Skip to content

Commit

Permalink
Escape html chars for order items
Browse files Browse the repository at this point in the history
  • Loading branch information
emilleszczak2 committed Aug 26, 2021
1 parent d0a4ff6 commit f84f929
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 8 deletions.
14 changes: 7 additions & 7 deletions src/includes/class-paynow-gateway.php
Original file line number Diff line number Diff line change
Expand Up @@ -81,25 +81,25 @@ public function payment_request( WC_Order $order, $return_url, $payment_method_i
foreach ( $order->get_items() as $item ) {
$product = $item->get_product();
$order_items[] = [
'name' => $product->get_title(),
'name' => esc_html( $product->get_title() ),
'category' => WC_Pay_By_Paynow_PL_Helper::get_product_categories( $product->get_id() ),
'quantity' => $item->get_quantity(),
'price' => WC_Pay_By_Paynow_PL_Helper::get_amount( WC_Pay_By_Paynow_PL_Helper::is_old_wc_version() ? wc_price( wc_get_price_including_tax( $product ) ) : $product->get_price_including_tax() )
];
}

$order_items = array_filter( $order_items, function ( $item ) {
return ! empty( $item['category'] );
} );
$order_items = array_filter( $order_items, function ( $item ) {
return ! empty( $item['category'] );
} );

if ( ! empty( $order_items ) ) {
$payment_data['orderItems'] = $order_items;
}
}

if ( $this->settings['use_payment_validity_time_flag'] === 'yes' ) {
$payment_data['validityTime'] = $this->settings['payment_validity_time'];
}
if ( $this->settings['use_payment_validity_time_flag'] === 'yes' ) {
$payment_data['validityTime'] = $this->settings['payment_validity_time'];
}

$idempotency_key = substr( uniqid( $order_id, true ), 0, 36 );
$payment = new Payment( $this->client );
Expand Down
2 changes: 1 addition & 1 deletion src/includes/class-wc-pay-by-paynow-pl-helper.php
Original file line number Diff line number Diff line change
Expand Up @@ -96,7 +96,7 @@ public static function get_product_categories( $product_id ) {

$categories = [];
foreach ( $terms as $term ) {
$categories[] = $term->name;
$categories[] = esc_html($term->name);
}

return implode( ', ', $categories );
Expand Down

0 comments on commit f84f929

Please sign in to comment.