Unsupervised/unsupervised-scheduler
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1d6ac46ba353a8984a6d899e5a44d6590b924ce6
unsupervised-scheduler/src/Payment/StudioSettings.php
T
thatguygriff 1d6ac46ba3
CI / No Debug Code (pull_request) Successful in 3s
Details
CI / Tests (PHP 8.2) (pull_request) Successful in 48s
Details
CI / Tests (PHP 8.3) (pull_request) Successful in 52s
Details
CI / Coding Standards (pull_request) Successful in 57s
Details
CI / Tests (PHP 8.1) (pull_request) Successful in 1m1s
Details
CI / PHPStan (pull_request) Successful in 1m11s
Details
CI / Build Plugin Zip (pull_request) Has been skipped
Details
Upgrade PHPStan to 2.x and raise analysis level from 6 to 10 
- Bump phpstan/phpstan ^2.0 and szepeviktor/phpstan-wordpress ^2.0
- Move the analysis level into phpstan.neon (single source) and raise it to 10
- Add Val, a runtime coercion helper that narrows untyped WordPress boundary
  values (wpdb rows, REST params, superglobals, options) with explicit checks
  instead of blind casts, plus unit tests
- Type value-object fromRow() params as stdClass (what wpdb returns) and map
  columns through Val so unexpected shapes degrade safely
- Use %i identifier placeholders for table names in all wpdb::prepare() calls
  so every query string is a literal and identifiers are escaped by WordPress;
  raises the minimum WordPress version to 6.2 where %i was introduced
- Guard wpdb::prepare() null result before wpdb::query() in updateTax()
- Fix nullable get_permalink()/strtotime() handling, list types at REST and
  capability call sites, dead null-coalescing on checked superglobals, and
  narrow get_users() results before mapping
- Register Val method names with the ValidatedSanitizedInput sniff so it
  validates the real sanitizer around each superglobal read
- Update repository unit tests for the %i placeholder arguments

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-06-12 13:42:50 -03:00

117 lines
4.6 KiB
PHP
Raw Blame History

<?php
declare(strict_types=1);
namespace Unsupervised\Schedular\Payment;
use Unsupervised\Schedular\Auth\RoleManager;
use Unsupervised\Schedular\Val;
class StudioSettings {
public const OPT_PUBLISHABLE = 'us_stripe_publishable_key';
public const OPT_SECRET = 'us_stripe_secret_key';
public const OPT_WEBHOOK_SECRET = 'us_stripe_webhook_secret';
public const OPT_MODE = 'us_stripe_mode';
public const OPT_CURRENCY = 'us_currency';
public const OPT_ETRANSFER_EMAIL = 'us_etransfer_email';
public const OPT_HST_RATE = 'us_hst_rate';
public function publishableKey(): string {
return Val::string( get_option( self::OPT_PUBLISHABLE, '' ) );
}
public function secretKey(): string {
return Val::string( get_option( self::OPT_SECRET, '' ) );
}
/**
* The Stripe webhook signing secret (`whsec_…`) used to verify that incoming
* webhook requests genuinely came from Stripe. Empty until configured.
*/
public function webhookSecret(): string {
return Val::string( get_option( self::OPT_WEBHOOK_SECRET, '' ) );
}
public function mode(): string {
return 'live' === get_option( self::OPT_MODE, 'test' ) ? 'live' : 'test';
}
public function currency(): string {
$currency = Val::string( get_option( self::OPT_CURRENCY, 'CAD' ) );
return '' !== $currency ? strtoupper( $currency ) : 'CAD';
}
/**
* The studio-default e-transfer destination email (used when an offering has
* no override).
*/
public function etransferEmail(): string {
return Val::string( get_option( self::OPT_ETRANSFER_EMAIL, '' ) );
}
/**
* Default HST/tax rate as a percentage (e.g. 13.0). 0 means no tax.
*/
public function hstRate(): float {
return max( 0.0, Val::float( get_option( self::OPT_HST_RATE, 0 ) ) );
}
/**
* Whether Stripe is configured. When false the platform falls back to
* e-transfer billing and card processing is unavailable.
*/
public function isStripeConfigured(): bool {
return '' !== $this->publishableKey() && '' !== $this->secretKey();
}
public function renderPage(): void {
if ( ! current_user_can( RoleManager::CAP_MANAGE_BILLING ) ) {
wp_die( esc_html__( 'You do not have permission to manage billing settings.', 'unsupervised-schedular' ) );
}
if ( isset( $_POST['usc_action'] ) && check_admin_referer( 'usc_settings_action' ) ) {
$this->save();
}
$publishableKey = $this->publishableKey();
// Secrets are write-only in the UI: never echo a stored secret back into the
// page. We only surface whether one is set so the field can be left blank to
// keep the existing value.
$secretKeySet = '' !== $this->secretKey();
$webhookSecretSet = '' !== $this->webhookSecret();
$webhookUrl = rest_url( 'us-scheduler/v1/payments/webhook' );
$mode = $this->mode();
$currency = $this->currency();
$etransferEmail = $this->etransferEmail();
$hstRate = $this->hstRate();
$stripeConfigured = $this->isStripeConfigured();
include USC_PLUGIN_DIR . 'templates/admin/settings.php';
}
private function save(): void {
// Nonce is verified by the caller (renderPage) before this method runs.
// phpcs:disable WordPress.Security.NonceVerification.Missing
$mode = sanitize_key( Val::string( wp_unslash( $_POST['mode'] ?? 'test' ) ) );
update_option( self::OPT_PUBLISHABLE, sanitize_text_field( Val::string( wp_unslash( $_POST['publishable_key'] ?? '' ) ) ) );
// Secret fields are write-only: a blank submission keeps the stored secret,
// so an admin saving other settings never wipes the keys.
$secretKey = sanitize_text_field( Val::string( wp_unslash( $_POST['secret_key'] ?? '' ) ) );
if ( '' !== $secretKey ) {
update_option( self::OPT_SECRET, $secretKey );
}
$webhookSecret = sanitize_text_field( Val::string( wp_unslash( $_POST['webhook_secret'] ?? '' ) ) );
if ( '' !== $webhookSecret ) {
update_option( self::OPT_WEBHOOK_SECRET, $webhookSecret );
}
update_option( self::OPT_MODE, 'live' === $mode ? 'live' : 'test' );
update_option( self::OPT_CURRENCY, strtoupper( sanitize_text_field( Val::string( wp_unslash( $_POST['currency'] ?? 'CAD' ) ) ) ) );
update_option( self::OPT_ETRANSFER_EMAIL, sanitize_email( Val::string( wp_unslash( $_POST['etransfer_email'] ?? '' ) ) ) );
// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.MissingUnslash, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized -- Val::float() coerces to float; slashes cannot survive numeric coercion.
$hstRate = isset( $_POST['hst_rate'] ) ? Val::float( $_POST['hst_rate'] ) : 0.0;
update_option( self::OPT_HST_RATE, max( 0.0, $hstRate ) );
// phpcs:enable WordPress.Security.NonceVerification.Missing
}
}
Reference in New Issue View Git Blame Copy Permalink