From 864d26a781eb065e5db351a2ee5300e0745ee1ee Mon Sep 17 00:00:00 2001
From: rohitcbr <162538340+rohitcbr@users.noreply.github.com>
Date: Thu, 12 Dec 2024 17:19:51 +0530
Subject: [PATCH] ["PO-252"]("WooCommerce : add isset validation for webhook
 payload") (#579)

* ["PO-252"]("WooCommerce : add isset validation for webhook payload")

* reverting one change

* addressed review comment
---
 includes/razorpay-webhook.php | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/includes/razorpay-webhook.php b/includes/razorpay-webhook.php
index ce969c48..68a169d2 100644
--- a/includes/razorpay-webhook.php
+++ b/includes/razorpay-webhook.php
@@ -96,6 +96,13 @@ public function process()
             return;
         }
 
+        // Skip the webhook if not the valid data and event
+        if ($this->shouldConsumeWebhook($data) === false) {
+
+            rzpLogDebug("Invalid webhook trigger: " . json_encode($data));
+            return;
+        }
+
         if (empty($data['event']) === false) {
 
             $orderId = $data['payload']['payment']['entity']['notes']['woocommerce_order_number'];
@@ -107,13 +114,6 @@ public function process()
                 $razorpayOrderId = ($data['event'] == self::SUBSCRIPTION_CHARGED) ? $razorpayOrderId : "No payment id in subscription event";
             }
 
-
-            // Skip the webhook if not the valid data and event
-            if ($this->shouldConsumeWebhook($data) === false) {
-                rzpLogInfo("Woocommerce orderId: $orderId webhook process exited in shouldConsumeWebhook function");
-
-                return;
-            }
             if (isset($_SERVER['HTTP_X_RAZORPAY_SIGNATURE']) === true) {
                 
                 $razorpayWebhookSecret = (empty($this->razorpay->getSetting('webhook_secret')) === false) ? $this->razorpay->getSetting('webhook_secret') : get_option('webhook_secret');