Merge pull request #68 from eileenmcnaughton/4.5-dev

Don't preventDefault on form unless stripe comes into play.
Include stripe-php extension.

README.md

@@ -35,9 +35,7 @@ For Wordpress:  https://example.com/?page=CiviCRM&q=civicrm/stripe/webhook
 INSTALLATION
 ------------
 For CiviCRM 4.5:  
-1)  Install extension.  
-2)  Copy Stripe's PHP library folder 'stripe-php' to civicrm/packages/stripe-php  
-You can get Stripe's PHP library here: https://github.com/stripe/stripe-php  
+1)  Install extension.
 
 AUTHOR INFO
 -----------

js/civicrm_stripe.js

@@ -50,9 +50,6 @@
 
     // Intercept form submission.
     $form.submit(function (event) {
-      event.preventDefault();
-      event.stopPropagation();
-
       // Disable the submit button to prevent repeated clicks, cache button text, restore if Stripe returns error
       buttonText = $submit.attr('value');
       $submit.prop('disabled', true).attr('value', 'Processing');
@@ -72,6 +69,8 @@
       if ($form.find('input[name="payment_processor"]:checked').length && !parseInt($form.find('input[name="payment_processor"]:checked').val())) {
         return true;
       }
+      event.preventDefault();
+      event.stopPropagation();
 
       // Handle changes introduced in CiviCRM 4.3.
       if ($form.find('#credit_card_exp_date_M').length > 0) {

packages/stripe-php/.gitignore

+# Mac OS X dumps these all over the place.
+.DS_Store
+
+# Ignore the SimpleTest library if it is installed to /test/.
+/test/simpletest/
+
+# Ignore the /vendor/ directory for people using composer
+/vendor/
+
+# If the vendor directory isn't being commited the composer.lock file should also be ignored
+composer.lock

packages/stripe-php/.travis.yml

+language: php
+
+php:
+  - 5.2
+  - 5.3
+  - 5.4
+  - 5.5
+  - 5.6
+  - hhvm
+
+before_script:
+  - sh -c "if [ '$TRAVIS_PHP_VERSION' = '5.2' ]; then wget http://iweb.dl.sourceforge.net/project/simpletest/simpletest/simpletest_1.1/simpletest_1.1.0.tar.gz; tar xf simpletest_1.1.0.tar.gz -C test; else composer install --dev --prefer-source; fi"
+  - sh -c "if [ '$TRAVIS_PHP_VERSION' = '5.6' ]; then pear install pear/PHP_CodeSniffer; phpenv rehash; fi"
+
+script:
+  - sh -c "if [ '$TRAVIS_PHP_VERSION' = '5.6' ]; then phpcs --standard=zend --encoding=UTF-8 --ignore=vendor -p ./; fi"
+  - php test/Stripe.php

packages/stripe-php/CHANGELOG

+=== 1.17.3 2014-11-06
+
+* Better handling of HHVM support for SSL certificate blacklist checking.
+
+=== 1.17.2 2014-09-23
+
+* Coupons now are backed by a `Stripe_Coupon` instead of `Stripe_Object`, and support updating metadata
+* Running operations (`create`, `retrieve`, `all`) on upcoming invoice items now works
+
+=== 1.17.1 2014-07-31
+
+* Requests now send Content-Type header
+
+=== 1.17.0 2014-07-29
+
+* Application Fee refunds now a list instead of array
+* HHVM now works
+* Small bug fixes (thanks @bencromwell & @fastest963)
+* __toString now returns the name of the object in addition to its JSON representation
+
+=== 1.16.0 2014-06-17
+
+* Add metadata for refunds and disputes
+
+=== 1.15.0 2014-05-28
+
+* Support canceling transfers
+
+=== 1.14.1 2014-05-21
+
+* Support cards for recipients.
+
+=== 1.13.1 2014-05-15
+
+* Fix bug in account resource where `id` wasn't in the result
+
+=== 1.13.0 2014-04-10
+
+* Add support for certificate blacklisting
+* Update ca bundle
+* Drop support for HHVM (Temporarily)
+
+=== 1.12.0 2014-04-01
+
+* Add Stripe_RateLimitError for catching rate limit errors.
+* Update to Zend coding style (thanks,  @jpiasetz)
+
+=== 1.11.0 2014-01-29
+
+* Add support for multiple subscriptions per customer
+
+=== 1.10.1 2013-12-02
+
+* Add new ApplicationFee
+
+=== 1.9.1 2013-11-08
+
+* Fix a bug where a null nestable object causes warnings to fire.
+
+=== 1.9.0 2013-10-16
+
+* Add support for metadata API.
+
+=== 1.8.4 2013-09-18
+
+* Add support for closing disputes.
+
+=== 1.8.3 2013-08-13
+
+* Add new Balance and BalanceTransaction
+
+=== 1.8.2 2013-08-12
+
+* Add support for unsetting attributes by updating to NULL.
+  Setting properties to a blank string is now an error.
+
+=== 1.8.1 2013-07-12
+
+* Add support for multiple cards API (Stripe API version 2013-07-12: https://stripe.com/docs/upgrades#2013-07-05)
+
+=== 1.8.0 2013-04-11
+
+* Allow Transfers to be creatable
+* Add new Recipient resource
+
+=== 1.7.15 2013-02-21
+
+* Add 'id' to the list of permanent object attributes
+
+=== 1.7.14 2013-02-20
+
+* Don't re-encode strings that are already encoded in UTF-8. If you
+  were previously using plan or coupon objects with UTF-8 IDs, they
+  may have been treated as ISO-8859-1 (Latin-1) and encoded to UTF-8 a
+  2nd time. You may now need to pass the IDs to utf8_encode before
+  passing them to Stripe_Plan::retrieve or Stripe_Coupon::retrieve.
+* Ensure that all input is encoded in UTF-8 before submitting it to
+  Stripe's servers. (github issue #27)
+
+=== 1.7.13 2013-02-01
+
+* Add support for passing options when retrieving Stripe objects
+  e.g., Stripe_Charge::retrieve(array("id"=>"foo", "expand" => array("customer")))
+  Stripe_Charge::retrieve("foo") will continue to work
+
+=== 1.7.12 2013-01-15
+
+* Add support for setting a Stripe API version override
+
+=== 1.7.11 2012-12-30
+
+* Version bump to cleanup constants and such (github issue #26)
+
+=== 1.7.10 2012-11-08
+
+* Add support for updating charge disputes.
+* Fix bug preventing retrieval of null attributes
+
+=== 1.7.9 2012-11-08
+
+* Fix usage under autoloaders such as the one generated by composer
+  (github issue #22)
+
+=== 1.7.8 2012-10-30
+* Add support for creating invoices.
+* Add support for new invoice lines return format
+* Add support for new list objects
+
+=== 1.7.7 2012-09-14
+
+* Get all of the various version numbers in the repo in sync (no other
+  changes)
+
+=== 1.7.6 2012-08-31
+
+* Add update and pay methods to Invoice resource
+
+=== 1.7.5 2012-08-23
+
+* Change internal function names so that Stripe_SingletonApiRequest is
+  E_STRICT-clean (github issue #16)
+
+=== 1.7.4 2012-08-21
+
+* Bugfix so that Stripe objects (e.g. Customer, Charge objects) used
+  in API calls are transparently converted to their object IDs
+
+=== 1.7.3 2012-08-15
+
+* Add new Account resource
+
+=== 1.7.2 2012-06-26
+
+* Make clearer that you should be including lib/Stripe.php, not
+  test/Stripe.php (github issue #14)
+
+=== 1.7.1 2012-05-24
+
+* Add missing argument to Stripe_InvalidRequestError constructor in
+  Stripe_ApiResource::instanceUrl. Fixes a warning when
+  Stripe_ApiResource::instanceUrl is called on a resource with no ID
+  (github issue #12)
+
+=== 1.7.0 2012-05-17
+
+* Support Composer and Packagist (github issue #9)
+
+* Add new deleteDiscount method to Stripe_Customer
+
+* Add new Transfer resource
+
+* Switch from using HTTP Basic auth to Bearer auth. (Note: Stripe will
+  support Basic auth for the indefinite future, but recommends Bearer
+  auth when possible going forward)
+
+* Numerous test suite improvements

packages/stripe-php/LICENSE

+The MIT License
+
+Copyright (c) 2010-2014 Stripe
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

packages/stripe-php/README.rdoc

+= Stripe PHP bindings
+{<img src="https://travis-ci.org/stripe/stripe-php.svg?branch=master" alt="Build Status" />}[https://travis-ci.org/stripe/stripe-php]
+{<img src="https://poser.pugx.org/stripe/stripe-php/v/stable.svg" alt="Latest Stable Version" />}[https://packagist.org/packages/stripe/stripe-php]
+{<img src="https://poser.pugx.org/stripe/stripe-php/downloads.svg" alt="Total Downloads" />}[https://packagist.org/packages/stripe/stripe-php]
+{<img src="https://poser.pugx.org/stripe/stripe-php/license.svg" alt="License" />}[https://packagist.org/packages/stripe/stripe-php]
+
+You can sign up for a Stripe account at https://stripe.com.
+
+== Requirements
+
+PHP 5.2 and later.
+
+== Composer
+
+You can install the bindings via Composer[http://getcomposer.org/]. Add this to your +composer.json+:
+
+    {
+      "require": {
+        "stripe/stripe-php": "1.*"
+      }
+    }
+    
+Then install via:
+
+    composer.phar install
+
+To use the bindings, either user Composer's autoload[https://getcomposer.org/doc/00-intro.md#autoloading]:
+
+    require_once('vendor/autoload.php');
+    
+Or manually:
+
+    require_once('/path/to/vendor/stripe/stripe-php/lib/Stripe.php');
+
+== Manual Installation
+
+Obtain the latest version of the Stripe PHP bindings with:
+
+    git clone https://github.com/stripe/stripe-php
+
+To use the bindings, add the following to your PHP script:
+
+    require_once("/path/to/stripe-php/lib/Stripe.php");
+
+== Getting Started
+
+Simple usage looks like:
+
+    Stripe::setApiKey('d8e8fca2dc0f896fd7cb4cb0031ba249');
+    $myCard = array('number' => '4242424242424242', 'exp_month' => 5, 'exp_year' => 2015);
+    $charge = Stripe_Charge::create(array('card' => $myCard, 'amount' => 2000, 'currency' => 'usd'));
+    echo $charge;
+
+== Documentation
+
+Please see https://stripe.com/docs/api for up-to-date documentation.
+
+== Tests
+
+In order to run tests you have to install SimpleTest[http://packagist.org/packages/simpletest/simpletest] via Composer[http://getcomposer.org/] (recommended way):
+
+    composer.phar update --dev
+
+Run test suite:
+
+    php ./test/Stripe.php
+

packages/stripe-php/VERSION

+1.17.3

packages/stripe-php/composer.json

+{
+  "name": "stripe/stripe-php",
+  "description": "Stripe PHP Library",
+  "keywords": [
+    "stripe",
+    "payment processing",
+    "api"
+  ],
+  "homepage": "https://stripe.com/",
+  "license": "MIT",
+  "authors": [
+    {
+      "name": "Stripe and contributors",
+      "homepage": "https://github.com/stripe/stripe-php/contributors"
+    }
+  ],
+  "require": {
+    "php": ">=5.2",
+    "ext-curl": "*",
+    "ext-json": "*",
+    "ext-mbstring": "*"
+  },
+  "require-dev": {
+    "simpletest/simpletest": "*"
+  },
+  "autoload": {
+    "classmap": ["lib/Stripe/"]
+  }
+}

packages/stripe-php/lib/Stripe.php

+<?php
+
+// Tested on PHP 5.2, 5.3
+
+// This snippet (and some of the curl code) due to the Facebook SDK.
+if (!function_exists('curl_init')) {
+  throw new Exception('Stripe needs the CURL PHP extension.');
+}
+if (!function_exists('json_decode')) {
+  throw new Exception('Stripe needs the JSON PHP extension.');
+}
+if (!function_exists('mb_detect_encoding')) {
+  throw new Exception('Stripe needs the Multibyte String PHP extension.');
+}
+
+// Stripe singleton
+require(dirname(__FILE__) . '/Stripe/Stripe.php');
+
+// Utilities
+require(dirname(__FILE__) . '/Stripe/Util.php');
+require(dirname(__FILE__) . '/Stripe/Util/Set.php');
+
+// Errors
+require(dirname(__FILE__) . '/Stripe/Error.php');
+require(dirname(__FILE__) . '/Stripe/ApiError.php');
+require(dirname(__FILE__) . '/Stripe/ApiConnectionError.php');
+require(dirname(__FILE__) . '/Stripe/AuthenticationError.php');
+require(dirname(__FILE__) . '/Stripe/CardError.php');
+require(dirname(__FILE__) . '/Stripe/InvalidRequestError.php');
+require(dirname(__FILE__) . '/Stripe/RateLimitError.php');
+
+// Plumbing
+require(dirname(__FILE__) . '/Stripe/Object.php');
+require(dirname(__FILE__) . '/Stripe/ApiRequestor.php');
+require(dirname(__FILE__) . '/Stripe/ApiResource.php');
+require(dirname(__FILE__) . '/Stripe/SingletonApiResource.php');
+require(dirname(__FILE__) . '/Stripe/AttachedObject.php');
+require(dirname(__FILE__) . '/Stripe/List.php');
+
+// Stripe API Resources
+require(dirname(__FILE__) . '/Stripe/Account.php');
+require(dirname(__FILE__) . '/Stripe/Card.php');
+require(dirname(__FILE__) . '/Stripe/Balance.php');
+require(dirname(__FILE__) . '/Stripe/BalanceTransaction.php');
+require(dirname(__FILE__) . '/Stripe/Charge.php');
+require(dirname(__FILE__) . '/Stripe/Customer.php');
+require(dirname(__FILE__) . '/Stripe/Invoice.php');
+require(dirname(__FILE__) . '/Stripe/InvoiceItem.php');
+require(dirname(__FILE__) . '/Stripe/Plan.php');
+require(dirname(__FILE__) . '/Stripe/Subscription.php');
+require(dirname(__FILE__) . '/Stripe/Token.php');
+require(dirname(__FILE__) . '/Stripe/Coupon.php');
+require(dirname(__FILE__) . '/Stripe/Event.php');
+require(dirname(__FILE__) . '/Stripe/Transfer.php');
+require(dirname(__FILE__) . '/Stripe/Recipient.php');
+require(dirname(__FILE__) . '/Stripe/Refund.php');
+require(dirname(__FILE__) . '/Stripe/ApplicationFee.php');
+require(dirname(__FILE__) . '/Stripe/ApplicationFeeRefund.php');

packages/stripe-php/lib/Stripe/Account.php

+<?php
+
+class Stripe_Account extends Stripe_SingletonApiResource
+{
+  /**
+    * @param string|null $apiKey
+    *
+    * @return Stripe_Account
+    */
+  public static function retrieve($apiKey=null)
+  {
+    $class = get_class();
+    return self::_scopedSingletonRetrieve($class, $apiKey);
+  }
+}

packages/stripe-php/lib/Stripe/ApiConnectionError.php

+<?php
+
+class Stripe_ApiConnectionError extends Stripe_Error
+{
+}

packages/stripe-php/lib/Stripe/ApiError.php

+<?php
+
+class Stripe_ApiError extends Stripe_Error
+{
+}

packages/stripe-php/lib/Stripe/ApiRequestor.php

+<?php
+
+class Stripe_ApiRequestor
+{
+  /**
+   * @var string $apiKey The API key that's to be used to make requests.
+   */
+  public $apiKey;
+
+  private static $_preFlight;
+
+  private static function blacklistedCerts()
+  {
+    return array(
+      '05c0b3643694470a888c6e7feb5c9e24e823dc53',
+      '5b7dc7fbc98d78bf76d4d4fa6f597a0c901fad5c',
+    );
+  }
+
+  public function __construct($apiKey=null)
+  {
+    $this->_apiKey = $apiKey;
+  }
+
+  /**
+   * @param string $url The path to the API endpoint.
+   *
+   * @returns string The full path.
+   */
+  public static function apiUrl($url='')
+  {
+    $apiBase = Stripe::$apiBase;
+    return "$apiBase$url";
+  }
+
+  /**
+   * @param string|mixed $value A string to UTF8-encode.
+   *
+   * @returns string|mixed The UTF8-encoded string, or the object passed in if
+   *    it wasn't a string.
+   */
+  public static function utf8($value)
+  {
+    if (is_string($value)
+        && mb_detect_encoding($value, "UTF-8", TRUE) != "UTF-8") {
+      return utf8_encode($value);
+    } else {
+      return $value;
+    }
+  }
+
+  private static function _encodeObjects($d)
+  {
+    if ($d instanceof Stripe_ApiResource) {
+      return self::utf8($d->id);
+    } else if ($d === true) {
+      return 'true';
+    } else if ($d === false) {
+      return 'false';
+    } else if (is_array($d)) {
+      $res = array();
+      foreach ($d as $k => $v)
+              $res[$k] = self::_encodeObjects($v);
+      return $res;
+    } else {
+      return self::utf8($d);
+    }
+  }
+
+  /**
+   * @param array $arr An map of param keys to values.
+   * @param string|null $prefix (It doesn't look like we ever use $prefix...)
+   *
+   * @returns string A querystring, essentially.
+   */
+  public static function encode($arr, $prefix=null)
+  {
+    if (!is_array($arr))
+      return $arr;
+
+    $r = array();
+    foreach ($arr as $k => $v) {
+      if (is_null($v))
+        continue;
+
+      if ($prefix && $k && !is_int($k))
+        $k = $prefix."[".$k."]";
+      else if ($prefix)
+        $k = $prefix."[]";
+
+      if (is_array($v)) {
+        $r[] = self::encode($v, $k, true);
+      } else {
+        $r[] = urlencode($k)."=".urlencode($v);
+      }
+    }
+
+    return implode("&", $r);
+  }
+
+  /**
+   * @param string $method
+   * @param string $url
+   * @param array|null $params
+   *
+   * @return array An array whose first element is the response and second
+   *    element is the API key used to make the request.
+   */
+  public function request($method, $url, $params=null)
+  {
+    if (!$params)
+      $params = array();
+    list($rbody, $rcode, $myApiKey) =
+      $this->_requestRaw($method, $url, $params);
+    $resp = $this->_interpretResponse($rbody, $rcode);
+    return array($resp, $myApiKey);
+  }
+
+
+  /**
+   * @param string $rbody A JSON string.
+   * @param int $rcode
+   * @param array $resp
+   *
+   * @throws Stripe_InvalidRequestError if the error is caused by the user.
+   * @throws Stripe_AuthenticationError if the error is caused by a lack of
+   *    permissions.
+   * @throws Stripe_CardError if the error is the error code is 402 (payment
+   *    required)
+   * @throws Stripe_ApiError otherwise.
+   */
+  public function handleApiError($rbody, $rcode, $resp)
+  {
+    if (!is_array($resp) || !isset($resp['error'])) {
+      $msg = "Invalid response object from API: $rbody "
+           ."(HTTP response code was $rcode)";
+      throw new Stripe_ApiError($msg, $rcode, $rbody, $resp);
+    }
+
+    $error = $resp['error'];
+    $msg = isset($error['message']) ? $error['message'] : null;
+    $param = isset($error['param']) ? $error['param'] : null;
+    $code = isset($error['code']) ? $error['code'] : null;
+
+    switch ($rcode) {
+    case 400:
+        if ($code == 'rate_limit') {
+          throw new Stripe_RateLimitError(
+              $msg, $param, $rcode, $rbody, $resp
+          );
+        }
+    case 404:
+        throw new Stripe_InvalidRequestError(
+            $msg, $param, $rcode, $rbody, $resp
+        );
+    case 401:
+        throw new Stripe_AuthenticationError($msg, $rcode, $rbody, $resp);
+    case 402:
+        throw new Stripe_CardError($msg, $param, $code, $rcode, $rbody, $resp);
+    default:
+        throw new Stripe_ApiError($msg, $rcode, $rbody, $resp);
+    }
+  }
+
+  private function _requestRaw($method, $url, $params)
+  {
+    $myApiKey = $this->_apiKey;
+    if (!$myApiKey)
+      $myApiKey = Stripe::$apiKey;
+
+    if (!$myApiKey) {
+      $msg = 'No API key provided.  (HINT: set your API key using '
+           . '"Stripe::setApiKey(<API-KEY>)".  You can generate API keys from '
+           . 'the Stripe web interface.  See https://stripe.com/api for '
+           . 'details, or email support@stripe.com if you have any questions.';
+      throw new Stripe_AuthenticationError($msg);
+    }
+
+    $absUrl = $this->apiUrl($url);
+    $params = self::_encodeObjects($params);
+    $langVersion = phpversion();
+    $uname = php_uname();
+    $ua = array(
+        'bindings_version' => Stripe::VERSION,
+        'lang' => 'php',
+        'lang_version' => $langVersion,
+        'publisher' => 'stripe',
+        'uname' => $uname,
+    );
+    $headers = array(
+        'X-Stripe-Client-User-Agent: ' . json_encode($ua),
+        'User-Agent: Stripe/v1 PhpBindings/' . Stripe::VERSION,
+        'Authorization: Bearer ' . $myApiKey,
+        'Content-Type: application/x-www-form-urlencoded',
+    );
+    if (Stripe::$apiVersion) {
+      $headers[] = 'Stripe-Version: ' . Stripe::$apiVersion;
+    }
+    list($rbody, $rcode) = $this->_curlRequest(
+        $method,
+        $absUrl,
+        $headers,
+        $params
+    );
+    return array($rbody, $rcode, $myApiKey);
+  }
+
+  private function _interpretResponse($rbody, $rcode)
+  {
+    try {
+      $resp = json_decode($rbody, true);
+    } catch (Exception $e) {
+      $msg = "Invalid response body from API: $rbody "
+           . "(HTTP response code was $rcode)";
+      throw new Stripe_ApiError($msg, $rcode, $rbody);
+    }
+
+    if ($rcode < 200 || $rcode >= 300) {
+      $this->handleApiError($rbody, $rcode, $resp);
+    }
+    return $resp;
+  }
+
+  private function _curlRequest($method, $absUrl, $headers, $params)
+  {
+
+    if (!self::$_preFlight) {
+      self::$_preFlight = $this->checkSslCert($this->apiUrl());
+    }
+
+    $curl = curl_init();
+    $method = strtolower($method);
+    $opts = array();
+    if ($method == 'get') {
+      $opts[CURLOPT_HTTPGET] = 1;
+      if (count($params) > 0) {
+        $encoded = self::encode($params);
+        $absUrl = "$absUrl?$encoded";
+      }
+    } else if ($method == 'post') {
+      $opts[CURLOPT_POST] = 1;
+      $opts[CURLOPT_POSTFIELDS] = self::encode($params);
+    } else if ($method == 'delete') {
+      $opts[CURLOPT_CUSTOMREQUEST] = 'DELETE';
+      if (count($params) > 0) {
+        $encoded = self::encode($params);
+        $absUrl = "$absUrl?$encoded";
+      }
+    } else {
+      throw new Stripe_ApiError("Unrecognized method $method");
+    }
+
+    $absUrl = self::utf8($absUrl);
+    $opts[CURLOPT_URL] = $absUrl;
+    $opts[CURLOPT_RETURNTRANSFER] = true;
+    $opts[CURLOPT_CONNECTTIMEOUT] = 30;
+    $opts[CURLOPT_TIMEOUT] = 80;
+    $opts[CURLOPT_RETURNTRANSFER] = true;
+    $opts[CURLOPT_HTTPHEADER] = $headers;
+    if (!Stripe::$verifySslCerts)
+      $opts[CURLOPT_SSL_VERIFYPEER] = false;
+
+    curl_setopt_array($curl, $opts);
+    $rbody = curl_exec($curl);
+
+    if (!defined('CURLE_SSL_CACERT_BADFILE')) {
+      define('CURLE_SSL_CACERT_BADFILE', 77);  // constant not defined in PHP
+    }
+
+    $errno = curl_errno($curl);
+    if ($errno == CURLE_SSL_CACERT ||
+        $errno == CURLE_SSL_PEER_CERTIFICATE ||
+        $errno == CURLE_SSL_CACERT_BADFILE) {
+      array_push(
+          $headers,
+          'X-Stripe-Client-Info: {"ca":"using Stripe-supplied CA bundle"}'
+      );
+      $cert = $this->caBundle();
+      curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
+      curl_setopt($curl, CURLOPT_CAINFO, $cert);
+      $rbody = curl_exec($curl);
+    }
+
+    if ($rbody === false) {
+      $errno = curl_errno($curl);
+      $message = curl_error($curl);
+      curl_close($curl);
+      $this->handleCurlError($errno, $message);
+    }
+
+    $rcode = curl_getinfo($curl, CURLINFO_HTTP_CODE);
+    curl_close($curl);
+    return array($rbody, $rcode);
+  }
+
+  /**
+   * @param number $errno
+   * @param string $message
+   * @throws Stripe_ApiConnectionError
+   */
+  public function handleCurlError($errno, $message)
+  {
+    $apiBase = Stripe::$apiBase;
+    switch ($errno) {
+    case CURLE_COULDNT_CONNECT:
+    case CURLE_COULDNT_RESOLVE_HOST:
+    case CURLE_OPERATION_TIMEOUTED:
+      $msg = "Could not connect to Stripe ($apiBase).  Please check your "
+           . "internet connection and try again.  If this problem persists, "
+           . "you should check Stripe's service status at "
+           . "https://twitter.com/stripestatus, or";
+        break;
+    case CURLE_SSL_CACERT:
+    case CURLE_SSL_PEER_CERTIFICATE:
+      $msg = "Could not verify Stripe's SSL certificate.  Please make sure "
+           . "that your network is not intercepting certificates.  "
+           . "(Try going to $apiBase in your browser.)  "
+           . "If this problem persists,";
+        break;
+    default:
+      $msg = "Unexpected error communicating with Stripe.  "
+           . "If this problem persists,";
+    }
+    $msg .= " let us know at support@stripe.com.";
+
+    $msg .= "\n\n(Network error [errno $errno]: $message)";
+    throw new Stripe_ApiConnectionError($msg);
+  }
+
+  /**
+   * Preflight the SSL certificate presented by the backend. This isn't 100%
+   * bulletproof, in that we're not actually validating the transport used to
+   * communicate with Stripe, merely that the first attempt to does not use a
+   * revoked certificate.
+   *
+   * Unfortunately the interface to OpenSSL doesn't make it easy to check the
+   * certificate before sending potentially sensitive data on the wire. This
+   * approach raises the bar for an attacker significantly.
+   */
+  private function checkSslCert($url)
+  {
+    if (!function_exists('stream_context_get_params') ||
+        !function_exists('stream_socket_enable_crypto')) {
+      error_log(
+          'Warning: This version of PHP does not support checking SSL '.
+          'certificates Stripe cannot guarantee that the server has a '.
+          'certificate which is not blacklisted.'
+      );
+      return true;
+    }
+
+    $url = parse_url($url);
+    $port = isset($url["port"]) ? $url["port"] : 443;
+    $url = "ssl://{$url["host"]}:{$port}";
+
+    $sslContext = stream_context_create(
+        array('ssl' => array(
+          'capture_peer_cert' => true,
+          'verify_peer'   => true,
+          'cafile'        => $this->caBundle(),
+        ))
+    );
+    $result = stream_socket_client(
+        $url, $errno, $errstr, 30, STREAM_CLIENT_CONNECT, $sslContext
+    );
+    if (($errno !== 0 && $errno !== NULL) || $result === false) {
+      $apiBase = Stripe::$apiBase;
+      throw new Stripe_ApiConnectionError(
+          'Could not connect to Stripe (' . $apiBase . ').  Please check your '.
+          'internet connection and try again.  If this problem persists, '.
+          'you should check Stripe\'s service status at '.
+          'https://twitter.com/stripestatus. Reason was: '.$errstr
+      );
+    }
+
+    $params = stream_context_get_params($result);
+
+    $cert = $params['options']['ssl']['peer_certificate'];
+
+    openssl_x509_export($cert, $pemCert);
+
+    if (self::isBlackListed($pemCert)) {
+      throw new Stripe_ApiConnectionError(
+          'Invalid server certificate. You tried to connect to a server that '.
+          'has a revoked SSL certificate, which means we cannot securely send '.
+          'data to that server.  Please email support@stripe.com if you need '.
+          'help connecting to the correct API server.'
+      );
+    }
+
+    return true;
+  }
+
+  /* Checks if a valid PEM encoded certificate is blacklisted
+   * @return boolean
+   */
+  public static function isBlackListed($certificate)
+  {
+    $certificate = trim($certificate);
+    $lines = explode("\n", $certificate);
+
+    // Kludgily remove the PEM padding
+    array_shift($lines); array_pop($lines);
+
+    $derCert = base64_decode(implode("", $lines));
+    $fingerprint = sha1($derCert);
+    return in_array($fingerprint, self::blacklistedCerts());
+  }
+
+  private function caBundle()
+  {
+    return dirname(__FILE__) . '/../data/ca-certificates.crt';
+  }
+}

packages/stripe-php/lib/Stripe/ApiResource.php

+<?php
+
+abstract class Stripe_ApiResource extends Stripe_Object
+{
+  protected static function _scopedRetrieve($class, $id, $apiKey=null)
+  {
+    $instance = new $class($id, $apiKey);
+    $instance->refresh();
+    return $instance;
+  }
+
+  /**
+   * @returns Stripe_ApiResource The refreshed resource.
+   */
+  public function refresh()
+  {
+    $requestor = new Stripe_ApiRequestor($this->_apiKey);
+    $url = $this->instanceUrl();
+
+    list($response, $apiKey) = $requestor->request(
+        'get',
+        $url,
+        $this->_retrieveOptions
+    );
+    $this->refreshFrom($response, $apiKey);
+    return $this;
+  }
+
+  /**
+   * @param string $class
+   *
+   * @returns string The name of the class, with namespacing and underscores
+   *    stripped.
+   */
+  public static function className($class)
+  {
+    // Useful for namespaces: Foo\Stripe_Charge
+    if ($postfixNamespaces = strrchr($class, '\\')) {
+      $class = substr($postfixNamespaces, 1);
+    }
+    // Useful for underscored 'namespaces': Foo_Stripe_Charge
+    if ($postfixFakeNamespaces = strrchr($class, 'Stripe_')) {
+      $class = $postfixFakeNamespaces;
+    }
+    if (substr($class, 0, strlen('Stripe')) == 'Stripe') {
+      $class = substr($class, strlen('Stripe'));
+    }
+    $class = str_replace('_', '', $class);
+    $name = urlencode($class);
+    $name = strtolower($name);
+    return $name;
+  }
+
+  /**
+   * @param string $class
+   *
+   * @returns string The endpoint URL for the given class.
+   */
+  public static function classUrl($class)
+  {
+    $base = self::_scopedLsb($class, 'className', $class);
+    return "/v1/${base}s";
+  }
+
+  /**
+   * @returns string The full API URL for this API resource.
+   */
+  public function instanceUrl()
+  {
+    $id = $this['id'];
+    $class = get_class($this);
+    if ($id === null) {
+      $message = "Could not determine which URL to request: "
+               . "$class instance has invalid ID: $id";
+      throw new Stripe_InvalidRequestError($message, null);
+    }
+    $id = Stripe_ApiRequestor::utf8($id);
+    $base = $this->_lsb('classUrl', $class);
+    $extn = urlencode($id);
+    return "$base/$extn";
+  }
+
+  private static function _validateCall($method, $params=null, $apiKey=null)
+  {
+    if ($params && !is_array($params)) {
+      $message = "You must pass an array as the first argument to Stripe API "
+               . "method calls.  (HINT: an example call to create a charge "
+               . "would be: \"StripeCharge::create(array('amount' => 100, "
+               . "'currency' => 'usd', 'card' => array('number' => "
+               . "4242424242424242, 'exp_month' => 5, 'exp_year' => 2015)))\")";
+      throw new Stripe_Error($message);
+    }
+
+    if ($apiKey && !is_string($apiKey)) {
+      $message = 'The second argument to Stripe API method calls is an '
+               . 'optional per-request apiKey, which must be a string.  '
+               . '(HINT: you can set a global apiKey by '
+               . '"Stripe::setApiKey(<apiKey>)")';
+      throw new Stripe_Error($message);
+    }
+  }
+
+  protected static function _scopedAll($class, $params=null, $apiKey=null)
+  {
+    self::_validateCall('all', $params, $apiKey);
+    $requestor = new Stripe_ApiRequestor($apiKey);
+    $url = self::_scopedLsb($class, 'classUrl', $class);
+    list($response, $apiKey) = $requestor->request('get', $url, $params);
+    return Stripe_Util::convertToStripeObject($response, $apiKey);
+  }
+
+  protected static function _scopedCreate($class, $params=null, $apiKey=null)
+  {
+    self::_validateCall('create', $params, $apiKey);
+    $requestor = new Stripe_ApiRequestor($apiKey);
+    $url = self::_scopedLsb($class, 'classUrl', $class);
+    list($response, $apiKey) = $requestor->request('post', $url, $params);
+    return Stripe_Util::convertToStripeObject($response, $apiKey);
+  }
+
+  protected function _scopedSave($class, $apiKey=null)
+  {
+    self::_validateCall('save');
+    $requestor = new Stripe_ApiRequestor($apiKey);
+    $params = $this->serializeParameters();
+
+    if (count($params) > 0) {
+      $url = $this->instanceUrl();
+      list($response, $apiKey) = $requestor->request('post', $url, $params);
+      $this->refreshFrom($response, $apiKey);
+    }
+    return $this;
+  }
+
+  protected function _scopedDelete($class, $params=null)
+  {
+    self::_validateCall('delete');
+    $requestor = new Stripe_ApiRequestor($this->_apiKey);
+    $url = $this->instanceUrl();
+    list($response, $apiKey) = $requestor->request('delete', $url, $params);
+    $this->refreshFrom($response, $apiKey);
+    return $this;
+  }
+}

packages/stripe-php/lib/Stripe/ApplicationFee.php

+<?php
+
+class Stripe_ApplicationFee extends Stripe_ApiResource
+{
+  /**
+   * This is a special case because the application fee endpoint has an 
+   *    underscore in it. The parent `className` function strips underscores.
+   *
+   * @return string The name of the class.
+   */
+  public static function className($class)
+  {
+    return 'application_fee';
+  }
+
+  /**
+   * @param string $id The ID of the application fee to retrieve.
+   * @param string|null $apiKey
+   *
+   * @return Stripe_ApplicationFee
+   */
+  public static function retrieve($id, $apiKey=null)
+  {
+    $class = get_class();
+    return self::_scopedRetrieve($class, $id, $apiKey);
+  }
+
+  /**
+   * @param string|null $params
+   * @param string|null $apiKey
+   *
+   * @return array An array of application fees.
+   */
+  public static function all($params=null, $apiKey=null)
+  {
+    $class = get_class();
+    return self::_scopedAll($class, $params, $apiKey);
+  }
+
+  /**
+   * @param string|null $params
+   *
+   * @return Stripe_ApplicationFee The refunded application fee.
+   */
+  public function refund($params=null)
+  {
+    $requestor = new Stripe_ApiRequestor($this->_apiKey);
+    $url = $this->instanceUrl() . '/refund';
+    list($response, $apiKey) = $requestor->request('post', $url, $params);
+    $this->refreshFrom($response, $apiKey);
+    return $this;
+  }
+}

packages/stripe-php/lib/Stripe/ApplicationFeeRefund.php

+<?php
+
+class Stripe_ApplicationFeeRefund extends Stripe_ApiResource
+{
+  /**
+   * @return string The API URL for this Stripe refund.
+   */
+  public function instanceUrl()
+  {
+    $id = $this['id'];
+    $fee = $this['fee'];
+    if (!$id) {
+      throw new Stripe_InvalidRequestError(
+          "Could not determine which URL to request: " .
+          "class instance has invalid ID: $id",
+          null
+      );
+    }
+    $id = Stripe_ApiRequestor::utf8($id);
+    $fee = Stripe_ApiRequestor::utf8($fee);
+
+    $base = self::classUrl('Stripe_ApplicationFee');
+    $feeExtn = urlencode($fee);
+    $extn = urlencode($id);
+    return "$base/$feeExtn/refunds/$extn";
+  }
+
+  /**
+   * @return Stripe_ApplicationFeeRefund The saved refund.
+   */
+  public function save()
+  {
+    $class = get_class();
+    return self::_scopedSave($class);
+  }
+}

packages/stripe-php/lib/Stripe/AttachedObject.php

+<?php
+
+// e.g. metadata on Stripe objects.
+class Stripe_AttachedObject extends Stripe_Object
+{
+  /**
+   * Updates this object.
+   *
+   * @param array $properties A mapping of properties to update on this object.
+   */
+  public function replaceWith($properties)
+  {
+    $removed = array_diff(array_keys($this->_values), array_keys($properties));
+    // Don't unset, but rather set to null so we send up '' for deletion.
+    foreach ($removed as $k) {
+      $this->$k = null;
+    }
+
+    foreach ($properties as $k => $v) {
+      $this->$k = $v;
+    }
+  }
+}

packages/stripe-php/lib/Stripe/AuthenticationError.php

+<?php
+
+class Stripe_AuthenticationError extends Stripe_Error
+{
+}

packages/stripe-php/lib/Stripe/Balance.php

+<?php
+
+class Stripe_Balance extends Stripe_SingletonApiResource
+{
+  /**
+    * @param string|null $apiKey
+    *
+    * @return Stripe_Balance
+    */
+  public static function retrieve($apiKey=null)
+  {
+    $class = get_class();
+    return self::_scopedSingletonRetrieve($class, $apiKey);
+  }
+}