Merge pull request #49 from Flutterwave/dev

Pull changes from dev

Author: corneliusyaovi

CHANGELOG.md

@@ -1,4 +1,10 @@
 # Changelog
+## 2.3.6 | 01-09-2025
+Bug Fixes and Webhook Handler improvements.
+### Version Changes
+- [FIXED] Dynamic Adjustment to Custom Permalink Set by Merchant.
+- [FIXED] Redirect Payment option return a Payment Mismatch Error.
+- [FIXED] Reject Invalid Order Reference hooks.
 ## 2.3.5 | 01-01-2024
 Added Support for WooCommerce HPOS.
 ### Version Changes

changelog.txt

@@ -1,4 +1,7 @@
 == Changelog ==
+= 2.3.6 =
+* Fixed: Dynamic Adjustment to Custom Permalink Set by Merchant.
+* Fixed: Redirect Payment option return a Payment Mismatch Error.
 = 2.3.5 =
 * Added: Support for WooCommerce HPOS.
 * Fixed: WooCommerce Blocks Compatibility Issues with WooCommerce 7.0 to 6.9.1.

includes/class-flutterwave.php

@@ -18,14 +18,15 @@ final class Flutterwave {
 	 *
 	 * @var string
 	 */
-	public string $version = '2.3.5';
+	public string $version = '2.3.6';
 
 	/**
 	 * Plugin API version.
 	 *
 	 * @var string
 	 */
 	public string $api_version = 'v3';
+
 	/**
 	 * Plugin instance.
 	 *
@@ -119,7 +120,6 @@ private function init() {
 		register_deactivation_hook( __FILE__, array( $this, 'deactivate' ) );
 
 		$this->register_payment_gateway();
-
 	}
 
 	/**

includes/class-flw-wc-payment-gateway.php

@@ -532,10 +532,38 @@ public function payment_scripts() {
 			$the_order_key = $order->get_order_key();
 			$currency      = $order->get_currency();
 			$custom_nonce  = wp_create_nonce();
-			$redirect_url  = WC()->api_request_url( 'FLW_WC_Payment_Gateway' ) . '?order_id=' . $order_id . '&_wpnonce=' . $custom_nonce;
+			$redirect_url  = '';
 
-			if ( $the_order_id === $order_id && $the_order_key === $order_key ) {
+			$flutterwave_woo_url = WC()->api_request_url( 'FLW_WC_Payment_Gateway' );
+
+			// Parse the base URL to check for existing query parameters.
+			$url_parts = wp_parse_url( $flutterwave_woo_url );
+
+			// If the base URL already has query parameters, merge them with new ones.
+			if ( isset( $url_parts['query'] ) ) {
+				// Convert the query string to an array.
+				parse_str( $url_parts['query'], $query_array );
+
+				// Add the new parameters to the existing query array.
+				$query_array['order_id'] = $order_id;
+
+				// Rebuild the query string with the new parameters.
+				$new_query_string = http_build_query( $query_array );
+
+				// Rebuild the final URL with the new query string.
+				$redirect_url = $url_parts['scheme'] . '://' . $url_parts['host'] . $url_parts['path'] . '?' . $new_query_string;
+			} else {
+				// If no existing query parameters, simply append the new ones.
+				$redirect_url = add_query_arg(
+					array(
+						'order_id' => $order_id,
+						'_wpnonce' => $custom_nonce,
+					),
+					$flutterwave_woo_url
+				);
+			}
 
+			if ( $the_order_id === $order_id && $the_order_key === $order_key ) {
 				$payment_args['email']           = $email;
 				$payment_args['amount']          = $amount;
 				$payment_args['tx_ref']          = $txnref;
@@ -560,7 +588,7 @@ public function payment_scripts() {
 	}
 
 	/**
-	 * Verify payment made on the checkout page
+	 * Verify payment made on the checkout page.
 	 *
 	 * @return void
 	 */
@@ -599,7 +627,7 @@ public function flw_verify_payment() {
 	}
 
 	/**
-	 * Process Webhook
+	 * Process Webhook.
 	 */
 	public function flutterwave_webhooks() {
 		$public_key     = $this->public_key;
@@ -680,6 +708,18 @@ public function flutterwave_webhooks() {
 			$o        = explode( '_', $txn_ref );
 			$order_id = intval( $o[1] );
 			$order    = wc_get_order( $order_id );
+
+			if ( ! $order ) {
+				wp_send_json(
+					array(
+						'status'  => 'error',
+						'message' => 'Invalid Reference',
+						'reason'  => 'Order does not belong to store',
+					),
+					WP_Http::BAD_REQUEST
+				);
+			}
+
 			// get order status.
 			$current_order_status = $order->get_status();
 

includes/client/class-flw-wc-payment-gateway-request.php

@@ -82,7 +82,7 @@ private function generate_checkout_hash( array $data ): string {
 	public function get_prepared_payload( \WC_Order $order, string $secret_key, bool $testing = false ): array {
 		$order_id = $order->get_id();
 		$txnref   = 'WOOC_' . $order_id . '_' . time();
-		$amount   = $order->get_total();
+		$amount   = (float) $order->get_total();
 		$currency = $order->get_currency();
 		$email    = $order->get_billing_email();
 
@@ -95,21 +95,48 @@ public function get_prepared_payload( \WC_Order $order, string $secret_key, bool
 			throw new \InvalidArgumentException( 'This Payment Method is current unavailable as Administrator is yet to Configure it.Please contact Administrator for more information.' );
 		}
 
-		$data_to_hash  = array(
+		$data_to_hash = array(
 			'amount'     => $amount,
 			'currency'   => $currency,
 			'email'      => $email,
 			'tx_ref'     => $txnref,
 			'secret_key' => $secret_key,
 		);
+
 		$checkout_hash = $this->generate_checkout_hash( $data_to_hash );
 
+		// Parse the base URL to check for existing query parameters.
+		$url_parts = wp_parse_url( $this->notify_url );
+
+		// If the base URL already has query parameters, merge them with new ones.
+		if ( isset( $url_parts['query'] ) ) {
+			// Convert the query string to an array.
+			parse_str( $url_parts['query'], $query_array );
+
+			// Add the new parameters to the existing query array.
+			$query_array['order_id'] = $order_id;
+
+			// Rebuild the query string with the new parameters.
+			$new_query_string = http_build_query( $query_array );
+
+			// Rebuild the final URL with the new query string.
+			$callback_url = $url_parts['scheme'] . '://' . $url_parts['host'] . $url_parts['path'] . '?' . $new_query_string;
+		} else {
+			// If no existing query parameters, simply append the new ones.
+			$callback_url = add_query_arg(
+				array(
+					'order_id' => $order_id,
+				),
+				$this->notify_url
+			);
+		}
+
 		return array(
 			'amount'          => $amount,
 			'tx_ref'          => $txnref,
 			'currency'        => $currency,
 			'payment_options' => 'card',
-			'redirect_url'    => $this->notify_url . '?order_id=' . $order_id,
+			'redirect_url'    => $callback_url,
 			'payload_hash'    => $checkout_hash,
 			'customer'        => array(
 				'email'        => $email,

package-lock.json

@@ -1,7 +1,7 @@
 {
 	"name": "rave-woocommerce-payment-gateway",
 	"title": "flutterwave-woocommerce",
-	"version": "2.3.5",
+	"version": "2.3.6",
 	"description": "Official WooCommerce payment gateway for Flutterwave",
 	"scripts": {
 		"postinstall": "composer install",

package.json

@@ -3,13 +3,13 @@
  * Plugin Name: Flutterwave WooCommerce
  * Plugin URI: https://developer.flutterwave.com/
  * Description: Official WooCommerce payment gateway for Flutterwave.
- * Version: 2.3.5
+ * Version: 2.3.6
  * Author: Flutterwave Developers
  * Author URI: http://flutterwave.com/us
  * License: MIT License
  * Text Domain: rave-woocommerce-payment-gateway
  * Domain Path: i18n/languages
- * WC requires at least:   6.9.1
+ * WC requires at least:   9.6.0
  * WC tested up to:        8.4.0
  * Requires at least:      5.6
  * Requires PHP:           7.4

rave-woocommerce-payment-gateway.php

@@ -2,8 +2,8 @@
 Contributors: theflutterwave
 Tags: fintech,flutterwave, woocommerce, payments, nigeria, mastercard, visa, target,Naira,payments,verve,donation,church,shop,store, ghana, kenya, international, mastercard, visa
 Requires at least: 3.1
-Tested up to: 6.4.2
-Stable tag: 2.3.5
+Tested up to: 6.7.1
+Stable tag: 2.3.6
 License: MIT
 License URI: https://github.com/Flutterwave/Woocommerce/blob/master/LICENSE
 
@@ -96,6 +96,9 @@ By contributing to the Flutterwave WooCommerce, you agree that your contribution
 1. You need to open an account on [Flutterwave for Business](https://dashboard.flutterwave.com)
 
 == Changelog ==
+= 2.3.6 =
+* Fixed: Dynamic Adjustment to Custom Permalink Set by Merchant.
+* Fixed: Redirect Payment option return a Payment Mismatch Error.
 = 2.3.5 =
 * Added: Support for HPOS.
 * Fixed: compatibility with WooCommerce 7.1 to 6.9.1

readme.txt

@@ -49,7 +49,7 @@ public function data_provider_for_test_get_prepared_payload(): array {
 			$txnref = 'WOOC_'.$order->get_id().'_TEST';
 
 			$data_to_join  = array(
-				'amount'     => $order->get_total(),
+				'amount'     => (float) $order->get_total(),
 				'currency'   => $order->get_currency(),
 				'email'      => $order->get_billing_email(),
 				'tx_ref'     => $txnref,
@@ -72,11 +72,11 @@ public function data_provider_for_test_get_prepared_payload(): array {
 					$order,
 					'FLWSECK-XXXXXXXXXXXXXXX-X',
 					[
-						'amount'          => $order->get_total(),
+						'amount'          => (float) $order->get_total(),
 						'tx_ref'          => $txnref,
 						'currency'        => $order->get_currency(),
 						'payment_options' => 'card',
-						'redirect_url'    => get_site_url().'/?wc-api=FLW_WC_Payment_Gateway?order_id=1',
+						'redirect_url'    => get_site_url().'/?wc-api=FLW_WC_Payment_Gateway&order_id=1',
 						'payload_hash'   => $hash,
 						'customer'        => [
 							'email'        => '[email protected]',