=== Opayo Form Payment Gateway for Gravity Forms ===
Contributors: patsatech
Tags: ecommerce, payment gateway, gravity forms,Opayo server,Opayo go
Requires at least: 4.5
Tested up to: 6.9.4
Stable tag: 1.2.2
License: GPLv2 or later

Accept card payments in Gravity Forms using Opayo Form (hosted checkout by Elavon)—customers pay on Opayo’s pages, not on your server.

== Description ==

This add-on connects **Gravity Forms** to **Opayo Form** (formerly Sage Pay Form), Elavon’s hosted payment integration. Shoppers are sent to Opayo to enter card details; card data never touches your WordPress site, which keeps your PCI scope lower than with on-page card fields.

**You need**

* WordPress 4.5 or higher and a supported PHP version (7.0+ recommended).
* **Gravity Forms** with a license that includes payment add-ons (this plugin extends the Gravity Forms payment framework).
* An **Opayo** account with **Form** integration enabled, plus your vendor name and Form encryption password from **MyOpayo**.

**What it supports**

* Product and donation feeds, billing field mapping, and delayed notifications or post creation until payment completes (where you configure it in the feed).
* Opayo **VPS Protocol 4.00**, test and live modes, and current Elavon gateway hosts (`sandbox.opayo.eu.elavon.com` / `live.opayo.eu.elavon.com`), with a filter to override URLs if your integration pack specifies different endpoints.
* Reliable handoff to Opayo using a short on-site URL plus a transient (avoids oversized query strings that can cause registration errors).
* After payment, customers can be returned to the form’s page so Gravity Forms can run the normal **confirmation** (message or redirect), using the entry’s source URL when available.

**Support and feedback**

Questions or ideas: [contact PatSaTECH](https://www.patsatech.com/contact-us).

== Installation ==

1. **Install Gravity Forms** (if it is not already installed) and ensure your license supports payment add-ons.

2. **Install this plugin**
   * In WordPress: **Plugins → Add New → Upload Plugin**, choose the ZIP, then **Install Now**, **Activate**; or
   * Upload the plugin folder to `wp-content/plugins/` via FTP/SFTP, then activate under **Plugins**.

3. **Configure Opayo (global)**  
   Go to **Forms → Settings → Opayo Form** (or the Opayo Form item under Gravity Forms settings). Enter **Vendor name**, **Encryption password**, **Vendor email**, choose **Test** or **Live**, set **Transaction type** (e.g. PAYMENT), and save. Use the credentials from **MyOpayo** for the same environment (test vs live).

4. **Add a payment feed to a form**  
   Open your form → **Settings → Opayo Form** → add a feed. Map billing fields, choose products or donations, and adjust notifications/posts options as needed. There is no separate “Cancel URL” or “Success URL” field: cancel uses the entry **source URL** (the page where the form was submitted), and success returns through Gravity Forms’ normal confirmation flow.

5. **Test**  
   Use Opayo **test/sandbox** mode and a test card until you are satisfied, then switch to **Live** and verify with a small real transaction.

For gateway-specific rules, limits, and 3D Secure behaviour, refer to **Opayo / Elavon** documentation and your MyOpayo account.

== Changelog ==

= 1.0.0 =
* Initial Release

= 1.1.0 =
* Completely rewritten to work with latest version of GravityForms plugin.
* Conditional Logic Issues resolved.

= 1.1.1 =
* Have resolved the issue related to "Uncaught SecurityError" during redirecting to Opayo.

= 1.1.2 =
* Minor code changes

= 1.1.3 =
* Updated the tested upto for Wordpress.

= 1.1.4 =
* Updated to support the PHP version 7.0 and above.

= 1.1.5 =
* Updated to resolve issue with Apply3DSecure flag.

= 1.1.6 =
* Edited to send 2 character ISO 3166 country code.

= 1.1.7 =
* Edited to check if the entry is already paid or processing. And resolve 5080 issue due to state being empty.

= 1.1.8 =
* Edited to support the latest version of the Opayo protocol (v4.00).

= 1.1.9 =
* Updated to change branding from Sagepaay to Opayo.

= 1.2.0 =
* Hardened IPN/callback handling (validate crypt, decode before logging, safer VendorTxCode parsing, correct error when entry is missing).
* Fixed duplicate-payment guard when redirecting to Opayo (avoid blocking legitimate submissions).
* Restored Apply 3D Secure global setting and send Apply3DSecure in the Crypt payload.
* Fixed mislabeled transaction type setting; use version_compare for OpenSSL vs mcrypt.
* Added filter gform_sagepay_form_gateway_register_url to override test/live registration URLs if Opayo changes endpoints.
* Synced plugin version constant with readme; trimmed noisy debug logging on redirect.
* Default Form registration URLs now use Elavon Opayo hosts (sandbox.opayo.eu.elavon.com / live.opayo.eu.elavon.com) instead of legacy test.sagepay.com / live.sagepay.com. Same path: /gateway/service/vspform-register.vsp. Use filter gform_sagepay_form_gateway_register_url to point at legacy or alternate URLs if required.
* Fixed Opayo Form Crypt encryption for PHP OpenSSL: removed double padding (manual PKCS5 plus OpenSSL PKCS7), which commonly caused error 5080 “Form transaction registration failed”. Encryption now matches Opayo’s documented approach (16-byte key/IV from password, uppercase hex).
* Amount sent as formatted decimal (e.g. 10.00). Sanitize Crypt field values (control characters). Safer VendorData mapping; optional ReferrerID via filter gform_sagepay_form_referrer_id.
* Resolve Opayo Vendor from add-on settings, legacy gf_sagepay_form_configured option, or wrongly nested upgrade data; filter gform_sagepay_form_vendor_name.
* Block checkout if vendor name is still missing (clear error instead of posting blank Vendor to Opayo).
* On the bridge page, reinject Vendor from saved settings when the query string omits it; restore hidden fields and auto-submit (removed debug text inputs / disabled submit).
* Upgrade copy_settings now merges legacy settings flat instead of nesting them under gf_sagepay_form_configured.
* Default payment handoff uses a short URL + server-side transient, then POSTs to Opayo (avoids huge Crypt in the query string, which is often truncated by servers/proxies and causes 5080).
* Strip & and = from values inside the encrypted Crypt payload (they break Opayo’s name=value parsing).
* Filters: gform_sagepay_form_use_transient_bridge (default true), gform_sagepay_form_bridge_params.

= 1.2.1 =
* Fixed **Send E-Mail** (“No One” = `0`) and **Apply 3D Secure** (“No” = `0`) not being applied when saving settings: Gravity Forms `rgar()` / PHP treat string `"0"` as empty, so the add-on fell back to defaults (`SendEMail` = 2 vendor-only, 3DS = Yes). Settings are now read with a helper that uses `array_key_exists()` so `0` is preserved in the Opayo Crypt payload.
* Readme: expanded Description and Installation; aligned **Requires at least** with the plugin header; **Tested up to** WordPress 6.9.4.

= 1.2.2 =
* Feed settings: optional **Cancel / failure return URL** and **Success return URL**; when empty, behavior matches previous versions (entry source URL / home for cancel). Filters `gform_sagepay_form_cancel_return_url` and `gform_sagepay_form_success_return_url` accept an optional fourth argument (`$feed`).
