From de6e9442391556205872270f5e2ae8dd1631ab17 Mon Sep 17 00:00:00 2001 From: Alexandru Lighezan Date: Fri, 15 Sep 2023 14:52:49 +0100 Subject: [PATCH 1/4] PLUG-64: Remove client_secret from request body when logging --- classes/class-truelayer-logger.php | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/classes/class-truelayer-logger.php b/classes/class-truelayer-logger.php index ee9fdba..05e0f2e 100644 --- a/classes/class-truelayer-logger.php +++ b/classes/class-truelayer-logger.php @@ -74,12 +74,18 @@ public static function format_log( $truelayer_order_id, $method, $title, $reques } // Unset the snippet to prevent issues in the request body. if ( isset( $request_args['body'] ) ) { - $request_body = json_decode( $request_args['body'], true ); - if ( isset( $request_body['OrderHtmlSnippet'] ) ) { - unset( $request_body['OrderHtmlSnippet'] ); - $request_args['body'] = wp_json_encode( $request_body ); - } - } + $request_body = json_decode($request_args['body'], true); + + if (isset($request_body['OrderHtmlSnippet'])) { + unset($request_body['OrderHtmlSnippet']); + $request_args['body'] = wp_json_encode($request_body); + } + + if (isset($request_body['client_secret'])) { + unset($request_body['client_secret']); + $request_args['body'] = wp_json_encode($request_body); + } + } // Remove Authorization token if it is returned. if ( ! is_wp_error( $response ) && isset( $response['body'] ) ) { From 2d1c448fa1b1e33b0a0b6967a7b4179e8524d7e4 Mon Sep 17 00:00:00 2001 From: Alexandru Lighezan Date: Fri, 15 Sep 2023 15:03:52 +0100 Subject: [PATCH 2/4] PLUG-64: Formatting --- classes/class-truelayer-logger.php | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/classes/class-truelayer-logger.php b/classes/class-truelayer-logger.php index 05e0f2e..1a0dd05 100644 --- a/classes/class-truelayer-logger.php +++ b/classes/class-truelayer-logger.php @@ -72,20 +72,20 @@ public static function format_log( $truelayer_order_id, $method, $title, $reques if ( ! is_wp_error( $response ) && isset( $response['OrderHtmlSnippet'] ) ) {// todo check snippet. unset( $response['OrderHtmlSnippet'] ); } - // Unset the snippet to prevent issues in the request body. + // Unset the snippet to prevent issues in the request body. if ( isset( $request_args['body'] ) ) { - $request_body = json_decode($request_args['body'], true); - - if (isset($request_body['OrderHtmlSnippet'])) { - unset($request_body['OrderHtmlSnippet']); - $request_args['body'] = wp_json_encode($request_body); - } - - if (isset($request_body['client_secret'])) { - unset($request_body['client_secret']); - $request_args['body'] = wp_json_encode($request_body); - } - } + $request_body = json_decode($request_args['body'], true); + + if (isset($request_body['OrderHtmlSnippet'])) { + unset($request_body['OrderHtmlSnippet']); + $request_args['body'] = wp_json_encode($request_body); + } + + if (isset($request_body['client_secret'])) { + unset($request_body['client_secret']); + $request_args['body'] = wp_json_encode($request_body); + } + } // Remove Authorization token if it is returned. if ( ! is_wp_error( $response ) && isset( $response['body'] ) ) { From a9b1fd9677506ded4d912804ea7e1e6145bd2df2 Mon Sep 17 00:00:00 2001 From: Alexandru Lighezan Date: Fri, 15 Sep 2023 15:04:55 +0100 Subject: [PATCH 3/4] PLUG-64: Formatting --- classes/class-truelayer-logger.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/classes/class-truelayer-logger.php b/classes/class-truelayer-logger.php index 1a0dd05..175a42a 100644 --- a/classes/class-truelayer-logger.php +++ b/classes/class-truelayer-logger.php @@ -72,7 +72,8 @@ public static function format_log( $truelayer_order_id, $method, $title, $reques if ( ! is_wp_error( $response ) && isset( $response['OrderHtmlSnippet'] ) ) {// todo check snippet. unset( $response['OrderHtmlSnippet'] ); } - // Unset the snippet to prevent issues in the request body. + + // Unset the snippet to prevent issues in the request body. if ( isset( $request_args['body'] ) ) { $request_body = json_decode($request_args['body'], true); From e54e5cc84809e8af2e625ed5741197d8a7d1247b Mon Sep 17 00:00:00 2001 From: Alexandru Lighezan Date: Fri, 15 Sep 2023 15:44:26 +0100 Subject: [PATCH 4/4] PLUG-64: Update versioning --- readme.txt | 5 ++++- truelayer-for-woocommerce.php | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/readme.txt b/readme.txt index f7349d7..177be47 100644 --- a/readme.txt +++ b/readme.txt @@ -8,7 +8,7 @@ WC requires at least: 6.0.0 WC tested up to: 7.6.1 License: GPLv3 License URI: http://www.gnu.org/licenses/gpl-3.0.html -Stable tag: 1.2.0 +Stable tag: 1.2.1 TrueLayer for WooCommerce is a plugin that extends WooCommerce, allowing you to take payments via TrueLayer. @@ -54,6 +54,9 @@ More information on how to get started can be found in the [plugin documentation 6. Read more about the configuration process in the [plugin documentation](https://docs.krokedil.com/truelayer-for-woocommerce/). == CHANGELOG == += 2023.09.15 - version 1.2.1 = +* Fix - Remove sensitive data from logs + = 2023.05.08 - version 1.2.0 = * Feature - Added support for embedded payment page for the checkout as a option. * Feature - Add customer address to the create payment request if we have any. diff --git a/truelayer-for-woocommerce.php b/truelayer-for-woocommerce.php index e4a3bec..62a78ef 100644 --- a/truelayer-for-woocommerce.php +++ b/truelayer-for-woocommerce.php @@ -5,7 +5,7 @@ * Description: TrueLayer for WooCommerce. * Author: Krokedil * Author URI: https://krokedil.com/ - * Version: 1.2.0 + * Version: 1.2.1 * Text Domain: truelayer-for-woocommerce * Domain Path: /languages * @@ -29,7 +29,7 @@ define( 'TRUELAYER_WC_MAIN_FILE', __FILE__ ); define( 'TRUELAYER_WC_PLUGIN_PATH', untrailingslashit( plugin_dir_path( __FILE__ ) ) ); define( 'TRUELAYER_WC_PLUGIN_URL', untrailingslashit( plugin_dir_url( __FILE__ ) ) ); -define( 'TRUELAYER_WC_PLUGIN_VERSION', '1.2.0' ); +define( 'TRUELAYER_WC_PLUGIN_VERSION', '1.2.1' ); if ( ! class_exists( 'TrueLayer_For_WooCommerce' ) ) { /**