Merge pull request #19 from bluem-development/1.3.21

1.3.23

bluem-db.php

@@ -188,6 +188,26 @@ function bluem_db_request_log($request_id, $description, $log_data = array())
     );
 }
 
+function bluem_db_initialize_session_storage(): array|false
+{
+    if (!empty($_COOKIE['bluem_storage_token']) || !empty($_COOKIE['bluem_storage_secret']) || !isset($_SERVER['SERVER_NAME'])) {
+        return false;
+    }
+
+    // Generate a 32-character token
+    $token = bin2hex(random_bytes(16));
+
+    // Generate a 64-character secret
+    $secret = bin2hex(random_bytes(32));
+
+    $path = sanitize_text_field(wp_unslash($_SERVER['SERVER_NAME']));
+
+    setcookie('bluem_storage_token', $token, 0, '/', $path, false, true);
+    setcookie('bluem_storage_secret', $secret, 0, '/', $path, false, true);
+
+    return [$token, $secret];
+}
+
 /**
  * Insert data into storage
  *
@@ -209,7 +229,11 @@ function bluem_db_insert_storage($object)
         $result = $wpdb->get_results($wpdb->prepare("SELECT id, data FROM $table_name WHERE token = %s AND secret = %s", $token, $secret));
 
         if ($result) {
-            $decoded_data = json_decode($result[0]->data, true);
+            try {
+                $decoded_data = json_decode($result[0]->data, true, 512, JSON_THROW_ON_ERROR);
+            } catch (JsonException $e) {
+                $decoded_data = null;
+            }
 
             $record_id = $result[0]->id;
 
@@ -224,7 +248,7 @@ function bluem_db_insert_storage($object)
 
             // Loop through new data
             foreach ($object as $key => $value) {
-                $new_object[$key] = $value; // Overwrite if key exists
+                $new_object[$key] = $value;
             }
 
             return bluem_db_update_storage(
@@ -236,11 +260,6 @@ function bluem_db_insert_storage($object)
         }
     }
 
-    // Generate a 32-character token
-    $token = bin2hex(random_bytes(16));
-
-    // Generate a 64-character secret
-    $secret = bin2hex(random_bytes(32));
 
     $db_result = $wpdb->insert(
         $wpdb->prefix . 'bluem_storage',
@@ -254,13 +273,16 @@ function bluem_db_insert_storage($object)
         )
     );
 
+    $expiration = time() + (7 * 24 * 60 * 60); // 7 days
+
     if ($db_result !== false && isset($_SERVER['SERVER_NAME'])) {
         // Set cookies for token and secret for
-        setcookie('bluem_storage_token', $token, 0, '/', sanitize_text_field(wp_unslash($_SERVER['SERVER_NAME'])), false, true);
-        setcookie('bluem_storage_secret', $secret, 0, '/', sanitize_text_field(wp_unslash($_SERVER['SERVER_NAME'])), false, true);
+        setcookie('bluem_storage_token', $token, $expiration, '/', sanitize_text_field(wp_unslash($_SERVER['SERVER_NAME'])), false, true);
+        setcookie('bluem_storage_secret', $secret, $expiration, '/', sanitize_text_field(wp_unslash($_SERVER['SERVER_NAME'])), false, true);
 
         return true;
     }
+
     return false;
 }
 
@@ -286,15 +308,18 @@ function bluem_db_get_storage($key = null)
         );
 
         if ($result) {
-            // Decode the JSON data
-            $decoded_data = json_decode($result, true);
+            try {
+                $decoded_data = json_decode($result, true, 512, JSON_THROW_ON_ERROR);
+            } catch (JsonException $e) {
+                $decoded_data = null;
+            }
 
             if ($decoded_data !== null) {
                 if ($key !== null && isset($decoded_data[$key])) {
-                    return $decoded_data[$key]; // Return the specific key's value
+                    return $decoded_data[$key];
                 }
 
-                return $decoded_data; // Return the entire decoded JSON data as an array
+                return $decoded_data;
             }
         }
     }

bluem-idin.php

@@ -895,21 +895,13 @@ function bluem_idin_form(): string
     return $html;
 }
 
-add_action('parse_request', 'bluem_idin_shortcode_idin_execute');
 /**
  * This function is called POST from the form rendered on a page or post
  *
  * @return void
  */
 function bluem_idin_shortcode_idin_execute(): void
 {
-    $shortcode_execution_url = 'bluem-woocommerce/idin_execute';
-
-    if (!isset($_SERVER['REQUEST_URI']) || !str_contains(sanitize_url(wp_unslash($_SERVER['REQUEST_URI'])), $shortcode_execution_url)) {
-        // any other request
-        return;
-    }
-
     $goto = false;
     if (!empty($_GET['redirect_to_checkout'])
         && sanitize_text_field(wp_unslash($_GET['redirect_to_checkout'])) === 'true'
@@ -923,16 +915,11 @@ function bluem_idin_shortcode_idin_execute(): void
     bluem_idin_execute(null, true, $goto);
 }
 
-add_action('parse_request', 'bluem_idin_shortcode_callback');
 /**
  * This function is executed at a callback GET request with a given mandateId. This is then, together with the entranceCode in user or Bluem session storage, sent for a SUD to the Bluem API.
  */
 function bluem_idin_shortcode_callback(): void
 {
-    if (!str_contains(sanitize_url(wp_unslash($_SERVER['REQUEST_URI'])), 'bluem-woocommerce/idin_shortcode_callback')) {
-        return;
-    }
-
     $bluem_config = bluem_woocommerce_get_config();
 
     // fallback until this is corrected in bluem-php
@@ -1266,17 +1253,13 @@ function bluem_idin_shortcode_callback(): void
     exit;
 }
 
-add_action('parse_request', 'bluem_idin_webhook');
 /**
  * Identity webhook action
  *
  * @return void
  */
 function bluem_idin_webhook(): void
 {
-    if (strpos(sanitize_url(wp_unslash($_SERVER['REQUEST_URI'])), 'bluem-woocommerce/bluem_idin_webhook') === false) {
-        return;
-    }
     http_response_code(200);
     exit;
 }

bluem-integrations.php

@@ -183,16 +183,11 @@ function bluem_woocommerce_integration_gform_javascript()
  * ContactForm 7 integration.
  * AJAX Form submissions.
  */
-add_action('parse_request', 'bluem_woocommerce_integration_wpcf7_ajax');
 
 function bluem_woocommerce_integration_wpcf7_ajax()
 {
     $bluem_config = bluem_woocommerce_get_config();
 
-    if (!isset($_SERVER['REQUEST_URI']) || strpos(sanitize_url(wp_unslash($_SERVER['REQUEST_URI'])), 'bluem-woocommerce/bluem-integrations/wpcf7_mandate') === false) {
-        return;
-    }
-
     $bluem_mandate_approve = !empty($_POST['bluem_mandate_approve']) ? sanitize_text_field(wp_unslash($_POST['bluem_mandate_approve'])) : '';
 
     if ($bluem_config->wpcf7Active !== 'Y' || empty($bluem_mandate_approve)) {
@@ -541,18 +536,12 @@ function bluem_woocommerce_integration_wpcf7_submit()
  * ContactForm 7 integration.
  * Callback for requests.
  */
-add_action('parse_request', 'bluem_woocommerce_integration_wpcf7_callback');
-
 function bluem_woocommerce_integration_wpcf7_callback()
 {
     $bluem_config = bluem_woocommerce_get_config();
 
     $storage = bluem_db_get_storage();
 
-    if (empty($_SERVER['REQUEST_URI']) || strpos(sanitize_url(wp_unslash($_SERVER['REQUEST_URI'])), 'bluem-woocommerce/bluem-integrations/wpcf7_callback') === false) {
-        return;
-    }
-
     if ($bluem_config->wpcf7Active !== 'Y') {
         return;
     }
@@ -1025,18 +1014,13 @@ function bluem_woocommerce_integration_gform_submit($entry, $form)
  * Gravity Forms integration.
  * Callback after request
  */
-add_action('parse_request', 'bluem_woocommerce_integration_gform_callback');
 
 function bluem_woocommerce_integration_gform_callback()
 {
     $bluem_config = bluem_woocommerce_get_config();
 
     $storage = bluem_db_get_storage();
 
-    if (strpos(sanitize_url(wp_unslash($_SERVER['REQUEST_URI'])), 'bluem-woocommerce/bluem-integrations/gform_callback') === false) {
-        return;
-    }
-
     if ($bluem_config->gformActive !== 'Y') {
         return;
     }

bluem-interface.php

@@ -29,7 +29,7 @@ function bluem_render_request_table($categoryName, $requests, $users_by_id = arr
         echo '<p>';
         printf(
         /* translators: %s: Name of the category (Bluem service)   */
-            esc_html__('No transactions yet for %s', 'bluem'),
+            esc_html__('Nog geen transacties voor %s', 'bluem'),
             esc_attr($categoryName)
         );
         echo '</p>';