fix: resolve all Week 1 critical bugs (F1.1–F1.9)

- Fix Customer::update() fatal error (undefined $table_name, $new_args)
- Fix Order::delete() using wrong variable $id instead of $order_id
- Fix Order::bulk_delete() using outer $order_id instead of loop $id
- Fix Email::send_email() calling non-existent class (use parent::)
- Add missing Order import in Paypal.php
- Fix BankTransfer unique_code triple DB call (call once, reuse result)
- Fix color field label showing "Number" instead of "Color"
- Add nonce verification to Customer::formipay_tabledata_customers()

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

admin/assets/js/admin-customers.js

@@ -2,7 +2,7 @@ jQuery(function($){
 
     let formipay_table_grid = new gridjs.Grid({
         server: {
-            url: formipay_customers_page.ajax_url+'?action=formipay-tabledata-customers&limit='+document.getElementById('limit').value+'&keyword='+document.getElementById('keyword').value,
+            url: formipay_customers_page.ajax_url+'?action=formipay-tabledata-customers&_wpnonce='+formipay_customers_page.nonce+'&limit='+document.getElementById('limit').value+'&keyword='+document.getElementById('keyword').value,
             then: data => {
                 
                 // if(data.posts_report){
@@ -52,7 +52,7 @@ jQuery(function($){
     $('#limit, #keyword').on('change', function(){
         formipay_table_grid.updateConfig({
             server: {
-                url: formipay_customers_page.ajax_url+'?action=formipay-tabledata-customers&limit='+document.getElementById('limit').value+'&keyword='+document.getElementById('keyword').value,
+                url: formipay_customers_page.ajax_url+'?action=formipay-tabledata-customers&_wpnonce='+formipay_customers_page.nonce+'&limit='+document.getElementById('limit').value+'&keyword='+document.getElementById('keyword').value,
                 then: data => data.results.map(
                     form => [form.ID, form.name, form.email, form.phone, form.total_order]
                 ),

admin/functions.php

@@ -9,7 +9,7 @@ function formipay_field_type_collection() {
         'number' => __( 'Number', 'formipay' ), 
         'date' => __( 'Date', 'formipay' ), 
         'datetime' => __( 'Date & Time', 'formipay' ), 
-        'color' => __( 'Number', 'formipay' ),
+        'color' => __( 'Color', 'formipay' ),
         'select' => __( 'Select Dropdown', 'formipay' ), 
         'checkbox' => __( 'Checkbox', 'formipay' ), 
         'radio' => __( 'Radio', 'formipay' ),

includes/Customer.php

@@ -162,7 +162,7 @@ class Customer {
 
         $where = [ 'id' => $customer_id ];
         // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching
-		$update = $wpdb->update( $table_name, $new_args, $where );
+		$update = $wpdb->update( $table, $insert_data, $where );
         
         return $update;
 
@@ -204,6 +204,7 @@ class Customer {
                 'ajax_url' => admin_url('admin-ajax.php'),
                 'site_url' => site_url(),
                 'customer_id' => $customer_id,
+                'nonce' => wp_create_nonce( 'formipay-admin-access-nonce' ),
                 'columns' => [
                     'id' => esc_html__( 'ID', 'formipay' ),
                     'name' => esc_html__( 'Name', 'formipay' ),
@@ -230,6 +231,8 @@ class Customer {
 
     public function formipay_tabledata_customers() {
 
+        check_ajax_referer( 'formipay-admin-access-nonce', '_wpnonce' );
+
         $get_all_customers = $this->get();
         $customers = [];
 

includes/Integration/Paypal.php

@@ -2,6 +2,7 @@
 namespace Formipay\Integration;
 use Formipay\Traits\SingletonTrait;
 use Formipay\Payment\Payment;
+use Formipay\Order as Order;
 // Exit if accessed directly
 if ( ! defined( 'ABSPATH' ) ) exit;
 

includes/Notification/Email.php

@@ -121,7 +121,7 @@ class Email extends Notification {
                     'meta_data' => $metadata
                 ];
 
-                \Formipay_Notification::update_notification_data($notification_id, $args);
+                parent::update_notification_data($notification_id, $args);
 
             }
 

includes/Order.php

@@ -914,7 +914,7 @@ class Order {
 
 		return $wpdb->delete(
 			$wpdb->prefix . 'formipay_orders',
-			['id' => $id],
+			['id' => $order_id],
 			['%d'],
 		);
 
@@ -1067,7 +1067,7 @@ class Order {
         $report = __( 'Done.', 'formipay' );
         if(!empty($ids)){
             foreach($ids as $id){
-                $delete = $this->delete($order_id);
+                $delete = $this->delete($id);
                 if(is_wp_error( $delete )){
                     $failed++;
                 }else{

includes/Payment/BankTransfer.php

@@ -128,15 +128,17 @@ class BankTransfer extends Payment {
             $order_data['payment_gateway'] == 'bank_transfer'
         ){
 
+            $unique_code = $this->check_unique_code();
+
             $details[] = [
                 'item'      => __( 'Unique Code', 'formipay' ),
-                'amount'    => $this->check_unique_code(),
-                'subtotal'  => floatval($this->check_unique_code()),
-                'context'   => floatval($this->check_unique_code()) < 0 ? 'sub' : 'add'
+                'amount'    => $unique_code,
+                'subtotal'  => floatval($unique_code),
+                'context'   => floatval($unique_code) < 0 ? 'sub' : 'add'
             ];
 
         }
-        
+
         return $details;
     }