["PO-252"]("WooCommerce : add isset validation for webhook payload")

razorpay · Dec 11, 2024 · 2e063bf · 2e063bf
1 parent 5771979
commit 2e063bf
Showing 1 changed file with 10 additions and 9 deletions.
diff --git a/includes/razorpay-webhook.php b/includes/razorpay-webhook.php
@@ -96,6 +96,13 @@ public function process()
             return;
         }
 
+        // Skip the webhook if not the valid data and event
+        if ($this->shouldConsumeWebhook($data) === false) {
+
+            rzpLogDebug("Webhook process exited in shouldConsumeWebhook function");
+            return;
+        }
+
         if (empty($data['event']) === false) {
 
             $orderId = $data['payload']['payment']['entity']['notes']['woocommerce_order_number'];
@@ -107,13 +114,6 @@ public function process()
                 $razorpayOrderId = ($data['event'] == self::SUBSCRIPTION_CHARGED) ? $razorpayOrderId : "No payment id in subscription event";
             }
 
-
-            // Skip the webhook if not the valid data and event
-            if ($this->shouldConsumeWebhook($data) === false) {
-                rzpLogInfo("Woocommerce orderId: $orderId webhook process exited in shouldConsumeWebhook function");
-
-                return;
-            }
             if (isset($_SERVER['HTTP_X_RAZORPAY_SIGNATURE']) === true) {
 
                 $razorpayWebhookSecret = (empty($this->razorpay->getSetting('webhook_secret')) === false) ? $this->razorpay->getSetting('webhook_secret') : get_option('webhook_secret');
@@ -526,8 +526,9 @@ protected function getPaymentEntity($razorpayPaymentId, $data)
     protected function shouldConsumeWebhook($data)
     {
         if ((isset($data['event']) === true) and
-            (in_array($data['event'], $this->eventsArray) === true) and
-            (isset($data['payload']['payment']['entity']['notes']['woocommerce_order_number']) === true or isset($data['payload']['subscription']['entity']['notes']['woocommerce_order_id']) === true)) {
+            ((in_array($data['event'], $this->eventsArray) === true) or
+            (in_array($data['event'], $this->subscriptionEvents) === true)) and
+            ((isset($data['payload']['payment']['entity']['notes']['woocommerce_order_number']) === true) or (isset($data['payload']['subscription']['entity']['notes']['woocommerce_order_id']) === true))) {
             return true;
         }