Skip to content

Review followup: PR #830 — fix: remove dead valid_password validation and prevent default gateway pre-selection #833

Description

@superdav42

Unaddressed review bot suggestions

PR #830 was merged with unaddressed review bot feedback. Each comment
below includes its file path, line number, a direct link to the inline
review comment, and a diff fence with the code context the bot was
flagging. Resolved and outdated threads are filtered out via GitHub's
GraphQL review-thread state. Read the relevant lines, decide whether
the suggestion is correct, and either apply the fix or close this issue
with a wontfix rationale.

Source PR: #830


You are the triager (worker-is-triager rule)

This issue is auto-created from review bot output and dispatched
directly to you. Review bots can be wrong: hallucinated line refs, false
premises about codebase structure, template-driven sweeps without
measurements (see GH#17832-17835 for prior art and prompts/build.txt
section 6a). Do not assume the bot is correct. Verify before acting.

You must end in exactly one of three outcomes — no fourth "hand it back
to the human" path exists. Humans approve decisions; they do not re-do
analysis.

Outcome A — Premise falsified → close the issue

  1. Read the cited file:line (listed under Files to modify below).

  2. If the bot's claim is factually wrong (file doesn't exist at that
    line, function doesn't behave as described, "auto-generated" section
    isn't actually auto-generated, etc.), close the issue with a
    comment in this shape:

    Premise falsified. <what the bot claimed>. <what the code
    actually shows, with a file:line citation or one-line quote>.
    Not acting.

    No PR. No further dispatch. The closing comment trains the next
    session reading this thread and the noise filter.

Outcome B — Premise correct + fix is obvious → implement and PR

  1. Verify the bot's premise as above.
  2. Read the Worker Guidance section below, open a worktree, implement.
  3. Open a PR with Resolves #<this-issue-number> in the body
    (use THIS issue's number, not the source PR's) so merge auto-closes it.
  4. Follow the normal Lifecycle Gate (brief, tests, review-bot-gate,
    merge, postflight).

Outcome C — Premise correct but approach is a genuine judgment call

Only use this path if you reach it after Outcomes A and B don't apply:
the bot's finding is real, but the fix requires a decision that is
architectural, policy, breaking-change, or otherwise genuinely outside
what you can resolve autonomously. In that case, post a decision
comment
with exactly these fields:

  • Premise check: one line, confirming the finding is real.
  • Analysis: 2-4 bullets on the trade-offs.
  • Recommended path: the option you would take if the decision were
    yours, with rationale.
  • Specific question: the single decision the human needs to make
    (yes/no or pick-one, not open-ended).

Then apply needs-maintainer-review and stop. The human wakes up to a
ready-to-approve recommendation, not a blank task.

Ambiguity about scope or style is not Outcome C. Per
prompts/build.txt "Reasoning responsibility", the model does the
thinking and delivers a recommendation. Only escalate what is genuinely
a maintainer-only decision.

Worker Guidance

Files to modify:

  • inc/checkout/class-checkout.php:1971

Implementation steps (Outcome B path):

  1. Read the diff block under each inline comment below — it shows the
    exact code the bot was flagging. Open the file only if you need
    surrounding context beyond what the diff tail shows.
  2. Read the bot's full comment below the diff — it contains the rationale
    and any suggested change.
  3. Verify the premise before implementing (see Outcome A). If the premise
    is wrong, switch to Outcome A instead of burning iterations trying to
    satisfy a wrong suggestion.
  4. If multiple comments target the same file, group your edits into one
    logical commit.
  5. Run shellcheck / markdownlint-cli2 / project tests as appropriate.

Verification:

  • Open the new PR with Resolves #<this-issue> so this followup is auto-closed on merge.
  • If the bot's suggestion was incorrect, close this issue with a Outcome A comment — do not open a no-op PR.

Inline comments

coderabbitai on inc/checkout/class-checkout.php:1971

View inline comment

@@ -1962,8 +1962,13 @@ public function get_checkout_variables() {
 
 		/*
 		 * Get the default gateway.
+		 *
+		 * Only pre-select when there is exactly one active gateway so
+		 * the user is not surprised by branded buttons (e.g. PayPal)
+		 * before they have made a choice.
 		 */
-		$default_gateway = current(array_keys(wu_get_active_gateway_as_options()));
+		$active_gateways = array_keys(wu_get_active_gateway_as_options());
+		$default_gateway = count($active_gateways) === 1 ? current($active_gateways) : '';

⚠️ Potential issue | 🟠 Major

Preserve a saved gateway, and don't seed paid gateways on free carts.

This fallback only looks at the active-gateway count. That means a gateway already saved in the signup session is dropped on multi-step redirects when multiple gateways are active, and a free checkout with exactly one paid gateway still starts with that paid gateway selected. Both cases reintroduce the branded-button state this change is trying to avoid.

💡 Suggested fix
-		$active_gateways = array_keys(wu_get_active_gateway_as_options());
-		$default_gateway = count($active_gateways) === 1 ? current($active_gateways) : '';
+		$active_gateways = array_keys(wu_get_active_gateway_as_options());
+		$saved_gateway   = $this->request_or_session('gateway', '');
+		$default_gateway = '';
+
+		if ($this->should_collect_payment()) {
+			if ($saved_gateway && in_array($saved_gateway, $active_gateways, true)) {
+				$default_gateway = $saved_gateway;
+			} elseif (1 === count($active_gateways)) {
+				$default_gateway = current($active_gateways);
+			}
+		}
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

		$active_gateways = array_keys(wu_get_active_gateway_as_options());
		$saved_gateway   = $this->request_or_session('gateway', '');
		$default_gateway = '';

		if ($this->should_collect_payment()) {
			if ($saved_gateway && in_array($saved_gateway, $active_gateways, true)) {
				$default_gateway = $saved_gateway;
			} elseif (1 === count($active_gateways)) {
				$default_gateway = current($active_gateways);
			}
		}
🤖 Prompt for AI Agents

PR review summaries

(none)


aidevops.sh v3.8.22 with claude-sonnet-4-6 spent 1h 38m and 8 tokens on this as a headless worker.

Metadata

Metadata

Assignees

Labels

origin:workerAuto-created by pulse labelless backfill (t2112)review-followupUnaddressed review bot feedbacksource:review-scannerAuto-created by post-merge-review-scanner.shstatus:queuedWorker dispatched, not yet startedtier:reasoningRoute to opus-tier model for dispatch

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions