3.6.0

Comply with new validation rules from Magento

Author: QuentinFintecture

CHANGELOG.md

@@ -4,10 +4,10 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
 
-## [3.5.6] - 2025-11-24
+## [3.6.0] - 2025-11-24
 
 - Fix a typo on a Fintecture URL
-- Internal fix
+- Internal fixes
 
 ## [3.5.5] - 2025-02-24
 

Gateway/Config/Config.php

@@ -7,7 +7,7 @@
 class Config extends BaseConfig
 {
     public const CODE = 'fintecture';
-    public const VERSION = '3.5.6';
+    public const VERSION = '3.6.0';
 
     public const KEY_SHOP_NAME = 'general/store_information/name';
     public const KEY_ACTIVE = 'active';

README.md

@@ -1,6 +1,6 @@
 # Fintecture module for Magento 2.4 & 2.3
 
-[![Latest Stable Version](http://poser.pugx.org/fintecture/payment/v)](https://packagist.org/packages/fintecture/payment) [![Total Downloads](http://poser.pugx.org/fintecture/payment/downloads)](https://packagist.org/packages/fintecture/payment) [![Monthly Downloads](http://poser.pugx.org/fintecture/payment/d/monthly)](https://packagist.org/fintecture/payment/payment) [![License](http://poser.pugx.org/fintecture/payment/license)](https://packagist.org/packages/fintecture/payment) [![PHP Version Require](http://poser.pugx.org/fintecture/payment/require/php)](https://packagist.org/packages/fintecture/payment)
+[![Latest Stable Version](http://poser.pugx.org/fintecture/payment/v)](https://packagist.org/packages/fintecture/payment) [![Total Downloads](http://poser.pugx.org/fintecture/payment/downloads)](https://packagist.org/packages/fintecture/payment) [![Monthly Downloads](http://poser.pugx.org/fintecture/payment/d/monthly)](https://packagist.org/packages/fintecture/payment) [![License](http://poser.pugx.org/fintecture/payment/license)](https://packagist.org/packages/fintecture/payment) [![PHP Version Require](http://poser.pugx.org/fintecture/payment/require/php)](https://packagist.org/packages/fintecture/payment)
 
 Fintecture is a Fintech that has a payment solution via bank transfer available at https://www.fintecture.com.
 

Setup/Patch/Data/RemoveFintectureBankTypeConfig.php

@@ -43,6 +43,6 @@ public function getAliases()
 
     public static function getVersion(): string
     {
-        return '3.5.6';
+        return '3.6.0';
     }
 }

composer.json

@@ -10,7 +10,7 @@
     "email": "contact@fintecture.com"
   },
   "type": "magento2-module",
-  "version": "3.5.6",
+  "version": "3.6.0",
   "license": [
     "GPL-3.0"
   ],

etc/module.xml

@@ -1,7 +1,7 @@
 <?xml version="1.0"?>
 <config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:noNamespaceSchemaLocation="urn:magento:framework:Module/etc/module.xsd">
-    <module name="Fintecture_Payment" setup_version="3.5.6">
+    <module name="Fintecture_Payment" setup_version="3.6.0">
         <sequence>
             <module name="Magento_Sales"/>
             <module name="Magento_Payment"/>

view/adminhtml/templates/system/config/button.phtml

@@ -5,13 +5,12 @@ declare(strict_types=1);
 use Fintecture\Payment\Block\System\Config\Button;
 
 /** @var Button $block */
-echo $block->getButtonHtml();
-?>
+?><?= /* @noEscape */ $block->getButtonHtml() ?>
 <div id="connection-test-result" class="message">
     <span class="message-text">
         <strong></strong>
     </span>
 </div>
 <script>
-    const connectionTestUrl = '<?php echo $block->getCustomUrl(); ?>';
+    const connectionTestUrl = '<?= $block->escapeJs($block->getCustomUrl()) ?>';
 </script>

view/frontend/templates/html/checkout/order/error.phtml

@@ -6,18 +6,41 @@ $status = $block->getPaymentStatus();
 <?php if (!empty($status)): ?>
     <?php if ($status === 'sca_required'): ?>
         <div class="fintecture-alert fintecture-alert-warning">
-            <img src="<?php echo $block->getViewFileUrl('Fintecture_Payment::images/warning.svg'); ?>">
-            <p><?php echo __('The payment has been cancelled and the transaction could not be completed.'); ?></p>
+            <img src="<?= $block->escapeUrl(
+                $block->getViewFileUrl('Fintecture_Payment::images/warning.svg')
+            ) ?>">
+            <p>
+                <?= $block->escapeHtml(__(
+                    'The payment has been cancelled and the transaction could not be completed.'
+                )) ?>
+            </p>
         </div>
     <?php elseif ($status === 'payment_unsuccessful'): ?>
         <div class="fintecture-alert fintecture-alert-danger">
-            <img src="<?php echo $block->getViewFileUrl('Fintecture_Payment::images/error.svg'); ?>">
-            <p><?php echo __('The payment has failed. Please select another bank or another payment method.'); ?></p>
+            <img src="<?= $block->escapeUrl(
+                $block->getViewFileUrl('Fintecture_Payment::images/error.svg')
+            ) ?>">
+            <p>
+                <?= $block->escapeHtml(__(
+                    'The payment has failed. Please select another bank or another payment method.'
+                )) ?>
+            </p>
         </div>
     <?php elseif ($status === 'payment_error' || $status === 'cms_internal_error'): ?>
         <div class="fintecture-alert fintecture-alert-danger">
-            <img src="<?php echo $block->getViewFileUrl('Fintecture_Payment::images/error.svg'); ?>">
-            <p><?php echo __('A technical error has occurred. Please contact <a href="%1" target="_blank">the merchant</a> or Fintecture by email at <a href="mailto:%2">%2</a> or via <a href="%3" target="_blank">chat</a>.', $block->getUrl('contact'), 'support@fintecture.com', 'https://help.fintecture.com'); ?></p>
+            <img src="<?= $block->escapeUrl(
+                $block->getViewFileUrl('Fintecture_Payment::images/error.svg')
+            ) ?>">
+            <p>
+                <?= /* @noEscape */ __(
+                    'A technical error has occurred. Please contact '
+                    . '<a href="%1" target="_blank">the merchant</a> or Fintecture '
+                    . 'by email at <a href="mailto:%2">%2</a> or via <a href="%3" target="_blank">chat</a>.',
+                    $block->escapeUrl($block->getUrl('contact')),
+                    $block->escapeHtml('support@fintecture.com'),
+                    $block->escapeUrl('https://help.fintecture.com')
+                ) ?>
+            </p>
         </div>
     <?php endif ?>
 <?php endif ?>

view/frontend/templates/html/checkout/order/success.phtml

@@ -3,12 +3,25 @@
 ?>
 <?php if ($block->getPaymentStatus() === 'payment_created'): ?>
     <div class="fintecture-alert fintecture-alert-success">
-        <img src="<?php echo $block->getViewFileUrl('Fintecture_Payment::images/success.svg'); ?>">
-        <p><?php echo __('Your payment with Fintecture has been successfully processed!'); ?></p>
+        <img src="<?= $block->escapeUrl(
+            $block->getViewFileUrl('Fintecture_Payment::images/success.svg')
+        ) ?>">
+        <p>
+            <?= $block->escapeHtml(__(
+                'Your payment with Fintecture has been successfully processed!'
+            )) ?>
+        </p>
     </div>
 <?php elseif ($block->getPaymentStatus() === 'payment_pending'): ?>
     <div class="fintecture-alert fintecture-alert-info">
-        <img src="<?php echo $block->getViewFileUrl('Fintecture_Payment::images/info.svg'); ?>">
-        <p><?php echo __('Your payment with Fintecture is currently being processed by your bank. You can track the status of your payment using the link provided in the confirmation email.'); ?></p>
+        <img src="<?= $block->escapeUrl(
+            $block->getViewFileUrl('Fintecture_Payment::images/info.svg')
+        ) ?>">
+        <p>
+            <?= $block->escapeHtml(__(
+                'Your payment with Fintecture is currently being processed by your bank. '
+                . 'You can track the status of your payment using the link provided in the confirmation email.'
+            )) ?>
+        </p>
     </div>
 <?php endif; ?>

view/frontend/templates/html/qrcode.phtml

@@ -4,40 +4,64 @@
 <div style="text-align: center;">
     <?php
     if ($block->getData('confirm')) {
-    ?>
-        <h2><?php echo __('Order validated'); ?></h2>
+        ?>
+        <h2><?= $block->escapeHtml(__('Order validated')) ?></h2>
 
-        <p><?php echo __('If the payment has been made, then the order will be validated in a few moments.'); ?></p>
+        <p>
+            <?= $block->escapeHtml(__(
+                'If the payment has been made, then the order will be validated in a few moments.'
+            )) ?>
+        </p>
 
-        <p><b><?php echo $block->getData('amount'); ?> <?php echo $block->getData('currency'); ?></b></p>
-        <p><?php echo $block->getData('reference'); ?></p>
-        <p><?php echo $block->getData('sessionId'); ?></p>
+        <p>
+            <b>
+                <?= $block->escapeHtml($block->getData('amount')) ?>
+                <?= $block->escapeHtml($block->getData('currency')) ?>
+            </b>
+        </p>
+        <p><?= $block->escapeHtml($block->getData('reference')) ?></p>
+        <p><?= $block->escapeHtml($block->getData('sessionId')) ?></p>
 
-        <a href="<?php echo $block->getData('baseUrl'); ?>" class="action primary" style="margin-top: 20px;">
-            <?php echo __('Return to the homepage'); ?>
+        <a href="<?= $block->escapeUrl($block->getData('baseUrl')) ?>"
+           class="action primary"
+           style="margin-top: 20px;">
+            <?= $block->escapeHtml(__('Return to the homepage')) ?>
         </a>
-    <?php
+        <?php
     } else {
-    ?>
-        <h2><?php echo __('Scan this QR Code to pay with Fintecture'); ?></h2>
+        ?>
+        <h2><?= $block->escapeHtml(__('Scan this QR Code to pay with Fintecture')) ?></h2>
 
-        <img src="<?php echo $block->getData('qrCode'); ?>">
+        <img src="<?= $block->escapeUrl($block->getData('qrCode')) ?>">
 
-        <p><b><?php echo $block->getData('amount'); ?> <?php echo $block->getData('currency'); ?></b></p>
-        <p><?php echo $block->getData('reference'); ?></p>
-        <p><?php echo $block->getData('sessionId'); ?></p>
+        <p>
+            <b>
+                <?= $block->escapeHtml($block->getData('amount')) ?>
+                <?= $block->escapeHtml($block->getData('currency')) ?>
+            </b>
+        </p>
+        <p><?= $block->escapeHtml($block->getData('reference')) ?></p>
+        <p><?= $block->escapeHtml($block->getData('sessionId')) ?></p>
 
-        <a href="<?php echo $block->getData('confirmUrl'); ?>" title="<?php echo __('Continue'); ?>" class="action primary" style="margin-top: 20px;">
-            <?php echo __('Continue'); ?>
+        <a href="<?= $block->escapeUrl($block->getData('confirmUrl')) ?>"
+           title="<?= $block->escapeHtmlAttr(__('Continue')) ?>"
+           class="action primary"
+           style="margin-top: 20px;">
+            <?= $block->escapeHtml(__('Continue')) ?>
         </a>
-    <?php
+        <?php
     }
     ?>
 
-    <div style="margin-top: 20px; display: flex; flex-direction: column; align-items: center; justify-content: center; gap: 8px;">
+    <div style="margin-top: 20px; display: flex; flex-direction: column; align-items: center;
+                justify-content: center; gap: 8px;">
         <span style="text-transform: uppercase; color: #0B1643; font-weight: bold; font-size: 0.8em;">
-            <?php echo __('Secured connection to your bank by'); ?>
+            <?= $block->escapeHtml(__('Secured connection to your bank by')) ?>
         </span>
-        <img src="<?php echo $block->getViewFileUrl('Fintecture_Payment::images/fintecture.svg'); ?>" alt="Fintecture" style="height: 25px;">
+        <img src="<?= $block->escapeUrl(
+            $block->getViewFileUrl('Fintecture_Payment::images/fintecture.svg')
+        ) ?>"
+             alt="Fintecture"
+             style="height: 25px;">
     </div>
 </div>