Skip to main content

4.0.8 Release Notes

Version 4.0.8 is a patch release with five bug fixes.


Download 4.0.8

Bug Fixes

Added Validation for Missing Webhook Secret

The webhook endpoint now validates that a webhook secret is configured for the current mode (webhook_secret_test / webhook_secret_live) before proceeding with signature verification. If a site hasn't saved a webhook secret for that mode, the request is rejected rather than continuing with signature verification.

Refund Webhook Could Cause a Fatal Error When the Refunds API Request Failed

wc_stripe_process_create_refund() could fatal when Stripe's refunds->all() request failed rather than returning refund data — for example, when a charge.refunded event was received for a charge belonging to a different Stripe account than the one configured on the site, which can happen on stores with more than one Stripe webhook set up. The failed request was assumed to always return an array of refunds, so the code attempted to sort a value that didn't exist:

Uncaught TypeError: usort(): Argument #1 ($array) must be of type array, null given

Because this occurred inside the webhook handler, the request returned a 500 response and Stripe retried the same event repeatedly. Failed refund lookups are now detected and logged with the underlying Stripe error message, and the function returns early instead of fataling when no refund data is available.

Saved ACH Payment Method Icon Not Displaying Correctly

The icon shown for a saved ACH payment method was generated from the bank name returned by Stripe (for example, "JP Morgan Chase" or "Wells Fargo Bank"), which doesn't correspond to an actual icon file, so no icon displayed. Saved ACH payment methods for recognized banks now show that bank's icon, and a generic bank icon is shown when the bank isn't recognized.

Save Payment Method Checkbox Ignored in the Admin "Pay for Order" Modal

When an admin manually processed a phone or mail order using the "Pay for Order" modal and checked "Save payment information for future purchases," the payment method was not actually saved. The checkbox was submitted under a field name the credit card gateway doesn't check for, so the save request was silently ignored regardless of whether the box was checked. The checkbox now uses the correct field name, so saving a payment method from this modal works as expected.

Order Description Sent to Stripe Showed HTML Entities Instead of the Site Name

If a site's title contained an apostrophe, ampersand, or quotation mark (for example, "Joe's Shop"), the order description sent to Stripe displayed the HTML-encoded version of that character instead of the character itself (for example, "Order 1234 from Joe's Shop"). WordPress stores the site title with these characters HTML-encoded, and that encoded value was being used as-is to build the description, even though Stripe's description field expects plain text rather than HTML.

The site title is now decoded before being used to build the order description, so it displays correctly in the Stripe Dashboard.