Remove redundant orderReturnURL

See more in Linear issue 5323 of this repo

Author: htdat

includes/class-wc-payments-checkout.php

@@ -266,24 +266,15 @@ public function get_payment_fields_js_config() {
 				return $payment_fields; // nosemgrep: audit.php.wp.security.xss.query-arg -- server generated url is passed in.
 			}
 
-			$payment_fields['isOrderPay'] = true;
-			$order_id                     = absint( get_query_var( 'order-pay' ) );
-			$payment_fields['orderId']    = $order_id;
-			$order                        = wc_get_order( $order_id );
-
-			if ( is_a( $order, 'WC_Order' ) ) {
-				$order_currency                   = $order->get_currency();
-				$payment_fields['currency']       = $order_currency;
-				$payment_fields['cartTotal']      = WC_Payments_Utils::prepare_amount( $order->get_total(), $order_currency );
-				$payment_fields['orderReturnURL'] = esc_url_raw(
-					add_query_arg(
-						[
-							'wc_payment_method' => WC_Payment_Gateway_WCPay::GATEWAY_ID,
-							'_wpnonce'          => wp_create_nonce( 'wcpay_process_redirect_order_nonce' ),
-						],
-						$this->gateway->get_return_url( $order )
-					)
-				);
+			$order_id = absint( get_query_var( 'order-pay' ) );
+			$order    = wc_get_order( $order_id );
+
+			if ( is_a( $order, 'WC_Order' ) && get_current_user_id() === $order->get_user_id() ) {
+				$payment_fields['isOrderPay'] = true;
+				$payment_fields['orderId']    = $order_id;
+				$order_currency               = $order->get_currency();
+				$payment_fields['currency']   = $order_currency;
+				$payment_fields['cartTotal']  = WC_Payments_Utils::prepare_amount( $order->get_total(), $order_currency );
 			}
 		}