Enforce session as array data, and settings api tweak for special chars. Closes #3135.

includes/abstracts/abstract-wc-session.php

@@ -62,10 +62,8 @@ abstract class WC_Session {
      */
     public function __unset( $key ) {
     	if ( isset( $this->_data[ $key ] ) ) {
-            try {
+            unset( $this->_data[ $key ] );
-       		   unset( $this->_data[ $key ] );
+       		$this->_dirty = true;
-       		   $this->_dirty = true;
-            } catch( Exception $e ) {}
         }
     }
 
@@ -78,7 +76,7 @@ abstract class WC_Session {
      */
     public function get( $key, $default = null ) {
         $key = sanitize_key( $key );
-        return isset( $this->_data[ $key ] ) ? $this->_data[ $key ] : $default;
+        return isset( $this->_data[ $key ] ) ? maybe_unserialize( $this->_data[ $key ] ) : $default;
     }
 
     /**
@@ -88,7 +86,7 @@ abstract class WC_Session {
      * @param mixed $value
      */
     public function set( $key, $value ) {
-        $this->_data[ sanitize_key( $key ) ] = $value;
+        $this->_data[ sanitize_key( $key ) ] = maybe_serialize( $value );
         $this->_dirty = true;
     }
 

includes/abstracts/abstract-wc-settings-api.php

@@ -162,7 +162,7 @@ abstract class WC_Settings_API {
      * @return array
      */
     public function format_settings( $value ) {
-    	return ( is_array( $value ) ) ? $value : html_entity_decode( $value );
+    	return ( is_array( $value ) ) ? $value : $value;
     }
 
 
@@ -691,7 +691,7 @@ abstract class WC_Settings_API {
     	$text = $this->get_option( $key );
 
     	if ( isset( $_POST[ $this->plugin_id . $this->id . '_' . $key ] ) ) {
-    		$text = esc_attr( trim( stripslashes( $_POST[ $this->plugin_id . $this->id . '_' . $key ] ) ) );
+    		$text = wp_kses_post( trim( stripslashes( $_POST[ $this->plugin_id . $this->id . '_' . $key ] ) ) );
     	}
 
     	return $text;
@@ -712,7 +712,7 @@ abstract class WC_Settings_API {
     	$text = $this->get_option( $key );
 
     	if ( isset( $_POST[ $this->plugin_id . $this->id . '_' . $key ] ) ) {
-    		$text = esc_attr( woocommerce_clean( $_POST[ $this->plugin_id . $this->id . '_' . $key ] ) );
+    		$text = woocommerce_clean( $_POST[ $this->plugin_id . $this->id . '_' . $key ] );
     	}
 
     	return $text;
@@ -733,7 +733,7 @@ abstract class WC_Settings_API {
     	$text = $this->get_option( $key );
 
     	if ( isset( $_POST[ $this->plugin_id . $this->id . '_' . $key ] ) ) {
-    		$text = esc_attr( trim( stripslashes( $_POST[ $this->plugin_id . $this->id . '_' . $key ] ) ) );
+    		$text = wp_kses_post( trim( stripslashes( $_POST[ $this->plugin_id . $this->id . '_' . $key ] ) ) );
     	}
 
     	return $text;
@@ -754,7 +754,7 @@ abstract class WC_Settings_API {
     	$value = $this->get_option( $key );
 
     	if ( isset( $_POST[ $this->plugin_id . $this->id . '_' . $key ] ) ) {
-    		$value = esc_attr( woocommerce_clean( $_POST[ $this->plugin_id . $this->id . '_' . $key ] ) );
+    		$value = woocommerce_clean( $_POST[ $this->plugin_id . $this->id . '_' . $key ] );
     	}
 
     	return $value;
@@ -774,7 +774,7 @@ abstract class WC_Settings_API {
     	$value = $this->get_option( $key );
 
     	if ( isset( $_POST[ $this->plugin_id . $this->id . '_' . $key ] ) ) {
-    		$value = array_map('esc_attr', array_map('woocommerce_clean', (array) $_POST[ $this->plugin_id . $this->id . '_' . $key ] ));
+    		$value = array_map( 'woocommerce_clean', (array) $_POST[ $this->plugin_id . $this->id . '_' . $key ] );
     	} else {
 	    	$value = '';
     	}

includes/class-wc-session-handler.php

@@ -120,7 +120,7 @@ class WC_Session_Handler extends WC_Session {
 	 * @return array
 	 */
 	private function get_session_data() {
-		return get_option( '_wc_session_' . $this->_customer_id, array() );
+		return (array) get_option( '_wc_session_' . $this->_customer_id, array() );
 	}
 
     /**