From 47b046bb9f75ea33195dbc5830bb3c2bcfe3b729 Mon Sep 17 00:00:00 2001
From: Vlad Olaru <vlad@thinkwritecode.com>
Date: Fri, 8 Mar 2024 11:43:57 +0200
Subject: [PATCH 1/5] Reset onboarding stored test mode when reonboarding
 without URL param (#8336)

Co-authored-by: Oleksandr Aratovskyi <79862886+oaratovskyi@users.noreply.github.com>
---
 changelog/fix-8334-leftover-onboarding-sandbox-mode | 5 +++++
 includes/class-wc-payments-account.php              | 8 ++++++++
 2 files changed, 13 insertions(+)
 create mode 100644 changelog/fix-8334-leftover-onboarding-sandbox-mode

diff --git a/changelog/fix-8334-leftover-onboarding-sandbox-mode b/changelog/fix-8334-leftover-onboarding-sandbox-mode
new file mode 100644
index 00000000000..e5891e26fe5
--- /dev/null
+++ b/changelog/fix-8334-leftover-onboarding-sandbox-mode
@@ -0,0 +1,5 @@
+Significance: patch
+Type: fix
+Comment: Prevent leftover sandbox mode onboarding and allow for live onboarding on subsequent retries.
+
+
diff --git a/includes/class-wc-payments-account.php b/includes/class-wc-payments-account.php
index 57c63333962..215b48149a6 100644
--- a/includes/class-wc-payments-account.php
+++ b/includes/class-wc-payments-account.php
@@ -1085,6 +1085,14 @@ public function maybe_handle_onboarding() {
 			) ) {
 				// Redirect non-onboarded account to the onboarding flow, otherwise to payments overview page.
 				if ( ! $this->is_stripe_connected() ) {
+					$should_onboard_in_test_mode = isset( $_GET['test_mode'] ) ? boolval( wc_clean( wp_unslash( $_GET['test_mode'] ) ) ) : false;
+					if ( ! $should_onboard_in_test_mode && WC_Payments_Onboarding_Service::is_test_mode_enabled() ) {
+						// If there is no test mode in the URL informing us to onboard in test mode,
+						// but the onboarding test mode is enabled in our DB, we should disable it.
+						// This is most likely a leftover from a previous onboarding attempt.
+						WC_Payments_Onboarding_Service::set_test_mode( false );
+					}
+
 					$this->redirect_to_onboarding_flow_page( $source );
 				} else {
 					// Accounts with Stripe account connected will be redirected to the overview page.

From 6d26cffa9502f67962278182c88b37c9dea349d6 Mon Sep 17 00:00:00 2001
From: Guilherme Pressutto <gpressutto5@gmail.com>
Date: Fri, 8 Mar 2024 11:26:25 -0300
Subject: [PATCH 2/5] Fixed Clearpay aria-label for UK sites (#8348)

---
 changelog/fix-clearpay-aria-label   | 4 ++++
 client/payment-methods/constants.ts | 6 +++++-
 2 files changed, 9 insertions(+), 1 deletion(-)
 create mode 100644 changelog/fix-clearpay-aria-label

diff --git a/changelog/fix-clearpay-aria-label b/changelog/fix-clearpay-aria-label
new file mode 100644
index 00000000000..5d0c3f8a619
--- /dev/null
+++ b/changelog/fix-clearpay-aria-label
@@ -0,0 +1,4 @@
+Significance: patch
+Type: fix
+
+Fixed Clearpay aria-label for UK sites
diff --git a/client/payment-methods/constants.ts b/client/payment-methods/constants.ts
index 1a6794aa44c..ac661f2a079 100644
--- a/client/payment-methods/constants.ts
+++ b/client/payment-methods/constants.ts
@@ -20,6 +20,7 @@ enum PAYMENT_METHOD_IDS {
 	SOFORT = 'sofort',
 }
 
+const accountCountry = window.wcpaySettings?.accountStatus?.country || 'US';
 // This constant is used for rendering tooltip titles for payment methods in transaction list and details pages.
 // eslint-disable-next-line @typescript-eslint/naming-convention
 export const PAYMENT_METHOD_TITLES = {
@@ -27,7 +28,10 @@ export const PAYMENT_METHOD_TITLES = {
 	ach_debit: __( 'ACH Debit', 'woocommerce-payments' ),
 	acss_debit: __( 'ACSS Debit', 'woocommerce-payments' ),
 	affirm: __( 'Affirm', 'woocommerce-payments' ),
-	afterpay_clearpay: __( 'Afterpay', 'woocommerce-payments' ),
+	afterpay_clearpay:
+		'GB' === accountCountry
+			? __( 'Clearpay', 'woocommerce-payments' )
+			: __( 'Afterpay', 'woocommerce-payments' ),
 	alipay: __( 'Alipay', 'woocommerce-payments' ),
 	amex: __( 'American Express', 'woocommerce-payments' ),
 	au_becs_debit: __( 'AU BECS Debit', 'woocommerce-payments' ),

From 07c3e25335dde76b794d5ba9b6fee86becec88c4 Mon Sep 17 00:00:00 2001
From: Shendy <73803630+shendy-a8c@users.noreply.github.com>
Date: Sun, 10 Mar 2024 05:31:36 +0700
Subject: [PATCH 3/5] Validate deposit id before fetching deposit in
 `getDeposit()` (#8320)

Co-authored-by: Eric Jinks <3147296+Jinksi@users.noreply.github.com>
Co-authored-by: bruce aldridge <bruce.aldridge@gmail.com>
---
 ...update-deposit-details-validate-user-input |  4 ++
 client/data/deposits/resolvers.js             |  6 ++
 client/data/deposits/test/resolvers.js        | 71 ++++++++++++-------
 3 files changed, 57 insertions(+), 24 deletions(-)
 create mode 100644 changelog/update-deposit-details-validate-user-input

diff --git a/changelog/update-deposit-details-validate-user-input b/changelog/update-deposit-details-validate-user-input
new file mode 100644
index 00000000000..87bf37a3036
--- /dev/null
+++ b/changelog/update-deposit-details-validate-user-input
@@ -0,0 +1,4 @@
+Significance: minor
+Type: update
+
+Validate deposit id before sending a request to fetch deposit.
diff --git a/client/data/deposits/resolvers.js b/client/data/deposits/resolvers.js
index 65d6eda9d40..52961f25570 100644
--- a/client/data/deposits/resolvers.js
+++ b/client/data/deposits/resolvers.js
@@ -30,6 +30,12 @@ import { formatDateValue } from 'utils';
  * @param {string} id Identifier for specified deposit to retrieve.
  */
 export function* getDeposit( id ) {
+	// Validate input to avoid path traversal request.
+	// Avoid lookup if the id contains any unexpected characters.
+	if ( /\W/.test( id ) ) {
+		return;
+	}
+
 	const path = addQueryArgs( `${ NAMESPACE }/deposits/${ id }` );
 
 	try {
diff --git a/client/data/deposits/test/resolvers.js b/client/data/deposits/test/resolvers.js
index 71c9c4e16dd..7678aba1717 100644
--- a/client/data/deposits/test/resolvers.js
+++ b/client/data/deposits/test/resolvers.js
@@ -20,6 +20,8 @@ import {
 
 import { getDeposit, getDeposits, getDepositsSummary } from '../resolvers';
 
+jest.mock( '@wordpress/data-controls' );
+
 const depositsResponse = {
 	data: [
 		{
@@ -57,36 +59,54 @@ const filterQuery = {
 };
 
 describe( 'getDeposit resolver', () => {
-	let generator = null;
+	describe( 'on', () => {
+		let generator = null;
 
-	beforeEach( () => {
-		generator = getDeposit( 'test_dep_1' );
-		expect( generator.next().value ).toEqual(
-			apiFetch( { path: '/wc/v3/payments/deposits/test_dep_1' } )
-		);
-	} );
+		beforeEach( () => {
+			generator = getDeposit( 'test_dep_1' );
+			expect( generator.next().value ).toEqual(
+				apiFetch( { path: '/wc/v3/payments/deposits/test_dep_1' } )
+			);
+		} );
 
-	afterEach( () => {
-		expect( generator.next().done ).toStrictEqual( true );
-	} );
+		afterEach( () => {
+			expect( generator.next().done ).toStrictEqual( true );
+		} );
 
-	describe( 'on success', () => {
-		test( 'should update state with deposit data', () => {
-			expect(
-				generator.next( depositsResponse.data[ 0 ] ).value
-			).toEqual( updateDeposit( depositsResponse.data[ 0 ] ) );
+		describe( 'success', () => {
+			test( 'should update state with deposit data', () => {
+				expect(
+					generator.next( depositsResponse.data[ 0 ] ).value
+				).toEqual( updateDeposit( depositsResponse.data[ 0 ] ) );
+			} );
+		} );
+
+		describe( 'error', () => {
+			test( 'should update state with error on error', () => {
+				expect( generator.throw( errorResponse ).value ).toEqual(
+					controls.dispatch(
+						'core/notices',
+						'createErrorNotice',
+						expect.any( String )
+					)
+				);
+			} );
 		} );
 	} );
 
-	describe( 'on error', () => {
-		test( 'should update state with error on error', () => {
-			expect( generator.throw( errorResponse ).value ).toEqual(
-				controls.dispatch(
-					'core/notices',
-					'createErrorNotice',
-					expect.any( String )
-				)
-			);
+	describe( 'validation', () => {
+		let generator = null;
+
+		beforeEach( () => {
+			jest.clearAllMocks();
+		} );
+
+		test( "shouldn't fetch deposit with non-word-character deposit id", () => {
+			generator = getDeposit( '../path?a=b&c=d' );
+			const next = generator.next();
+			expect( next.value ).toStrictEqual( undefined );
+			expect( next.done ).toStrictEqual( true );
+			expect( apiFetch ).not.toBeCalled();
 		} );
 	} );
 } );
@@ -101,6 +121,9 @@ describe( 'getDeposits resolver', () => {
 		'page=1&pagesize=25&match=all&store_currency_is=gbp&date_before=2020-04-29%2003%3A59%3A59&date_after=2020-04-29%2004%3A00%3A00&date_between%5B0%5D=2020-04-28%2004%3A00%3A00&date_between%5B1%5D=2020-04-30%2003%3A59%3A59&status_is=paid&status_is_not=failed';
 
 	beforeEach( () => {
+		apiFetch.mockImplementation( () => {
+			return 'something';
+		} );
 		generator = getDeposits( query );
 		expect( generator.next().value ).toEqual(
 			apiFetch( {

From 2bca6c870266dc59f9257c40331d0483a5486a01 Mon Sep 17 00:00:00 2001
From: Timur Karimov <timur.karimow.95@gmail.com>
Date: Mon, 11 Mar 2024 08:55:11 +0100
Subject: [PATCH 4/5] Redirect input to terminal only when running through
 terminal (#8362)

Co-authored-by: Timur Karimov <timurkarimov@timurs-macbook-pro.home>
---
 .husky/pre-push                 | 7 +++++--
 changelog/enhance-pre-push-hook | 4 ++++
 2 files changed, 9 insertions(+), 2 deletions(-)
 create mode 100644 changelog/enhance-pre-push-hook

diff --git a/.husky/pre-push b/.husky/pre-push
index 3dc4fa4bcd0..05b3f2a4632 100755
--- a/.husky/pre-push
+++ b/.husky/pre-push
@@ -1,8 +1,11 @@
 #!/bin/bash
 . "$(dirname "$0")/_/husky.sh"
 
-# Allows us to read user input below, redirects script's input to the terminal.
-exec < /dev/tty
+# check if main stream (stdout and stderr) are attached to the terminal
+if [ -t 1 ] && [ -t 2 ]; then
+    # Allows us to read user input below, redirects script's input to the terminal.
+    exec < /dev/tty
+fi
 
 PROTECTED_BRANCH=("develop" "trunk")
 CURRENT_BRANCH=$(git branch --show-current)
diff --git a/changelog/enhance-pre-push-hook b/changelog/enhance-pre-push-hook
new file mode 100644
index 00000000000..9a3b3e2919c
--- /dev/null
+++ b/changelog/enhance-pre-push-hook
@@ -0,0 +1,4 @@
+Significance: minor
+Type: dev
+
+Ensure pre-push hook understands terminal & non-terminal environments

From dd073887cd5221c389d50150decf0d5c63e6ce63 Mon Sep 17 00:00:00 2001
From: Timur Karimov <timur.karimow.95@gmail.com>
Date: Mon, 11 Mar 2024 09:05:12 +0100
Subject: [PATCH 5/5] Ensure every gateway has individual settings object
 (#8361)

Co-authored-by: Timur Karimov <timurkarimov@timurs-macbook-pro.home>
---
 changelog/fix-gateway-individual-settings   | 4 ++++
 includes/class-wc-payment-gateway-wcpay.php | 3 +--
 2 files changed, 5 insertions(+), 2 deletions(-)
 create mode 100644 changelog/fix-gateway-individual-settings

diff --git a/changelog/fix-gateway-individual-settings b/changelog/fix-gateway-individual-settings
new file mode 100644
index 00000000000..6eb09cd2a3a
--- /dev/null
+++ b/changelog/fix-gateway-individual-settings
@@ -0,0 +1,4 @@
+Significance: minor
+Type: fix
+
+Ensure every gateway has individual settings object.
diff --git a/includes/class-wc-payment-gateway-wcpay.php b/includes/class-wc-payment-gateway-wcpay.php
index 423d42ba190..98ce26aaed2 100644
--- a/includes/class-wc-payment-gateway-wcpay.php
+++ b/includes/class-wc-payment-gateway-wcpay.php
@@ -2399,8 +2399,7 @@ public function get_option( $key, $empty_value = null ) {
 	 * Overrides parent method so the option key is the same as the parent class.
 	 */
 	public function get_option_key() {
-		// Intentionally using self instead of static so options are loaded from main gateway settings.
-		return $this->plugin_id . self::GATEWAY_ID . '_settings';
+		return $this->plugin_id . $this->id . '_settings';
 	}