-
-
Notifications
You must be signed in to change notification settings - Fork 72
Fix checkout #270
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix checkout #270
Changes from all commits
76f87c6
13b1a3b
d4a4f4b
1ec8dae
3572168
b716755
3a65dce
1e56583
0f5ba46
3e72e05
a27018d
d9c50dd
0f3504e
a425ae0
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Large diffs are not rendered by default.
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -10,6 +10,7 @@ | |
| namespace WP_Ultimo\Checkout; | ||
|
|
||
| use WP_Ultimo\Database\Memberships\Membership_Status; | ||
| use WP_Ultimo\Database\Payments\Payment_Status; | ||
| use Arrch\Arrch as Array_Search; | ||
|
|
||
| // Exit if accessed directly | ||
|
|
@@ -475,11 +476,16 @@ protected function build_cart() { | |
|
|
||
| if (is_array($this->attributes->products)) { | ||
| /* | ||
| * Otherwise, we add the products to build the cart. | ||
| */ | ||
| * Otherwise, we add the products to build the cart. | ||
| */ | ||
| foreach ($this->attributes->products as $product_id) { | ||
| $this->add_product($product_id); | ||
| } | ||
|
|
||
| /* | ||
| * Cancel conflicting pending payments for new checkouts. | ||
| */ | ||
| $this->cancel_conflicting_pending_payments(); | ||
| } | ||
| } | ||
|
|
||
|
|
@@ -1581,6 +1587,13 @@ public function add_product($product_id_or_slug, $quantity = 1): bool { | |
| return false; | ||
| } | ||
|
|
||
| // Check if this product is already in the cart (prevents duplicates when building from payment/membership) | ||
| foreach ($this->products as $existing_product) { | ||
| if ($existing_product->get_id() === $product->get_id()) { | ||
| return true; // Silently skip duplicate | ||
| } | ||
| } | ||
|
|
||
| // Here we check if the product is recurring and if so, get the correct variation | ||
| if ($product->is_recurring() && ! empty($this->duration) && ($product->get_duration() !== $this->duration || $product->get_duration_unit() !== $this->duration_unit)) { | ||
| $product = $product->get_as_variation($this->duration, $this->duration_unit); | ||
|
|
@@ -1596,17 +1609,23 @@ public function add_product($product_id_or_slug, $quantity = 1): bool { | |
|
|
||
| if ($product->get_type() === 'plan') { | ||
| /* | ||
| * If we already have a plan, we can't add | ||
| * another one. Bail. | ||
| * If we already have a plan, we can't add another one | ||
| * unless it's the same plan (which can happen when | ||
| * building from payment/membership and products are passed). | ||
| */ | ||
| if ( ! empty($this->plan_id)) { | ||
| $message = __('Theres already a plan in this membership.', 'ultimate-multisite'); | ||
| if ( ! empty($this->plan_id) && $this->plan_id !== $product->get_id()) { | ||
| $message = __("There's already a plan in this membership.", 'ultimate-multisite'); | ||
|
|
||
| $this->errors->add('plan-already-added', $message); | ||
|
|
||
| return false; | ||
| } | ||
|
|
||
| // If it's the same plan, just skip adding it again | ||
| if ($this->plan_id === $product->get_id()) { | ||
| return true; | ||
| } | ||
|
|
||
| $this->plan_id = $product->get_id(); | ||
| $this->billing_cycles = $product->get_billing_cycles(); | ||
| } | ||
|
|
@@ -2771,4 +2790,35 @@ public function get_cart_url() { | |
| $base_url | ||
| ); | ||
| } | ||
|
|
||
| /** | ||
| * Cancels conflicting pending payments for new checkouts. | ||
| * | ||
| * @since 2.1.4 | ||
| * @return void | ||
| */ | ||
| protected function cancel_conflicting_pending_payments(): void { | ||
|
|
||
| if ('new' !== $this->cart_type || ! $this->customer) { | ||
| return; | ||
| } | ||
|
|
||
| $pending_payments = wu_get_payments( | ||
| [ | ||
| 'customer_id' => $this->customer->get_id(), | ||
| 'status' => Payment_Status::PENDING, | ||
| ] | ||
| ); | ||
|
|
||
| foreach ($pending_payments as $payment) { | ||
| // Cancel if it's not the same cart (simple check: different total or products) | ||
| $payment_total = $payment->get_total(); | ||
| $cart_total = $this->get_total(); | ||
|
|
||
| if (abs($payment_total - $cart_total) > 0.01) { // Allow small differences | ||
| $payment->set_status(Payment_Status::CANCELLED); | ||
| $payment->save(); | ||
| } | ||
| } | ||
| } | ||
|
Comment on lines
+2800
to
+2823
Contributor
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Cancellation logic may produce false positives for legitimate cart changes. The method cancels pending payments when the total differs by more than 0.01, but this could incorrectly cancel legitimate pending payments if:
Consider adding additional checks beyond just the total amount, such as comparing product IDs or requiring explicit user confirmation before cancelling. |
||
| } | ||
Uh oh!
There was an error while loading. Please reload this page.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🧩 Analysis chain
Verify dependency versions and security advisories.
The updated dependencies pin specific versions that may not align with your knowledge cutoff. Please verify that these versions exist and have no known vulnerabilities.
Run the following script to check package versions and security:
🏁 Script executed:
Length of output: 177
Fix non-existent dependency version:
wordpress/abilities-api^0.1.1 does not exist on Packagist.The version 0.1.1 of wordpress/abilities-api does not exist on Packagist, which will cause
composer installto fail. The wordpress/mcp-adapter commit hash (7a2d22cff92328bc94f5b1648a66ae4273e949c5) is valid and exists in the repository.Update line 36 in composer.json to use a version that actually exists on Packagist, or revert to the previous constraint.
🤖 Prompt for AI Agents
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
what about https://packagist.org/packages/wordpress/abilities-api
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🧩 Analysis chain
🌐 Web query:
💡 Result:
Available released tags on Packagist for wordpress/abilities-api (as listed on Packagist; last updated Oct 23, 2025):
(Plus various dev branches shown on the package page.) [1]
Source: Packagist package page for wordpress/abilities-api. [1]
@superdav42, you're absolutely right—I apologize for the confusion! Version 0.1.1 of
wordpress/abilities-apidoes exist on Packagist. According to the package page, available versions include v0.1.1, v0.1.0, v0.2.0, and v0.3.0 among others.The dependency update to
^0.1.1is valid and will work correctly withcomposer install. My earlier analysis was incorrect. The changes to both dependencies in this diff are fine:wordpress/abilities-api:^0.1.1✓ (exists on Packagist)wordpress/mcp-adapter:dev-trunk#7a2d22c...✓ (valid commit hash)Sorry for the false alarm!