From 63fa2dbfd4dcb26ee723a78accd6de95c4f86d0b Mon Sep 17 00:00:00 2001
From: Andreas Tasch <andy.tasch@gmail.com>
Date: Fri, 14 Jan 2022 14:54:20 +0100
Subject: [PATCH] Fixing plugin review problems. Fixing unhandled exception.

---
 btcpay-greenfield-for-woocommerce.php | 15 ++++++++++-----
 readme.txt                            |  2 +-
 src/Admin/Notice.php                  |  3 +--
 src/Gateway/AbstractGateway.php       |  1 +
 src/Helper/GreenfieldApiHelper.php    | 24 ++++++++++++++----------
 src/Helper/OrderStates.php            |  8 ++++----
 6 files changed, 31 insertions(+), 22 deletions(-)

diff --git a/btcpay-greenfield-for-woocommerce.php b/btcpay-greenfield-for-woocommerce.php
index 2d0f899..93109cf 100644
--- a/btcpay-greenfield-for-woocommerce.php
+++ b/btcpay-greenfield-for-woocommerce.php
@@ -7,7 +7,7 @@
  * Author URI:      https://btcpayserver.org
  * Text Domain:     btcpay-greenfield-for-woocommerce
  * Domain Path:     /languages
- * Version:         0.1.1
+ * Version:         0.1.2
  * Requires PHP:    7.4
  * Tested up to:    5.8
  * Requires at least: 5.2
@@ -146,9 +146,9 @@ public function processAjaxApiUrl() {
 		}
 
 		if ( current_user_can( 'manage_options' ) ) {
-			$host = $_POST['host'];
+			$host = filter_var($_POST['host'], FILTER_VALIDATE_URL);
 
-			if (!filter_var($host, FILTER_VALIDATE_URL) || (substr( $host, 0, 7 ) !== "http://" && substr( $host, 0, 8 ) !== "https://")) {
+			if ($host === false || (substr( $host, 0, 7 ) !== "http://" && substr( $host, 0, 8 ) !== "https://")) {
 				wp_send_json_error("Error validating BTCPayServer URL.");
 			}
 
@@ -214,11 +214,16 @@ function init_btcpay_greenfield() {
 	$btcPaySettingsUrl = admin_url('admin.php?page=wc-settings&tab=btcpay_settings');
 
 	$rawData = file_get_contents('php://input');
-	$data = json_decode( $rawData, TRUE );
+	$data = json_decode( $rawData, true );
 
 	// Seems data does get submitted with url-encoded payload.
 	if (!empty($_POST)) {
-		$data = $_POST;
+		$data['apiKey'] = esc_attr($_POST['apiKey'] ?? null);
+		if (is_array($_POST['permissions'])) {
+			foreach ($_POST['permissions'] as $key => $value) {
+				$data['permissions'][$key] = esc_attr($_POST['permissions'][$key] ?? null);
+			}
+		}
 	}
 
 	if (isset($data['apiKey']) && isset($data['permissions'])) {
diff --git a/readme.txt b/readme.txt
index 2aafbe9..c6be2ab 100644
--- a/readme.txt
+++ b/readme.txt
@@ -5,7 +5,7 @@ Tags: bitcoin, btcpay, BTCPay Server, btcpayserver, WooCommerce, payment gateway
 Requires at least: 4.5
 Tested up to: 5.8.2
 Requires PHP: 7.4
-Stable tag: 0.1.1
+Stable tag: 0.1.2
 License: MIT
 License URI: https://github.com/btcpayserver/woocommerce-greenfield-plugin/blob/master/license.txt
 
diff --git a/src/Admin/Notice.php b/src/Admin/Notice.php
index a7eeb65..ab5069f 100644
--- a/src/Admin/Notice.php
+++ b/src/Admin/Notice.php
@@ -12,10 +12,9 @@ public static function addNotice( string $level, string $message, bool $dismissi
 		add_action(
 			'admin_notices',
 			function () use ( $level, $message, $dismissible ) {
-				$levelC = esc_attr( $level );
 				$dismiss = $dismissible ? ' is-dismissible' : '';
 				?>
-				<div class="notice notice-<?php echo $levelC . $dismiss; ?>" style="padding:12px 12px">
+				<div class="notice notice-<?php echo esc_attr( $level ) . esc_attr( $dismiss ); ?>" style="padding:12px 12px">
 					<?php echo '<strong>BTCPay Server:</strong> ' . wp_kses_post( $message ) ?>
 				</div>
 				<?php
diff --git a/src/Gateway/AbstractGateway.php b/src/Gateway/AbstractGateway.php
index 192dfbe..4f690fe 100644
--- a/src/Gateway/AbstractGateway.php
+++ b/src/Gateway/AbstractGateway.php
@@ -45,6 +45,7 @@ public function __construct() {
 	 * Initialise Gateway Settings Form Fields
 	 */
 	public function init_form_fields() {
+		wp_enqueue_media();
 		wp_register_script(
 			'btcpay_gf_abstract_gateway',
 			BTCPAYSERVER_PLUGIN_URL . 'assets/js/gatewayIconMedia.js',
diff --git a/src/Helper/GreenfieldApiHelper.php b/src/Helper/GreenfieldApiHelper.php
index 8caede5..8f73fd9 100644
--- a/src/Helper/GreenfieldApiHelper.php
+++ b/src/Helper/GreenfieldApiHelper.php
@@ -70,17 +70,21 @@ public static function supportedPaymentMethods(): array {
 		if ($config = self::getConfig()) {
 			$client = new StorePaymentMethod($config['url'], $config['api_key']);
 			if ($storeId = get_option('btcpay_gf_store_id')) {
-				$pmResult = $client->getPaymentMethods($storeId);
-				/** @var AbstractStorePaymentMethodResult $pm */
-				foreach ($pmResult as $pm) {
-					if ($pm->isEnabled() && $pmName = $pm->getData()['paymentMethod'] )  {
-						// Convert - to _ for later use in gateway class generator.
-						$symbol = str_replace('-', '_', $pmName);
-						$paymentMethods[] = [
-							'symbol' => $symbol,
-							'className' => "BTCPay_GF_{$symbol}"
-						];
+				try {
+					$pmResult = $client->getPaymentMethods($storeId);
+					/** @var AbstractStorePaymentMethodResult $pm */
+					foreach ($pmResult as $pm) {
+						if ($pm->isEnabled() && $pmName = $pm->getData()['paymentMethod'] )  {
+							// Convert - to _ for later use in gateway class generator.
+							$symbol = str_replace('-', '_', $pmName);
+							$paymentMethods[] = [
+								'symbol' => esc_attr($symbol),
+								'className' => "BTCPay_GF_{$symbol}"
+							];
+						}
 					}
+				} catch (\Throwable $e) {
+					Logger::debug('Exception loading payment methods: ' . $e->getMessage(), true);
 				}
 			}
 		}
diff --git a/src/Helper/OrderStates.php b/src/Helper/OrderStates.php
index 904ef8d..60147fd 100644
--- a/src/Helper/OrderStates.php
+++ b/src/Helper/OrderStates.php
@@ -59,9 +59,9 @@ public function renderOrderStatesHtml($value) {
 					foreach ($btcpayStates as $btcpayState => $btcpayName) {
 						?>
 						<tr>
-							<th><?php echo $btcpayName; ?></th>
+							<th><?php echo esc_html($btcpayName); ?></th>
 							<td>
-								<select name="<?php echo esc_attr($value['id']) ?>[<?php echo $btcpayState; ?>]">
+								<select name="<?php echo esc_attr($value['id']) ?>[<?php echo esc_html($btcpayState); ?>]">
 									<?php
 
 									foreach ($wcStates as $wcState => $wcName) {
@@ -72,9 +72,9 @@ public function renderOrderStatesHtml($value) {
 										}
 
 										if ($selectedOption === $wcState) {
-											echo "<option value=\"$wcState\" selected>$wcName</option>" . PHP_EOL;
+											echo '<option value="' . esc_attr($wcState) . '" selected>' . esc_html($wcName) . '</option>' . PHP_EOL;
 										} else {
-											echo "<option value=\"$wcState\">$wcName</option>" . PHP_EOL;
+											echo '<option value="' . esc_attr($wcState) . '">' . esc_html($wcName) . '</option>' . PHP_EOL;
 										}
 									}
 									?>