fix: resolve all Week 1 critical bugs (F1.1–F1.9)

- Fix Customer::update() fatal error (undefined $table_name, $new_args) - Fix Order::delete() using wrong variable $id instead of $order_id - Fix Order::bulk_delete() using outer $order_id instead of loop $id - Fix Email::send_email() calling non-existent class (use parent::) - Add missing Order import in Paypal.php - Fix BankTransfer unique_code triple DB call (call once, reuse result) - Fix color field label showing "Number" instead of "Color" - Add nonce verification to Customer::formipay_tabledata_customers() Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-04-17 19:40:12 +07:00
parent 4274be81a4
commit be9a1a0a86
7 changed files with 17 additions and 11 deletions
--- a/includes/Customer.php
+++ b/includes/Customer.php
@@ -162,7 +162,7 @@ class Customer {

        $where = [ 'id' => $customer_id ];
        // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching
-		$update = $wpdb->update( $table_name, $new_args, $where );
+		$update = $wpdb->update( $table, $insert_data, $where );
        
        return $update;

@@ -204,6 +204,7 @@ class Customer {
                'ajax_url' => admin_url('admin-ajax.php'),
                'site_url' => site_url(),
                'customer_id' => $customer_id,
+                'nonce' => wp_create_nonce( 'formipay-admin-access-nonce' ),
                'columns' => [
                    'id' => esc_html__( 'ID', 'formipay' ),
                    'name' => esc_html__( 'Name', 'formipay' ),
@@ -230,6 +231,8 @@ class Customer {

    public function formipay_tabledata_customers() {

+        check_ajax_referer( 'formipay-admin-access-nonce', '_wpnonce' );
+
        $get_all_customers = $this->get();
        $customers = [];

--- a/includes/Integration/Paypal.php
+++ b/includes/Integration/Paypal.php
@@ -2,6 +2,7 @@
 namespace Formipay\Integration;
 use Formipay\Traits\SingletonTrait;
 use Formipay\Payment\Payment;
+use Formipay\Order as Order;
 // Exit if accessed directly
 if ( ! defined( 'ABSPATH' ) ) exit;

--- a/includes/Notification/Email.php
+++ b/includes/Notification/Email.php
@@ -121,7 +121,7 @@ class Email extends Notification {
                    'meta_data' => $metadata
                ];

-                \Formipay_Notification::update_notification_data($notification_id, $args);
+                parent::update_notification_data($notification_id, $args);

            }

--- a/includes/Order.php
+++ b/includes/Order.php
@@ -914,7 +914,7 @@ class Order {

 		return $wpdb->delete(
 			$wpdb->prefix . 'formipay_orders',
-			['id' => $id],
+			['id' => $order_id],
 			['%d'],
 		);

@@ -1067,7 +1067,7 @@ class Order {
        $report = __( 'Done.', 'formipay' );
        if(!empty($ids)){
            foreach($ids as $id){
-                $delete = $this->delete($order_id);
+                $delete = $this->delete($id);
                if(is_wp_error( $delete )){
                    $failed++;
                }else{
--- a/includes/Payment/BankTransfer.php
+++ b/includes/Payment/BankTransfer.php
@@ -128,15 +128,17 @@ class BankTransfer extends Payment {
            $order_data['payment_gateway'] == 'bank_transfer'
        ){

+            $unique_code = $this->check_unique_code();
+
            $details[] = [
                'item'      => __( 'Unique Code', 'formipay' ),
-                'amount'    => $this->check_unique_code(),
-                'subtotal'  => floatval($this->check_unique_code()),
-                'context'   => floatval($this->check_unique_code()) < 0 ? 'sub' : 'add'
+                'amount'    => $unique_code,
+                'subtotal'  => floatval($unique_code),
+                'context'   => floatval($unique_code) < 0 ? 'sub' : 'add'
            ];

        }
-        
+
        return $details;
    }