 "phpunit/phpunit": "^8.5.39 || ^9.6.20"
             },
             "time": "2025-03-27T13:27:01+00:00",
+                "phpunit/phpunit": "^8.5.44 || ^9.6.25"
+            },
+            "time": "2025-08-22T14:34:08+00:00",
             "type": "library",
             "extra": {
 …
             "support": {
                 "issues": "https://github.com/guzzle/promises/issues",
                 "source": "https://github.com/guzzle/promises/tree/2.2.0"
+                "source": "https://github.com/guzzle/promises/tree/2.3.0"
             },
             "funding": [
 …
+        {
             "name": "guzzlehttp/psr7",
             "version": "2.7.1",
             "version_normalized": "2.7.1.0",
+            "version": "2.8.0",
+            "version_normalized": "2.8.0.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/guzzle/psr7.git",
                 "reference": "c2270caaabe631b3b44c85f99e5a04bbb8060d16"
             },
             "dist": {
                 "type": "zip",
                 "url": "https://api.github.com/repos/guzzle/psr7/zipball/c2270caaabe631b3b44c85f99e5a04bbb8060d16",
                 "reference": "c2270caaabe631b3b44c85f99e5a04bbb8060d16",
+                "reference": "21dc724a0583619cd1652f673303492272778051"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/guzzle/psr7/zipball/21dc724a0583619cd1652f673303492272778051",
+                "reference": "21dc724a0583619cd1652f673303492272778051",
                 "shasum": ""
             },
 …
                 "bamarni/composer-bin-plugin": "^1.8.2",
                 "http-interop/http-factory-tests": "0.9.0",
                 "phpunit/phpunit": "^8.5.39 || ^9.6.20"
+                "phpunit/phpunit": "^8.5.44 || ^9.6.25"
             },
             "suggest": {
                 "laminas/laminas-httphandlerrunner": "Emit PSR-7 responses"
             },
             "time": "2025-03-27T12:30:47+00:00",
+            "time": "2025-08-23T21:21:41+00:00",
             "type": "library",
             "extra": {
 …
             "support": {
                 "issues": "https://github.com/guzzle/psr7/issues",
                 "source": "https://github.com/guzzle/psr7/tree/2.7.1"
+                "source": "https://github.com/guzzle/psr7/tree/2.8.0"
             },
             "funding": [
 …
+        {
             "name": "sveaekonomi/checkout",
             "version": "1.6.0",
             "version_normalized": "1.6.0.0",
+            "version": "1.7.0",
+            "version_normalized": "1.7.0.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/sveawebpay/php-checkout.git",
                 "reference": "d184c949b60b96595cb786320bf049a5fbaf91df"
             },
             "dist": {
                 "type": "zip",
                 "url": "https://api.github.com/repos/sveawebpay/php-checkout/zipball/d184c949b60b96595cb786320bf049a5fbaf91df",
                 "reference": "d184c949b60b96595cb786320bf049a5fbaf91df",
+                "reference": "d6314fff51bee74154301be63d12918aa8e90ccc"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/sveawebpay/php-checkout/zipball/d6314fff51bee74154301be63d12918aa8e90ccc",
+                "reference": "d6314fff51bee74154301be63d12918aa8e90ccc",
                 "shasum": ""
             },
 …
                 "symfony/dependency-injection": "^2.7.51 || ^2.8.50 || ^3.4.26 || ^4.1.12 || ^4.2.7"
             },
             "time": "2025-06-30T13:03:15+00:00",
+            "time": "2026-02-05T10:57:04+00:00",
             "type": "library",
             "installation-source": "dist",
             "autoload": {
                 "psr-4": {
                     "Svea\\Checkout\\": "src"
+                    "Svea\\Checkout\\": "src/"
+                }
             },
 …
             "support": {
                 "issues": "https://github.com/sveawebpay/php-checkout/issues",
                 "source": "https://github.com/sveawebpay/php-checkout/tree/1.6.0"
+                "source": "https://github.com/sveawebpay/php-checkout/tree/1.7.0"
             },
             "install-path": "../sveaekonomi/checkout"

svea-checkout-for-woocommerce/trunk/vendor/composer/installed.php

-                      r3320066
+                      r3454688
     'versions' => array(
         'guzzlehttp/guzzle' => array(
             'pretty_version' => '7.9.3',
             'version' => '7.9.3.0',
             'reference' => '7b2f29fe81dc4da0ca0ea7d42107a0845946ea77',
+            'pretty_version' => '7.10.0',
+            'version' => '7.10.0.0',
+            'reference' => 'b51ac707cfa420b7bfd4e4d5e510ba8008e822b4',
             'type' => 'library',
             'install_path' => __DIR__ . '/../guzzlehttp/guzzle',
 …
         ),
         'guzzlehttp/promises' => array(
             'pretty_version' => '2.2.0',
             'version' => '2.2.0.0',
             'reference' => '7c69f28996b0a6920945dd20b3857e499d9ca96c',
+            'pretty_version' => '2.3.0',
+            'version' => '2.3.0.0',
+            'reference' => '481557b130ef3790cf82b713667b43030dc9c957',
             'type' => 'library',
             'install_path' => __DIR__ . '/../guzzlehttp/promises',
 …
         ),
         'guzzlehttp/psr7' => array(
             'pretty_version' => '2.7.1',
             'version' => '2.7.1.0',
             'reference' => 'c2270caaabe631b3b44c85f99e5a04bbb8060d16',
+            'pretty_version' => '2.8.0',
+            'version' => '2.8.0.0',
+            'reference' => '21dc724a0583619cd1652f673303492272778051',
             'type' => 'library',
             'install_path' => __DIR__ . '/../guzzlehttp/psr7',
 …
         ),
         'sveaekonomi/checkout' => array(
             'pretty_version' => '1.6.0',
             'version' => '1.6.0.0',
             'reference' => 'd184c949b60b96595cb786320bf049a5fbaf91df',
+            'pretty_version' => '1.7.0',
+            'version' => '1.7.0.0',
+            'reference' => 'd6314fff51bee74154301be63d12918aa8e90ccc',
             'type' => 'library',
             'install_path' => __DIR__ . '/../sveaekonomi/checkout',

svea-checkout-for-woocommerce/trunk/vendor/guzzlehttp/guzzle/CHANGELOG.md

-                      r3320066
+                      r3454688
 Please refer to [UPGRADING](UPGRADING.md) guide for upgrading to a major version.
+## 7.10.0 - 2025-08-23
+### Added
+- Support for PHP 8.5
+### Changed
+- Adjusted `guzzlehttp/promises` version constraint to `^2.3`
+- Adjusted `guzzlehttp/psr7` version constraint to `^2.8`

svea-checkout-for-woocommerce/trunk/vendor/guzzlehttp/guzzle/composer.json

-                      r3172745
+                      r3454688
         "php": "^7.2.5 || ^8.0",
         "ext-json": "*",
         "guzzlehttp/promises": "^1.5.3 || ^2.0.3",
         "guzzlehttp/psr7": "^2.7.0",
+        "guzzlehttp/promises": "^2.3",
+        "guzzlehttp/psr7": "^2.8",
         "psr/http-client": "^1.0",
         "symfony/deprecation-contracts": "^2.2 || ^3.0"

svea-checkout-for-woocommerce/trunk/vendor/guzzlehttp/guzzle/src/Handler/CurlFactory.php

-                      r3172745
+                      r3454688
         if (\count($this->handles) >= $this->maxHandles) {
+            \curl_close($resource);
+            if (PHP_VERSION_ID < 80000) {
+                \curl_close($resource);
+            }
         } else {
             // Remove all callback functions as they can hold onto references
 …
+    {
         foreach ($this->handles as $id => $handle) {
+            \curl_close($handle);
+            if (PHP_VERSION_ID < 80000) {
+                \curl_close($handle);
+            }
             unset($this->handles[$id]);
+        }

svea-checkout-for-woocommerce/trunk/vendor/guzzlehttp/guzzle/src/Handler/CurlMultiHandler.php

-                      r3172745
+                      r3454688
         unset($this->delays[$id], $this->handles[$id]);
         \curl_multi_remove_handle($this->_mh, $handle);
+        \curl_close($handle);
+        if (PHP_VERSION_ID < 80000) {
+            \curl_close($handle);
+        }
         return true;

svea-checkout-for-woocommerce/trunk/vendor/guzzlehttp/guzzle/src/Handler/StreamHandler.php

-                      r3320066
+                      r3454688
         return $this->createResource(
             function () use ($uri, &$http_response_header, $contextResource, $context, $options, $request) {
+            function () use ($uri, $contextResource, $context, $options, $request) {
                 $resource = @\fopen((string) $uri, 'r', false, $contextResource);
+                // See https://wiki.php.net/rfc/deprecations_php_8_5#deprecate_the_http_response_header_predefined_variable
+                if (function_exists('http_get_last_response_headers')) {
+                    /** @var array|null */
+                    $http_response_header = \http_get_last_response_headers();
+                }
                 $this->lastHeaders = $http_response_header ?? [];

svea-checkout-for-woocommerce/trunk/vendor/guzzlehttp/guzzle/src/Middleware.php

-                      r3172745
+                      r3454688
      * formatter.
+     *
-     * @phpstan-param \Psr\Log\LogLevel::* $logLevel  Level at which to log requests.
+     *
      * @param LoggerInterface                            $logger    Logs messages.
      * @param MessageFormatterInterface|MessageFormatter $formatter Formatter used to create message strings.
      * @param string                                     $logLevel  Level at which to log requests.
+     *
+     * @phpstan-param \Psr\Log\LogLevel::* $logLevel Level at which to log requests.
+     *
      * @return callable Returns a function that accepts the next handler.

svea-checkout-for-woocommerce/trunk/vendor/guzzlehttp/promises/CHANGELOG.md

-                      r3320066
+                      r3454688
 # CHANGELOG
+## 2.3.0 - 2025-08-22
+### Added
+- PHP 8.5 support

svea-checkout-for-woocommerce/trunk/vendor/guzzlehttp/promises/README.md

r3172745	r3454688
42	42	\|---------\|---------------------\|--------------\|
43	43	\| 1.x \| Security fixes only \| >=5.5,<8.3 \|
44		\| 2.x \| Latest \| >=7.2.5,<8.5 \|
	44	\| 2.x \| Latest \| >=7.2.5,<8.6 \|
45	45
46	46

svea-checkout-for-woocommerce/trunk/vendor/guzzlehttp/promises/composer.json

r3172745	r3454688
31	31	"require-dev": {
32	32	"bamarni/composer-bin-plugin": "^1.8.2",
33		"phpunit/phpunit": "^8.5.~~39 \|\| ^9.6.20~~"
	33	"phpunit/phpunit": "^8.5.44 \|\| ^9.6.25"
34	34	},
35	35	"autoload": {

svea-checkout-for-woocommerce/trunk/vendor/guzzlehttp/psr7/CHANGELOG.md

-                      r3320066
+                      r3454688
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+## 2.8.0 - 2025-08-23
+### Added
+- Allow empty lists as header values
+### Changed
+- PHP 8.5 support
 ## 2.7.1 - 2025-03-27

svea-checkout-for-woocommerce/trunk/vendor/guzzlehttp/psr7/README.md

r3172745	r3454688
26	26	\|---------\|---------------------\|--------------\|
27	27	\| 1.x \| EOL (2024-06-30) \| >=5.4,<8.2 \|
28		\| 2.x \| Latest \| >=7.2.5,<8.5 \|
	28	\| 2.x \| Latest \| >=7.2.5,<8.6 \|
29	29
30	30

svea-checkout-for-woocommerce/trunk/vendor/guzzlehttp/psr7/composer.json

r3172745	r3454688
63	63	"bamarni/composer-bin-plugin": "^1.8.2",
64	64	"http-interop/http-factory-tests": "0.9.0",
65		"phpunit/phpunit": "^8.5.~~39 \|\| ^9.6.20~~"
	65	"phpunit/phpunit": "^8.5.44 \|\| ^9.6.25"
66	66	},
67	67	"suggest": {

svea-checkout-for-woocommerce/trunk/vendor/guzzlehttp/psr7/src/MessageTrait.php

-                      r3088414
+                      r3454688
         if (!is_array($value)) {
             return $this->trimAndValidateHeaderValues([$value]);
+        }
-        if (count($value) === 0) {
-            throw new \InvalidArgumentException('Header value can not be an empty array.');
+        }

svea-checkout-for-woocommerce/trunk/vendor/guzzlehttp/psr7/src/Utils.php

-                      r3172745
+                      r3454688
         if ($ex) {
             /** @var $ex \RuntimeException */
+            /** @var \RuntimeException $ex */
             throw $ex;
+        }
 …
         if ($ex) {
             /** @var $ex \RuntimeException */
+            /** @var \RuntimeException $ex */
             throw $ex;
+        }

svea-checkout-for-woocommerce/trunk/vendor/sveaekonomi/checkout/README.md

-                      r3320066
+                      r3454688
 You can also download the library and upload it onto your server.
+### 1.3 Define API timeout (optional)
+The default timeout for API requests is set to 5 seconds. If you want to change this value you can define the constant `SVEA_CHECKOUT_API_TIMEOUT` before including the library.
+```php
+// Set timeout to 10 seconds
+define('SVEA_CHECKOUT_API_TIMEOUT', 10);
+// Include the library
+include 'vendor/autoload.php';
+```
 ### 2. General information
 …
 The connector defines what credentials should be used and which environment should be used.
 Parameters for creating Connector are: checkoutMerchantId, checkoutSecret and base API url(environment).
 …
 | LEASINGAPPROVED | Leasing (Automatically approved leasing contract)
 | TRUSTLY            | The customer paid with Trustly |
+| APPLEPAY         | The customer paid with Apple Pay |
+| APPLEPAY_PF         | The customer paid with Apple Pay via a payment facilitator |
 | Directbank (varies)  |    The customer paid the order with direct bank e.g. Nordea, SEB. See below for all available parameters |

svea-checkout-for-woocommerce/trunk/vendor/sveaekonomi/checkout/VERSION

r3320066	r3454688
1		1.6.0
	1	1.7.0

svea-checkout-for-woocommerce/trunk/vendor/sveaekonomi/checkout/composer.json

-                      r3320066
+                      r3454688
+{
   "name": "sveaekonomi/checkout",
   "version": "1.6.0",
+  "version": "1.7.0",
   "description": "Php integration library for Svea Checkout",
   "license": "Apache-2.0",
 …
   "autoload": {
     "psr-4": {
       "Svea\\Checkout\\": "src"
+      "Svea\\Checkout\\": "src/"
+    }
   },

svea-checkout-for-woocommerce/trunk/vendor/sveaekonomi/checkout/src/CheckoutClient.php

r3320066	r3454688
26	26	namespace Svea\Checkout;
27	27
	28	use Indeed\Uap\PreviousRanks;
	29	use Opis\JsonSchema\Variables\RefVariablesContainer;
28	30	use Svea\Checkout\Implementation\ImplementationInterface;
29	31	use Svea\Checkout\Transport\Connector;

svea-checkout-for-woocommerce/trunk/vendor/sveaekonomi/checkout/src/Transport/ApiClient.php

-                      r2005541
+                      r3454688
         $this->httpClient->setOption(CURLOPT_RETURNTRANSFER, 1);
         $this->httpClient->setOption(CURLOPT_HEADER, 1);
-        $this->httpClient->setOption(CURLOPT_SSL_VERIFYPEER, false);
         if ($request->getMethod() === 'POST') {
 …
             $this->httpClient->setOption(CURLOPT_POSTFIELDS, $request->getBody());
+        }
+        // Set a default timeout of 5 seconds if none is defined
+        $timeout = defined('SVEA_CHECKOUT_API_TIMEOUT') ? SVEA_CHECKOUT_API_TIMEOUT : 5;
+        $this->httpClient->setOption(CURLOPT_TIMEOUT, $timeout);
         $httpResponse = $this->httpClient->execute();

svea-checkout-for-woocommerce/trunk/vendor/sveaekonomi/checkout/src/Transport/Http/CurlRequest.php

r1898244	r3454688
11	11	{
12	12	/**
13		* @var null\|~~resource~~
	13	* @var null\|mixed
14	14	*/
15	15	private $handle = null;

svea-checkout-for-woocommerce/trunk/vendor/sveaekonomi/checkout/src/Validation/Admin/ValidateDeliverOrderData.php

r2846828	r3454688
19	19	$this->mustBeInteger($data['orderid'], 'Order Id');
20	20
21		$this->mustBeSet($data, 'orderrowids', 'Order Id');
	21	$this->mustBeSet($data, 'orderrowids', 'Order Row Ids');
22	22	$this->mustBeArray($data['orderrowids'], 'Order Row Ids');
23	23

Context Navigation

Legend:

Download in other formats: