WordPress.org
Get WordPress

Plugin Directory

Changeset 3465799


Ignore:
Timestamp:
02/20/2026 12:42:31 PM (5 weeks ago)
Author:
peachpay
Message:

1.120.11

Location:
peachpay-for-woocommerce
Files:
892 added
6 edited

Legend:

Unmodified
Added
Removed

  • peachpay-for-woocommerce/trunk/changelog.txt

    r3465731 r3465799  
    11*** PeachPay for WooCommerce Changelog ***
     2
     32026-02-20 - version 1.120.11
     4* Fixes for Apple Pay 503 "amount mismatch" and ensuring the user never pays a stale amount
    25
    362026-02-20 - version 1.120.10

  • peachpay-for-woocommerce/trunk/core/payments/convesiopay/assets/js/convesiopay-unified-classic.js

    r3465731 r3465799  
    1919    let convesioPayInitialized = false; // Track if one-time initialization has been done
    2020    let mountConvesioPayComponentAttempt = 0;
     21    let applePayAuthorizedAmount = null;
    2122
    2223    /**
     
    634635
    635636    /**
     637     * Clear stored Apple Pay authorization when total has changed.
     638     * Prevents submitting a stale amount (e.g. after failed submit then user changes address).
     639     * Call before updateComponentAmount when total change is detected.
     640     */
     641    function clearApplePayAuthorizationIfSet() {
     642        if (paymentConfirmedData && paymentConfirmedData.paymentMethod === 'applepay') {
     643            paymentConfirmedData = null;
     644            currentPaymentMethod = null;
     645            applePayAuthorizedAmount = null;
     646            if (typeof window !== 'undefined') {
     647                window.convesiopayApplePayAuthorizedAmount = undefined;
     648                window.convesiopayApplePayPaymentData = undefined;
     649            }
     650        }
     651    }
     652
     653    /**
    636654     * Unmount and destroy the ConvesioPay component while the container is still in the DOM.
    637655     * Must be called before WooCommerce replaces the checkout fragment (e.g. on update_checkout).
     
    19671985                lastKnownCartTotal = currentTotal;
    19681986
     1987                // Invalidate any stored Apple Pay auth so we never submit a stale amount
     1988                clearApplePayAuthorizationIfSet();
     1989
    19691990                // Update component amount if component exists (for ApplePay, BTCPay)
    19701991                // Don't rely on currentPaymentMethod as it might not be set yet
     
    19832004
    19842005                    lastKnownCartTotal = currentTotal;
     2006
     2007                    // Invalidate any stored Apple Pay auth so we never submit a stale amount
     2008                    clearApplePayAuthorizationIfSet();
    19852009
    19862010                    // Update component amount if component exists
     
    26812705
    26822706    $(document.body).on('updated_checkout', function() {
     2707        // CRITICAL: Snapshot payment state BEFORE unmount. unmountConvesioPayComponentSafely() may call
     2708        // resetSessionState() when no component exists, which clears paymentConfirmedData — so we must
     2709        // capture it first to avoid losing token/method and forcing re-authorization.
     2710        const savedPaymentData = paymentConfirmedData;
     2711        const savedPaymentMethod = currentPaymentMethod;
     2712        const savedToken = window.convesiopayPaymentToken;
     2713
    26832714        // Diagnostic: confirm old container was removed and current node is new (root cause of NotFoundError)
    26842715        if (window._oldConvesioContainer) {
     
    26942725        unmountConvesioPayComponentSafely();
    26952726
    2696         // CRITICAL FIX: Save current payment data before reset
    2697         // When WooCommerce re-renders the checkout, the hidden fields are removed from the DOM.
    2698         // We need to preserve the payment data and re-add the fields after the checkout is updated.
    2699         const savedPaymentData = paymentConfirmedData;
    2700         const savedPaymentMethod = currentPaymentMethod;
    2701         const savedToken = window.convesiopayPaymentToken;
    2702        
     2727        // Reset session state (component refs etc.). Payment data already saved above.
    27032728        resetSessionState();
    27042729       

  • peachpay-for-woocommerce/trunk/core/payments/convesiopay/gateways/class-peachpay-convesiopay-applepay-gateway.php

    r3465731 r3465799  
    267267            $frontend_applepay_amount_cents = $this->parse_amount_to_cents( $frontend_applepay_amount );
    268268            $selected_method_session = ( WC()->session ) ? WC()->session->get( 'convesiopay_selected_method' ) : '';
    269             $request_amount_cents = ( null !== $frontend_applepay_amount_cents && $frontend_applepay_amount_cents > 0 ) ? $frontend_applepay_amount_cents : $order_amount_cents;
     269
     270            // Server-authoritative: always use order total for the payment request amount.
     271            // Use frontend applepay_amount only for validation and logging (avoids tampering/stale client data).
     272            $request_amount_cents = $order_amount_cents;
     273            if ( null !== $frontend_applepay_amount_cents && $frontend_applepay_amount_cents > 0 ) {
     274                $amount_diff_cents = abs( $frontend_applepay_amount_cents - $order_amount_cents );
     275                if ( $amount_diff_cents > 1 ) {
     276                    peachpay_log( 'warning', 'ConvesioPay: Apple Pay frontend amount differs from order total for order ' . $order->get_order_number() . ' (order_cents: ' . $order_amount_cents . ', frontend_cents: ' . $frontend_applepay_amount_cents . '). Rejecting so user re-authorizes.' );
     277                    throw new Exception( __( 'Order total has changed. Please confirm the payment amount and try again.', 'peachpay-for-woocommerce' ) );
     278                }
     279            }
    270280
    271281            // Ensure line item sum equals request amount for strict API validation.

  • peachpay-for-woocommerce/trunk/core/payments/convesiopay/gateways/class-peachpay-convesiopay-unified-gateway.php

    r3465731 r3465799  
    11451145            plugins_url( 'core/payments/convesiopay/assets/js/convesiopay-unified-classic.js', PEACHPAY_PLUGIN_FILE ),
    11461146            array( 'jquery', 'convesiopay-sdk' ),
    1147             '1.1.6',
     1147            '1.1.61',
    11481148            true
    11491149        );

  • peachpay-for-woocommerce/trunk/peachpay.php

    r3465731 r3465799  
    44 * Plugin URI: https://woocommerce.com/products/peachpay
    55 * Description: Connect and manage all your payment methods, offer shoppers a beautiful Express Checkout, and reduce cart abandonment.
    6  * Version: 1.120.10
     6 * Version: 1.120.11
    77 * Text Domain: peachpay-for-woocommerce
    88 * Domain Path: /languages

  • peachpay-for-woocommerce/trunk/readme.txt

    r3465731 r3465799  
    44Requires at least: 5.8
    55Tested up to: 6.8.1
    6 Stable tag: 1.120.10
     6Stable tag: 1.120.11
    77Requires PHP: 7.0
    88License: GPLv2 or later
     
    262262
    263263== Changelog ==
     264
     265= 1.120.11 =
     266* Fixes for Apple Pay 503 "amount mismatch" and ensuring the user never pays a stale amount
    264267
    265268= 1.120.10 =
Note: See TracChangeset for help on using the changeset viewer.