dwindown/formipay
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: resolve all Week 2 performance & security issues (F1.10–F1.19)

Browse Source 
Security:
- Replace maybe_serialize() in cookies with json_encode() (PHP object injection fix)
- Add PayPal webhook signature verification
- Add current_user_can('manage_options') to all 18 admin-ajax handlers

Performance:
- Remove flush_rewrite_rules() from init hooks (Thankyou + Payment)
- Add activation/deactivation hooks for flush_rewrite_rules
- Cache currency, country, flags JSON reads in static variables
- Add server-side pagination to Customer::formipay_tabledata_customers()
- Optimize Order::formipay_tabledata_orders() with COUNT(*) GROUP BY

Cleanup:
- Delete Paypal.phpbak backup file
- Fix timezone hardcode Asia/Jakarta → wp_timezone_string()
- Create uninstall.php for proper cleanup on uninstall

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
dwindown
2026-04-17 19:52:01 +07:00
parent be9a1a0a86
commit 66e7b37f92
15 changed files with 341 additions and 868 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
admin/functions.php
View File

@@ -26,11 +26,13 @@ function formipay_field_type_collection() {
}
function formipay_currency_array() {
static $cache = null;
if ($cache !== null) {
return $cache;
}
$json = file_get_contents(FORMIPAY_PATH . 'admin/assets/json/currencies.json');
$array = json_decode($json, true);
return $array;
$cache = json_decode($json, true);
return $cache;
}
function formipay_is_multi_currency_active() {
@@ -146,22 +148,26 @@ function get_global_currency_array() {
}
function formipay_country_array() {
static $cache = null;
if ($cache !== null) {
return $cache;
}
$json = file_get_contents(FORMIPAY_PATH . 'admin/assets/json/country.json');
$array = json_decode($json, true);
return $array;
$cache = json_decode($json, true);
return $cache;
}
function formipay_get_flag_by_currency($currency) {
static $flags = null;
if(strpos($currency, ':::')){
$currency = explode(':::', $currency);
$currency = $currency[0];
}
$json = file_get_contents(FORMIPAY_PATH . 'admin/assets/json/flags.json');
$array = json_decode($json, true);
foreach($array as $country){
if ($flags === null) {
$json = file_get_contents(FORMIPAY_PATH . 'admin/assets/json/flags.json');
$flags = json_decode($json, true);
}
foreach($flags as $country){
if($currency == $country['code']){
return $country['flag'];
}