Completely rewritten to work with latest version of GravityForms plugin.
Conditional Logic Issues resolved.
1.1.1
Have resolved the issue related to “Uncaught SecurityError” during redirecting to Opayo.
1.1.2
Minor code changes
1.1.3
Updated the tested upto for WordPress.
1.1.4
Updated to support the PHP version 7.0 and above.
1.1.5
Updated to resolve issue with Apply3DSecure flag.
1.1.6
Edited to send 2 character ISO 3166 country code.
1.1.7
Edited to check if the entry is already paid or processing. And resolve 5080 issue due to state being empty.
1.1.8
Edited to support the latest version of the Opayo protocol (v4.00).
1.1.9
Updated to change branding from Sagepaay to Opayo.
1.2.0
Hardened IPN/callback handling (validate crypt, decode before logging, safer VendorTxCode parsing, correct error when entry is missing).
Fixed duplicate-payment guard when redirecting to Opayo (avoid blocking legitimate submissions).
Restored Apply 3D Secure global setting and send Apply3DSecure in the Crypt payload.
Fixed mislabeled transaction type setting; use version_compare for OpenSSL vs mcrypt.
Added filter gform_sagepay_form_gateway_register_url to override test/live registration URLs if Opayo changes endpoints.
Synced plugin version constant with readme; trimmed noisy debug logging on redirect.
Default Form registration URLs now use Elavon Opayo hosts (sandbox.opayo.eu.elavon.com / live.opayo.eu.elavon.com) instead of legacy test.sagepay.com / live.sagepay.com. Same path: /gateway/service/vspform-register.vsp. Use filter gform_sagepay_form_gateway_register_url to point at legacy or alternate URLs if required.
Fixed Opayo Form Crypt encryption for PHP OpenSSL: removed double padding (manual PKCS5 plus OpenSSL PKCS7), which commonly caused error 5080 “Form transaction registration failed”. Encryption now matches Opayo’s documented approach (16-byte key/IV from password, uppercase hex).
Amount sent as formatted decimal (e.g. 10.00). Sanitize Crypt field values (control characters). Safer VendorData mapping; optional ReferrerID via filter gform_sagepay_form_referrer_id.
Resolve Opayo Vendor from add-on settings, legacy gf_sagepay_form_configured option, or wrongly nested upgrade data; filter gform_sagepay_form_vendor_name.
Block checkout if vendor name is still missing (clear error instead of posting blank Vendor to Opayo).
On the bridge page, reinject Vendor from saved settings when the query string omits it; restore hidden fields and auto-submit (removed debug text inputs / disabled submit).
Upgrade copy_settings now merges legacy settings flat instead of nesting them under gf_sagepay_form_configured.
Default payment handoff uses a short URL + server-side transient, then POSTs to Opayo (avoids huge Crypt in the query string, which is often truncated by servers/proxies and causes 5080).
Strip & and = from values inside the encrypted Crypt payload (they break Opayo’s name=value parsing).
Fixed Send E-Mail (“No One” = 0) and Apply 3D Secure (“No” = 0) not being applied when saving settings: Gravity Forms rgar() / PHP treat string “0” as empty, so the add-on fell back to defaults (SendEMail = 2 vendor-only, 3DS = Yes). Settings are now read with a helper that uses array_key_exists() so 0 is preserved in the Opayo Crypt payload.
Readme: expanded Description and Installation; aligned Requires at least with the plugin header; Tested up to WordPress 6.9.4.
1.2.2
Feed settings: optional Cancel / failure return URL and Success return URL; when empty, behavior matches previous versions (entry source URL / home for cancel). Filters gform_sagepay_form_cancel_return_url and gform_sagepay_form_success_return_url accept an optional fourth argument ($feed).
