Updates to 1.8.9

changelog.txt

@@ -1,5 +1,11 @@
 *** Xero Integration ***
 
+2024-08-19 - version 1.8.9
+* Fix - PHPCompatibility errors reported by the QIT test.
+* Dev - Bump WooCommerce "tested up to" version 9.2.
+* Dev - Bump WooCommerce minimum supported version to 9.0.
+* Dev - Fix QIT E2E tests and add support for a few new test types.
+
 2024-07-22 - version 1.8.8
 * Dev - Bump WooCommerce "tested up to" version 9.1.
 * Dev - Bump WooCommerce minimum supported version to 8.9.

includes/class-wc-xr-address.php

@@ -25,7 +25,7 @@ public function get_type() {
 	 * @param string $type
 	 */
 	public function set_type( $type ) {
-		$this->type = htmlspecialchars( $type );
+		$this->type = htmlspecialchars( $type, ENT_COMPAT );
 	}
 
 	/**
@@ -39,7 +39,7 @@ public function get_line_1() {
 	 * @param string $line_1
 	 */
 	public function set_line_1( $line_1 ) {
-		$this->line_1 = htmlspecialchars( $line_1 );
+		$this->line_1 = htmlspecialchars( $line_1, ENT_COMPAT );
 	}
 
 	/**
@@ -53,7 +53,7 @@ public function get_line_2() {
 	 * @param string $line_2
 	 */
 	public function set_line_2( $line_2 ) {
-		$this->line_2 = htmlspecialchars( $line_2 );
+		$this->line_2 = htmlspecialchars( $line_2, ENT_COMPAT );
 	}
 
 	/**
@@ -67,7 +67,7 @@ public function get_city() {
 	 * @param string $city
 	 */
 	public function set_city( $city ) {
-		$this->city = htmlspecialchars( $city );
+		$this->city = htmlspecialchars( $city, ENT_COMPAT );
 	}
 
 	/**
@@ -81,7 +81,7 @@ public function get_region() {
 	 * @param string $region
 	 */
 	public function set_region( $region ) {
-		$this->region = htmlspecialchars( $region );
+		$this->region = htmlspecialchars( $region, ENT_COMPAT );
 	}
 
 	/**
@@ -95,7 +95,7 @@ public function get_postal_code() {
 	 * @param string $postal_code
 	 */
 	public function set_postal_code( $postal_code ) {
-		$this->postal_code = htmlspecialchars( $postal_code );
+		$this->postal_code = htmlspecialchars( $postal_code, ENT_COMPAT );
 	}
 
 	/**
@@ -109,7 +109,7 @@ public function get_country() {
 	 * @param string $country
 	 */
 	public function set_country( $country ) {
-		$this->country = htmlspecialchars( $country );
+		$this->country = htmlspecialchars( $country, ENT_COMPAT );
 	}
 
 	/**

includes/class-wc-xr-contact.php

@@ -40,7 +40,7 @@ public function get_name() {
 	 * @param string $name
 	 */
 	public function set_name( $name ) {
-		$this->name = htmlspecialchars( $name );
+		$this->name = htmlspecialchars( $name, ENT_COMPAT );
 	}
 
 	/**
@@ -54,7 +54,7 @@ public function get_first_name() {
 	 * @param string $first_name
 	 */
 	public function set_first_name( $first_name ) {
-		$this->first_name = htmlspecialchars( $first_name );
+		$this->first_name = htmlspecialchars( $first_name, ENT_COMPAT );
 	}
 
 	/**
@@ -68,7 +68,7 @@ public function get_last_name() {
 	 * @param string $last_name
 	 */
 	public function set_last_name( $last_name ) {
-		$this->last_name = htmlspecialchars( $last_name );
+		$this->last_name = htmlspecialchars( $last_name, ENT_COMPAT );
 	}
 
 	/**
@@ -82,7 +82,7 @@ public function get_email_address() {
 	 * @param string $email_address
 	 */
 	public function set_email_address( $email_address ) {
-		$this->email_address = htmlspecialchars( $email_address );
+		$this->email_address = htmlspecialchars( $email_address, ENT_COMPAT );
 	}
 
 	/**

includes/class-wc-xr-line-item.php

@@ -86,7 +86,7 @@ public function get_description() {
 	 * @param string $description
 	 */
 	public function set_description( $description ) {
-		$this->description = htmlspecialchars( $description );
+		$this->description = htmlspecialchars( $description, ENT_COMPAT );
 	}
 
 	/**

includes/class-wc-xr-oauth-simple.php

@@ -407,57 +407,65 @@ function _normalizedParameters($filter='false') {
         return join('&',$elements);
     }
 
-    function _generateSignature () {
-        $secretKey = '';
-	if(isset($this->_secrets['shared_secret']))
-	    $secretKey = $this->_oauthEscape($this->_secrets['shared_secret']);
-	$secretKey .= '&';
-	if(isset($this->_secrets['oauth_secret']))
-            $secretKey .= $this->_oauthEscape($this->_secrets['oauth_secret']);
-        switch($this->_parameters['oauth_signature_method'])
-        {
-        	case 'RSA-SHA1':
-
-        		// Fetch the public key  
-                $publickey = openssl_get_publickey($this->_secrets['public_key']);
-                if ( $publickey == false ) {
-				    throw new WC_XR_OAuthSimpleException('Unable to retrieve public key.');
-	                return;
-                }  
-
-                // Fetch the private key 
-                $privatekeyid = openssl_get_privatekey($this->_secrets['private_key']);
-                if ( $privatekeyid == false ) {
-				    throw new WC_XR_OAuthSimpleException('Unable to retrieve private key.');
-	                return;
-                }  
-
-                // Sign using the key
-
-                $this->sbs = $this->_oauthEscape($this->_action).'&'.$this->_oauthEscape($this->_path).'&'.$this->_oauthEscape($this->_normalizedParameters());
-
-               $ok = openssl_sign($this->sbs, $signature, $privatekeyid);
-                if ( $ok == false ) {
-				    throw new WC_XR_OAuthSimpleException('Error generating signature.');
-	                return;
-                }  
-
-                  // Release the key resource
-				openssl_free_key($privatekeyid);
-
-               return base64_encode($signature);
-               //return base64_encode(hash_hmac('sha1',$this->sbs,$secretKey,true));
-
-            case 'PLAINTEXT':
-                return urlencode($secretKey);
+	/**
+	 * Generate the signature.
+	 *
+	 * @throws WC_XR_OAuthSimpleException If the signature method is unknown.
+	 *
+	 * @return string The signature.
+	 */
+	public function generate_signature() {
+		$secret_key = '';
 
-            case 'HMAC-SHA1':
-                $this->sbs = $this->_oauthEscape($this->_action).'&'.$this->_oauthEscape($this->_path).'&'.$this->_oauthEscape($this->_normalizedParameters());
-                //error_log('SBS: '.$sigString);
-                return base64_encode(hash_hmac('sha1',$this->sbs,$secretKey,true));
+		if ( isset( $this->_secrets['shared_secret'] ) ) {
+			$secret_key .= $this->_oauth_escape( $this->_secrets['shared_secret'] );
+		}
 
-            default:
-                throw new WC_XR_OAuthSimpleException('Unknown signature method for OAuthSimple');
-        }
-    }
+		$secret_key .= '&';
+
+		if ( isset( $this->_secrets['oauth_secret'] ) ) {
+			$secret_key .= $this->_oauth_escape( $this->_secrets['oauth_secret'] );
+		}
+
+		switch ( $this->_parameters['oauth_signature_method'] ) {
+			case 'RSA-SHA1':
+				// Fetch the public key.
+				$public_key = openssl_get_publickey( $this->_secrets['public_key'] );
+
+				if ( false === $public_key ) {
+					throw new WC_XR_OAuthSimpleException( 'Unable to retrieve public key.' );
+				}
+
+				// Fetch the private key.
+				$private_key_id = openssl_get_privatekey( $this->_secrets['private_key'] );
+
+				if ( false === $private_key_id ) {
+					throw new WC_XR_OAuthSimpleException( 'Unable to retrieve private key.' );
+				}
+
+				// Sign using the key.
+				$this->sbs = $this->_oauth_escape( $this->_action ) . '&' . $this->_oauth_escape( $this->_path ) . '&' . $this->_oauth_escape( $this->_normalized_parameters() );
+
+				$ok = openssl_sign( $this->sbs, $signature, $private_key_id );
+
+				if ( false === $ok ) {
+					throw new WC_XR_OAuthSimpleException( 'Error generating signature.' );
+				}
+
+				// Release the key resource.
+				unset( $private_key_id );
+
+				return base64_encode( $signature ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.obfuscation_base64_encode
+
+			case 'PLAINTEXT':
+				return urlencode( $secret_key ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.urlencode_urlencode
+
+			case 'HMAC-SHA1':
+				$this->sbs = $this->_oauth_escape( $this->_action ) . '&' . $this->_oauth_escape( $this->_path ) . '&' . $this->_oauth_escape( $this->_normalized_parameters() );
+				return base64_encode( hash_hmac( 'sha1', $this->sbs, $secret_key, true ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.obfuscation_base64_encode
+
+			default:
+				throw new WC_XR_OAuthSimpleException( 'Unknown signature method for OAuthSimple' );
+		}
+	}
 }

includes/class-wc-xr-phone.php

@@ -29,7 +29,7 @@ public function get_type() {
 	 * @param string $type
 	 */
 	public function set_type( $type ) {
-		$this->type = htmlspecialchars( $type );
+		$this->type = htmlspecialchars( $type, ENT_COMPAT );
 	}
 
 	/**
@@ -43,7 +43,7 @@ public function get_number() {
 	 * @param string $number
 	 */
 	public function set_number( $number ) {
-		$this->number = htmlspecialchars( $number );
+		$this->number = htmlspecialchars( $number, ENT_COMPAT );
 	}
 
 	/**

languages/woocommerce-xero.pot

@@ -2,9 +2,9 @@
 # This file is distributed under the same license as the WooCommerce Xero Integration package.
 msgid ""
 msgstr ""
-"Project-Id-Version: WooCommerce Xero Integration 1.8.8\n"
+"Project-Id-Version: WooCommerce Xero Integration 1.8.9\n"
 "Report-Msgid-Bugs-To: https://wordpress.org/support/plugin/woocommerce-xero\n"
-"POT-Creation-Date: 2024-07-22 16:05:03+00:00\n"
+"POT-Creation-Date: 2024-08-19 14:03:55+00:00\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=utf-8\n"
 "Content-Transfer-Encoding: 8bit\n"

lib/packages/firebase/php-jwt/src/BeforeValidException.php

@@ -2,7 +2,7 @@
 /**
  * @license BSD-3-Clause
  *
- * Modified by woocommerce on 22-July-2024 using Strauss.
+ * Modified by woocommerce on 19-August-2024 using Strauss.
  * @see https://github.com/BrianHenryIE/strauss
  */
 

lib/packages/firebase/php-jwt/src/CachedKeySet.php

@@ -2,7 +2,7 @@
 /**
  * @license BSD-3-Clause
  *
- * Modified by woocommerce on 22-July-2024 using Strauss.
+ * Modified by woocommerce on 19-August-2024 using Strauss.
  * @see https://github.com/BrianHenryIE/strauss
  */
 

lib/packages/firebase/php-jwt/src/ExpiredException.php

@@ -2,7 +2,7 @@
 /**
  * @license BSD-3-Clause
  *
- * Modified by woocommerce on 22-July-2024 using Strauss.
+ * Modified by woocommerce on 19-August-2024 using Strauss.
  * @see https://github.com/BrianHenryIE/strauss
  */
 

lib/packages/firebase/php-jwt/src/JWK.php

@@ -2,7 +2,7 @@
 /**
  * @license BSD-3-Clause
  *
- * Modified by woocommerce on 22-July-2024 using Strauss.
+ * Modified by woocommerce on 19-August-2024 using Strauss.
  * @see https://github.com/BrianHenryIE/strauss
  */
 

lib/packages/firebase/php-jwt/src/JWT.php

@@ -2,7 +2,7 @@
 /**
  * @license BSD-3-Clause
  *
- * Modified by woocommerce on 22-July-2024 using Strauss.
+ * Modified by woocommerce on 19-August-2024 using Strauss.
  * @see https://github.com/BrianHenryIE/strauss
  */
 

lib/packages/firebase/php-jwt/src/JWTExceptionWithPayloadInterface.php

@@ -2,7 +2,7 @@
 /**
  * @license BSD-3-Clause
  *
- * Modified by woocommerce on 22-July-2024 using Strauss.
+ * Modified by woocommerce on 19-August-2024 using Strauss.
  * @see https://github.com/BrianHenryIE/strauss
  */
 namespace Automattic\WooCommerce\Xero\Vendor\Firebase\JWT;

lib/packages/firebase/php-jwt/src/Key.php

@@ -2,7 +2,7 @@
 /**
  * @license BSD-3-Clause
  *
- * Modified by woocommerce on 22-July-2024 using Strauss.
+ * Modified by woocommerce on 19-August-2024 using Strauss.
  * @see https://github.com/BrianHenryIE/strauss
  */
 

lib/packages/firebase/php-jwt/src/SignatureInvalidException.php

@@ -2,7 +2,7 @@
 /**
  * @license BSD-3-Clause
  *
- * Modified by woocommerce on 22-July-2024 using Strauss.
+ * Modified by woocommerce on 19-August-2024 using Strauss.
  * @see https://github.com/BrianHenryIE/strauss
  */
 

lib/packages/guzzlehttp/guzzle/src/BodySummarizer.php

@@ -2,7 +2,7 @@
 /**
  * @license MIT
  *
- * Modified by woocommerce on 22-July-2024 using Strauss.
+ * Modified by woocommerce on 19-August-2024 using Strauss.
  * @see https://github.com/BrianHenryIE/strauss
  */
 

lib/packages/guzzlehttp/guzzle/src/BodySummarizerInterface.php

@@ -2,7 +2,7 @@
 /**
  * @license MIT
  *
- * Modified by woocommerce on 22-July-2024 using Strauss.
+ * Modified by woocommerce on 19-August-2024 using Strauss.
  * @see https://github.com/BrianHenryIE/strauss
  */
 

lib/packages/guzzlehttp/guzzle/src/Client.php

@@ -2,7 +2,7 @@
 /**
  * @license MIT
  *
- * Modified by woocommerce on 22-July-2024 using Strauss.
+ * Modified by woocommerce on 19-August-2024 using Strauss.
  * @see https://github.com/BrianHenryIE/strauss
  */
 

lib/packages/guzzlehttp/guzzle/src/ClientInterface.php

@@ -2,7 +2,7 @@
 /**
  * @license MIT
  *
- * Modified by woocommerce on 22-July-2024 using Strauss.
+ * Modified by woocommerce on 19-August-2024 using Strauss.
  * @see https://github.com/BrianHenryIE/strauss
  */
 

lib/packages/guzzlehttp/guzzle/src/ClientTrait.php

@@ -2,7 +2,7 @@
 /**
  * @license MIT
  *
- * Modified by woocommerce on 22-July-2024 using Strauss.
+ * Modified by woocommerce on 19-August-2024 using Strauss.
  * @see https://github.com/BrianHenryIE/strauss
  */
 

lib/packages/guzzlehttp/guzzle/src/Cookie/CookieJar.php

@@ -2,7 +2,7 @@
 /**
  * @license MIT
  *
- * Modified by woocommerce on 22-July-2024 using Strauss.
+ * Modified by woocommerce on 19-August-2024 using Strauss.
  * @see https://github.com/BrianHenryIE/strauss
  */