Changeset 3252230
- Timestamp:
- 03/07/2025 02:54:11 PM (12 months ago)
- Location:
- securesubmit/trunk
- Files:
-
- 21 edited
-
README.md (modified) (1 diff)
-
SecureSubmit.php (modified) (68 diffs)
-
lib/src/Abstractions/HpsBuilderAbstract.php (modified) (2 diffs)
-
lib/src/Abstractions/HpsGatewayServiceAbstract.php (modified) (5 diffs)
-
lib/src/Entities/HpsDirectMarketData.php (modified) (1 diff)
-
lib/src/Infrastructure/Validation/HpsGatewayResponseValidation.php (modified) (1 diff)
-
lib/src/Infrastructure/Validation/HpsInputValidation.php (modified) (9 diffs)
-
lib/src/Services/Fluent/Gateway/Credit/HpsCreditServiceListTransactionsBuilder.php (modified) (1 diff)
-
lib/src/Services/Fluent/Gateway/HpsFluentCheckService.php (modified) (2 diffs)
-
lib/src/Services/Fluent/Gateway/HpsFluentCreditService.php (modified) (3 diffs)
-
lib/src/Services/Gateway/AltPayment/HpsAltPaymentService.php (modified) (2 diffs)
-
lib/src/Services/Gateway/AltPayment/HpsMasterPassService.php (modified) (3 diffs)
-
lib/src/Services/Gateway/HpsAttachmentService.php (modified) (4 diffs)
-
lib/src/Services/Gateway/HpsCentinelGatewayService.php (modified) (1 diff)
-
lib/src/Services/Gateway/HpsCheckService.php (modified) (2 diffs)
-
lib/src/Services/Gateway/HpsCreditService.php (modified) (4 diffs)
-
lib/src/Services/Gateway/HpsDebitService.php (modified) (3 diffs)
-
lib/src/Services/Gateway/HpsRestGatewayService.php (modified) (2 diffs)
-
lib/src/Services/Gateway/HpsSoapGatewayService.php (modified) (2 diffs)
-
lib/src/Services/Gateway/HpsTokenService.php (modified) (1 diff)
-
readme.txt (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
securesubmit/trunk/README.md
r3218401 r3252230 43 43 44 44 ## Changelog 45 #### 1.5.18 46 * Vulnerability fixes 47 45 48 #### 1.5.17 46 49 * Bugfix: Corrected gateway endpoints -
securesubmit/trunk/SecureSubmit.php
r3218401 r3252230 5 5 Description: Heartland Payment Systems SecureSubmit Plugin 6 6 Author: SecureSubmit 7 Version: 1.5.1 77 Version: 1.5.18 8 8 Author URI: https://developer.heartlandpaymentsystems.com/SecureSubmit 9 9 */ … … 201 201 <!-- Start Page Wrapper --> 202 202 <div class="wrap ss-wrap"> 203 <h1 class="ss-wp-heading-inline"><span class="hidden-small">SecureSubmit Donate / Pay Now </span><?php echo (isset($title) ? $title: esc_html(get_admin_page_title())) ?></h1>203 <h1 class="ss-wp-heading-inline"><span class="hidden-small">SecureSubmit Donate / Pay Now </span><?php echo (isset($title) ? esc_html($title) : esc_html(get_admin_page_title())) ?></h1> 204 204 <div id="message" class="updated hidden"> 205 205 <p></p> … … 225 225 ?> 226 226 <div class="ss-checkbox"> 227 <input type="checkbox" id="enable_button_builder" <?php echo $ischecked; ?> />227 <input type="checkbox" id="enable_button_builder" <?php echo esc_html($ischecked); ?> /> 228 228 <label for="enable_button_builder" class="ss-checkbox-label">Enable Button Builder</label> 229 229 </div> … … 234 234 $ischecked = "checked='checked'"; 235 235 ?> 236 <input type="checkbox" id="enable_recaptcha" <?php echo $ischecked; ?> />236 <input type="checkbox" id="enable_recaptcha" <?php echo esc_html($ischecked); ?> /> 237 237 <label for="enable_recaptcha" class="ss-checkbox-label">Enable Google Recaptcha</label> 238 238 <br /><span class="ss-subtext">Non-modal only. What is <a target="_blank" href="https://www.google.com/recaptcha/intro/index.html">Google ReCaptcha</a>?</span> … … 253 253 $ischecked = "checked='checked'"; 254 254 ?> 255 <input type="checkbox" id="enable_fraud" <?php echo $ischecked; ?> />255 <input type="checkbox" id="enable_fraud" <?php echo esc_html($ischecked); ?> /> 256 256 <label for="enable_fraud" class="ss-checkbox-label">Enable Fraud Options</label> 257 257 </div> … … 262 262 ?> 263 263 <label for="fraud_message">Displayed Message:</label> 264 <textarea id="fraud_message"><?php echo wp_sprintf('%s', $fraud_message); ?></textarea>264 <textarea id="fraud_message"><?php echo wp_sprintf('%s',esc_html($fraud_message)); ?></textarea> 265 265 <?php 266 266 $fraud_velocity_attempts = 0; … … 269 269 ?> 270 270 <label for="fraud_velocity_attempts">How many failed attempts before blocking?</label> 271 <input type="text" id="fraud_velocity_attempts" <?php echo $fraud_velocity_attempts; ?> />271 <input type="text" id="fraud_velocity_attempts" <?php echo esc_html($fraud_velocity_attempts); ?> /> 272 272 <?php 273 273 $fraud_velocity_timeout = 0; … … 276 276 ?> 277 277 <label for="fraud_velocity_timeout">How long (in minutes) should we keep a tally of recent failures?</label> 278 <input type="text" id="fraud_velocity_timeout" <?php echo $fraud_velocity_timeout; ?> />278 <input type="text" id="fraud_velocity_timeout" <?php echo esc_html($fraud_velocity_timeout); ?> /> 279 279 </div> 280 280 <!-- End Fraud Options Panel --> … … 388 388 </style> 389 389 <div class="wrap ss-wrap"> 390 <h1 class="ss-wp-heading-inline"><span class="hidden-small">SecureSubmit Donate / Pay Now </span><?php echo (isset($title) ? $title: esc_html(get_admin_page_title())) ?></h1>390 <h1 class="ss-wp-heading-inline"><span class="hidden-small">SecureSubmit Donate / Pay Now </span><?php echo (isset($title) ? esc_html($title) : esc_html(get_admin_page_title())) ?></h1> 391 391 <form name="report_data" method="post" action="admin.php?page=sub-reporting"> 392 392 <div id="message" class="updated hidden"> … … 411 411 </form> 412 412 <?php if($_SERVER['REQUEST_METHOD'] =='POST'){ 413 $transactions = $wpdb->get_results( 'select * from '.$table_name.' order by id desc limit 10000;' , 'ARRAY_A');413 $transactions = $wpdb->get_results( $wpdb->prepare("SELECT * FROM %s order by id desc limit 10000",$table_name ) , 'ARRAY_A' ); 414 414 $count = 0; 415 415 ?> … … 460 460 } ?> 461 461 <td> 462 <?php echo $row['transaction_id']; ?>462 <?php echo esc_html($row['transaction_id']); ?> 463 463 </td> 464 464 <td> 465 <?php echo $row['amount']; ?>465 <?php echo esc_html($row['amount']); ?> 466 466 </td> 467 467 <td> 468 <?php echo $row['product_id']; ?>468 <?php echo esc_html($row['product_id']); ?> 469 469 </td> 470 470 <td> 471 <?php echo $row['time']; ?>471 <?php echo esc_html($row['time']); ?> 472 472 </td> 473 473 <td> 474 <?php echo $row['billing_name']; ?>474 <?php echo esc_html($row['billing_name']); ?> 475 475 </td> 476 476 <td> 477 <?php echo $row['billing_address']; ?>477 <?php echo esc_html($row['billing_address']); ?> 478 478 </td> 479 479 <td> 480 <?php echo $row['billing_city']; ?>480 <?php echo esc_html($row['billing_city']); ?> 481 481 </td> 482 482 <td> 483 <?php echo $row['billing_state']; ?>483 <?php echo esc_html($row['billing_state']); ?> 484 484 </td> 485 485 <td> 486 <?php echo $row['billing_zip']; ?>486 <?php echo esc_html($row['billing_zip']); ?> 487 487 </td> 488 488 <td> 489 <?php echo $row['billing_email']; ?>489 <?php echo esc_html($row['billing_email']); ?> 490 490 </td> 491 491 <?php if($shipping){ ?> 492 492 <td> 493 <?php echo $row['shipping_name']; ?>493 <?php echo esc_html($row['shipping_name']); ?> 494 494 </td> 495 495 <td> 496 <?php echo $row['shipping_address']; ?>496 <?php echo esc_html($row['shipping_address']); ?> 497 497 </td> 498 498 <td> 499 <?php echo $row['shipping_city']; ?>499 <?php echo esc_html($row['shipping_city']); ?> 500 500 </td> 501 501 <td> 502 <?php echo $row['shipping_state']; ?>502 <?php echo esc_html($row['shipping_state']); ?> 503 503 </td> 504 504 <td> 505 <?php echo $row['shipping_zip']; ?>505 <?php echo esc_html($row['shipping_zip']); ?> 506 506 </td> 507 507 <?php } 508 508 if($additional){ ?> 509 509 <td> 510 <?php echo $row['additional_info1']; ?>510 <?php echo esc_html($row['additional_info1']); ?> 511 511 </td> 512 512 <td> 513 <?php echo $row['additional_info2']; ?>513 <?php echo esc_html($row['additional_info2']); ?> 514 514 </td> 515 515 <td> 516 <?php echo $row['additional_info3']; ?>516 <?php echo esc_html($row['additional_info3']); ?> 517 517 </td> 518 518 <td> 519 <?php echo $row['additional_info4']; ?>519 <?php echo esc_html($row['additional_info4']); ?> 520 520 </td> 521 521 <td> 522 <?php echo $row['additional_info5']; ?>522 <?php echo esc_html($row['additional_info5']); ?> 523 523 </td> 524 524 <td> 525 <?php echo $row['additional_info6']; ?>525 <?php echo esc_html($row['additional_info6']); ?> 526 526 </td> 527 527 <td> 528 <?php echo $row['additional_info7']; ?>528 <?php echo esc_html($row['additional_info7']); ?> 529 529 </td> 530 530 <td> 531 <?php echo $row['additional_info8']; ?>531 <?php echo esc_html($row['additional_info8']); ?> 532 532 </td> 533 533 <td> 534 <?php echo $row['additional_info9']; ?>534 <?php echo esc_html($row['additional_info9']); ?> 535 535 </td> 536 536 <td> 537 <?php echo $row['additional_info10']; ?>537 <?php echo esc_html($row['additional_info10']); ?> 538 538 </td> 539 539 <?php } ?> … … 555 555 if ( ! empty( $siteName ) ) 556 556 $siteName .= '.'; 557 $fileName = $siteName . 'users.' . date( 'Y-m-d-H-i-s' ) . '.csv';557 $fileName = $siteName . 'users.' . gmdate( 'Y-m-d-H-i-s' ) . '.csv'; 558 558 559 559 … … 569 569 'additional_info8','additional_info9','additional_info10'); 570 570 571 572 $transactions = $wpdb->get_results('select * from '.$table_name.' order by id desc;' , 'ARRAY_A'); 571 $transactions = $wpdb->get_results( $wpdb->prepare("SELECT * FROM %s order by id desc",$table_name ) , 'ARRAY_A' ); 573 572 574 573 $headers = array(); 575 574 foreach ( $fields as $key => $field ) { 576 $headers[] = '"' . strtolower( $field ). '"';575 $headers[] = '"' . esc_html( strtolower( $field ) ). '"'; 577 576 } 578 577 echo implode( ',', $headers ) . "\n"; … … 582 581 $value = isset( $transaction[$field] ) ? $transaction[$field] : ''; 583 582 $value = is_array( $value ) ? serialize( $value ) : $value; 584 $data[] = '"' . str_replace( '"', '""', $value) . '"';583 $data[] = '"' . esc_html( str_replace( '"', '""', $value ) ) . '"'; 585 584 } 586 585 echo implode( ',', $data ) . "\n"; … … 594 593 ?> 595 594 <div class="wrap ss-wrap"> 596 <h1 class="ss-wp-heading-inline"><span class="hidden-small">SecureSubmit Donate / Pay Now </span><?php echo (isset($title) ? $title: esc_html(get_admin_page_title())) ?></h1>595 <h1 class="ss-wp-heading-inline"><span class="hidden-small">SecureSubmit Donate / Pay Now </span><?php echo (isset($title) ? esc_html($title) : esc_html(get_admin_page_title())) ?></h1> 597 596 <div id="message" class="updated hidden"> 598 597 <p></p> … … 701 700 $shippingRequired = $requireShipping ? ' required' : ''; 702 701 if ($modal) { ?> 703 <div id="<?php echo $prefix; ?>_donation">702 <div id="<?php echo esc_html($prefix); ?>_donation"> 704 703 </div> 705 704 <script language="javascript" type="text/javascript"> 706 705 <?php if ($requireShipping) { ?> 707 var <?php echo $prefix; ?>_requireShipping = true;706 var <?php echo esc_html($prefix); ?>_requireShipping = true; 708 707 <?php } else { ?> 709 var <?php echo $prefix; ?>_requireShipping = false;708 var <?php echo esc_html($prefix); ?>_requireShipping = false; 710 709 <?php } ?> 711 710 712 711 <?php if ($requireBilling) { ?> 713 var <?php echo $prefix; ?>_requireBilling = true;712 var <?php echo esc_html($prefix); ?>_requireBilling = true; 714 713 <?php } else { ?> 715 var <?php echo $prefix; ?>_requireBilling = false;714 var <?php echo esc_html($prefix); ?>_requireBilling = false; 716 715 <?php } ?> 717 716 718 717 <?php 719 718 if(count($additionalFields)>0){ 720 echo "var " . $prefix. "_requireAdditionalInfo = true;";719 echo "var " . esc_html($prefix) . "_requireAdditionalInfo = true;"; 721 720 } else { 722 echo "var " . $prefix. "_requireAdditionalInfo = false;";721 echo "var " . esc_html($prefix) . "_requireAdditionalInfo = false;"; 723 722 } 724 723 ?> … … 728 727 }); 729 728 if (jQuery('#sss').length == 0) 730 jQuery('head').append(jQuery('<link rel="stylesheet" type="text/css" />').attr('href', '<?php echo plugins_url('assets/paybutton.css', __FILE__); ?>').attr('id', 'sss'));731 732 var trigger_button = jQuery("<div class='pay-button button-main'><a href='#Purchase' id='<?php echo $prefix; ?>_pay_now'><?php echo $buttonText; ?></a><div class='pay-button-border'> </div></div>");733 jQuery('#<?php echo $prefix; ?>_donation').append(trigger_button);734 735 jQuery('#<?php echo $prefix; ?>_pay_now').unbind().bind('click', function () {736 <?php echo $prefix; ?>_trigger_payment();729 jQuery('head').append(jQuery('<link rel="stylesheet" type="text/css" />').attr('href', '<?php echo esc_html(plugins_url('assets/paybutton.css', __FILE__ )); ?>').attr('id', 'sss')); 730 731 var trigger_button = jQuery("<div class='pay-button button-main'><a href='#Purchase' id='<?php echo esc_html($prefix); ?>_pay_now'><?php echo esc_html($buttonText); ?></a><div class='pay-button-border'> </div></div>"); 732 jQuery('#<?php echo esc_html($prefix); ?>_donation').append(trigger_button); 733 734 jQuery('#<?php echo esc_html($prefix); ?>_pay_now').unbind().bind('click', function () { 735 <?php echo esc_html($prefix); ?>_trigger_payment(); 737 736 }); 738 737 739 738 // BUILD CONTROLS 740 var <?php echo $prefix; ?>_modal_html = "<a class='boxclose modal-close' id='boxclose'>×</a>";739 var <?php echo esc_html($prefix); ?>_modal_html = "<a class='boxclose modal-close' id='boxclose'>×</a>"; 741 740 742 741 // HEADER 743 <?php echo $prefix; ?>_modal_html += "<div id='modal-header'>";744 745 <?php echo $prefix; ?>_modal_html += "<div style='float: left;'>";742 <?php echo esc_html($prefix); ?>_modal_html += "<div id='modal-header'>"; 743 744 <?php echo esc_html($prefix); ?>_modal_html += "<div style='float: left;'>"; 746 745 <?php if (!isset($atts["productimage"])) { ?> 747 <?php echo $prefix; ?>_modal_html += "<img src='<?php echo plugins_url('assets/donation.png', __FILE__); ?>' class='checkout-product-image' />";746 <?php echo esc_html($prefix); ?>_modal_html += "<img src='<?php echo esc_html(plugins_url('assets/donation.png', __FILE__)); ?>' class='checkout-product-image' />"; 748 747 <?php } else if ($atts["productimage"] == 'none') { ?> 749 <?php echo $prefix; ?>_modal_html += "<img src='<?php echo plugins_url('assets/transparent.png', __FILE__); ?>' class='checkout-product-image' />";748 <?php echo esc_html($prefix); ?>_modal_html += "<img src='<?php echo esc_html(plugins_url('assets/transparent.png', __FILE__)); ?>' class='checkout-product-image' />"; 750 749 <?php } else { ?> 751 <?php echo $prefix; ?>_modal_html += "<img src='<?php echo isset($atts['productimage']) ? $atts["productimage"]: ''; ?>' class='checkout-product-image' />";750 <?php echo esc_html($prefix); ?>_modal_html += "<img src='<?php echo isset($atts['productimage']) ? esc_html($atts["productimage"]) : ''; ?>' class='checkout-product-image' />"; 752 751 <?php } ?> 753 <?php echo $prefix; ?>_modal_html += "</div>";754 <?php echo $prefix; ?>_modal_html += "<input type='hidden' name='action' id='action' value='ssd_submit_payment'/>";755 <?php echo $prefix; ?>_modal_html += "<input type='hidden' name='product_sku' id='product_sku' value='<?php echo isset($atts['productid']) ? $atts['productid'] : get_the_title(); ?>'/>";756 <?php echo $prefix; ?>_modal_html += "<input type='hidden' name='product_id' id='product_id' value='<?php echo isset($atts['productid']) ? $atts['productid'] : get_the_ID(); ?>'/>";757 <?php echo $prefix; ?>_modal_html += "<div class='checkout-product-name'><?php echo isset($atts['productname']) ? $atts['productname']: ''; ?></div>";758 759 if ('<?php echo isset($atts['amount']) ? $atts['amount']: ''; ?>' != '') {760 <?php echo $prefix; ?>_modal_html += "<div class='checkout-price'>$<?php echo isset($atts['amount']) ? $atts['amount']: ''; ?></div>";761 <?php echo $prefix; ?>_modal_html += "<input type='hidden' name='donation_amount' value='<?php echo isset($atts['amount']) ? $atts['amount']: ''; ?>' />";752 <?php echo esc_html($prefix); ?>_modal_html += "</div>"; 753 <?php echo esc_html($prefix); ?>_modal_html += "<input type='hidden' name='action' id='action' value='ssd_submit_payment'/>"; 754 <?php echo esc_html($prefix); ?>_modal_html += "<input type='hidden' name='product_sku' id='product_sku' value='<?php echo isset($atts['productid']) ? esc_html($atts['productid']) : esc_html(get_the_title()); ?>'/>"; 755 <?php echo esc_html($prefix); ?>_modal_html += "<input type='hidden' name='product_id' id='product_id' value='<?php echo isset($atts['productid']) ? esc_html($atts['productid']) : esc_html(get_the_ID()); ?>'/>"; 756 <?php echo esc_html($prefix); ?>_modal_html += "<div class='checkout-product-name'><?php echo isset($atts['productname']) ? esc_html($atts['productname']) : ''; ?></div>"; 757 758 if ('<?php echo isset($atts['amount']) ? esc_html($atts['amount']) : ''; ?>' != '') { 759 <?php echo esc_html($prefix); ?>_modal_html += "<div class='checkout-price'>$<?php echo isset($atts['amount']) ? esc_html($atts['amount']) : ''; ?></div>"; 760 <?php echo esc_html($prefix); ?>_modal_html += "<input type='hidden' name='donation_amount' value='<?php echo isset($atts['amount']) ? esc_html($atts['amount']) : ''; ?>' />"; 762 761 } else { 763 <?php echo $prefix; ?>_modal_html += "<div class='donation-price'>Dollar Amount<br />$ <input type='text' name='donation_amount' id='donation_amount' class='checkout-input donation-field' placeholder='<?php echo $amountdefault; ?>'></div>";762 <?php echo esc_html($prefix); ?>_modal_html += "<div class='donation-price'>Dollar Amount<br />$ <input type='text' name='donation_amount' id='donation_amount' class='checkout-input donation-field' placeholder='<?php echo esc_html($amountdefault); ?>'></div>"; 764 763 } 765 764 766 <?php echo $prefix; ?>_modal_html += "</div>";767 768 <?php echo $prefix; ?>_modal_html += "<div id='modal-body'>";765 <?php echo esc_html($prefix); ?>_modal_html += "</div>"; 766 767 <?php echo esc_html($prefix); ?>_modal_html += "<div id='modal-body'>"; 769 768 770 769 // BILLING BODY 771 var <?php echo $prefix; ?>_billing_html = "<div id='<?php echo $prefix; ?>_billing_panel'>";772 <?php echo $prefix; ?>_billing_html += "<div class='checkout-card-information'>Billing Information</div>";773 <?php echo $prefix; ?>_billing_html += "<div class='card-number'><input type='text' name='cardholder_name' id='cardholder_name' class='checkout-input checkout-card <?php echo $billingRequired; ?> ' placeholder='Name on Credit Card'></div>";774 <?php echo $prefix; ?>_billing_html += "<div class='card-number'><input type='text' name='cardholder_address' id='cardholder_address' class='checkout-input checkout-card <?php echo $billingRequired; ?>' placeholder='Credit Card Billing Address'></div>";775 <?php echo $prefix; ?>_billing_html += "<div class='card-number'>";776 <?php echo $prefix; ?>_billing_html += "<input type='text' name='cardholder_city' id='cardholder_city' class='checkout-input city-field<?php echo $billingRequired; ?>' placeholder='City'>";770 var <?php echo esc_html($prefix); ?>_billing_html = "<div id='<?php echo esc_html($prefix); ?>_billing_panel'>"; 771 <?php echo esc_html($prefix); ?>_billing_html += "<div class='checkout-card-information'>Billing Information</div>"; 772 <?php echo esc_html($prefix); ?>_billing_html += "<div class='card-number'><input type='text' name='cardholder_name' id='cardholder_name' class='checkout-input checkout-card <?php echo esc_html($billingRequired); ?> ' placeholder='Name on Credit Card'></div>"; 773 <?php echo esc_html($prefix); ?>_billing_html += "<div class='card-number'><input type='text' name='cardholder_address' id='cardholder_address' class='checkout-input checkout-card <?php echo esc_html($billingRequired); ?>' placeholder='Credit Card Billing Address'></div>"; 774 <?php echo esc_html($prefix); ?>_billing_html += "<div class='card-number'>"; 775 <?php echo esc_html($prefix); ?>_billing_html += "<input type='text' name='cardholder_city' id='cardholder_city' class='checkout-input city-field<?php echo esc_html($billingRequired); ?>' placeholder='City'>"; 777 776 <?php if ($requireState) { ?> 778 <?php echo $prefix; ?>_billing_html += "<select name='cardholder_state' id='cardholder_state' class='checkout-input state-field<?php echo $billingRequired; ?>'><option value='AL'>AL</option><option value='AK'>AK</option><option value='AZ'>AZ</option><option value='AR'>AR</option><option value='CA'>CA</option><option value='CO'>CO</option><option value='CT'>CT</option><option value='DC'>DC</option><option value='DE'>DE</option><option value='FL'>FL</option><option value='GA'>GA</option><option value='HI'>HI</option><option value='ID'>ID</option><option value='IL'>IL</option><option value='IN'>IN</option><option value='IA'>IA</option><option value='KS'>KS</option><option value='KY'>KY</option><option value='LA'>LA</option><option value='ME'>ME</option><option value='MD'>MD</option><option value='MA'>MA</option><option value='MI'>MI</option><option value='MN'>MN</option><option value='MS'>MS</option><option value='MO'>MO</option><option value='MT'>MT</option><option value='NE'>NE</option><option value='NV'>NV</option><option value='NH'>NH</option><option value='NJ'>NJ</option><option value='NM'>NM</option><option value='NY'>NY</option><option value='NC'>NC</option><option value='ND'>ND</option><option value='OH'>OH</option><option value='OK'>OK</option><option value='OR'>OR</option><option value='PA'>PA</option><option value='RI'>RI</option><option value='SC'>SC</option><option value='SD'>SD</option><option value='TN'>TN</option><option value='TX'>TX</option><option value='UT'>UT</option><option value='VT'>VT</option><option value='VA'>VA</option><option value='WA'>WA</option><option value='WV'>WV</option><option value='WI'>WI</option><option value='WY'>WY</option></select>";777 <?php echo esc_html($prefix); ?>_billing_html += "<select name='cardholder_state' id='cardholder_state' class='checkout-input state-field<?php echo esc_html($billingRequired); ?>'><option value='AL'>AL</option><option value='AK'>AK</option><option value='AZ'>AZ</option><option value='AR'>AR</option><option value='CA'>CA</option><option value='CO'>CO</option><option value='CT'>CT</option><option value='DC'>DC</option><option value='DE'>DE</option><option value='FL'>FL</option><option value='GA'>GA</option><option value='HI'>HI</option><option value='ID'>ID</option><option value='IL'>IL</option><option value='IN'>IN</option><option value='IA'>IA</option><option value='KS'>KS</option><option value='KY'>KY</option><option value='LA'>LA</option><option value='ME'>ME</option><option value='MD'>MD</option><option value='MA'>MA</option><option value='MI'>MI</option><option value='MN'>MN</option><option value='MS'>MS</option><option value='MO'>MO</option><option value='MT'>MT</option><option value='NE'>NE</option><option value='NV'>NV</option><option value='NH'>NH</option><option value='NJ'>NJ</option><option value='NM'>NM</option><option value='NY'>NY</option><option value='NC'>NC</option><option value='ND'>ND</option><option value='OH'>OH</option><option value='OK'>OK</option><option value='OR'>OR</option><option value='PA'>PA</option><option value='RI'>RI</option><option value='SC'>SC</option><option value='SD'>SD</option><option value='TN'>TN</option><option value='TX'>TX</option><option value='UT'>UT</option><option value='VT'>VT</option><option value='VA'>VA</option><option value='WA'>WA</option><option value='WV'>WV</option><option value='WI'>WI</option><option value='WY'>WY</option></select>"; 779 778 <?php } ?> 780 <?php echo $prefix; ?>_billing_html += "<input type='text' name='cardholder_zip' id='cardholder_zip' class='checkout-input zip-field<?php echo $billingRequired; ?>' placeholder='Zip'>";781 <?php echo $prefix; ?>_billing_html += "</div>";779 <?php echo esc_html($prefix); ?>_billing_html += "<input type='text' name='cardholder_zip' id='cardholder_zip' class='checkout-input zip-field<?php echo esc_html($billingRequired); ?>' placeholder='Zip'>"; 780 <?php echo esc_html($prefix); ?>_billing_html += "</div>"; 782 781 783 782 // Additional Info BODY 784 var <?php echo $prefix; ?>_additional_html = "<div id='<?php echo $prefix; ?>_additional_panel'>";785 <?php echo $prefix; ?>_additional_html += "<div class='back-button'><a href='#billing' id='<?php echo $prefix; ?>_additional_back'>back</a></div>";786 <?php echo $prefix; ?>_additional_html += "<div class='checkout-card-information'><?php echo $additionalInformationText; ?></div>";787 <?php echo $prefix; ?>_additional_html += "<div style='overflow-y: auto; height: 200px;'>";783 var <?php echo esc_html($prefix); ?>_additional_html = "<div id='<?php echo esc_html($prefix); ?>_additional_panel'>"; 784 <?php echo esc_html($prefix); ?>_additional_html += "<div class='back-button'><a href='#billing' id='<?php echo esc_html($prefix); ?>_additional_back'>back</a></div>"; 785 <?php echo esc_html($prefix); ?>_additional_html += "<div class='checkout-card-information'><?php echo esc_html($additionalInformationText); ?></div>"; 786 <?php echo esc_html($prefix); ?>_additional_html += "<div style='overflow-y: auto; height: 200px;'>"; 788 787 <?php 789 788 if(count($additionalFields)>0){ … … 806 805 807 806 if ($field_type == "textarea") { 808 echo $prefix . '_additional_html += "<div class=\'card-number\'><textarea name=\''.$value.'\' id=\''.$value.'\' class=\'donation-textarea'.$required.'\' placeholder=\''.$atts[$value].'\'></textarea></div>";';807 echo esc_html($prefix) . '_additional_html += "<div class=\'card-number\'><textarea name=\''.esc_html($value).'\' id=\''.esc_html($value).'\' class=\'donation-textarea'.esc_html($required).'\' placeholder=\''.esc_html($atts[$value]).'\'></textarea></div>";'; 809 808 } 810 809 else if ($field_type == "dropdown") { 811 echo $prefix . '_additional_html += "<div class=\'card-number\'><select name=\''.$value.'\' id=\''.$value.'\' class=\'donation-dropdown'.$required.'\'><option>Select an option below</option>";';810 echo esc_html($prefix) . '_additional_html += "<div class=\'card-number\'><select name=\''.esc_html($value).'\' id=\''.esc_html($value).'\' class=\'donation-dropdown'.esc_html($required).'\'><option>Select an option below</option>";'; 812 811 $options = explode("|", $atts[$value]); 813 812 foreach($options as $option) { 814 echo $prefix . '_additional_html += "<option>' . $option. '</option>";';813 echo esc_html($prefix) . '_additional_html += "<option>' . esc_html($option) . '</option>";'; 815 814 } 816 echo $prefix. '_additional_html += "</select></div>";';815 echo esc_html($prefix) . '_additional_html += "</select></div>";'; 817 816 } else if ($field_type == "radio") { 818 echo $prefix. '_additional_html += "<div class=\'card-number\'>";';817 echo esc_html($prefix) . '_additional_html += "<div class=\'card-number\'>";'; 819 818 $options = explode("|", $atts[$value]); 820 819 foreach($options as $option) { 821 echo $prefix . '_additional_html += "<input type=\'radio\' name=\''.$value.'\' value=\'' . $option . '\' class=\'securesubmitradio\'>' . $option. '</input><br />";';820 echo esc_html($prefix) . '_additional_html += "<input type=\'radio\' name=\''.esc_html($value).'\' value=\'' . esc_html($option) . '\' class=\'securesubmitradio\'>' . esc_html($option) . '</input><br />";'; 822 821 } 823 echo $prefix. '_additional_html += "</div>";';822 echo esc_html($prefix) . '_additional_html += "</div>";'; 824 823 } else if ($field_type == "checkbox") { 825 echo $prefix . '_additional_html += "<input name=\'' . $value . '\' id=\'' . $value . '\' type=\'checkbox\'> <label style=\'display: inline\' for=\'' . $value . '\'>' . $atts[$value]. '</label>";';824 echo esc_html($prefix) . '_additional_html += "<input name=\'' . esc_html($value) . '\' id=\'' . esc_html($value) . '\' type=\'checkbox\'> <label style=\'display: inline\' for=\'' . esc_html($value) . '\'>' . esc_html($atts[$value]) . '</label>";'; 826 825 } else if ($field_type == "label") { 827 826 $html_links = preg_replace('@((https?://)?([-\w]+\.[-\w\.]+)+\w(:\d+)?(/([-\w/_\.]*(\?\S+)?)?)*)@', "<a href=\'$1\' target=\'blank\'>$1</a>", $atts[$value]); 828 echo $prefix . '_additional_html += "<div class=\'card-number\'>' . $html_links. '</div>";';827 echo esc_html($prefix) . '_additional_html += "<div class=\'card-number\'>' . esc_html($html_links) . '</div>";'; 829 828 } 830 829 else 831 830 { 832 echo $prefix . '_additional_html += "<div class=\'card-number\'><input name=\''.$value.'\' type=\''.$field_type.'\' id=\''.$value.'\' class=\'checkout-input checkout-card'.$required.'\' placeholder=\''.$atts[$value].'\'></div>";';831 echo esc_html($prefix) . '_additional_html += "<div class=\'card-number\'><input name=\''.esc_html($value).'\' type=\''.esc_html($field_type).'\' id=\''.esc_html($value).'\' class=\'checkout-input checkout-card'.esc_html($required).'\' placeholder=\''.esc_html($atts[$value]).'\'></div>";'; 833 832 } 834 833 } 835 834 } 836 835 ?> 837 <?php echo $prefix; ?>_additional_html += "</div>";838 <?php echo $prefix; ?>_additional_html += "<div class='pay-button button-next'><a href='#Purchase' id='<?php echo $prefix; ?>_additional_next_button'>Next</a><div class='pay-button-border'> </div></div>";839 <?php echo $prefix; ?>_additional_html += "<div class='powered_by'><img src='<?php echo plugins_url( 'assets/heart.png', __FILE__); ?>' /></div>";840 <?php echo $prefix; ?>_additional_html += "</div>";836 <?php echo esc_html($prefix); ?>_additional_html += "</div>"; 837 <?php echo esc_html($prefix); ?>_additional_html += "<div class='pay-button button-next'><a href='#Purchase' id='<?php echo esc_html($prefix); ?>_additional_next_button'>Next</a><div class='pay-button-border'> </div></div>"; 838 <?php echo esc_html($prefix); ?>_additional_html += "<div class='powered_by'><img src='<?php echo esc_html(plugins_url( 'assets/heart.png', __FILE__ )); ?>' /></div>"; 839 <?php echo esc_html($prefix); ?>_additional_html += "</div>"; 841 840 842 841 843 842 // TODO: Check if this is checked to skip the shipping screen... 844 if (<?php echo $prefix; ?>_requireShipping) {845 <?php echo $prefix; ?>_billing_html += "<div class='same_shipping'><input name='shipping_same' type='checkbox' id='shipping_same'> <label for='shipping_same'>Shipping Same As Billing</label></div>";843 if (<?php echo esc_html($prefix); ?>_requireShipping) { 844 <?php echo esc_html($prefix); ?>_billing_html += "<div class='same_shipping'><input name='shipping_same' type='checkbox' id='shipping_same'> <label for='shipping_same'>Shipping Same As Billing</label></div>"; 846 845 } 847 846 848 <?php echo $prefix; ?>_billing_html += "<div class='pay-button button-next'><a href='#Purchase' id='<?php echo $prefix; ?>_billing_next_button'>Next</a><div class='pay-button-border'> </div></div>";849 <?php echo $prefix; ?>_billing_html += "<div class='powered_by'><img src='<?php echo plugins_url( 'assets/heart.png', __FILE__); ?>' /></div>";850 <?php echo $prefix; ?>_billing_html += "</div>";847 <?php echo esc_html($prefix); ?>_billing_html += "<div class='pay-button button-next'><a href='#Purchase' id='<?php echo esc_html($prefix); ?>_billing_next_button'>Next</a><div class='pay-button-border'> </div></div>"; 848 <?php echo esc_html($prefix); ?>_billing_html += "<div class='powered_by'><img src='<?php echo esc_html(plugins_url( 'assets/heart.png', __FILE__ )); ?>' /></div>"; 849 <?php echo esc_html($prefix); ?>_billing_html += "</div>"; 851 850 852 851 // SHIPPING BODY 853 var <?php echo $prefix; ?>_shipping_html = "<div id='<?php echo $prefix; ?>_shipping_panel'>";854 <?php echo $prefix; ?>_shipping_html += "<div class='back-button'><a href='#billing' id='<?php echo $prefix; ?>_shipping_back'>back</a></div>";855 <?php echo $prefix; ?>_shipping_html += "<div class='checkout-card-information'>Shipping Information</div>";856 <?php echo $prefix; ?>_shipping_html += "<div class='card-number'><input name='shipping_name' type='text' id='shipping_name' class='checkout-input checkout-card<?php echo $shippingRequired; ?>' placeholder='Shipping Name'></div>";857 <?php echo $prefix; ?>_shipping_html += "<div class='card-number'><input name='shipping_address' type='text' id='shipping_address' class='checkout-input checkout-card<?php echo $shippingRequired; ?>' placeholder='Address'></div>";858 <?php echo $prefix; ?>_shipping_html += "<div class='card-number'>";859 <?php echo $prefix; ?>_shipping_html += "<input type='text' name='shipping_city' id='shipping_city' class='checkout-input city-field<?php echo $shippingRequired; ?>' placeholder='City'>";852 var <?php echo esc_html($prefix); ?>_shipping_html = "<div id='<?php echo esc_html($prefix); ?>_shipping_panel'>"; 853 <?php echo esc_html($prefix); ?>_shipping_html += "<div class='back-button'><a href='#billing' id='<?php echo esc_html($prefix); ?>_shipping_back'>back</a></div>"; 854 <?php echo esc_html($prefix); ?>_shipping_html += "<div class='checkout-card-information'>Shipping Information</div>"; 855 <?php echo esc_html($prefix); ?>_shipping_html += "<div class='card-number'><input name='shipping_name' type='text' id='shipping_name' class='checkout-input checkout-card<?php echo esc_html($shippingRequired); ?>' placeholder='Shipping Name'></div>"; 856 <?php echo esc_html($prefix); ?>_shipping_html += "<div class='card-number'><input name='shipping_address' type='text' id='shipping_address' class='checkout-input checkout-card<?php echo esc_html($shippingRequired); ?>' placeholder='Address'></div>"; 857 <?php echo esc_html($prefix); ?>_shipping_html += "<div class='card-number'>"; 858 <?php echo esc_html($prefix); ?>_shipping_html += "<input type='text' name='shipping_city' id='shipping_city' class='checkout-input city-field<?php echo esc_html($shippingRequired); ?>' placeholder='City'>"; 860 859 <?php if ($requireState) { ?> 861 <?php echo $prefix; ?>_shipping_html += "<select id='shipping_state' name='shipping_state' class='checkout-input state-field<?php echo $shippingRequired; ?>'><option value='AL'>AL</option><option value='AK'>AK</option><option value='AZ'>AZ</option><option value='AR'>AR</option><option value='CA'>CA</option><option value='CO'>CO</option><option value='CT'>CT</option><option value='DC'>DC</option><option value='DE'>DE</option><option value='FL'>FL</option><option value='GA'>GA</option><option value='HI'>HI</option><option value='ID'>ID</option><option value='IL'>IL</option><option value='IN'>IN</option><option value='IA'>IA</option><option value='KS'>KS</option><option value='KY'>KY</option><option value='LA'>LA</option><option value='ME'>ME</option><option value='MD'>MD</option><option value='MA'>MA</option><option value='MI'>MI</option><option value='MN'>MN</option><option value='MS'>MS</option><option value='MO'>MO</option><option value='MT'>MT</option><option value='NE'>NE</option><option value='NV'>NV</option><option value='NH'>NH</option><option value='NJ'>NJ</option><option value='NM'>NM</option><option value='NY'>NY</option><option value='NC'>NC</option><option value='ND'>ND</option><option value='OH'>OH</option><option value='OK'>OK</option><option value='OR'>OR</option><option value='PA'>PA</option><option value='RI'>RI</option><option value='SC'>SC</option><option value='SD'>SD</option><option value='TN'>TN</option><option value='TX'>TX</option><option value='UT'>UT</option><option value='VT'>VT</option><option value='VA'>VA</option><option value='WA'>WA</option><option value='WV'>WV</option><option value='WI'>WI</option><option value='WY'>WY</option></select>";860 <?php echo esc_html($prefix); ?>_shipping_html += "<select id='shipping_state' name='shipping_state' class='checkout-input state-field<?php echo esc_html($shippingRequired); ?>'><option value='AL'>AL</option><option value='AK'>AK</option><option value='AZ'>AZ</option><option value='AR'>AR</option><option value='CA'>CA</option><option value='CO'>CO</option><option value='CT'>CT</option><option value='DC'>DC</option><option value='DE'>DE</option><option value='FL'>FL</option><option value='GA'>GA</option><option value='HI'>HI</option><option value='ID'>ID</option><option value='IL'>IL</option><option value='IN'>IN</option><option value='IA'>IA</option><option value='KS'>KS</option><option value='KY'>KY</option><option value='LA'>LA</option><option value='ME'>ME</option><option value='MD'>MD</option><option value='MA'>MA</option><option value='MI'>MI</option><option value='MN'>MN</option><option value='MS'>MS</option><option value='MO'>MO</option><option value='MT'>MT</option><option value='NE'>NE</option><option value='NV'>NV</option><option value='NH'>NH</option><option value='NJ'>NJ</option><option value='NM'>NM</option><option value='NY'>NY</option><option value='NC'>NC</option><option value='ND'>ND</option><option value='OH'>OH</option><option value='OK'>OK</option><option value='OR'>OR</option><option value='PA'>PA</option><option value='RI'>RI</option><option value='SC'>SC</option><option value='SD'>SD</option><option value='TN'>TN</option><option value='TX'>TX</option><option value='UT'>UT</option><option value='VT'>VT</option><option value='VA'>VA</option><option value='WA'>WA</option><option value='WV'>WV</option><option value='WI'>WI</option><option value='WY'>WY</option></select>"; 862 861 <?php } ?> 863 <?php echo $prefix; ?>_shipping_html += "<input type='text' name='shipping_zip' id='shipping_zip' class='checkout-input zip-field<?php echo $shippingRequired; ?>' placeholder='Zip'>";864 <?php echo $prefix; ?>_shipping_html += "</div>";865 <?php echo $prefix; ?>_shipping_html += "<div class='pay-button button-next'><a href='#Purchase' id='<?php echo $prefix; ?>_shipping_next_button'>Next</a><div class='pay-button-border'> </div></div>";866 <?php echo $prefix; ?>_shipping_html += "<div class='powered_by'><img src='<?php echo plugins_url('assets/heart.png', __FILE__); ?>' /></div>";867 <?php echo $prefix; ?>_shipping_html += "</div>";862 <?php echo esc_html($prefix); ?>_shipping_html += "<input type='text' name='shipping_zip' id='shipping_zip' class='checkout-input zip-field<?php echo esc_html($shippingRequired); ?>' placeholder='Zip'>"; 863 <?php echo esc_html($prefix); ?>_shipping_html += "</div>"; 864 <?php echo esc_html($prefix); ?>_shipping_html += "<div class='pay-button button-next'><a href='#Purchase' id='<?php echo esc_html($prefix); ?>_shipping_next_button'>Next</a><div class='pay-button-border'> </div></div>"; 865 <?php echo esc_html($prefix); ?>_shipping_html += "<div class='powered_by'><img src='<?php echo esc_html(plugins_url('assets/heart.png', __FILE__)); ?>' /></div>"; 866 <?php echo esc_html($prefix); ?>_shipping_html += "</div>"; 868 867 869 868 // CARD BODY 870 var <?php echo $prefix; ?>_card_html = "<div id='<?php echo $prefix; ?>_card_panel'>";871 <?php echo $prefix; ?>_card_html += "<div class='back-button'><a href='#shipping' id='<?php echo $prefix; ?>_card_back'>back</a></div>";872 <?php echo $prefix; ?>_card_html += "<div class='checkout-card-information'>Card Information</div>";873 <?php echo $prefix; ?>_card_html += "<div class='card-number'><input type='text' id='card_number' class='checkout-input checkout-card required' placeholder='Credit Card'></div>";874 <?php echo $prefix; ?>_card_html += "<div class='card-exp'><input type='text' id='card_exp' class='checkout-exp required' placeholder='MM/YY'></div>";875 <?php echo $prefix; ?>_card_html += "<div class='card-cvc'><input type='text' id='card_cvc' class='checkout-exp' placeholder='CVC'></div>";876 <?php echo $prefix; ?>_card_html += "<div class='clearfixcheckout'> </div>";877 <?php echo $prefix; ?>_card_html += "<div class='email-reciept'><input name='email_reciept' type='checkbox' id='email_reciept' checked='true'> <label for='email_reciept'>Email Receipt</label></div>";878 <?php echo $prefix; ?>_card_html += "<div class='email-address'><input name='email_address' type='text' id='email_address' class='checkout-email' placeholder='Customer Email Address'></div>";879 <?php echo $prefix; ?>_card_html += "<div class='pay-button button-next'><a href='#Purchase' id='<?php echo $prefix; ?>_pay_button'><?php echo $buttonText; ?></a><div class='pay-button-border'> </div></div>";880 <?php echo $prefix; ?>_card_html += "<div class='powered_by'><img src='<?php echo plugins_url( 'assets/heart.png', __FILE__); ?>' /></div>";881 <?php echo $prefix; ?>_card_html += "</div>";869 var <?php echo esc_html($prefix); ?>_card_html = "<div id='<?php echo esc_html($prefix); ?>_card_panel'>"; 870 <?php echo esc_html($prefix); ?>_card_html += "<div class='back-button'><a href='#shipping' id='<?php echo esc_html($prefix); ?>_card_back'>back</a></div>"; 871 <?php echo esc_html($prefix); ?>_card_html += "<div class='checkout-card-information'>Card Information</div>"; 872 <?php echo esc_html($prefix); ?>_card_html += "<div class='card-number'><input type='text' id='card_number' class='checkout-input checkout-card required' placeholder='Credit Card'></div>"; 873 <?php echo esc_html($prefix); ?>_card_html += "<div class='card-exp'><input type='text' id='card_exp' class='checkout-exp required' placeholder='MM/YY'></div>"; 874 <?php echo esc_html($prefix); ?>_card_html += "<div class='card-cvc'><input type='text' id='card_cvc' class='checkout-exp' placeholder='CVC'></div>"; 875 <?php echo esc_html($prefix); ?>_card_html += "<div class='clearfixcheckout'> </div>"; 876 <?php echo esc_html($prefix); ?>_card_html += "<div class='email-reciept'><input name='email_reciept' type='checkbox' id='email_reciept' checked='true'> <label for='email_reciept'>Email Receipt</label></div>"; 877 <?php echo esc_html($prefix); ?>_card_html += "<div class='email-address'><input name='email_address' type='text' id='email_address' class='checkout-email' placeholder='Customer Email Address'></div>"; 878 <?php echo esc_html($prefix); ?>_card_html += "<div class='pay-button button-next'><a href='#Purchase' id='<?php echo esc_html($prefix); ?>_pay_button'><?php echo esc_html($buttonText); ?></a><div class='pay-button-border'> </div></div>"; 879 <?php echo esc_html($prefix); ?>_card_html += "<div class='powered_by'><img src='<?php echo esc_html(plugins_url( 'assets/heart.png', __FILE__ )); ?>' /></div>"; 880 <?php echo esc_html($prefix); ?>_card_html += "</div>"; 882 881 883 882 // PROCESSING BODY 884 var <?php echo $prefix; ?>_processing_html = "<div id='<?php echo $prefix; ?>_processing_panel'>";885 <?php echo $prefix; ?>_processing_html += "<div class='transaction-processing'>processing</div>";886 <?php echo $prefix; ?>_processing_html += "</div>";883 var <?php echo esc_html($prefix); ?>_processing_html = "<div id='<?php echo esc_html($prefix); ?>_processing_panel'>"; 884 <?php echo esc_html($prefix); ?>_processing_html += "<div class='transaction-processing'>processing</div>"; 885 <?php echo esc_html($prefix); ?>_processing_html += "</div>"; 887 886 888 887 // FAILURE BODY 889 var <?php echo $prefix; ?>_failure_html = "<div id='<?php echo $prefix; ?>_failure_panel'>";890 <?php echo $prefix; ?>_failure_html += "<div class='checkout-card-information'>Transaction Information</div>";891 <?php echo $prefix; ?>_failure_html += "<div class='transaction-error'>There was a problem while processing your card.</div>";892 <?php echo $prefix; ?>_failure_html += "<div class='pay-button button-next'><a href='#Purchase' id='<?php echo $prefix; ?>_retry_button'>Retry</a><div class='pay-button-border'> </div></div>";893 <?php echo $prefix; ?>_failure_html += "</div>";888 var <?php echo esc_html($prefix); ?>_failure_html = "<div id='<?php echo esc_html($prefix); ?>_failure_panel'>"; 889 <?php echo esc_html($prefix); ?>_failure_html += "<div class='checkout-card-information'>Transaction Information</div>"; 890 <?php echo esc_html($prefix); ?>_failure_html += "<div class='transaction-error'>There was a problem while processing your card.</div>"; 891 <?php echo esc_html($prefix); ?>_failure_html += "<div class='pay-button button-next'><a href='#Purchase' id='<?php echo esc_html($prefix); ?>_retry_button'>Retry</a><div class='pay-button-border'> </div></div>"; 892 <?php echo esc_html($prefix); ?>_failure_html += "</div>"; 894 893 895 894 // SUCCESS BODY 896 var <?php echo $prefix; ?>_success_html = "<div id='<?php echo $prefix; ?>_success_panel'>";897 <?php echo $prefix; ?>_success_html += "<div class='card-number'>Your Payment Was Successful!</div>";898 <?php echo $prefix; ?>_success_html += "</div>";899 900 <?php echo $prefix; ?>_modal_html += <?php echo $prefix; ?>_billing_html;901 <?php echo $prefix; ?>_modal_html += <?php echo $prefix; ?>_additional_html;902 <?php echo $prefix; ?>_modal_html += <?php echo $prefix; ?>_shipping_html;903 <?php echo $prefix; ?>_modal_html += <?php echo $prefix; ?>_card_html;904 <?php echo $prefix; ?>_modal_html += <?php echo $prefix; ?>_processing_html;905 <?php echo $prefix; ?>_modal_html += <?php echo $prefix; ?>_failure_html;906 <?php echo $prefix; ?>_modal_html += <?php echo $prefix; ?>_success_html;907 908 <?php echo $prefix; ?>_modal_html += "</div>"; // BODY895 var <?php echo esc_html($prefix); ?>_success_html = "<div id='<?php echo esc_html($prefix); ?>_success_panel'>"; 896 <?php echo esc_html($prefix); ?>_success_html += "<div class='card-number'>Your Payment Was Successful!</div>"; 897 <?php echo esc_html($prefix); ?>_success_html += "</div>"; 898 899 <?php echo esc_html($prefix); ?>_modal_html += <?php echo esc_html($prefix); ?>_billing_html; 900 <?php echo esc_html($prefix); ?>_modal_html += <?php echo esc_html($prefix); ?>_additional_html; 901 <?php echo esc_html($prefix); ?>_modal_html += <?php echo esc_html($prefix); ?>_shipping_html; 902 <?php echo esc_html($prefix); ?>_modal_html += <?php echo esc_html($prefix); ?>_card_html; 903 <?php echo esc_html($prefix); ?>_modal_html += <?php echo esc_html($prefix); ?>_processing_html; 904 <?php echo esc_html($prefix); ?>_modal_html += <?php echo esc_html($prefix); ?>_failure_html; 905 <?php echo esc_html($prefix); ?>_modal_html += <?php echo esc_html($prefix); ?>_success_html; 906 907 <?php echo esc_html($prefix); ?>_modal_html += "</div>"; // BODY 909 908 910 909 // ACTIONS 911 function <?php echo $prefix; ?>_trigger_payment() {912 var prefix = '<?php echo $prefix; ?>';910 function <?php echo esc_html($prefix); ?>_trigger_payment() { 911 var prefix = '<?php echo esc_html($prefix); ?>'; 913 912 var $ = jQuery; 914 913 … … 939 938 940 939 var stylesheet = $('<link rel="stylesheet" type="text/css" />'); 941 stylesheet.attr('href', '<?php echo plugins_url( 'assets/checkout.css', __FILE__); ?>').attr('id', 'sss');940 stylesheet.attr('href', '<?php echo esc_html(plugins_url( 'assets/checkout.css', __FILE__ )); ?>').attr('id', 'sss'); 942 941 943 942 frame.contents().find('head').append(stylesheet); … … 949 948 950 949 frameBody.append(form); 951 form.append(<?php echo $prefix; ?>_modal_html);950 form.append(<?php echo esc_html($prefix); ?>_modal_html); 952 951 953 952 function configureCleanUp() { … … 977 976 978 977 function getPanel(panelName) { 979 return frameBody.find('#<?php echo $prefix; ?>_' + panelName + '_panel');978 return frameBody.find('#<?php echo esc_html($prefix); ?>_' + panelName + '_panel'); 980 979 } 981 980 … … 991 990 // Bind Panels 992 991 // Billing Panel 993 var billingButton = billingPanel.find('#<?php echo $prefix; ?>_billing_next_button');992 var billingButton = billingPanel.find('#<?php echo esc_html($prefix); ?>_billing_next_button'); 994 993 995 994 billingPanel.show(); … … 1016 1015 billingPanel.hide(); 1017 1016 1018 if (<?php echo $prefix; ?>_requireAdditionalInfo) {1017 if (<?php echo esc_html($prefix); ?>_requireAdditionalInfo) { 1019 1018 additionalPanel.fadeIn(); 1020 } else if (<?php echo $prefix; ?>_requireShipping) {1019 } else if (<?php echo esc_html($prefix); ?>_requireShipping) { 1021 1020 cardPanel.hide(); 1022 1021 if (frameBody.find("#shipping_same").attr("checked")) { … … 1046 1045 1047 1046 // Additional Panel 1048 var additionalNext = additionalPanel.find("#<?php echo $prefix; ?>_additional_next_button");1049 var additionalBack = additionalPanel.find("#<?php echo $prefix; ?>_additional_back");1047 var additionalNext = additionalPanel.find("#<?php echo esc_html($prefix); ?>_additional_next_button"); 1048 var additionalBack = additionalPanel.find("#<?php echo esc_html($prefix); ?>_additional_back"); 1050 1049 1051 1050 additionalPanel.hide(); … … 1076 1075 additionalPanel.hide(); 1077 1076 1078 if (<?php echo $prefix; ?>_requireShipping) {1077 if (<?php echo esc_html($prefix); ?>_requireShipping) { 1079 1078 shippingPanel.fadeIn(); 1080 1079 } else { … … 1095 1094 1096 1095 // Shipping Panel 1097 var shippingNext = shippingPanel.find("#<?php echo $prefix; ?>_shipping_next_button");1098 var shippingBack = shippingPanel.find("#<?php echo $prefix; ?>_shipping_back");1096 var shippingNext = shippingPanel.find("#<?php echo esc_html($prefix); ?>_shipping_next_button"); 1097 var shippingBack = shippingPanel.find("#<?php echo esc_html($prefix); ?>_shipping_back"); 1099 1098 1100 1099 shippingPanel.hide(); … … 1124 1123 }); 1125 1124 1126 if (<?php echo $prefix; ?>_requireShipping) {1125 if (<?php echo esc_html($prefix); ?>_requireShipping) { 1127 1126 shippingBack.on("click", function (event) { 1128 1127 billingPanel.fadeIn(); … … 1138 1137 1139 1138 // Card Panel 1140 var cardPay = cardPanel.find("#<?php echo $prefix; ?>_pay_button");1141 var cardBack = cardPanel.find("#<?php echo $prefix; ?>_card_back");1139 var cardPay = cardPanel.find("#<?php echo esc_html($prefix); ?>_pay_button"); 1140 var cardBack = cardPanel.find("#<?php echo esc_html($prefix); ?>_card_back"); 1142 1141 1143 1142 cardPanel.hide(); … … 1151 1150 1152 1151 1153 function <?php echo $prefix; ?>_secureSubmitResponseHandler(response) {1152 function <?php echo esc_html($prefix); ?>_secureSubmitResponseHandler(response) { 1154 1153 if (response.message) { 1155 1154 processingPanel.hide(); … … 1163 1162 form.append(token_html); 1164 1163 1165 <?php echo $prefix; ?>_do_post();1164 <?php echo esc_html($prefix); ?>_do_post(); 1166 1165 } 1167 1166 } 1168 1167 1169 function <?php echo $prefix; ?>_do_post() {1168 function <?php echo esc_html($prefix); ?>_do_post() { 1170 1169 var datastring = form.serialize(); 1171 var url = "<?php echo admin_url('admin-ajax.php'); ?>";1170 var url = "<?php echo esc_html(admin_url('admin-ajax.php')); ?>"; 1172 1171 1173 1172 if ($.browser && $.browser.msie && $.browser.version <= 9) { … … 1195 1194 1196 1195 1197 function <?php echo $prefix; ?>_tokenize() {1196 function <?php echo esc_html($prefix); ?>_tokenize() { 1198 1197 var expirationParts = cardPanel.find('#card_exp').val().split("/"); 1199 1198 var month = expirationParts[0]; … … 1223 1222 xhr.onload = () => { 1224 1223 if (xhr.readyState == 4 && xhr.status == 201) { 1225 <?php echo $prefix; ?>_secureSubmitResponseHandler(JSON.parse(xhr.responseText));1224 <?php echo esc_html($prefix); ?>_secureSubmitResponseHandler(JSON.parse(xhr.responseText)); 1226 1225 } else { 1227 <?php echo $prefix; ?>_secureSubmitResponseHandler(`Error: ${xhr.status}`);1226 <?php echo esc_html($prefix); ?>_secureSubmitResponseHandler(`Error: ${xhr.status}`); 1228 1227 } 1229 1228 }; … … 1270 1269 $('#modal-launcher, #modal-background').unbind('click'); 1271 1270 frameBody.find('.modal-close').unbind('click'); 1272 <?php echo $prefix; ?>_tokenize();1271 <?php echo esc_html($prefix); ?>_tokenize(); 1273 1272 } 1274 1273 … … 1280 1279 billingPanel.hide(); 1281 1280 1282 if ((<?php echo $prefix; ?>_requireShipping) && (!frameBody.find("#shipping_same").attr("checked"))) {1281 if ((<?php echo esc_html($prefix); ?>_requireShipping) && (!frameBody.find("#shipping_same").attr("checked"))) { 1283 1282 shippingPanel.show(); 1284 1283 } else { … … 1299 1298 1300 1299 // Failure Panel 1301 var failureRetry = failurePanel.find("#<?php echo $prefix; ?>_retry_button");1300 var failureRetry = failurePanel.find("#<?php echo esc_html($prefix); ?>_retry_button"); 1302 1301 failurePanel.hide(); 1303 1302 … … 1324 1323 1325 1324 ?> 1326 <div id="<?php echo $prefix; ?>_formContainer">1327 <form id="<?php echo $prefix; ?>_form">1325 <div id="<?php echo esc_html($prefix); ?>_formContainer"> 1326 <form id="<?php echo esc_html($prefix); ?>_form"> 1328 1327 <input type="hidden" value="" name="securesubmit_token" id="securesubmit_token" /> 1329 <input type="hidden" name="<?php echo $prefix; ?>_product_id" value="<?php echo $productid; ?>" />1328 <input type="hidden" name="<?php echo esc_html($prefix); ?>_product_id" value="<?php echo esc_html($productid); ?>" /> 1330 1329 <input type="hidden" name="action" value="ssd_submit_payment" /> 1331 <input type="hidden" name="prefix" value="<?php echo $prefix; ?>">1330 <input type="hidden" name="prefix" value="<?php echo esc_html($prefix); ?>"> 1332 1331 1333 1332 <?php if ($requireBilling) { ?> … … 1337 1336 <td width="200">First Name:</td> 1338 1337 <td> 1339 <input class="form-text<?php echo $billingRequired; ?>" name="billing_firstname" type="text" />1338 <input class="form-text<?php echo esc_html($billingRequired); ?>" name="billing_firstname" type="text" /> 1340 1339 </td> 1341 1340 </tr> … … 1343 1342 <td>Last Name:</td> 1344 1343 <td> 1345 <input class="form-text<?php echo $billingRequired; ?>" name="billing_lastname" type="text" />1344 <input class="form-text<?php echo esc_html($billingRequired); ?>" name="billing_lastname" type="text" /> 1346 1345 </td> 1347 1346 </tr> … … 1361 1360 <td>Address:</td> 1362 1361 <td> 1363 <input class="form-text<?php echo $billingRequired; ?>" name="billing_address" type="text" />1362 <input class="form-text<?php echo esc_html($billingRequired); ?>" name="billing_address" type="text" /> 1364 1363 </td> 1365 1364 </tr> 1366 1365 <tr> 1367 1366 <td>City:</td> 1368 <td><input class="form-text<?php echo $billingRequired; ?>" name="billing_city" type="text" /></td>1367 <td><input class="form-text<?php echo esc_html($billingRequired); ?>" name="billing_city" type="text" /></td> 1369 1368 </tr> 1370 1369 <?php if ($requireState) { ?> … … 1372 1371 <td>State:</td> 1373 1372 <td> 1374 <select name="billing_state" class="<?php echo $billingRequired; ?>">1373 <select name="billing_state" class="<?php echo esc_html($billingRequired); ?>"> 1375 1374 <option value="AL">Alabama</option> 1376 1375 <option value="AK">Alaska</option> … … 1431 1430 <td>Zip/Postal Code:</td> 1432 1431 <td> 1433 <input class="form-text<?php echo $billingRequired; ?>" name="billing_zip" type="text" />1432 <input class="form-text<?php echo esc_html($billingRequired); ?>" name="billing_zip" type="text" /> 1434 1433 </td> 1435 1434 </tr> … … 1443 1442 <tr> 1444 1443 <td width="200 ">First Name:</td> 1445 <td><input class="form-text<?php echo $shippingRequired; ?>" name="shipping_firstname" type="text" /></td>1444 <td><input class="form-text<?php echo esc_html($shippingRequired); ?>" name="shipping_firstname" type="text" /></td> 1446 1445 </tr> 1447 1446 <tr> 1448 1447 <td>Last Name:</td> 1449 1448 <td> 1450 <input class="form-text<?php echo $shippingRequired; ?>" type="text" name="shipping_lastname" />1449 <input class="form-text<?php echo esc_html($shippingRequired); ?>" type="text" name="shipping_lastname" /> 1451 1450 </td> 1452 1451 </tr> 1453 1452 <tr> 1454 1453 <td>Address:</td> 1455 <td><input class="form-text<?php echo $shippingRequired; ?>" type="text" name="shipping_address" /></td>1454 <td><input class="form-text<?php echo esc_html($shippingRequired); ?>" type="text" name="shipping_address" /></td> 1456 1455 </tr> 1457 1456 <tr> 1458 1457 <td>City:</td> 1459 1458 <td> 1460 <input class="form-text<?php echo $shippingRequired; ?>" type="text" name="shipping_city" />1459 <input class="form-text<?php echo esc_html($shippingRequired); ?>" type="text" name="shipping_city" /> 1461 1460 </td> 1462 1461 </tr> … … 1465 1464 <td>State:</td> 1466 1465 <td> 1467 <select name="shipping_state" class="<?php echo $shippingRequired; ?>" >1466 <select name="shipping_state" class="<?php echo esc_html($shippingRequired); ?>" > 1468 1467 <option value="AL">Alabama</option> 1469 1468 <option value="AK">Alaska</option> … … 1524 1523 <td>Shipping Zip Code:</td> 1525 1524 <td> 1526 <input class="form-text<?php echo $shippingRequired; ?>" type="text" name="shipping_zip" />1525 <input class="form-text<?php echo esc_html($shippingRequired); ?>" type="text" name="shipping_zip" /> 1527 1526 </td> 1528 1527 </tr> … … 1583 1582 $additionalHTML .= "</table>"; 1584 1583 1585 echo $additionalHTML;1584 echo esc_html($additionalHTML); 1586 1585 } 1587 1586 ?> … … 1599 1598 <td width="200">Card Number:</td> 1600 1599 <td> 1601 <div id="<?php echo $prefix; ?>_card_number"></div>1600 <div id="<?php echo esc_html($prefix); ?>_card_number"></div> 1602 1601 </td> 1603 1602 </tr> … … 1605 1604 <td>Expiration:</td> 1606 1605 <td colspan="2"> 1607 <div id="<?php echo $prefix; ?>_exp_month"></div>1606 <div id="<?php echo esc_html($prefix); ?>_exp_month"></div> 1608 1607 </td> 1609 1608 </tr> … … 1611 1610 <td>Card CVC:</td> 1612 1611 <td> 1613 <input class="form-text" type="text" id="<?php echo $prefix; ?>_card_cvc" style="width: 45px;" />1614 <div id="<?php echo $prefix; ?>_card_cvc"></div>1612 <input class="form-text" type="text" id="<?php echo esc_html($prefix); ?>_card_cvc" style="width: 45px;" /> 1613 <div id="<?php echo esc_html($prefix); ?>_card_cvc"></div> 1615 1614 </td> 1616 1615 </tr> … … 1618 1617 <td>Amount:</td> 1619 1618 <td nowrap>$ 1620 <input class="form-text" id="donation_amount_secure" style="display: inline;" type="text" value="<?php echo $amountdefault; ?>" name="donation_amount" <?php if (!empty($productid)):?>disabled="disabled"1619 <input class="form-text" id="donation_amount_secure" style="display: inline;" type="text" value="<?php echo esc_html($amountdefault); ?>" name="donation_amount" <?php if (!empty($productid)):?>disabled="disabled" 1621 1620 <?php endif;?>/></td> 1622 1621 </tr> 1623 1622 <tr> 1624 1623 <td colspan="2"> 1625 <div id="<?php echo $prefix; ?>-donate-response"></div>1624 <div id="<?php echo esc_html($prefix); ?>-donate-response"></div> 1626 1625 </td> 1627 1626 </tr> … … 1641 1640 1642 1641 <?php if ($modal) { ?> 1643 <button id="a<?php echo $prefix; ?>-modal-launcher" class="button-secondary">cancel</button>1642 <button id="a<?php echo esc_html($prefix); ?>-modal-launcher" class="button-secondary">cancel</button> 1644 1643 <?php } ?> 1645 1644 </td> … … 1648 1647 </form> 1649 1648 </div> 1650 <div id="<?php echo $prefix; ?>_success" style="display: none;">1649 <div id="<?php echo esc_html($prefix); ?>_success" style="display: none;"> 1651 1650 <strong>Your Payment was Successful. Thank you!</strong> 1652 1651 </div> … … 1657 1656 var domElement = document.getElementById('ssd-recaptcha'); 1658 1657 var widgetId = grecaptcha.render(domElement, { 1659 'sitekey': '<?php echo $this->recaptchaSiteKey?>'1658 'sitekey': '<?php echo esc_html($this->recaptchaSiteKey) ?>' 1660 1659 }); 1661 1660 jQuery(domElement).attr('data-widget-id', widgetId); 1662 1661 } 1663 1662 </script> 1664 <script src="https://js.globalpay.com/v1/globalpayments.js"></script> 1663 <?php 1664 wp_enqueue_script('global-payments','https://js.globalpay.com/v1/globalpayments.js'); 1665 ?> 1665 1666 <script type="text/javascript"> 1666 1667 <?php … … 1673 1674 }); 1674 1675 1675 var prefix = '<?php echo $prefix; ?>';1676 var prefix = '<?php echo esc_html($prefix); ?>'; 1676 1677 1677 1678 // Create Form … … 1743 1744 clearPaymentFields(); 1744 1745 } else { 1745 var prefix = '<?php echo $prefix; ?>';1746 var prefix = '<?php echo esc_html($prefix); ?>'; 1746 1747 document.getElementById("securesubmit_token").value = response.paymentReference; 1747 1748 do_post(); … … 1753 1754 1754 1755 var datastring = jQuery("#"+prefix+"_form").serialize(); 1755 var url = "<?php echo admin_url('admin-ajax.php'); ?>";1756 var url = "<?php echo esc_html(admin_url('admin-ajax.php')); ?>"; 1756 1757 1757 1758 jQuery.post(url, datastring, function (response) { … … 1779 1780 ); 1780 1781 1781 $("#a<?php echo $prefix; ?>-modal-launcher, #a<?php echo $prefix; ?>-modal-background, #a<?php echo $prefix; ?>-modal-close").click(function () {1782 $("#a<?php echo $prefix; ?>-modal-content,#a<?php echo $prefix; ?>-modal-background").toggleClass("active");1782 $("#a<?php echo esc_html($prefix); ?>-modal-launcher, #a<?php echo esc_html($prefix); ?>-modal-background, #a<?php echo esc_html($prefix); ?>-modal-close").click(function () { 1783 $("#a<?php echo esc_html($prefix); ?>-modal-content,#a<?php echo esc_html($prefix); ?>-modal-background").toggleClass("active"); 1783 1784 }); 1784 1785 … … 1787 1788 ?> 1788 1789 var pk = '<?php echo esc_attr($pkey); ?>'; 1789 var url = "<?php echo admin_url('admin-ajax.php'); ?>";1790 1791 $('#<?php echo $prefix; ?>-securesubmit-button').bind('click', a<?php echo $prefix; ?>_handleSubmit);1792 1793 function a<?php echo $prefix; ?>_handleSubmit() {1790 var url = "<?php echo esc_html(admin_url('admin-ajax.php')); ?>"; 1791 1792 $('#<?php echo esc_html($prefix); ?>-securesubmit-button').bind('click', a<?php echo esc_html($prefix); ?>_handleSubmit); 1793 1794 function a<?php echo esc_html($prefix); ?>_handleSubmit() { 1794 1795 1795 1796 var sameAsBilling = jQuery('[name="same_as_billing"]') && jQuery('[name="same_as_billing"]').is(':checked'); 1796 1797 1797 1798 var continueProcessing = true; 1798 jQuery("#<?php echo $prefix; ?>_form").find('.required').each(function (i, obj) {1799 jQuery("#<?php echo esc_html($prefix); ?>_form").find('.required').each(function (i, obj) { 1799 1800 if (continueProcessing) { 1800 1801 // skip validation if "same as billing" checked and field is shipping info … … 1814 1815 if (continueProcessing) { 1815 1816 1816 var cardNumber = $('#<?php echo $prefix; ?>_card_number').val().replace(/\D/g, ''); // strip out non-numeric1817 var cardNumber = $('#<?php echo esc_html($prefix); ?>_card_number').val().replace(/\D/g, ''); // strip out non-numeric 1817 1818 1818 1819 hps.tokenize({ … … 1820 1821 public_key: pk, 1821 1822 number: cardNumber, 1822 cvc: $('#<?php echo $prefix; ?>_card_cvc').val(),1823 exp_month: $('#<?php echo $prefix; ?>_exp_month').val(),1824 exp_year: $('#<?php echo $prefix; ?>_exp_year').val()1823 cvc: $('#<?php echo esc_html($prefix); ?>_card_cvc').val(), 1824 exp_month: $('#<?php echo esc_html($prefix); ?>_exp_month').val(), 1825 exp_year: $('#<?php echo esc_html($prefix); ?>_exp_year').val() 1825 1826 }, 1826 1827 success: function (response) { 1827 a<?php echo $prefix; ?>_secureSubmitResponseHandler(response);1828 a<?php echo esc_html($prefix); ?>_secureSubmitResponseHandler(response); 1828 1829 }, 1829 1830 error: function (response) { 1830 a<?php echo $prefix; ?>_secureSubmitResponseHandler(response);1831 a<?php echo esc_html($prefix); ?>_secureSubmitResponseHandler(response); 1831 1832 } 1832 1833 }); 1833 1834 1834 $('#<?php echo $prefix; ?>-securesubmit-button').hide();1835 $('#<?php echo esc_html($prefix); ?>-securesubmit-button').hide(); 1835 1836 } 1836 1837 … … 1840 1841 }; 1841 1842 1842 function a<?php echo $prefix; ?>_secureSubmitResponseHandler(response) {1843 function a<?php echo esc_html($prefix); ?>_secureSubmitResponseHandler(response) { 1843 1844 if (response.message) { 1844 1845 alert(response.message); 1845 $('#<?php echo $prefix; ?>-securesubmit-button').show();1846 $('#<?php echo esc_html($prefix); ?>-securesubmit-button').show(); 1846 1847 } else { 1847 $('#<?php echo $prefix; ?>_securesubmit_token').val(response.token_value);1848 a<?php echo $prefix; ?>_chargeToken();1848 $('#<?php echo esc_html($prefix); ?>_securesubmit_token').val(response.token_value); 1849 a<?php echo esc_html($prefix); ?>_chargeToken(); 1849 1850 } 1850 1851 } 1851 1852 1852 function a<?php echo $prefix; ?>_chargeToken() {1853 var form = $('#<?php echo $prefix; ?>_form');1853 function a<?php echo esc_html($prefix); ?>_chargeToken() { 1854 var form = $('#<?php echo esc_html($prefix); ?>_form'); 1854 1855 var sameAsBilling = jQuery('[name="same_as_billing"]') && jQuery('[name="same_as_billing"]').is(':checked'); 1855 1856 var continueProcessing = true; … … 1862 1863 if (jQuery(this).val() == '' || jQuery(this).val() == 'Select an option below') { 1863 1864 alert('Please complete all required fields before proceeding.'); 1864 $('#<?php echo $prefix; ?>-securesubmit-button').show();1865 $('#<?php echo esc_html($prefix); ?>-securesubmit-button').show(); 1865 1866 continueProcessing = false; 1866 1867 return; … … 1871 1872 if (continueProcessing) { 1872 1873 var datastring = form.serialize(); 1873 var url = "<?php echo admin_url('admin-ajax.php'); ?>";1874 var url = "<?php echo esc_html(admin_url('admin-ajax.php')); ?>"; 1874 1875 1875 1876 //wat?! … … 1884 1885 $.post(url, datastring, function (response) { 1885 1886 if (response.indexOf("successful") >= 0) { 1886 $('#<?php echo $prefix; ?>_card_number').val('');1887 $('#<?php echo $prefix; ?>_card_cvc').val('');1888 $('#<?php echo $prefix; ?>_formContainer').hide();1889 $('#<?php echo $prefix; ?>_success').show();1887 $('#<?php echo esc_html($prefix); ?>_card_number').val(''); 1888 $('#<?php echo esc_html($prefix); ?>_card_cvc').val(''); 1889 $('#<?php echo esc_html($prefix); ?>_formContainer').hide(); 1890 $('#<?php echo esc_html($prefix); ?>_success').show(); 1890 1891 1891 1892 } else { … … 1894 1895 grecaptcha.reset($(".g-recaptcha").attr('data-widgit-id')); 1895 1896 } 1896 $('#<?php echo $prefix; ?>-securesubmit-button').show();1897 $('#<?php echo esc_html($prefix); ?>-securesubmit-button').show(); 1897 1898 } 1898 1899 }); … … 1905 1906 [/raw] 1906 1907 <?php } ?> 1907 <script src="https://js.globalpay.com/v1/globalpayments.js"></script> 1908 <?php 1909 wp_enqueue_script('global-payments','https://js.globalpay.com/v1/globalpayments.js'); 1910 ?> 1908 1911 <?php 1909 1912 return ob_get_clean(); … … 1912 1915 function isValidRecaptchaToken($token){ 1913 1916 1914 $curl = curl_init();1915 1917 $recaptchaInfo = array("secret" => $this->recaptchaSecretKey, "response" => $token); 1916 curl_setopt_array($curl, array( 1917 CURLOPT_URL => self::RECAPTCHA_VERIFY_URL, 1918 CURLOPT_RETURNTRANSFER => true, 1919 CURLOPT_SSL_VERIFYPEER => false, 1920 CURLOPT_POST => true, 1921 CURLOPT_POSTFIELDS => $recaptchaInfo, 1922 )); 1923 $response = curl_exec($curl); 1924 curl_close($curl); 1918 $args = array(); 1919 $args['method'] = 'POST'; 1920 $args['timeout'] = 100; 1921 $args['sslverify'] = false; 1922 $args['body'] = $recaptchaInfo; 1923 $args['httpversion'] = '1.0'; 1924 $args['blocking'] = true; 1925 1926 $response = wp_remote_post(self::RECAPTCHA_VERIFY_URL, $args); 1927 $response = wp_remote_retrieve_body( $response ); 1928 1925 1929 if(empty($response)) { 1926 1930 return false; … … 1994 1998 1995 1999 if($amount > $amountCap){ 1996 die(sprintf('Amount cannot be greater than $%01.2f. Please contact customer support for assistance.', $amountCap));2000 die(sprintf('Amount cannot be greater than $%01.2f. Please contact customer support for assistance.', esc_html($amountCap))); 1997 2001 } 1998 2002 … … 2246 2250 } 2247 2251 2248 die( $e->getMessage());2249 } 2250 2251 die('Your Payment was successful! Thank you.' . $body);2252 die(esc_html($e->getMessage())); 2253 } 2254 2255 die('Your Payment was successful! Thank you.' . esc_html($body)); 2252 2256 } 2253 2257 -
securesubmit/trunk/lib/src/Abstractions/HpsBuilderAbstract.php
r1597378 r3252230 93 93 if (!$result) { 94 94 $class = $validation['exceptionType']; 95 throw new $class( $validation['exceptionMessage'], 0);95 throw new $class(esc_attr($validation['exceptionMessage']), 0); 96 96 } 97 97 } … … 150 150 $this->addAction($action); 151 151 } else { 152 throw new HpsUnknownPropertyException( $this, $property);152 throw new HpsUnknownPropertyException(esc_attr($this), esc_attr($property)); 153 153 } 154 154 } -
securesubmit/trunk/lib/src/Abstractions/HpsGatewayServiceAbstract.php
r1597378 r3252230 32 32 if ($this->_isConfigInvalid()) { 33 33 throw new HpsAuthenticationException( 34 HpsExceptionCodes::INVALID_CONFIGURATION,34 esc_attr(HpsExceptionCodes::INVALID_CONFIGURATION), 35 35 "The HPS SDK has not been properly configured. " 36 36 ."Please make sure to initialize the config " … … 48 48 } 49 49 throw new HpsAuthenticationException( 50 HpsExceptionCodes::INVALID_CONFIGURATION,51 $message50 esc_attr(HpsExceptionCodes::INVALID_CONFIGURATION), 51 esc_attr($message) 52 52 ); 53 53 } … … 56 56 57 57 try { 58 $request = curl_init(); 59 curl_setopt($request, CURLOPT_URL, $url); 60 curl_setopt($request, CURLOPT_CONNECTTIMEOUT, 100); 61 curl_setopt($request, CURLOPT_TIMEOUT, 100); 62 curl_setopt($request, CURLOPT_RETURNTRANSFER, true); 63 curl_setopt($request, CURLOPT_SSL_VERIFYPEER, false); 64 curl_setopt($request, CURLOPT_SSL_VERIFYHOST, false); 65 if ($data != null) { 66 $logger->log('Request data', $data); 67 curl_setopt($request, CURLOPT_CUSTOMREQUEST, $httpVerb); 68 curl_setopt($request, CURLOPT_POSTFIELDS, $data); 69 } 70 $logger->log('Request headers', $headers); 71 curl_setopt($request, CURLOPT_HTTPHEADER, $headers); 72 curl_setopt($request, CURLOPT_PROTOCOLS, CURLPROTO_HTTPS); 58 $args = array(); 59 $args['headers'] = $headers; 60 $args['sslverify'] = false; 61 $args['method'] = $httpVerb; 62 $args['timeout'] = 100; 63 $args['body'] = (string)$data; 64 $args['httpversion'] = '1.0'; 65 $args['blocking'] = true; 73 66 74 if ($this->_config->useProxy) { 75 curl_setopt($request, CURLOPT_PROXY, $this->_config->proxyOptions['proxy_host']); 76 curl_setopt($request, CURLOPT_PROXYPORT, $this->_config->proxyOptions['proxy_port']); 67 error_log(print_r($args, true)); 68 $response = wp_remote_post($url, $args); 69 $body = wp_remote_retrieve_body( $response ); 70 71 if ( is_wp_error( $response ) ) { 72 $error_message = $response->get_error_message(); 73 echo "Something went wrong: ". esc_attr($error_message); 74 } else { 75 error_log('remote response start'); 76 error_log(print_r($response,true)); 77 error_log('remote response end'); 77 78 } 78 79 79 if ( 80 $this->_config->curlOptions != null 81 && !empty($this->_config->curlOptions) 82 ) { 83 curl_setopt_array($request, $this->_config->curlOptions); 84 } 80 $curlResponse = $body; 81 $curlInfo['http_code'] = wp_remote_retrieve_response_code($response); 82 $curlError = wp_remote_retrieve_response_code($response); 85 83 86 $curlResponse = curl_exec($request); 87 $curlInfo = curl_getinfo($request); 88 $curlError = curl_errno($request); 89 90 $logger->log('Response data', $curlResponse); 84 $logger->log('Response data:', $curlResponse); 91 85 $logger->log('Curl info', $curlInfo); 92 86 $logger->log('Curl error', $curlError); … … 95 89 throw new HpsException("gateway_time-out"); 96 90 } 91 if ($data != null) { 92 $logger->log('Request data', $data); 93 } 94 $logger->log('Request headers', $headers); 97 95 98 96 if ($curlError == 35) { //CURLE_SSL_CONNECT_ERROR … … 106 104 } catch (Exception $e) { 107 105 throw new HpsGatewayException( 108 $e->getCode() != null ? $e->getCode() : HpsExceptionCodes::UNKNOWN_GATEWAY_ERROR,109 $e->getMessage() != null ? $e->getMessage() : 'Unable to process transaction',106 $e->getCode() != null ? esc_attr($e->getCode()) : esc_attr(HpsExceptionCodes::UNKNOWN_GATEWAY_ERROR), 107 $e->getMessage() != null ? esc_attr($e->getMessage()) : 'Unable to process transaction', 110 108 null, 111 109 null, 112 $e110 esc_attr($e) 113 111 ); 114 112 } -
securesubmit/trunk/lib/src/Entities/HpsDirectMarketData.php
r1597378 r3252230 12 12 13 13 if ($shipMonth == null) { 14 $shipMonth = date('m');14 $shipMonth = gmdate('m'); 15 15 } 16 16 $this->shipMonth = $shipMonth; 17 17 18 18 if ($shipDay == null) { 19 $shipDay = date('d');19 $shipDay = gmdate('d'); 20 20 } 21 21 $this->shipDay = $shipDay; -
securesubmit/trunk/lib/src/Infrastructure/Validation/HpsGatewayResponseValidation.php
r1597378 r3252230 14 14 if (!isset($response->Transaction) || !isset($response->Transaction->$expectedType)) { 15 15 throw new HpsGatewayException( 16 HpsExceptionCodes::UNEXPECTED_GATEWAY_ERROR,16 esc_attr(HpsExceptionCodes::UNEXPECTED_GATEWAY_ERROR), 17 17 'Unexpected response from HPS gateway' 18 18 ); -
securesubmit/trunk/lib/src/Infrastructure/Validation/HpsInputValidation.php
r1597378 r3252230 18 18 if ($amount < 0 || $amount === null) { 19 19 throw new HpsInvalidRequestException( 20 HpsExceptionCodes::INVALID_AMOUNT,20 esc_attr(HpsExceptionCodes::INVALID_AMOUNT), 21 21 'Must be greater than or equal to 0.', 22 22 'amount' … … 36 36 if ($currency == null || $currency == '') { 37 37 throw new HpsInvalidRequestException( 38 HpsExceptionCodes::MISSING_CURRENCY,38 esc_attr(HpsExceptionCodes::MISSING_CURRENCY), 39 39 'Currency cannot be none', 40 40 'currency' … … 42 42 } else if (!in_array(strtolower($currency), $currencies)) { 43 43 throw new HpsInvalidRequestException( 44 HpsExceptionCodes::INVALID_CURRENCY,45 "'". strtolower($currency)."' is not a supported currency",44 esc_attr(HpsExceptionCodes::INVALID_CURRENCY), 45 "'".esc_html(strtolower($currency))."' is not a supported currency", 46 46 'currency' 47 47 ); … … 61 61 public static function checkDateNotFuture($date) 62 62 { 63 $current = date('Y-m-d\TH:i:s.00\Z', time());63 $current = gmdate('Y-m-d\TH:i:s.00\Z', time()); 64 64 65 65 if ($date != null && $date > $current) { 66 66 throw new HpsInvalidRequestException( 67 HpsExceptionCodes::INVALID_DATE,67 esc_attr(HpsExceptionCodes::INVALID_DATE), 68 68 'Date cannot be in the future' 69 69 ); … … 89 89 $errorMessage = 'The value for phone number can be no more than ' . self::$_inputFldMaxLength['PhoneNumber'] . ' characters, Please try again after making corrections'; 90 90 throw new HpsInvalidRequestException( 91 HpsExceptionCodes::INVALID_PHONE_NUMBER, $errorMessage91 esc_attr(HpsExceptionCodes::INVALID_PHONE_NUMBER), esc_attr($errorMessage) 92 92 ); 93 93 } … … 108 108 $errorMessage = 'The value for zip code can be no more than ' . self::$_inputFldMaxLength['ZipCode'] . ' characters, Please try again after making corrections'; 109 109 throw new HpsInvalidRequestException( 110 HpsExceptionCodes::INVALID_ZIP_CODE, $errorMessage110 esc_attr(HpsExceptionCodes::INVALID_ZIP_CODE), esc_attr($errorMessage) 111 111 ); 112 112 } … … 131 131 $errorMessage = "The value for $type can be no more than " . self::$_inputFldMaxLength[$type] . ' characters, Please try again after making corrections'; 132 132 throw new HpsInvalidRequestException( 133 HpsExceptionCodes::INVALID_INPUT_LENGTH, $errorMessage133 esc_attr(HpsExceptionCodes::INVALID_INPUT_LENGTH), esc_attr($errorMessage) 134 134 ); 135 135 } … … 150 150 if(!empty($value) && filter_var($value, FILTER_VALIDATE_EMAIL) === false){ 151 151 throw new HpsInvalidRequestException( 152 HpsExceptionCodes::INVALID_EMAIL_ADDRESS, 'Invalid email address'152 esc_attr(HpsExceptionCodes::INVALID_EMAIL_ADDRESS), 'Invalid email address' 153 153 ); 154 154 } … … 158 158 $errorMessage = "The value for Email can be no more than " . self::$_inputFldMaxLength['Email'] . ' characters, Please try again after making corrections'; 159 159 throw new HpsInvalidRequestException( 160 HpsExceptionCodes::INVALID_INPUT_LENGTH, $errorMessage160 esc_attr(HpsExceptionCodes::INVALID_INPUT_LENGTH), esc_attr($errorMessage) 161 161 ); 162 162 } -
securesubmit/trunk/lib/src/Services/Fluent/Gateway/Credit/HpsCreditServiceListTransactionsBuilder.php
r1597378 r3252230 39 39 parent::execute(); 40 40 41 date_default_timezone_set("UTC");41 wp_timezone_string("UTC"); 42 42 $dateFormat = 'Y-m-d\TH:i:s.00\Z'; 43 43 $current = new DateTime(); -
securesubmit/trunk/lib/src/Services/Fluent/Gateway/HpsFluentCheckService.php
r1597378 r3252230 51 51 ($check->checkHolder == null || $check->checkHolder->checkName == null)) { 52 52 throw new HpsInvalidRequestException( 53 HpsExceptionCodes::MISSING_CHECK_NAME,53 esc_attr(HpsExceptionCodes::MISSING_CHECK_NAME), 54 54 'For SEC code CCD, the check name is required', 55 55 'check_name' … … 102 102 if ($response->responseCode != 0) { 103 103 throw new HpsCheckException( 104 $rsp->Header->GatewayTxnId,105 $response->details,106 $response->responseCode,107 $response->responseText104 esc_html($rsp->Header->GatewayTxnId), 105 esc_html($response->details), 106 esc_html($response->responseCode), 107 esc_html($response->responseText) 108 108 ); 109 109 } -
securesubmit/trunk/lib/src/Services/Fluent/Gateway/HpsFluentCreditService.php
r1597378 r3252230 145 145 } catch (Exception $e) { 146 146 throw new HpsGatewayException( 147 HpsExceptionCodes::GATEWAY_TIMEOUT_REVERSAL_ERROR,147 esc_html(HpsExceptionCodes::GATEWAY_TIMEOUT_REVERSAL_ERROR), 148 148 'Error occurred while reversing a charge due to HPS gateway timeout', 149 $e149 esc_html($e) 150 150 ); 151 151 } … … 175 175 } 176 176 throw new HpsCreditException( 177 $transactionId,178 HpsExceptionCodes::ISSUER_TIMEOUT_REVERSAL_ERROR,177 esc_attr($transactionId), 178 esc_attr(HpsExceptionCodes::ISSUER_TIMEOUT_REVERSAL_ERROR), 179 179 'Error occurred while reversing a charge due to HPS issuer timeout', 180 $e180 esc_attr($e) 181 181 ); 182 182 } catch (HpsException $e) { 183 183 throw new HpsCreditException( 184 $transactionId,185 HpsExceptionCodes::ISSUER_TIMEOUT_REVERSAL_ERROR,184 esc_attr($transactionId), 185 esc_attr(HpsExceptionCodes::ISSUER_TIMEOUT_REVERSAL_ERROR), 186 186 'Error occurred while reversing a charge due to HPS issuer timeout', 187 $e187 esc_attr($e) 188 188 ); 189 189 } … … 204 204 $this->reverse($cardData, $this->_amount, $this->_currency); 205 205 } catch (Exception $e) { 206 throw new HpsGatewayException('0', HpsExceptionCodes::GATEWAY_TIMEOUT_REVERSAL_ERROR);206 throw new HpsGatewayException('0', esc_attr(HpsExceptionCodes::GATEWAY_TIMEOUT_REVERSAL_ERROR)); 207 207 } 208 208 } 209 throw new HpsException('An error occurred and the gateway has timed out', 'gateway_timeout', $e, 'gateway_timeout');209 throw new HpsException('An error occurred and the gateway has timed out', 'gateway_timeout', esc_attr($e), 'gateway_timeout'); 210 210 } 211 211 throw $e; -
securesubmit/trunk/lib/src/Services/Gateway/AltPayment/HpsAltPaymentService.php
r1597378 r3252230 279 279 } catch (Exception $e) { 280 280 throw new HpsGatewayException( 281 HpsExceptionCodes::GATEWAY_TIMEOUT_REVERSAL_ERROR,281 esc_attr(HpsExceptionCodes::GATEWAY_TIMEOUT_REVERSAL_ERROR), 282 282 'Error occurred while reversing a charge due to HPS gateway timeout', 283 $e283 esc_attr($e) 284 284 ); 285 285 } … … 322 322 // } 323 323 // } 324 throw new HpsException('An error occurred and the gateway has timed out', 'gateway_timeout', $e, 'gateway_timeout');324 throw new HpsException('An error occurred and the gateway has timed out', 'gateway_timeout', esc_attr($e), 'gateway_timeout'); 325 325 } 326 326 throw $e; -
securesubmit/trunk/lib/src/Services/Gateway/AltPayment/HpsMasterPassService.php
r1597378 r3252230 424 424 throw new HpsArgumentException( 425 425 'Currency is not supported', 426 HpsExceptionCodes::INVALID_CURRENCY426 esc_attr(HpsExceptionCodes::INVALID_CURRENCY) 427 427 ); 428 428 } … … 549 549 } 550 550 551 throw new HpsException( (string)$response->ErrorDesc);551 throw new HpsException(esc_attr((string)$response->ErrorDesc)); 552 552 } 553 553 … … 569 569 } 570 570 571 throw new HpsException( (string)$response->ErrorDesc);571 throw new HpsException(esc_attr((string)$response->ErrorDesc)); 572 572 } 573 573 -
securesubmit/trunk/lib/src/Services/Gateway/HpsAttachmentService.php
r1597378 r3252230 53 53 $GatewayTxnId = filter_var($GatewayTxnId, FILTER_SANITIZE_NUMBER_FLOAT); 54 54 if (!$GatewayTxnId) { 55 throw new HpsArgumentException('Gateway Transaction ID required', HpsExceptionCodes::INVALID_NUMBER);55 throw new HpsArgumentException('Gateway Transaction ID required', esc_attr(HpsExceptionCodes::INVALID_NUMBER)); 56 56 } 57 57 … … 60 60 // this is a limitation of the gateway and we want to inform the user 61 61 if ($AttachmentTypeProvided && $AttachmentDataId) { 62 throw new HpsGatewayException( HpsExceptionCodes::GATEWAY_ERROR, "Since the AttachmentDataId was provided the AttachmentType was ignored by the server");62 throw new HpsGatewayException(esc_attr(HpsExceptionCodes::GATEWAY_ERROR), "Since the AttachmentDataId was provided the AttachmentType was ignored by the server"); 63 63 trigger_error("Since the AttachmentDataId was provided the AttachmentType was ignored by the server", E_USER_NOTICE); 64 64 } … … 102 102 } catch (HpsException $e) { 103 103 if ($e->innerException != null && $e->innerException->getMessage() == 'gateway_time-out') { 104 throw new HpsException('An error occurred and the gateway has timed out', 'gateway_timeout', $e, 'gateway_timeout');104 throw new HpsException('An error occurred and the gateway has timed out', 'gateway_timeout', esc_attr($e), 'gateway_timeout'); 105 105 } 106 106 throw $e; … … 139 139 if ($gatewayRspCode == '3') { 140 140 throw new HpsGatewayException( 141 HpsExceptionCodes::GATEWAY_ERROR,142 'Image could not be retrieved for ' . $transactionId141 esc_attr(HpsExceptionCodes::GATEWAY_ERROR), 142 'Image could not be retrieved for ' . esc_attr($transactionId) 143 143 ); 144 144 } -
securesubmit/trunk/lib/src/Services/Gateway/HpsCentinelGatewayService.php
r1597378 r3252230 43 43 case '500': 44 44 $faultString = ''; 45 throw new HpsException( $faultString);45 throw new HpsException(esc_attr($faultString)); 46 46 break; 47 47 default: -
securesubmit/trunk/lib/src/Services/Gateway/HpsCheckService.php
r1597378 r3252230 76 76 ($check->checkHolder == null || $check->checkHolder->checkName == null)) { 77 77 throw new HpsInvalidRequestException( 78 HpsExceptionCodes::MISSING_CHECK_NAME,78 esc_attr(HpsExceptionCodes::MISSING_CHECK_NAME), 79 79 'For SEC code CCD, the check name is required', 80 80 'check_name' … … 117 117 if ($response->responseCode != 0) { 118 118 throw new HpsCheckException( 119 $rsp->Header->GatewayTxnId,120 $response->details,121 $response->responseCode,122 $response->responseText119 esc_attr($rsp->Header->GatewayTxnId), 120 esc_attr($response->details), 121 esc_attr($response->responseCode), 122 esc_attr($response->responseText) 123 123 ); 124 124 } -
securesubmit/trunk/lib/src/Services/Gateway/HpsCreditService.php
r3020479 r3252230 277 277 { 278 278 $this->_filterBy = $filterBy; 279 date_default_timezone_set("UTC");279 wp_timezone_string("UTC"); 280 280 $dateFormat = 'Y-m-d\TH:i:s.00\Z'; 281 281 $current = new DateTime(); … … 429 429 } catch (Exception $e) { 430 430 throw new HpsGatewayException( 431 HpsExceptionCodes::GATEWAY_TIMEOUT_REVERSAL_ERROR,431 esc_attr(HpsExceptionCodes::GATEWAY_TIMEOUT_REVERSAL_ERROR), 432 432 'Error occurred while reversing a charge due to HPS gateway timeout', 433 $e433 esc_attr($e) 434 434 ); 435 435 } … … 459 459 } 460 460 throw new HpsCreditException( 461 $transactionId,462 HpsExceptionCodes::ISSUER_TIMEOUT_REVERSAL_ERROR,461 esc_attr($transactionId), 462 esc_attr(HpsExceptionCodes::ISSUER_TIMEOUT_REVERSAL_ERROR), 463 463 'Error occurred while reversing a charge due to HPS issuer timeout', 464 $e464 esc_attr($e) 465 465 ); 466 466 } catch (HpsException $e) { 467 467 throw new HpsCreditException( 468 $transactionId,469 HpsExceptionCodes::ISSUER_TIMEOUT_REVERSAL_ERROR,468 esc_attr($transactionId), 469 esc_attr(HpsExceptionCodes::ISSUER_TIMEOUT_REVERSAL_ERROR), 470 470 'Error occurred while reversing a charge due to HPS issuer timeout', 471 $e471 esc_attr($e) 472 472 ); 473 473 } … … 504 504 $this->reverse($cardData, $this->_amount, $this->_currency); 505 505 } catch (Exception $e) { 506 throw new HpsGatewayException('0', HpsExceptionCodes::GATEWAY_TIMEOUT_REVERSAL_ERROR);506 throw new HpsGatewayException('0', esc_attr(HpsExceptionCodes::GATEWAY_TIMEOUT_REVERSAL_ERROR)); 507 507 } 508 508 } 509 throw new HpsException('An error occurred and the gateway has timed out', 'gateway_timeout', $e, 'gateway_timeout');509 throw new HpsException('An error occurred and the gateway has timed out', 'gateway_timeout', esc_attr($e), 'gateway_timeout'); 510 510 } 511 511 throw $e; -
securesubmit/trunk/lib/src/Services/Gateway/HpsDebitService.php
r1597378 r3252230 215 215 } catch (Exception $e) { 216 216 throw new HpsGatewayException( 217 HpsExceptionCodes::GATEWAY_TIMEOUT_REVERSAL_ERROR,217 esc_attr(HpsExceptionCodes::GATEWAY_TIMEOUT_REVERSAL_ERROR), 218 218 'Error occurred while reversing a charge due to HPS gateway timeout', 219 $e219 esc_attr($e) 220 220 ); 221 221 } … … 245 245 } 246 246 throw new HpsCreditException( 247 $transactionId,248 HpsExceptionCodes::ISSUER_TIMEOUT_REVERSAL_ERROR,247 esc_attr($transactionId), 248 esc_attr(HpsExceptionCodes::ISSUER_TIMEOUT_REVERSAL_ERROR), 249 249 'Error occurred while reversing a charge due to HPS issuer timeout', 250 $e250 esc_attr($e) 251 251 ); 252 252 } catch (HpsException $e) { 253 253 throw new HpsCreditException( 254 $transactionId,255 HpsExceptionCodes::ISSUER_TIMEOUT_REVERSAL_ERROR,254 esc_attr($transactionId), 255 esc_attr(HpsExceptionCodes::ISSUER_TIMEOUT_REVERSAL_ERROR), 256 256 'Error occurred while reversing a charge due to HPS issuer timeout', 257 $e257 esc_attr($e) 258 258 ); 259 259 } … … 279 279 $this->reverse($cardData, $this->_amount, $this->_currency); 280 280 } catch (Exception $e) { 281 throw new HpsGatewayException('0', HpsExceptionCodes::GATEWAY_TIMEOUT_REVERSAL_ERROR);281 throw new HpsGatewayException('0', esc_attr(HpsExceptionCodes::GATEWAY_TIMEOUT_REVERSAL_ERROR)); 282 282 } 283 283 } 284 throw new HpsException('An error occurred and the gateway has timed out', 'gateway_timeout', $e, 'gateway_timeout');284 throw new HpsException('An error occurred and the gateway has timed out', 'gateway_timeout', esc_attr($e), 'gateway_timeout'); 285 285 } 286 286 throw $e; -
securesubmit/trunk/lib/src/Services/Gateway/HpsRestGatewayService.php
r1597378 r3252230 41 41 } 42 42 43 $encodedData = json_encode($data);43 $encodedData = wp_json_encode($data); 44 44 45 45 $identity = array(); … … 82 82 break; 83 83 case '400': 84 throw new HpsException( $response->error->message);84 throw new HpsException(esc_attr($response->error->message)); 85 85 break; 86 86 default: -
securesubmit/trunk/lib/src/Services/Gateway/HpsSoapGatewayService.php
r2957905 r3252230 44 44 $url = $this->_gatewayUrlForKey(); 45 45 $header = array( 46 'Content- type:text/xml;charset="utf-8"',47 'Accept :text/xml',48 'SOAPAction : ""',49 'Content-length : '.strlen($xml->saveXML()),46 'Content-Type' => 'text/xml;charset="utf-8"', 47 'Accept' => 'text/xml', 48 'SOAPAction' => "", 49 'Content-length' => strlen($xml->saveXML()), 50 50 ); 51 51 $data = $xml->saveXML(); … … 66 66 case '500': 67 67 $faultString = $this->_XMLFault2String($curlResponse); 68 throw new HpsException( $faultString);68 throw new HpsException(esc_attr($faultString)); 69 69 break; 70 70 default: -
securesubmit/trunk/lib/src/Services/Gateway/HpsTokenService.php
r1597378 r3252230 42 42 43 43 if (isset($response->error) && is_object($response->error)) { 44 throw new HpsException( $response->error->message, $response->error->code);44 throw new HpsException(esc_attr($response->error->message), esc_attr($response->error->code)); 45 45 } 46 46 -
securesubmit/trunk/readme.txt
r3218401 r3252230 1 1 === WP SecureSubmit === 2 Contributors: markhagan , tonysmedal, mayur-vachchewar3 Tags: donation, donations, payment, buy now, gateway, heartland2 Contributors: markhagan 3 Tags: donation, payment, buy now, securesubmit, heartland 4 4 Requires at least: 3.0.1 5 5 Tested up to: 6.7.1 6 6 Stable tag: trunk 7 License: Custom8 License URI: https://github.com/ SecureSubmit/magento-extension/blob/master/LICENSE7 License: GPLv2 8 License URI: https://github.com/hps/heartland-wordpress-plugin/blob/master/LICENSE.md 9 9 10 10 SecureSubmit allows merchants using Heartland Payment Systems to take PCI-Friendly donations on their WordPress site. … … 50 50 51 51 == Changelog == 52 = 1.5.18 = 53 * Vulnerability fixes 54 52 55 = 1.5.17 = 53 56 * Bugfix: Corrected gateway endpoints
Note: See TracChangeset
for help on using the changeset viewer.