dwindown/formipay
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs: add comprehensive audit report and architectural recommendation

Browse Source 
Checkpoint before implementation. Includes audit findings (FINDINGS.md),
architectural recommendation (RECOMMENDATION.md), and existing code changes
to Form, Order, Render, and form-action.js from recent development.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
dwindown
2026-04-17 17:00:47 +07:00
parent 0446eb1064
commit 35569923a5
6 changed files with 1014 additions and 153 deletions
Download Patch File Download Diff File Expand all files Collapse all files

261
includes/Render.php
View File

@@ -313,55 +313,32 @@ class Render {
<?php
break;
case 'order_review':
$cart = $this->build_cart_from_meta($post_id);
?>
<div class="form-calculation form-calculate-<?php echo esc_attr($post_id); ?>">
<h4><?php echo esc_html(formipay_get_post_meta($post_id, 'order_review_title')); ?></h4>
<table id="formipay-review-order">
<tbody>
<tr class="formipay-product-row formipay-item-row main">
<?php
$price = formipay_get_post_meta($post_id, 'product_price');
if(formipay_get_post_meta($post_id, 'product_quantity_toggle') == 'on') {
$stock = formipay_get_post_meta($post_id, 'product_stock');
$stock_html = '';
if($stock > -1){
$stock = ' max="'.$stock.'"';
}
?>
<th>
<?php echo esc_html(get_the_title($post_id)); ?> <br>
<span class="product-qty-wrapper">
<button type="button" class="product-qty qty-min">
<svg xmlns="http://www.w3.org/2000/svg" width="18" height="18" viewBox="0 0 24 24">
<path fill="none" stroke="#000" stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M5 12h14" />
</svg>
</button>
<input type="number" class="product-qty formipay-qty-input" value="<?php echo intval(formipay_get_post_meta($post_id, 'product_quantity_range')); ?>" step="<?php echo intval(formipay_get_post_meta($post_id, 'product_quantity_range')); ?>" min="<?php echo intval(formipay_get_post_meta($post_id, 'product_minimum_purchase')); ?>"<?php echo esc_html($stock) ?>>
<button type="button" class="product-qty qty-plus">
<svg xmlns="http://www.w3.org/2000/svg" width="18" height="18" viewBox="0 0 24 24">
<path fill="none" stroke="#000" stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M12 5v14m-7-7h14" />
</svg>
</button>
</span>
</th>
<td class="product_price"><?php echo esc_html(formipay_price_format(floatval($price) * intval(formipay_get_post_meta($post_id, 'product_quantity_range')), $post_id)); ?></td>
<?php
} else {
?>
<th>
<?php echo esc_html(get_the_title($post_id)); ?> <input type="hidden" class="formipay-qty-input" value="1">
</th>
<td><?php echo esc_html(formipay_price_format(floatval($price), $post_id)); ?></td>
<?php
}
?>
<?php foreach ($cart['lines'] as $line): ?>
<tr class="formipay-item-row <?php echo $line['type']==='product' ? 'formipay-product-row' : 'formipay-static-item-row'; ?>">
<th>
<?php echo esc_html($line['name']); ?>
<input type="hidden" class="formipay-qty-input" value="<?php echo (int) $line['qty']; ?>">
<?php if ((int) $line['qty'] > 1): ?>
<div class="formipay-qty-note">x<?php echo (int) $line['qty']; ?></div>
<?php endif; ?>
</th>
<td class="product_price"><?php echo esc_html(formipay_price_format((float) $line['total'], $post_id)); ?></td>
</tr>
<?php endforeach; ?>
<tr class="formipay-total-row">
<td colspan="2"></td>
<th><?php echo esc_html__( 'Subtotal', 'formipay' ); ?></th>
<td><?php echo esc_html(formipay_price_format((float) $cart['subtotal'], $post_id)); ?></td>
</tr>
<tr class="formipay-grand-total-row">
<th><?php echo esc_html__( 'Total', 'formipay' ); ?></th>
<td class="grand_total"><?php echo esc_html(formipay_price_format(floatval($price), $post_id)); ?></td>
<td class="grand_total"><?php echo esc_html(formipay_price_format((float) $cart['grand'], $post_id)); ?></td>
</tr>
</tbody>
</table>
@@ -369,17 +346,16 @@ class Render {
<?php
break;
case 'submit_button':
$cart = $cart ?? $this->build_cart_from_meta($post_id);
$grand_display = formipay_price_format((float) $cart['grand'], $post_id);
?>
<button type="submit" class="formipay-submit-button"
data-button-text="<?php echo esc_attr(formipay_get_post_meta($post_id, 'button_text')); ?>"
style="width: <?php echo formipay_get_post_meta($post_id, 'button_width') == 'fit-content' ? 'fit-content' : '100%' ?>;
margin-left: <?php echo formipay_get_post_meta($post_id, 'button_position') !== 'left' ? 'auto' : 'unset' ?>;
margin-right: <?php echo formipay_get_post_meta($post_id, 'button_position') !== 'right' ? 'auto' : 'unset' ?>;">
<?php echo esc_html(formipay_get_post_meta($post_id, 'button_text')); ?> - <?php echo esc_html(formipay_price_format(floatval($price), $post_id)); ?>
<?php echo esc_html(formipay_get_post_meta($post_id, 'button_text')); ?> - <?php echo esc_html($grand_display); ?>
</button>
<?php
break;
case 'submit_response_notice':
@@ -432,6 +408,92 @@ class Render {
}
}
/**
* Build a simple cart from static products and static items meta
*/
private function build_cart_from_meta($post_id){
$currency_full = formipay_post_currency($post_id); // e.g., "IDR:::Indonesian rupiah:::Rp"
$parts = explode(':::', (string) $currency_full);
$currency_code = $parts[0] ?? 'IDR';
$lines = [];
$subtotal = 0.0;
// 1) Static PRODUCTS (IDs stored as comma-separated string)
$ids_raw = (string) formipay_get_post_meta($post_id, 'static_products');
$ids = array_filter(array_map('absint', explode(',', $ids_raw)));
foreach ($ids as $pid) {
$pname = get_the_title($pid);
$price = $this->get_product_price_for_currency($pid, $currency_code);
$qty = 1; // non-donation, no in-cart items => default 1
$line_total = (float) $price * $qty;
$subtotal += $line_total;
$lines[] = [
'type' => 'product',
'id' => $pid,
'name' => $pname,
'qty' => $qty,
'unit' => (float) $price,
'total'=> $line_total,
];
}
// 2) Static ITEMs (JSON array with currency-specific amounts)
$raw = formipay_get_post_meta($post_id, 'static_items');
if ($raw) {
$items = json_decode((string) $raw, true) ?: [];
foreach ($items as $it) {
$label = $it['label'] ?? 'Item';
$qty = (int) ($it['quantity'] ?? 1);
$k = 'amount_' . $currency_code;
$amt = (float) ($it[$k] ?? 0);
$line_total = $amt * $qty;
$subtotal += $line_total;
$lines[] = [
'type' => 'item',
'id' => null,
'name' => $label,
'qty' => $qty,
'unit' => $amt,
'total'=> $line_total,
];
}
}
// Placeholders for future rules
$discount = 0.0;
$shipping = 0.0;
$tax = 0.0;
$grand = max($subtotal - $discount + $shipping + $tax, 0);
return compact('currency_code','lines','subtotal','discount','shipping','tax','grand');
}
/**
* Resolve a product's price for a given currency code using common meta keys.
* Fallback order: product_price_{CODE} → price_{CODE} → product_price → price → 0
*/
private function get_product_price_for_currency($product_id, $currency_code){
$cands = [
'product_price_' . $currency_code,
'price_' . $currency_code,
'product_price',
'price',
];
foreach ($cands as $key) {
$val = formipay_get_post_meta($product_id, $key);
if ($val !== '' && $val !== null) {
return (float) $val;
}
}
return 0.0;
}
/**
* Render payment options
*/
@@ -602,19 +664,121 @@ class Render {
}
/**
* Resolve currency UI/config for a given 3-letter currency code from wp_options.
*/
private function resolve_currency_config($currency_code){
$opts = get_option('formipay_settings', []);
// Defaults from global default_* settings
$default_full = isset($opts['default_currency']) ? (string)$opts['default_currency'] : 'IDR:::Indonesian rupiah:::Rp';
$def_parts = explode(':::', $default_full);
$def_symbol = $def_parts[2] ?? '';
$cfg = [
'currency' => $def_symbol,
'decimal_digits' => isset($opts['default_currency_decimal_digits']) ? (int)$opts['default_currency_decimal_digits'] : 2,
'decimal_symbol' => isset($opts['default_currency_decimal_symbol']) ? (string)$opts['default_currency_decimal_symbol'] : '.',
'thousand_separator' => isset($opts['default_currency_thousand_separator']) ? (string)$opts['default_currency_thousand_separator'] : ',',
];
if (!empty($opts['multicurrencies']) && is_array($opts['multicurrencies'])) {
foreach ($opts['multicurrencies'] as $mc) {
if (empty($mc['currency'])) continue;
$parts = explode(':::', (string)$mc['currency']);
$code = $parts[0] ?? '';
if (strtoupper($code) !== strtoupper($currency_code)) continue;
$symbol = $parts[2] ?? '';
if ($symbol !== '') $cfg['currency'] = $symbol;
if ($mc['decimal_digits'] !== '') $cfg['decimal_digits'] = (int)$mc['decimal_digits'];
if ($mc['decimal_symbol'] !== '') $cfg['decimal_symbol'] = (string)$mc['decimal_symbol'];
if ($mc['thousand_separator'] !== '') $cfg['thousand_separator'] = (string)$mc['thousand_separator'];
break;
}
}
return $cfg;
}
/**
* Build the allowed currency list for a form, including UI config per currency.
* Uses form meta 'allowed_currencies' (JSON array of "CODE:::Title:::Symbol")
* and 'default_currencies' (single string) to set default.
*/
private function resolve_allowed_currencies($post_id){
// Allowed on the form
$raw = formipay_get_post_meta($post_id, 'allowed_currencies');
$allowed = [];
if (!empty($raw)) {
$arr = json_decode((string)$raw, true);
if (is_array($arr)) $allowed = $arr;
}
// Fallback to all global currencies if the form has none
if (empty($allowed)) {
$opts = get_option('formipay_settings', []);
if (!empty($opts['multicurrencies']) && is_array($opts['multicurrencies'])) {
foreach ($opts['multicurrencies'] as $mc) {
if (!empty($mc['currency'])) $allowed[] = (string)$mc['currency'];
}
}
}
// Default for the form
$default_full = formipay_get_post_meta($post_id, 'default_currencies');
if (empty($default_full)) {
$opts = get_option('formipay_settings', []);
$default_full = $opts['default_currency'] ?? 'IDR:::Indonesian rupiah:::Rp';
}
$def_parts = explode(':::', (string)$default_full);
$default_code = $def_parts[0] ?? 'IDR';
// Compose structured list
$list = [];
foreach ($allowed as $cur_full) {
$parts = explode(':::', (string)$cur_full);
$code = $parts[0] ?? '';
$title = $parts[1] ?? '';
$symbol = $parts[2] ?? '';
if (!$code) continue;
$cfg = $this->resolve_currency_config($code);
if ($symbol !== '') $cfg['currency'] = $symbol; // prefer explicit symbol in the tuple
$list[] = [
'code' => $code,
'title' => $title,
'symbol' => $cfg['currency'],
'decimal_digits' => (int)$cfg['decimal_digits'],
'decimal_symbol' => (string)$cfg['decimal_symbol'],
'thousand_separator' => (string)$cfg['thousand_separator'],
];
}
return [
'default_code' => $default_code,
'list' => $list,
];
}
private function get_form_data(){
$form_data = [];
foreach (array_unique(self::$form_ids) as $post_id) {
$allowed_currency_pack = $this->resolve_allowed_currencies($post_id);
$currency_code = $allowed_currency_pack['default_code'];
$currency_cfg = $this->resolve_currency_config($currency_code);
$form_data[$post_id] = [
'form_id' => $post_id,
'currency' => formipay_post_currency($post_id),
'currency_code' => $currency_code, // active on load
'currency' => $currency_cfg['currency'],
'decimal_digits' => $currency_cfg['decimal_digits'],
'decimal_symbol' => $currency_cfg['decimal_symbol'],
'thousand_separator' => $currency_cfg['thousand_separator'],
'allowed_currency_pack' => $allowed_currency_pack,
'buyer_phone_field' => formipay_get_post_meta($post_id, 'buyer_phone'),
'buyer_country_field' => formipay_get_post_meta($post_id, 'buyer_country'),
'buyer_phone_allow' => (bool) formipay_get_post_meta($post_id, 'buyer_allow_choose_country_code'),
'buyer_phone_country_code' => formipay_get_post_meta($post_id, 'buyer_phone_country_code'),
'decimal_digits' => formipay_get_post_meta($post_id, 'product_currency_decimal_digits'),
'decimal_symbol' => formipay_get_post_meta($post_id, 'product_currency_decimal_symbol'),
'thousand_separator' => formipay_get_post_meta($post_id, 'product_currency_thousand_separator'),
'notice_empty_text_message' => formipay_get_post_meta($post_id, 'empty_required_text_field'),
'notice_empty_select_message' => formipay_get_post_meta($post_id, 'empty_required_select_field'),
'notice_empty_agreement_message' => formipay_get_post_meta($post_id, 'empty_required_agreement_field'),
@@ -628,7 +792,10 @@ class Render {
'trigger_selector' => formipay_get_post_meta($post_id, 'popup_click_selector') ?
formipay_get_post_meta($post_id, 'popup_trigger_selector') :
'.formipay-open-popup-button',
'modal_selector' => '#formipay-popup-' . $post_id
'modal_selector' => '#formipay-popup-' . $post_id,
'static_products' => array_filter(array_map('absint', explode(',', (string) formipay_get_post_meta($post_id, 'static_products')))),
'static_items' => json_decode((string) formipay_get_post_meta($post_id, 'static_items'), true) ?: [],
'currency_code' => (function($c){ $p = explode(':::', (string)$c); return $p[0] ?? 'IDR'; })(formipay_post_currency($post_id)),
];
}