dwindown/formipay
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs: add comprehensive audit report and architectural recommendation

Browse Source 
Checkpoint before implementation. Includes audit findings (FINDINGS.md),
architectural recommendation (RECOMMENDATION.md), and existing code changes
to Form, Order, Render, and form-action.js from recent development.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
dwindown
2026-04-17 17:00:47 +07:00
parent 0446eb1064
commit 35569923a5
6 changed files with 1014 additions and 153 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
includes/Form.php
View File

@@ -851,11 +851,46 @@ class Form {
'group' => 'started',
'description' => __( 'Add static product or custom item to form as default and non-editable item in order items.', 'formipay' )
],
'static_products' => [
'type' => 'autocomplete',
'post_type' => ['formipay-product'],
'label' => __( 'Assign Product', 'formipay' ),
'description' => __( 'Selected products will be added to the order items automatically, even if it is not added to cart.', 'formipay' )
// 'static_products' => [
// 'type' => 'autocomplete',
// 'post_type' => ['formipay-product'],
// 'label' => __( 'Assign Product', 'formipay' ),
// 'description' => __( 'Selected products will be added to the order items automatically, even if it is not added to cart.', 'formipay' )
// ],
'static_product' => [
'type' => 'repeater',
'label' => __( 'Static Product', 'formipay' ),
'description' => __( 'Selected products will be added to the order items automatically, even if it is not added to cart.', 'formipay' ),
'fields' => [
'default_qty' => [
'type' => 'number',
'label' => __( 'Default Qty', 'formipay' ),
'description' => __( 'Set default quantity', 'formipay' )
],
'editable_qty' => [
'type' => 'checkbox',
'label' => __( 'Editable Qty', 'formipay' ),
'description' => __( 'User can set quantity as they want', 'formipay' )
],
'minimum_qty' => [
'type' => 'number',
'label' => __( 'Minimum Qty', 'formipay' ),
'description' => __( 'Restrict buyer to set below this number', 'formipay' ),
'dependency' => [
'key' => 'editable_qty',
'value' => 'not_empty'
]
],
'maximum_qty' => [
'type' => 'number',
'label' => __( 'Minimum Qty', 'formipay' ),
'description' => __( 'Restrict buyer to set below this number', 'formipay' ),
'dependency' => [
'key' => 'editable_qty',
'value' => 'not_empty'
]
],
]
],
'static_items' => [
'type' => 'repeater',

124
includes/Order.php
View File

@@ -15,7 +15,9 @@ class Order {
private $order_details;
private $chosen_currency;
private $chosen_currency; // reserved (not used yet)
private $currency; // 3-letter currency code from request (e.g., IDR, USD)
/**
* Initializes the plugin by setting filters and administration functions.
@@ -90,7 +92,7 @@ class Order {
// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
$order_meta_data = isset($_REQUEST['meta_data']) ? wp_unslash($_REQUEST['meta_data']) : [];
$purpose = isset($_REQUEST['purpose']) ? sanitize_text_field(wp_unslash($_REQUEST['purpose'])) : '';
$this->currency = isset($_REQUEST['currency']) ? wp_unslash($_REQUEST['currency']) : formipay_default_currency('symbol');
$this->currency = isset($_REQUEST['currency']) ? sanitize_text_field( wp_unslash($_REQUEST['currency']) ) : (string) formipay_default_currency('code');
$this->form_id = $form_id;
@@ -221,85 +223,49 @@ class Order {
$details = [];
// $product_price = floatval(formipay_get_post_meta($this->form_id, 'product_price'));
// $details[] = [
// 'item' => html_entity_decode(get_the_title($this->form_id)),
// 'amount' => $product_price,
// 'qty' => (int) $this->order_data['qty'],
// 'subtotal' => floatval($product_price) * intval($this->order_data['qty']),
// 'context' => 'main'
// ];
// $check_fields = formipay_get_post_meta($this->form_id, 'formipay_settings');
// if(!empty($check_fields['fields'])){
// foreach($check_fields['fields'] as $field){
// // if($field['field_type'] == 'select'){
// if(in_array($field['field_type'], ['select','checkbox', 'radio'])) {
// $options = $field['field_options'];
// if(!empty($options)){
// foreach($options as $option){
// $option_value = ($field['show_toggle']['value'] && '' !== $option['value']) ? $option['value'] : $option['label'];
// if(!empty($this->order_data[$field['field_id']])) {
// $field_value = $this->order_data[$field['field_id']];
// if($field['field_type'] == 'select'){
// $field_value = ($field['show_toggle']['value']) ?
// $this->order_data[$field['field_id']]['value'] :
// $this->order_data[$field['field_id']]['label'];
// }
// $field_value = explode(',', $field_value);
// $context = 'no-context';
// if(floatval($option['amount']) < 0){
// $context = 'sub';
// }elseif(floatval($option['amount']) > 0){
// $context = 'add';
// }
// if(!empty($field_value) && $field['show_toggle']['amount'] == 'yes'){
// foreach($field_value as $f_value){
// if($option_value == $f_value){
// $qty = ($option['qty'] == 'yes') ? $this->order_data['qty'] : 1;
// $details[] = [
// 'item' => $field['label'] .' - '. $option['label'],
// 'amount' => floatval($option['amount']),
// 'qty' => (int) $qty,
// 'subtotal' => floatval($option['amount']) * intval($qty),
// 'context' => $context
// ];
// }
// }
// }
// }
// }
// }
// }
// }
// }
/**
* Cart items (not implemented yet)
*/
/**
* Attached Product
*/
// Ensure currency code is present; fallback to form default currency code
if (empty($this->currency)) {
$default_currency_full = formipay_get_post_meta($this->form_id, 'default_currencies'); // e.g., "IDR:::Indonesian rupiah:::Rp"
$parts = explode(':::', (string) $default_currency_full);
$this->currency = $parts[0] ?? 'IDR';
}
// Attached static products (qty = 1 each in this case)
$products = formipay_get_post_meta($this->form_id, 'static_products');
if(!empty($products)){
$products = explode(',', $products);
foreach($products as $product_id){
$product_data = formipay_get_post_meta($product_id);
$regular_price = formipay_get_post_meta($product_id, 'setting_product_price_regular_'.$this->currency);
$sale_price = formipay_get_post_meta($product_id, 'setting_product_price_sale_'.$this->currency);
$this_item = [
'item' => html_entity_decode(get_the_title($product_id)),
'amount' => (float) $sale_price ?: $regular_price,
'qty' => 1,
'subtotal' => (float) $sale_price ?: $regular_price,
if (!empty($products)) {
$products = array_filter(array_map('absint', explode(',', (string) $products)));
foreach ($products as $product_id) {
$regular_key = 'setting_product_price_regular_' . $this->currency;
$sale_key = 'setting_product_price_sale_' . $this->currency;
$regular_price = formipay_get_post_meta($product_id, $regular_key);
$sale_price = formipay_get_post_meta($product_id, $sale_key);
$price = ($sale_price !== '' && $sale_price !== null) ? (float) $sale_price : (float) $regular_price;
$details[] = [
'item' => html_entity_decode(get_the_title($product_id)),
'amount' => $price,
'qty' => 1,
'subtotal' => $price,
'context' => 'product',
];
}
}
// Static items (fees/bonuses), currency-aware amounts
$raw_items = formipay_get_post_meta($this->form_id, 'static_items');
if (!empty($raw_items)) {
$items = json_decode((string) $raw_items, true) ?: [];
foreach ($items as $it) {
$label = $it['label'] ?? 'Item';
$qty = (int) ($it['quantity'] ?? 1);
$key = 'amount_' . $this->currency;
$amt = (float) ($it[$key] ?? 0);
$details[] = [
'item' => $label,
'amount' => $amt,
'qty' => $qty,
'subtotal' => $amt * $qty,
'context' => 'item',
];
}
}

261
includes/Render.php
View File

@@ -313,55 +313,32 @@ class Render {
<?php
break;
case 'order_review':
$cart = $this->build_cart_from_meta($post_id);
?>
<div class="form-calculation form-calculate-<?php echo esc_attr($post_id); ?>">
<h4><?php echo esc_html(formipay_get_post_meta($post_id, 'order_review_title')); ?></h4>
<table id="formipay-review-order">
<tbody>
<tr class="formipay-product-row formipay-item-row main">
<?php
$price = formipay_get_post_meta($post_id, 'product_price');
if(formipay_get_post_meta($post_id, 'product_quantity_toggle') == 'on') {
$stock = formipay_get_post_meta($post_id, 'product_stock');
$stock_html = '';
if($stock > -1){
$stock = ' max="'.$stock.'"';
}
?>
<th>
<?php echo esc_html(get_the_title($post_id)); ?> <br>
<span class="product-qty-wrapper">
<button type="button" class="product-qty qty-min">
<svg xmlns="http://www.w3.org/2000/svg" width="18" height="18" viewBox="0 0 24 24">
<path fill="none" stroke="#000" stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M5 12h14" />
</svg>
</button>
<input type="number" class="product-qty formipay-qty-input" value="<?php echo intval(formipay_get_post_meta($post_id, 'product_quantity_range')); ?>" step="<?php echo intval(formipay_get_post_meta($post_id, 'product_quantity_range')); ?>" min="<?php echo intval(formipay_get_post_meta($post_id, 'product_minimum_purchase')); ?>"<?php echo esc_html($stock) ?>>
<button type="button" class="product-qty qty-plus">
<svg xmlns="http://www.w3.org/2000/svg" width="18" height="18" viewBox="0 0 24 24">
<path fill="none" stroke="#000" stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M12 5v14m-7-7h14" />
</svg>
</button>
</span>
</th>
<td class="product_price"><?php echo esc_html(formipay_price_format(floatval($price) * intval(formipay_get_post_meta($post_id, 'product_quantity_range')), $post_id)); ?></td>
<?php
} else {
?>
<th>
<?php echo esc_html(get_the_title($post_id)); ?> <input type="hidden" class="formipay-qty-input" value="1">
</th>
<td><?php echo esc_html(formipay_price_format(floatval($price), $post_id)); ?></td>
<?php
}
?>
<?php foreach ($cart['lines'] as $line): ?>
<tr class="formipay-item-row <?php echo $line['type']==='product' ? 'formipay-product-row' : 'formipay-static-item-row'; ?>">
<th>
<?php echo esc_html($line['name']); ?>
<input type="hidden" class="formipay-qty-input" value="<?php echo (int) $line['qty']; ?>">
<?php if ((int) $line['qty'] > 1): ?>
<div class="formipay-qty-note">x<?php echo (int) $line['qty']; ?></div>
<?php endif; ?>
</th>
<td class="product_price"><?php echo esc_html(formipay_price_format((float) $line['total'], $post_id)); ?></td>
</tr>
<?php endforeach; ?>
<tr class="formipay-total-row">
<td colspan="2"></td>
<th><?php echo esc_html__( 'Subtotal', 'formipay' ); ?></th>
<td><?php echo esc_html(formipay_price_format((float) $cart['subtotal'], $post_id)); ?></td>
</tr>
<tr class="formipay-grand-total-row">
<th><?php echo esc_html__( 'Total', 'formipay' ); ?></th>
<td class="grand_total"><?php echo esc_html(formipay_price_format(floatval($price), $post_id)); ?></td>
<td class="grand_total"><?php echo esc_html(formipay_price_format((float) $cart['grand'], $post_id)); ?></td>
</tr>
</tbody>
</table>
@@ -369,17 +346,16 @@ class Render {
<?php
break;
case 'submit_button':
$cart = $cart ?? $this->build_cart_from_meta($post_id);
$grand_display = formipay_price_format((float) $cart['grand'], $post_id);
?>
<button type="submit" class="formipay-submit-button"
data-button-text="<?php echo esc_attr(formipay_get_post_meta($post_id, 'button_text')); ?>"
style="width: <?php echo formipay_get_post_meta($post_id, 'button_width') == 'fit-content' ? 'fit-content' : '100%' ?>;
margin-left: <?php echo formipay_get_post_meta($post_id, 'button_position') !== 'left' ? 'auto' : 'unset' ?>;
margin-right: <?php echo formipay_get_post_meta($post_id, 'button_position') !== 'right' ? 'auto' : 'unset' ?>;">
<?php echo esc_html(formipay_get_post_meta($post_id, 'button_text')); ?> - <?php echo esc_html(formipay_price_format(floatval($price), $post_id)); ?>
<?php echo esc_html(formipay_get_post_meta($post_id, 'button_text')); ?> - <?php echo esc_html($grand_display); ?>
</button>
<?php
break;
case 'submit_response_notice':
@@ -432,6 +408,92 @@ class Render {
}
}
/**
* Build a simple cart from static products and static items meta
*/
private function build_cart_from_meta($post_id){
$currency_full = formipay_post_currency($post_id); // e.g., "IDR:::Indonesian rupiah:::Rp"
$parts = explode(':::', (string) $currency_full);
$currency_code = $parts[0] ?? 'IDR';
$lines = [];
$subtotal = 0.0;
// 1) Static PRODUCTS (IDs stored as comma-separated string)
$ids_raw = (string) formipay_get_post_meta($post_id, 'static_products');
$ids = array_filter(array_map('absint', explode(',', $ids_raw)));
foreach ($ids as $pid) {
$pname = get_the_title($pid);
$price = $this->get_product_price_for_currency($pid, $currency_code);
$qty = 1; // non-donation, no in-cart items => default 1
$line_total = (float) $price * $qty;
$subtotal += $line_total;
$lines[] = [
'type' => 'product',
'id' => $pid,
'name' => $pname,
'qty' => $qty,
'unit' => (float) $price,
'total'=> $line_total,
];
}
// 2) Static ITEMs (JSON array with currency-specific amounts)
$raw = formipay_get_post_meta($post_id, 'static_items');
if ($raw) {
$items = json_decode((string) $raw, true) ?: [];
foreach ($items as $it) {
$label = $it['label'] ?? 'Item';
$qty = (int) ($it['quantity'] ?? 1);
$k = 'amount_' . $currency_code;
$amt = (float) ($it[$k] ?? 0);
$line_total = $amt * $qty;
$subtotal += $line_total;
$lines[] = [
'type' => 'item',
'id' => null,
'name' => $label,
'qty' => $qty,
'unit' => $amt,
'total'=> $line_total,
];
}
}
// Placeholders for future rules
$discount = 0.0;
$shipping = 0.0;
$tax = 0.0;
$grand = max($subtotal - $discount + $shipping + $tax, 0);
return compact('currency_code','lines','subtotal','discount','shipping','tax','grand');
}
/**
* Resolve a product's price for a given currency code using common meta keys.
* Fallback order: product_price_{CODE} → price_{CODE} → product_price → price → 0
*/
private function get_product_price_for_currency($product_id, $currency_code){
$cands = [
'product_price_' . $currency_code,
'price_' . $currency_code,
'product_price',
'price',
];
foreach ($cands as $key) {
$val = formipay_get_post_meta($product_id, $key);
if ($val !== '' && $val !== null) {
return (float) $val;
}
}
return 0.0;
}
/**
* Render payment options
*/
@@ -602,19 +664,121 @@ class Render {
}
/**
* Resolve currency UI/config for a given 3-letter currency code from wp_options.
*/
private function resolve_currency_config($currency_code){
$opts = get_option('formipay_settings', []);
// Defaults from global default_* settings
$default_full = isset($opts['default_currency']) ? (string)$opts['default_currency'] : 'IDR:::Indonesian rupiah:::Rp';
$def_parts = explode(':::', $default_full);
$def_symbol = $def_parts[2] ?? '';
$cfg = [
'currency' => $def_symbol,
'decimal_digits' => isset($opts['default_currency_decimal_digits']) ? (int)$opts['default_currency_decimal_digits'] : 2,
'decimal_symbol' => isset($opts['default_currency_decimal_symbol']) ? (string)$opts['default_currency_decimal_symbol'] : '.',
'thousand_separator' => isset($opts['default_currency_thousand_separator']) ? (string)$opts['default_currency_thousand_separator'] : ',',
];
if (!empty($opts['multicurrencies']) && is_array($opts['multicurrencies'])) {
foreach ($opts['multicurrencies'] as $mc) {
if (empty($mc['currency'])) continue;
$parts = explode(':::', (string)$mc['currency']);
$code = $parts[0] ?? '';
if (strtoupper($code) !== strtoupper($currency_code)) continue;
$symbol = $parts[2] ?? '';
if ($symbol !== '') $cfg['currency'] = $symbol;
if ($mc['decimal_digits'] !== '') $cfg['decimal_digits'] = (int)$mc['decimal_digits'];
if ($mc['decimal_symbol'] !== '') $cfg['decimal_symbol'] = (string)$mc['decimal_symbol'];
if ($mc['thousand_separator'] !== '') $cfg['thousand_separator'] = (string)$mc['thousand_separator'];
break;
}
}
return $cfg;
}
/**
* Build the allowed currency list for a form, including UI config per currency.
* Uses form meta 'allowed_currencies' (JSON array of "CODE:::Title:::Symbol")
* and 'default_currencies' (single string) to set default.
*/
private function resolve_allowed_currencies($post_id){
// Allowed on the form
$raw = formipay_get_post_meta($post_id, 'allowed_currencies');
$allowed = [];
if (!empty($raw)) {
$arr = json_decode((string)$raw, true);
if (is_array($arr)) $allowed = $arr;
}
// Fallback to all global currencies if the form has none
if (empty($allowed)) {
$opts = get_option('formipay_settings', []);
if (!empty($opts['multicurrencies']) && is_array($opts['multicurrencies'])) {
foreach ($opts['multicurrencies'] as $mc) {
if (!empty($mc['currency'])) $allowed[] = (string)$mc['currency'];
}
}
}
// Default for the form
$default_full = formipay_get_post_meta($post_id, 'default_currencies');
if (empty($default_full)) {
$opts = get_option('formipay_settings', []);
$default_full = $opts['default_currency'] ?? 'IDR:::Indonesian rupiah:::Rp';
}
$def_parts = explode(':::', (string)$default_full);
$default_code = $def_parts[0] ?? 'IDR';
// Compose structured list
$list = [];
foreach ($allowed as $cur_full) {
$parts = explode(':::', (string)$cur_full);
$code = $parts[0] ?? '';
$title = $parts[1] ?? '';
$symbol = $parts[2] ?? '';
if (!$code) continue;
$cfg = $this->resolve_currency_config($code);
if ($symbol !== '') $cfg['currency'] = $symbol; // prefer explicit symbol in the tuple
$list[] = [
'code' => $code,
'title' => $title,
'symbol' => $cfg['currency'],
'decimal_digits' => (int)$cfg['decimal_digits'],
'decimal_symbol' => (string)$cfg['decimal_symbol'],
'thousand_separator' => (string)$cfg['thousand_separator'],
];
}
return [
'default_code' => $default_code,
'list' => $list,
];
}
private function get_form_data(){
$form_data = [];
foreach (array_unique(self::$form_ids) as $post_id) {
$allowed_currency_pack = $this->resolve_allowed_currencies($post_id);
$currency_code = $allowed_currency_pack['default_code'];
$currency_cfg = $this->resolve_currency_config($currency_code);
$form_data[$post_id] = [
'form_id' => $post_id,
'currency' => formipay_post_currency($post_id),
'currency_code' => $currency_code, // active on load
'currency' => $currency_cfg['currency'],
'decimal_digits' => $currency_cfg['decimal_digits'],
'decimal_symbol' => $currency_cfg['decimal_symbol'],
'thousand_separator' => $currency_cfg['thousand_separator'],
'allowed_currency_pack' => $allowed_currency_pack,
'buyer_phone_field' => formipay_get_post_meta($post_id, 'buyer_phone'),
'buyer_country_field' => formipay_get_post_meta($post_id, 'buyer_country'),
'buyer_phone_allow' => (bool) formipay_get_post_meta($post_id, 'buyer_allow_choose_country_code'),
'buyer_phone_country_code' => formipay_get_post_meta($post_id, 'buyer_phone_country_code'),
'decimal_digits' => formipay_get_post_meta($post_id, 'product_currency_decimal_digits'),
'decimal_symbol' => formipay_get_post_meta($post_id, 'product_currency_decimal_symbol'),
'thousand_separator' => formipay_get_post_meta($post_id, 'product_currency_thousand_separator'),
'notice_empty_text_message' => formipay_get_post_meta($post_id, 'empty_required_text_field'),
'notice_empty_select_message' => formipay_get_post_meta($post_id, 'empty_required_select_field'),
'notice_empty_agreement_message' => formipay_get_post_meta($post_id, 'empty_required_agreement_field'),
@@ -628,7 +792,10 @@ class Render {
'trigger_selector' => formipay_get_post_meta($post_id, 'popup_click_selector') ?
formipay_get_post_meta($post_id, 'popup_trigger_selector') :
'.formipay-open-popup-button',
'modal_selector' => '#formipay-popup-' . $post_id
'modal_selector' => '#formipay-popup-' . $post_id,
'static_products' => array_filter(array_map('absint', explode(',', (string) formipay_get_post_meta($post_id, 'static_products')))),
'static_items' => json_decode((string) formipay_get_post_meta($post_id, 'static_items'), true) ?: [],
'currency_code' => (function($c){ $p = explode(':::', (string)$c); return $p[0] ?? 'IDR'; })(formipay_post_currency($post_id)),
];
}