Harden booking, offering exposure, payments, and invites
CI / No Debug Code (pull_request) Successful in 11s
CI / Tests (PHP 8.2) (pull_request) Successful in 1m42s
CI / Tests (PHP 8.3) (pull_request) Successful in 2m17s
CI / Tests (PHP 8.1) (pull_request) Successful in 2m17s
CI / Coding Standards (pull_request) Successful in 2m26s
CI / PHPStan (pull_request) Successful in 2m38s
CI / Build Plugin Zip (pull_request) Has been skipped
CI / No Debug Code (pull_request) Successful in 11s
CI / Tests (PHP 8.2) (pull_request) Successful in 1m42s
CI / Tests (PHP 8.3) (pull_request) Successful in 2m17s
CI / Tests (PHP 8.1) (pull_request) Successful in 2m17s
CI / Coding Standards (pull_request) Successful in 2m26s
CI / PHPStan (pull_request) Successful in 2m38s
CI / Build Plugin Zip (pull_request) Has been skipped
Security fixes from a pen-test review (issues #31–#37): - #31 Booking no longer trusts a client-supplied offering_id: a slot-tied offering is authoritative and any offering used must belong to the slot's instructor, closing a free/misrouted-payment bypass. - #34 Availability slot creation rejects an offering the instructor does not own (AvailabilityEndpoint now takes OfferingRepository). - #32 Offering/question/policy listing endpoints now require book_lesson instead of being public (no anonymous consumer exists); Offering::toArray also omits etransfer_email from listings as defense-in-depth. - #33 Slots are claimed atomically (UPDATE ... WHERE is_booked = 0) before a lesson is inserted, preventing a double-booking race. - #35 A single weekly booking is capped (MAX_WEEKLY_OCCURRENCES) and only creates lessons for slots it actually claimed. - #36 Stripe secret/webhook keys are write-only in the settings UI and a blank submit keeps the stored value; secrets are never echoed back into HTML. - #37 Pending invites expire after 14 days (Invite::isAcceptable), enforced at registration and surfaced on the admin invites list. Adds BookingEndpointTest plus Invite/Offering/AvailabilityRepository coverage and minimal WP_REST_Request/WP_REST_Response stubs. composer test (200), lint, and cs all green. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
@@ -7,8 +7,8 @@ if (! defined('ABSPATH')) {
|
||||
|
||||
/**
|
||||
* @var string $publishableKey
|
||||
* @var string $secretKey
|
||||
* @var string $webhookSecret
|
||||
* @var bool $secretKeySet
|
||||
* @var bool $webhookSecretSet
|
||||
* @var string $webhookUrl
|
||||
* @var string $mode
|
||||
* @var string $currency
|
||||
@@ -41,12 +41,14 @@ if (! defined('ABSPATH')) {
|
||||
</tr>
|
||||
<tr>
|
||||
<th><label for="secret_key"><?php esc_html_e('Secret key', 'unsupervised-schedular'); ?></label></th>
|
||||
<td><input type="password" name="secret_key" id="secret_key" class="regular-text" value="<?php echo esc_attr($secretKey); ?>" autocomplete="off"></td>
|
||||
<td>
|
||||
<input type="password" name="secret_key" id="secret_key" class="regular-text" value="" autocomplete="off" placeholder="<?php echo esc_attr($secretKeySet ? esc_html__('Saved — leave blank to keep', 'unsupervised-schedular') : ''); ?>">
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<th><label for="webhook_secret"><?php esc_html_e('Webhook signing secret', 'unsupervised-schedular'); ?></label></th>
|
||||
<td>
|
||||
<input type="password" name="webhook_secret" id="webhook_secret" class="regular-text" value="<?php echo esc_attr($webhookSecret); ?>" autocomplete="off">
|
||||
<input type="password" name="webhook_secret" id="webhook_secret" class="regular-text" value="" autocomplete="off" placeholder="<?php echo esc_attr($webhookSecretSet ? esc_html__('Saved — leave blank to keep', 'unsupervised-schedular') : ''); ?>">
|
||||
<p class="description">
|
||||
<?php esc_html_e('In the Stripe Dashboard, add a webhook endpoint for the payment_intent.succeeded and payment_intent.payment_failed events pointing at:', 'unsupervised-schedular'); ?><br>
|
||||
<code><?php echo esc_html($webhookUrl); ?></code><br>
|
||||
|
||||
Reference in New Issue
Block a user