From d03e54ce3cc1dad2f7e1a29ae6ed7217e96c3f2a Mon Sep 17 00:00:00 2001
From: emilleszczak2 <emil.leszczak@intramedium.pl>
Date: Tue, 8 Jun 2021 13:20:28 +0200
Subject: [PATCH 1/3] Release 2.2.7

---
 composer.json            | 2 +-
 src/pay-by-paynow-pl.php | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/composer.json b/composer.json
index 8fd272e..4c9fae7 100644
--- a/composer.json
+++ b/composer.json
@@ -2,7 +2,7 @@
   "name": "pay-now/paynow-woocommerce",
   "description": "paynow.pl plugin for WooCommerce",
   "license": "GPLv3",
-  "version": "2.2.6",
+  "version": "2.2.7",
   "authors": [
     {
       "name": "mElements S.A.",
diff --git a/src/pay-by-paynow-pl.php b/src/pay-by-paynow-pl.php
index 9caae0e..f329cd0 100644
--- a/src/pay-by-paynow-pl.php
+++ b/src/pay-by-paynow-pl.php
@@ -3,7 +3,7 @@
  * Plugin Name: Pay by paynow.pl
  * Plugin URI: https://github.com/pay-now/paynow-woocommerce
  * Description: Accepts secure BLIK, credit cards payments and fast online transfers by paynow.pl
- * Version: 2.2.6
+ * Version: 2.2.7
  * Requires PHP: 7.1
  * Author: mElements S.A.
  * Author URI: https://www.paynow.pl

From f84f9295ca335a68319c99123729188d4a324687 Mon Sep 17 00:00:00 2001
From: emilleszczak2 <emil.leszczak@intramedium.pl>
Date: Thu, 26 Aug 2021 19:47:29 +0200
Subject: [PATCH 2/3] Escape html chars for order items

---
 src/includes/class-paynow-gateway.php             | 14 +++++++-------
 src/includes/class-wc-pay-by-paynow-pl-helper.php |  2 +-
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/src/includes/class-paynow-gateway.php b/src/includes/class-paynow-gateway.php
index 0930986..1372b36 100644
--- a/src/includes/class-paynow-gateway.php
+++ b/src/includes/class-paynow-gateway.php
@@ -81,25 +81,25 @@ public function payment_request( WC_Order $order, $return_url, $payment_method_i
 			foreach ( $order->get_items() as $item ) {
 				$product       = $item->get_product();
 				$order_items[] = [
-					'name'     => $product->get_title(),
+					'name'     => esc_html( $product->get_title() ),
 					'category' => WC_Pay_By_Paynow_PL_Helper::get_product_categories( $product->get_id() ),
 					'quantity' => $item->get_quantity(),
 					'price'    => WC_Pay_By_Paynow_PL_Helper::get_amount( WC_Pay_By_Paynow_PL_Helper::is_old_wc_version() ? wc_price( wc_get_price_including_tax( $product ) ) : $product->get_price_including_tax() )
 				];
 			}
 
-            $order_items = array_filter( $order_items, function ( $item ) {
-                return ! empty( $item['category'] );
-            } );
+			$order_items = array_filter( $order_items, function ( $item ) {
+				return ! empty( $item['category'] );
+			} );
 
 			if ( ! empty( $order_items ) ) {
 				$payment_data['orderItems'] = $order_items;
 			}
 		}
 
-        if ( $this->settings['use_payment_validity_time_flag'] === 'yes' ) {
-            $payment_data['validityTime'] = $this->settings['payment_validity_time'];
-        }
+		if ( $this->settings['use_payment_validity_time_flag'] === 'yes' ) {
+			$payment_data['validityTime'] = $this->settings['payment_validity_time'];
+		}
 
 		$idempotency_key = substr( uniqid( $order_id, true ), 0, 36 );
 		$payment         = new Payment( $this->client );
diff --git a/src/includes/class-wc-pay-by-paynow-pl-helper.php b/src/includes/class-wc-pay-by-paynow-pl-helper.php
index 668ae0d..22830ec 100644
--- a/src/includes/class-wc-pay-by-paynow-pl-helper.php
+++ b/src/includes/class-wc-pay-by-paynow-pl-helper.php
@@ -96,7 +96,7 @@ public static function get_product_categories( $product_id ) {
 
 		$categories = [];
 		foreach ( $terms as $term ) {
-			$categories[] = $term->name;
+			$categories[] = esc_html($term->name);
 		}
 
 		return implode( ', ', $categories );

From 3a8ed1d405c421e5a21e5c689987b560a3d907db Mon Sep 17 00:00:00 2001
From: emilleszczak2 <emil.leszczak@intramedium.pl>
Date: Fri, 27 Aug 2021 08:25:30 +0200
Subject: [PATCH 3/3] Fix travis ci

---
 .travis.yml                 | 1 -
 scripts/deploy_to_wp_svn.sh | 6 ++++--
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index 446e9a2..864c8f2 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -13,7 +13,6 @@ deploy:
     tags: true
 
 after_deploy:
-  - cd ..
   - bash ./scripts/deploy_to_wp_svn.sh
 
 script: skip
diff --git a/scripts/deploy_to_wp_svn.sh b/scripts/deploy_to_wp_svn.sh
index 65f5509..538d477 100755
--- a/scripts/deploy_to_wp_svn.sh
+++ b/scripts/deploy_to_wp_svn.sh
@@ -29,7 +29,7 @@ if [ $error == 0 ]; then
     echo "Tag already exists for version $VERSION, aborting deployment"
     exit 1
 fi
-  
+
 cd "$PLUGIN_BUILDS_PATH"
 
 # Clean up any previous svn dir
@@ -77,6 +77,8 @@ rm -fR svn-trunk
 mkdir svn/tags/$VERSION
 rsync -r -p $PLUGIN/* svn/tags/$VERSION
 
+cd $PLUGIN_BUILDS_PATH
+
 # Add new files to SVN
 svn stat svn | grep '^?' | awk '{print $2}' | xargs -I x svn add x@
 # Remove deleted files from SVN
@@ -86,5 +88,5 @@ svn stat svn
 # Commit to SVN
 svn ci --no-auth-cache --username $WP_ORG_USERNAME --password $WP_ORG_PASSWORD svn -m "Deploy version $VERSION"
 
-# Remove SVN temp dir
+ Remove SVN temp dir
 rm -fR svn
\ No newline at end of file