diff --git a/includes/abstracts/abstract-wc-settings-api.php b/includes/abstracts/abstract-wc-settings-api.php index d96513a16bc..26e999abbde 100644 --- a/includes/abstracts/abstract-wc-settings-api.php +++ b/includes/abstracts/abstract-wc-settings-api.php @@ -1,60 +1,64 @@ -' . $this->generate_settings_html( $this->get_form_fields(), false ) . ''; + echo '' . $this->generate_settings_html( $this->get_form_fields(), false ) . '
'; // WPCS: XSS ok. } /** * Initialise settings form fields. * - * Add an array of fields to be displayed - * on the gateway's settings screen. + * Add an array of fields to be displayed on the gateway's settings screen. * * @since 1.0.0 */ @@ -94,6 +96,7 @@ abstract class WC_Settings_API { /** * Return the name of the option in the WP DB. + * * @since 2.6.0 * @return string */ @@ -103,7 +106,8 @@ abstract class WC_Settings_API { /** * Get a fields type. Defaults to "text" if not set. - * @param array $field + * + * @param array $field Field key. * @return string */ public function get_field_type( $field ) { @@ -112,7 +116,8 @@ abstract class WC_Settings_API { /** * Get a fields default value. Defaults to "" if not set. - * @param array $field + * + * @param array $field Field key. * @return string */ public function get_field_default( $field ) { @@ -121,35 +126,40 @@ abstract class WC_Settings_API { /** * Get a field's posted and validated value. - * @param string $key - * @param array $field - * @param array $post_data + * + * @param string $key Field key. + * @param array $field Field array. + * @param array $post_data Posted data. * @return string */ public function get_field_value( $key, $field, $post_data = array() ) { $type = $this->get_field_type( $field ); $field_key = $this->get_field_key( $key ); - $post_data = empty( $post_data ) ? $_POST : $post_data; + $post_data = empty( $post_data ) ? $_POST : $post_data; // WPCS: CSRF ok, input var ok. $value = isset( $post_data[ $field_key ] ) ? $post_data[ $field_key ] : null; - // Look for a validate_FIELDID_field method for special handling + if ( isset( $field['sanitize_callback'] ) && is_callable( $field['sanitize_callback'] ) ) { + return call_user_func( $field['sanitize_callback'], $value ); + } + + // Look for a validate_FIELDID_field method for special handling. if ( is_callable( array( $this, 'validate_' . $key . '_field' ) ) ) { return $this->{'validate_' . $key . '_field'}( $key, $value ); } - // Look for a validate_FIELDTYPE_field method + // Look for a validate_FIELDTYPE_field method. if ( is_callable( array( $this, 'validate_' . $type . '_field' ) ) ) { return $this->{'validate_' . $type . '_field'}( $key, $value ); } - // Fallback to text + // Fallback to text. return $this->validate_text_field( $key, $value ); } /** - * Sets the POSTed data. This method can be used to set specific data, instead - * of taking it from the $_POST array. - * @param array data + * Sets the POSTed data. This method can be used to set specific data, instead of taking it from the $_POST array. + * + * @param array $data Posted data. */ public function set_post_data( $data = array() ) { $this->data = $data; @@ -157,18 +167,20 @@ abstract class WC_Settings_API { /** * Returns the POSTed data, to be used to save the settings. + * * @return array */ public function get_post_data() { if ( ! empty( $this->data ) && is_array( $this->data ) ) { return $this->data; } - return $_POST; + return $_POST; // WPCS: CSRF ok, input var ok. } /** * Processes and saves options. * If there is an error thrown, will continue to save and validate fields, but will leave the erroring field out. + * * @return bool was anything saved? */ public function process_admin_options() { @@ -191,7 +203,8 @@ abstract class WC_Settings_API { /** * Add an error message for display in admin on save. - * @param string $error + * + * @param string $error Error message. */ public function add_error( $error ) { $this->errors[] = $error; @@ -238,12 +251,12 @@ abstract class WC_Settings_API { } /** - * get_option function. + * Get option from DB. * * Gets an option from the settings API, using defaults if necessary to prevent undefined notices. * - * @param string $key - * @param mixed $empty_value + * @param string $key Option key. + * @param mixed $empty_value Value when empty. * @return string The value specified for the option or a default value for the option. */ public function get_option( $key, $empty_value = null ) { @@ -267,7 +280,7 @@ abstract class WC_Settings_API { /** * Prefix key for settings. * - * @param mixed $key + * @param string $key Field key. * @return string */ public function get_field_key( $key ) { @@ -279,9 +292,8 @@ abstract class WC_Settings_API { * * Generate the HTML for the fields on the "settings" screen. * - * @param array $form_fields (default: array()) - * @param bool $echo - * + * @param array $form_fields (default: array()) Array of form fields. + * @param bool $echo Echo or return. * @return string the html for the settings * @since 1.0.0 * @uses method_exists() @@ -303,7 +315,7 @@ abstract class WC_Settings_API { } if ( $echo ) { - echo $html; + echo $html; // WPCS: XSS ok. } else { return $html; } @@ -312,7 +324,7 @@ abstract class WC_Settings_API { /** * Get HTML for tooltips. * - * @param array $data + * @param array $data Data for the tooltip. * @return string */ public function get_tooltip_html( $data ) { @@ -330,7 +342,7 @@ abstract class WC_Settings_API { /** * Get HTML for descriptions. * - * @param array $data + * @param array $data Data for the description. * @return string */ public function get_description_html( $data ) { @@ -350,7 +362,7 @@ abstract class WC_Settings_API { /** * Get custom attributes. * - * @param array $data + * @param array $data Field data. * @return string */ public function get_custom_attribute_html( $data ) { @@ -368,8 +380,8 @@ abstract class WC_Settings_API { /** * Generate Text Input HTML. * - * @param mixed $key - * @param mixed $data + * @param string $key Field key. + * @param array $data Field data. * @since 1.0.0 * @return string */ @@ -393,14 +405,14 @@ abstract class WC_Settings_API { ?> - get_tooltip_html( $data ); ?> + get_tooltip_html( $data ); // WPCS: XSS ok. ?>
- get_custom_attribute_html( $data ); ?> /> - get_description_html( $data ); ?> + get_custom_attribute_html( $data ); // WPCS: XSS ok. ?> /> + get_description_html( $data ); // WPCS: XSS ok. ?>
@@ -412,8 +424,8 @@ abstract class WC_Settings_API { /** * Generate Price Input HTML. * - * @param mixed $key - * @param mixed $data + * @param string $key Field key. + * @param array $data Field data. * @since 1.0.0 * @return string */ @@ -437,14 +449,14 @@ abstract class WC_Settings_API { ?> - get_tooltip_html( $data ); ?> + get_tooltip_html( $data ); // WPCS: XSS ok. ?>
- get_custom_attribute_html( $data ); ?> /> - get_description_html( $data ); ?> + get_custom_attribute_html( $data ); // WPCS: XSS ok. ?> /> + get_description_html( $data ); // WPCS: XSS ok. ?>
@@ -456,8 +468,8 @@ abstract class WC_Settings_API { /** * Generate Decimal Input HTML. * - * @param mixed $key - * @param mixed $data + * @param string $key Field key. + * @param array $data Field data. * @since 1.0.0 * @return string */ @@ -481,14 +493,14 @@ abstract class WC_Settings_API { ?> - get_tooltip_html( $data ); ?> + get_tooltip_html( $data ); // WPCS: XSS ok. ?>
- get_custom_attribute_html( $data ); ?> /> - get_description_html( $data ); ?> + get_custom_attribute_html( $data ); // WPCS: XSS ok. ?> /> + get_description_html( $data ); // WPCS: XSS ok. ?>
@@ -500,8 +512,8 @@ abstract class WC_Settings_API { /** * Generate Password Input HTML. * - * @param mixed $key - * @param mixed $data + * @param string $key Field key. + * @param array $data Field data. * @since 1.0.0 * @return string */ @@ -513,8 +525,8 @@ abstract class WC_Settings_API { /** * Generate Color Picker Input HTML. * - * @param mixed $key - * @param mixed $data + * @param string $key Field key. + * @param array $data Field data. * @since 1.0.0 * @return string */ @@ -537,16 +549,16 @@ abstract class WC_Settings_API { ?> - get_tooltip_html( $data ); ?> + get_tooltip_html( $data ); // WPCS: XSS ok. ?>
- get_custom_attribute_html( $data ); ?> /> + get_custom_attribute_html( $data ); // WPCS: XSS ok. ?> /> - get_description_html( $data ); ?> + get_description_html( $data ); // WPCS: XSS ok. ?>
@@ -558,8 +570,8 @@ abstract class WC_Settings_API { /** * Generate Textarea HTML. * - * @param mixed $key - * @param mixed $data + * @param string $key Field key. + * @param array $data Field data. * @since 1.0.0 * @return string */ @@ -583,14 +595,14 @@ abstract class WC_Settings_API { ?> - get_tooltip_html( $data ); ?> + get_tooltip_html( $data ); // WPCS: XSS ok. ?>
- - get_description_html( $data ); ?> + + get_description_html( $data ); // WPCS: XSS ok. ?>
@@ -602,8 +614,8 @@ abstract class WC_Settings_API { /** * Generate Checkbox HTML. * - * @param mixed $key - * @param mixed $data + * @param string $key Field key. + * @param array $data Field data. * @since 1.0.0 * @return string */ @@ -631,15 +643,15 @@ abstract class WC_Settings_API { ?> - get_tooltip_html( $data ); ?> + get_tooltip_html( $data ); // WPCS: XSS ok. ?>

- get_description_html( $data ); ?> + class="" type="checkbox" name="" id="" style="" value="1" get_option( $key ), 'yes' ); ?> get_custom_attribute_html( $data ); // WPCS: XSS ok. ?> />
+ get_description_html( $data ); // WPCS: XSS ok. ?>
@@ -651,8 +663,8 @@ abstract class WC_Settings_API { /** * Generate Select HTML. * - * @param mixed $key - * @param mixed $data + * @param string $key Field key. + * @param array $data Field data. * @since 1.0.0 * @return string */ @@ -677,18 +689,18 @@ abstract class WC_Settings_API { ?> - get_tooltip_html( $data ); ?> + get_tooltip_html( $data ); // WPCS: XSS ok. ?>
- get_custom_attribute_html( $data ); // WPCS: XSS ok. ?>> $option_value ) : ?> - get_description_html( $data ); ?> + get_description_html( $data ); // WPCS: XSS ok. ?>
@@ -700,8 +712,8 @@ abstract class WC_Settings_API { /** * Generate Multiselect HTML. * - * @param mixed $key - * @param mixed $data + * @param string $key Field key. + * @param array $data Field data. * @since 1.0.0 * @return string */ @@ -728,20 +740,20 @@ abstract class WC_Settings_API { ?> - get_tooltip_html( $data ); ?> + get_tooltip_html( $data ); // WPCS: XSS ok. ?>
- get_custom_attribute_html( $data ); // WPCS: XSS ok. ?>> $option_value ) : ?> - + - get_description_html( $data ); ?> + get_description_html( $data ); // WPCS: XSS ok. ?> -
+
@@ -754,8 +766,8 @@ abstract class WC_Settings_API { /** * Generate Title HTML. * - * @param mixed $key - * @param mixed $data + * @param string $key Field key. + * @param array $data Field data. * @since 1.0.0 * @return string */ @@ -786,8 +798,8 @@ abstract class WC_Settings_API { * * Make sure the data is escaped correctly, etc. * - * @param string $key Field key - * @param string|null $value Posted Value + * @param string $key Field key. + * @param string $value Posted Value. * @return string */ public function validate_text_field( $key, $value ) { @@ -800,8 +812,8 @@ abstract class WC_Settings_API { * * Make sure the data is escaped correctly, etc. * - * @param string $key - * @param string|null $value Posted Value + * @param string $key Field key. + * @param string $value Posted Value. * @return string */ public function validate_price_field( $key, $value ) { @@ -814,8 +826,8 @@ abstract class WC_Settings_API { * * Make sure the data is escaped correctly, etc. * - * @param string $key - * @param string|null $value Posted Value + * @param string $key Field key. + * @param string $value Posted Value. * @return string */ public function validate_decimal_field( $key, $value ) { @@ -826,8 +838,8 @@ abstract class WC_Settings_API { /** * Validate Password Field. No input sanitization is used to avoid corrupting passwords. * - * @param string $key - * @param string|null $value Posted Value + * @param string $key Field key. + * @param string $value Posted Value. * @return string */ public function validate_password_field( $key, $value ) { @@ -838,8 +850,8 @@ abstract class WC_Settings_API { /** * Validate Textarea Field. * - * @param string $key - * @param string|null $value Posted Value + * @param string $key Field key. + * @param string $value Posted Value. * @return string */ public function validate_textarea_field( $key, $value ) { @@ -847,7 +859,12 @@ abstract class WC_Settings_API { return wp_kses( trim( stripslashes( $value ) ), array_merge( array( - 'iframe' => array( 'src' => true, 'style' => true, 'id' => true, 'class' => true ), + 'iframe' => array( + 'src' => true, + 'style' => true, + 'id' => true, + 'class' => true, + ), ), wp_kses_allowed_html( 'post' ) ) @@ -859,8 +876,8 @@ abstract class WC_Settings_API { * * If not set, return "no", otherwise return "yes". * - * @param string $key - * @param string|null $value Posted Value + * @param string $key Field key. + * @param string $value Posted Value. * @return string */ public function validate_checkbox_field( $key, $value ) { @@ -870,8 +887,8 @@ abstract class WC_Settings_API { /** * Validate Select Field. * - * @param string $key - * @param string $value Posted Value + * @param string $key Field key. + * @param string $value Posted Value. * @return string */ public function validate_select_field( $key, $value ) { @@ -882,8 +899,8 @@ abstract class WC_Settings_API { /** * Validate Multiselect Field. * - * @param string $key - * @param string $value Posted Value + * @param string $key Field key. + * @param string $value Posted Value. * @return string|array */ public function validate_multiselect_field( $key, $value ) { @@ -892,9 +909,9 @@ abstract class WC_Settings_API { /** * Validate the data on the "Settings" form. - * @deprecated 2.6.0 No longer used * - * @param array $form_fields + * @deprecated 2.6.0 No longer used. + * @param array $form_fields Array of fields. */ public function validate_settings_fields( $form_fields = array() ) { wc_deprecated_function( 'validate_settings_fields', '2.6' ); @@ -902,8 +919,9 @@ abstract class WC_Settings_API { /** * Format settings if needed. - * @deprecated 2.6.0 Unused - * @param array $value + * + * @deprecated 2.6.0 Unused. + * @param array $value Value to format. * @return array */ public function format_settings( $value ) { diff --git a/includes/admin/settings/class-wc-settings-shipping.php b/includes/admin/settings/class-wc-settings-shipping.php index bbd808d39f4..3f850e3b96b 100644 --- a/includes/admin/settings/class-wc-settings-shipping.php +++ b/includes/admin/settings/class-wc-settings-shipping.php @@ -244,7 +244,7 @@ class WC_Settings_Shipping extends WC_Settings_Page { } wp_localize_script( 'wc-shipping-zone-methods', 'shippingZoneMethodsLocalizeScript', array( - 'methods' => $zone->get_shipping_methods(), + 'methods' => $zone->get_shipping_methods( false, 'json' ), 'zone_name' => $zone->get_zone_name(), 'zone_id' => $zone->get_id(), 'wc_shipping_zones_nonce' => wp_create_nonce( 'wc_shipping_zones_nonce' ), diff --git a/includes/class-wc-ajax.php b/includes/class-wc-ajax.php index e11783e192b..fe66dde69cc 100644 --- a/includes/class-wc-ajax.php +++ b/includes/class-wc-ajax.php @@ -2449,7 +2449,7 @@ class WC_AJAX { 'instance_id' => $instance_id, 'zone_id' => $zone->get_id(), 'zone_name' => $zone->get_zone_name(), - 'methods' => $zone->get_shipping_methods(), + 'methods' => $zone->get_shipping_methods( false, 'json' ), ) ); } @@ -2547,7 +2547,7 @@ class WC_AJAX { wp_send_json_success( array( 'zone_id' => $zone->get_id(), 'zone_name' => $zone->get_zone_name(), - 'methods' => $zone->get_shipping_methods(), + 'methods' => $zone->get_shipping_methods( false, 'json' ), ) ); } @@ -2579,7 +2579,7 @@ class WC_AJAX { wp_send_json_success( array( 'zone_id' => $zone->get_id(), 'zone_name' => $zone->get_zone_name(), - 'methods' => $zone->get_shipping_methods(), + 'methods' => $zone->get_shipping_methods( false, 'json' ), 'errors' => $shipping_method->get_errors(), ) ); } diff --git a/includes/class-wc-shipping-zone.php b/includes/class-wc-shipping-zone.php index fe171cf98a5..ce4785cb1e7 100644 --- a/includes/class-wc-shipping-zone.php +++ b/includes/class-wc-shipping-zone.php @@ -1,36 +1,38 @@ set_id( $zone ); } elseif ( is_object( $zone ) ) { $this->set_id( $zone->zone_id ); - } elseif ( 0 === $zone || "0" === $zone ) { + } elseif ( 0 === $zone || '0' === $zone ) { $this->set_id( 0 ); } else { $this->set_object_read( true ); @@ -61,16 +63,16 @@ class WC_Shipping_Zone extends WC_Legacy_Shipping_Zone { } } - /* - |-------------------------------------------------------------------------- - | Getters - |-------------------------------------------------------------------------- + /** + * -------------------------------------------------------------------------- + * Getters + * -------------------------------------------------------------------------- */ /** * Get zone name. * - * @param string $context + * @param string $context View or edit context. * @return string */ public function get_zone_name( $context = 'view' ) { @@ -80,7 +82,7 @@ class WC_Shipping_Zone extends WC_Legacy_Shipping_Zone { /** * Get zone order. * - * @param string $context + * @param string $context View or edit context. * @return int */ public function get_zone_order( $context = 'view' ) { @@ -90,7 +92,7 @@ class WC_Shipping_Zone extends WC_Legacy_Shipping_Zone { /** * Get zone locations. * - * @param string $context + * @param string $context View or edit context. * @return array of zone objects */ public function get_zone_locations( $context = 'view' ) { @@ -100,8 +102,8 @@ class WC_Shipping_Zone extends WC_Legacy_Shipping_Zone { /** * Return a text string representing what this zone is for. * - * @param int $max - * @param string $context + * @param int $max Max locations to return. + * @param string $context View or edit context. * @return string */ public function get_formatted_location( $max = 10, $context = 'view' ) { @@ -124,7 +126,7 @@ class WC_Shipping_Zone extends WC_Legacy_Shipping_Zone { } foreach ( $states as $location ) { - $location_codes = explode( ':', $location->code ); + $location_codes = explode( ':', $location->code ); $location_parts[] = $all_states[ $location_codes[0] ][ $location_codes[1] ]; } @@ -135,8 +137,8 @@ class WC_Shipping_Zone extends WC_Legacy_Shipping_Zone { // Fix display of encoded characters. $location_parts = array_map( 'html_entity_decode', $location_parts ); - if ( sizeof( $location_parts ) > $max ) { - $remaining = sizeof( $location_parts ) - $max; + if ( count( $location_parts ) > $max ) { + $remaining = count( $location_parts ) - $max; // @codingStandardsIgnoreStart return sprintf( _n( '%s and %d other region', '%s and %d other regions', $remaining, 'woocommerce' ), implode( ', ', array_splice( $location_parts, 0, $max ) ), $remaining ); // @codingStandardsIgnoreEnd @@ -150,10 +152,11 @@ class WC_Shipping_Zone extends WC_Legacy_Shipping_Zone { /** * Get shipping methods linked to this zone. * - * @param bool Only return enabled methods. + * @param bool $enabled_only Only return enabled methods. + * @param string $context Getting shipping methods for what context. Valid values, admin, json. * @return array of objects */ - public function get_shipping_methods( $enabled_only = false ) { + public function get_shipping_methods( $enabled_only = false, $context = 'admin' ) { if ( null === $this->get_id() ) { return array(); } @@ -165,30 +168,37 @@ class WC_Shipping_Zone extends WC_Legacy_Shipping_Zone { foreach ( $raw_methods as $raw_method ) { if ( in_array( $raw_method->method_id, array_keys( $allowed_classes ), true ) ) { - $class_name = $allowed_classes[ $raw_method->method_id ]; + $class_name = $allowed_classes[ $raw_method->method_id ]; + $instance_id = $raw_method->instance_id; // The returned array may contain instances of shipping methods, as well // as classes. If the "class" is an instance, just use it. If not, // create an instance. if ( is_object( $class_name ) ) { - $class_name_of_instance = get_class( $class_name ); - $methods[ $raw_method->instance_id ] = new $class_name_of_instance( $raw_method->instance_id ); + $class_name_of_instance = get_class( $class_name ); + $methods[ $instance_id ] = new $class_name_of_instance( $instance_id ); } else { // If the class is not an object, it should be a string. It's better // to double check, to be sure (a class must be a string, anything) - // else would be useless + // else would be useless. if ( is_string( $class_name ) && class_exists( $class_name ) ) { - $methods[ $raw_method->instance_id ] = new $class_name( $raw_method->instance_id ); + $methods[ $instance_id ] = new $class_name( $instance_id ); } } - // Let's make sure that we have an instance before setting its attributes - if ( is_object( $methods[ $raw_method->instance_id ] ) ) { - $methods[ $raw_method->instance_id ]->method_order = absint( $raw_method->method_order ); - $methods[ $raw_method->instance_id ]->enabled = $raw_method->is_enabled ? 'yes' : 'no'; - $methods[ $raw_method->instance_id ]->has_settings = $methods[ $raw_method->instance_id ]->has_settings(); - $methods[ $raw_method->instance_id ]->settings_html = $methods[ $raw_method->instance_id ]->supports( 'instance-settings-modal' ) ? $methods[ $raw_method->instance_id ]->get_admin_options_html() : false; - $methods[ $raw_method->instance_id ]->method_description = wp_kses_post( wpautop( $methods[ $raw_method->instance_id ]->method_description ) ); + // Let's make sure that we have an instance before setting its attributes. + if ( is_object( $methods[ $instance_id ] ) ) { + $methods[ $instance_id ]->method_order = absint( $raw_method->method_order ); + $methods[ $instance_id ]->enabled = $raw_method->is_enabled ? 'yes' : 'no'; + $methods[ $instance_id ]->has_settings = $methods[ $instance_id ]->has_settings(); + $methods[ $instance_id ]->settings_html = $methods[ $instance_id ]->supports( 'instance-settings-modal' ) ? $methods[ $instance_id ]->get_admin_options_html(): false; + $methods[ $instance_id ]->method_description = wp_kses_post( wpautop( $methods[ $instance_id ]->method_description ) ); + } + + if ( 'json' === $context ) { + // We don't want the entire object in this context, just the public props. + $methods[ $instance_id ] = (object) get_object_vars( $methods[ $instance_id ] ); + unset( $methods[ $instance_id ]->instance_form_fields, $methods[ $instance_id ]->form_fields ); } } } @@ -198,25 +208,25 @@ class WC_Shipping_Zone extends WC_Legacy_Shipping_Zone { return apply_filters( 'woocommerce_shipping_zone_shipping_methods', $methods, $raw_methods, $allowed_classes, $this ); } - /* - |-------------------------------------------------------------------------- - | Setters - |-------------------------------------------------------------------------- + /** + * -------------------------------------------------------------------------- + * Setters + * -------------------------------------------------------------------------- */ /** * Set zone name. * - * @param string $set + * @param string $set Value to set. */ public function set_zone_name( $set ) { $this->set_prop( 'zone_name', wc_clean( $set ) ); } /** - * Set zone order. + * Set zone order. Value to set. * - * @param int $set + * @param int $set Value to set. */ public function set_zone_order( $set ) { $this->set_prop( 'zone_order', absint( $set ) ); @@ -226,7 +236,7 @@ class WC_Shipping_Zone extends WC_Legacy_Shipping_Zone { * Set zone locations. * * @since 3.0.0 - * @param array + * @param array $locations Value to set. */ public function set_zone_locations( $locations ) { if ( 0 !== $this->get_id() ) { @@ -234,10 +244,10 @@ class WC_Shipping_Zone extends WC_Legacy_Shipping_Zone { } } - /* - |-------------------------------------------------------------------------- - | Other Methods - |-------------------------------------------------------------------------- + /** + * -------------------------------------------------------------------------- + * Other + * -------------------------------------------------------------------------- */ /** @@ -280,7 +290,7 @@ class WC_Shipping_Zone extends WC_Legacy_Shipping_Zone { /** * Location type detection. * - * @param object $location + * @param object $location Location to check. * @return boolean */ private function location_is_continent( $location ) { @@ -290,7 +300,7 @@ class WC_Shipping_Zone extends WC_Legacy_Shipping_Zone { /** * Location type detection. * - * @param object $location + * @param object $location Location to check. * @return boolean */ private function location_is_country( $location ) { @@ -300,7 +310,7 @@ class WC_Shipping_Zone extends WC_Legacy_Shipping_Zone { /** * Location type detection. * - * @param object $location + * @param object $location Location to check. * @return boolean */ private function location_is_state( $location ) { @@ -310,7 +320,7 @@ class WC_Shipping_Zone extends WC_Legacy_Shipping_Zone { /** * Location type detection. * - * @param object $location + * @param object $location Location to check. * @return boolean */ private function location_is_postcode( $location ) { @@ -320,29 +330,29 @@ class WC_Shipping_Zone extends WC_Legacy_Shipping_Zone { /** * Is passed location type valid? * - * @param string $type + * @param string $type Type to check. * @return boolean */ public function is_valid_location_type( $type ) { - return in_array( $type, array( 'postcode', 'state', 'country', 'continent' ) ); + return in_array( $type, array( 'postcode', 'state', 'country', 'continent' ), true ); } /** * Add location (state or postcode) to a zone. * - * @param string $code - * @param string $type state or postcode + * @param string $code Location code. + * @param string $type state or postcode. */ public function add_location( $code, $type ) { if ( 0 !== $this->get_id() && $this->is_valid_location_type( $type ) ) { if ( 'postcode' === $type ) { $code = trim( strtoupper( str_replace( chr( 226 ) . chr( 128 ) . chr( 166 ), '...', $code ) ) ); // No normalization - postcodes are matched against both normal and formatted versions to support wildcards. } - $location = array( + $location = array( 'code' => wc_clean( $code ), 'type' => wc_clean( $type ), ); - $zone_locations = $this->get_prop( 'zone_locations', 'edit' ); + $zone_locations = $this->get_prop( 'zone_locations', 'edit' ); $zone_locations[] = (object) $location; $this->set_prop( 'zone_locations', $zone_locations ); } @@ -352,7 +362,7 @@ class WC_Shipping_Zone extends WC_Legacy_Shipping_Zone { /** * Clear all locations for this zone. * - * @param array|string $types of location to clear + * @param array|string $types of location to clear. */ public function clear_locations( $types = array( 'postcode', 'state', 'country', 'continent' ) ) { if ( ! is_array( $types ) ) { @@ -360,7 +370,7 @@ class WC_Shipping_Zone extends WC_Legacy_Shipping_Zone { } $zone_locations = $this->get_prop( 'zone_locations', 'edit' ); foreach ( $zone_locations as $key => $values ) { - if ( in_array( $values->type, $types ) ) { + if ( in_array( $values->type, $types, true ) ) { unset( $zone_locations[ $key ] ); } } @@ -371,7 +381,7 @@ class WC_Shipping_Zone extends WC_Legacy_Shipping_Zone { /** * Set locations. * - * @param array $locations Array of locations + * @param array $locations Array of locations. */ public function set_locations( $locations = array() ) { $this->clear_locations(); @@ -383,7 +393,7 @@ class WC_Shipping_Zone extends WC_Legacy_Shipping_Zone { /** * Add a shipping method to this zone. * - * @param string $type shipping method type + * @param string $type shipping method type. * @return int new instance_id, 0 on failure */ public function add_shipping_method( $type ) { @@ -396,7 +406,7 @@ class WC_Shipping_Zone extends WC_Legacy_Shipping_Zone { $allowed_classes = $wc_shipping->get_shipping_method_class_names(); $count = $this->data_store->get_method_count( $this->get_id() ); - if ( in_array( $type, array_keys( $allowed_classes ) ) ) { + if ( in_array( $type, array_keys( $allowed_classes ), true ) ) { $instance_id = $this->data_store->add_method( $this->get_id(), $type, $count + 1 ); } @@ -412,7 +422,7 @@ class WC_Shipping_Zone extends WC_Legacy_Shipping_Zone { /** * Delete a shipping method from a zone. * - * @param int $instance_id + * @param int $instance_id Shipping method instance ID. * @return True on success, false on failure */ public function delete_shipping_method( $instance_id ) { diff --git a/includes/shipping/flat-rate/class-wc-shipping-flat-rate.php b/includes/shipping/flat-rate/class-wc-shipping-flat-rate.php index 80a7e941bc1..b283dc7da7f 100644 --- a/includes/shipping/flat-rate/class-wc-shipping-flat-rate.php +++ b/includes/shipping/flat-rate/class-wc-shipping-flat-rate.php @@ -1,32 +1,36 @@ id = 'flat_rate'; - $this->instance_id = absint( $instance_id ); - $this->method_title = __( 'Flat rate', 'woocommerce' ); - $this->method_description = __( 'Lets you charge a fixed rate for shipping.', 'woocommerce' ); - $this->supports = array( + $this->id = 'flat_rate'; + $this->instance_id = absint( $instance_id ); + $this->method_title = __( 'Flat rate', 'woocommerce' ); + $this->method_description = __( 'Lets you charge a fixed rate for shipping.', 'woocommerce' ); + $this->supports = array( 'shipping-zones', 'instance-settings', 'instance-settings-modal', @@ -37,10 +41,10 @@ class WC_Shipping_Flat_Rate extends WC_Shipping_Method { } /** - * init user set variables. + * Init user set variables. */ public function init() { - $this->instance_form_fields = include( 'includes/settings-flat-rate.php' ); + $this->instance_form_fields = include 'includes/settings-flat-rate.php'; $this->title = $this->get_option( 'title' ); $this->tax_status = $this->get_option( 'tax_status' ); $this->cost = $this->get_option( 'cost' ); @@ -49,20 +53,21 @@ class WC_Shipping_Flat_Rate extends WC_Shipping_Method { /** * Evaluate a cost from a sum/string. - * @param string $sum - * @param array $args + * + * @param string $sum Sum of shipping. + * @param array $args Args. * @return string */ protected function evaluate_cost( $sum, $args = array() ) { - include_once( WC()->plugin_path() . '/includes/libraries/class-wc-eval-math.php' ); + include_once WC()->plugin_path() . '/includes/libraries/class-wc-eval-math.php'; - // Allow 3rd parties to process shipping cost arguments + // Allow 3rd parties to process shipping cost arguments. $args = apply_filters( 'woocommerce_evaluate_shipping_cost_args', $args, $sum, $this ); $locale = localeconv(); $decimals = array( wc_get_price_decimal_separator(), $locale['decimal_point'], $locale['mon_decimal_point'], ',' ); $this->fee_cost = $args['cost']; - // Expand shortcodes + // Expand shortcodes. add_shortcode( 'fee', array( $this, 'fee' ) ); $sum = do_shortcode( str_replace( @@ -79,22 +84,23 @@ class WC_Shipping_Flat_Rate extends WC_Shipping_Method { remove_shortcode( 'fee', array( $this, 'fee' ) ); - // Remove whitespace from string + // Remove whitespace from string. $sum = preg_replace( '/\s+/', '', $sum ); - // Remove locale from string + // Remove locale from string. $sum = str_replace( $decimals, '.', $sum ); - // Trim invalid start/end characters + // Trim invalid start/end characters. $sum = rtrim( ltrim( $sum, "\t\n\r\0\x0B+*/" ), "\t\n\r\0\x0B+-*/" ); - // Do the math + // Do the math. return $sum ? WC_Eval_Math::evaluate( $sum ) : 0; } /** * Work out fee (shortcode). - * @param array $atts + * + * @param array $atts Attributes. * @return string */ public function fee( $atts ) { @@ -122,9 +128,9 @@ class WC_Shipping_Flat_Rate extends WC_Shipping_Method { } /** - * calculate_shipping function. + * Calculate the shipping costs. * - * @param array $package (default: array()) + * @param array $package Package of items from cart. */ public function calculate_shipping( $package = array() ) { $rate = array( @@ -134,7 +140,7 @@ class WC_Shipping_Flat_Rate extends WC_Shipping_Method { 'package' => $package, ); - // Calculate the costs + // Calculate the costs. $has_costs = false; // True when a cost is set. False if all costs are blank strings. $cost = $this->get_option( 'cost' ); @@ -154,7 +160,7 @@ class WC_Shipping_Flat_Rate extends WC_Shipping_Method { $highest_class_cost = 0; foreach ( $found_shipping_classes as $shipping_class => $products ) { - // Also handles BW compatibility when slugs were used instead of ids + // Also handles BW compatibility when slugs were used instead of ids. $shipping_class_term = get_term_by( 'slug', $shipping_class, 'product_shipping_class' ); $class_cost_string = $shipping_class_term && $shipping_class_term->term_id ? $this->get_option( 'class_cost_' . $shipping_class_term->term_id, $this->get_option( 'class_cost_' . $shipping_class, '' ) ) : $this->get_option( 'no_class_cost', '' ); @@ -180,7 +186,6 @@ class WC_Shipping_Flat_Rate extends WC_Shipping_Method { } } - // Add the rate if ( $has_costs ) { $this->add_rate( $rate ); } @@ -190,27 +195,14 @@ class WC_Shipping_Flat_Rate extends WC_Shipping_Method { * * Previously there were (overly complex) options to add additional rates however this was not user. * friendly and goes against what Flat Rate Shipping was originally intended for. - * - * This example shows how you can add an extra rate based on this flat rate via custom function: - * - * add_action( 'woocommerce_flat_rate_shipping_add_rate', 'add_another_custom_flat_rate', 10, 2 ); - * - * function add_another_custom_flat_rate( $method, $rate ) { - * $new_rate = $rate; - * $new_rate['id'] .= ':' . 'custom_rate_name'; // Append a custom ID. - * $new_rate['label'] = 'Rushed Shipping'; // Rename to 'Rushed Shipping'. - * $new_rate['cost'] += 2; // Add $2 to the cost. - * - * // Add it to WC. - * $method->add_rate( $new_rate ); - * }. */ do_action( 'woocommerce_' . $this->id . '_shipping_add_rate', $this, $rate ); } /** * Get items in package. - * @param array $package + * + * @param array $package Package of items from cart. * @return int */ public function get_package_item_qty( $package ) { @@ -225,7 +217,8 @@ class WC_Shipping_Flat_Rate extends WC_Shipping_Method { /** * Finds and returns shipping classes and the products with said class. - * @param mixed $package + * + * @param mixed $package Package of items from cart. * @return array */ public function find_shipping_classes( $package ) { @@ -245,4 +238,18 @@ class WC_Shipping_Flat_Rate extends WC_Shipping_Method { return $found_shipping_classes; } + + /** + * Sanitize the cost field. + * + * @since 3.4.0 + * @param string $value Unsanitized value. + * @return string + */ + public function sanitize_cost( $value ) { + $value = is_null( $value ) ? '' : $value; + $value = wp_kses_post( trim( wp_unslash( $value ) ) ); + $value = str_replace( array( get_woocommerce_currency_symbol(), html_entity_decode( get_woocommerce_currency_symbol() ) ), '', $value ); + return $value; + } } diff --git a/includes/shipping/flat-rate/includes/settings-flat-rate.php b/includes/shipping/flat-rate/includes/settings-flat-rate.php index 68a8bbd1a7f..8e53c331f53 100644 --- a/includes/shipping/flat-rate/includes/settings-flat-rate.php +++ b/includes/shipping/flat-rate/includes/settings-flat-rate.php @@ -1,39 +1,40 @@ 10.00 * [qty].', 'woocommerce' ) . '

' . __( 'Use [qty] for the number of items,
[cost] for the total cost of items, and [fee percent="10" min_fee="20" max_fee=""] for percentage based fees.', 'woocommerce' ); -/** - * Settings for flat rate shipping. - */ $settings = array( - 'title' => array( - 'title' => __( 'Method title', 'woocommerce' ), - 'type' => 'text', - 'description' => __( 'This controls the title which the user sees during checkout.', 'woocommerce' ), - 'default' => __( 'Flat rate', 'woocommerce' ), - 'desc_tip' => true, + 'title' => array( + 'title' => __( 'Method title', 'woocommerce' ), + 'type' => 'text', + 'description' => __( 'This controls the title which the user sees during checkout.', 'woocommerce' ), + 'default' => __( 'Flat rate', 'woocommerce' ), + 'desc_tip' => true, ), 'tax_status' => array( - 'title' => __( 'Tax status', 'woocommerce' ), - 'type' => 'select', - 'class' => 'wc-enhanced-select', - 'default' => 'taxable', - 'options' => array( - 'taxable' => __( 'Taxable', 'woocommerce' ), - 'none' => _x( 'None', 'Tax status', 'woocommerce' ), + 'title' => __( 'Tax status', 'woocommerce' ), + 'type' => 'select', + 'class' => 'wc-enhanced-select', + 'default' => 'taxable', + 'options' => array( + 'taxable' => __( 'Taxable', 'woocommerce' ), + 'none' => _x( 'None', 'Tax status', 'woocommerce' ), ), ), - 'cost' => array( - 'title' => __( 'Cost', 'woocommerce' ), - 'type' => 'text', - 'placeholder' => '', - 'description' => $cost_desc, - 'default' => '0', - 'desc_tip' => true, + 'cost' => array( + 'title' => __( 'Cost', 'woocommerce' ), + 'type' => 'text', + 'placeholder' => '', + 'description' => $cost_desc, + 'default' => '0', + 'desc_tip' => true, + 'sanitize_callback' => array( $this, 'sanitize_cost' ), ), ); @@ -41,10 +42,11 @@ $shipping_classes = WC()->shipping->get_shipping_classes(); if ( ! empty( $shipping_classes ) ) { $settings['class_costs'] = array( - 'title' => __( 'Shipping class costs', 'woocommerce' ), - 'type' => 'title', - 'default' => '', - 'description' => sprintf( __( 'These costs can optionally be added based on the product shipping class.', 'woocommerce' ), admin_url( 'admin.php?page=wc-settings&tab=shipping§ion=classes' ) ), + 'title' => __( 'Shipping class costs', 'woocommerce' ), + 'type' => 'title', + 'default' => '', + /* translators: %s: URL for link. */ + 'description' => sprintf( __( 'These costs can optionally be added based on the product shipping class.', 'woocommerce' ), admin_url( 'admin.php?page=wc-settings&tab=shipping§ion=classes' ) ), ); foreach ( $shipping_classes as $shipping_class ) { if ( ! isset( $shipping_class->term_id ) ) { @@ -52,30 +54,34 @@ if ( ! empty( $shipping_classes ) ) { } $settings[ 'class_cost_' . $shipping_class->term_id ] = array( /* translators: %s: shipping class name */ - 'title' => sprintf( __( '"%s" shipping class cost', 'woocommerce' ), esc_html( $shipping_class->name ) ), - 'type' => 'text', - 'placeholder' => __( 'N/A', 'woocommerce' ), - 'description' => $cost_desc, - 'default' => $this->get_option( 'class_cost_' . $shipping_class->slug ), // Before 2.5.0, we used slug here which caused issues with long setting names - 'desc_tip' => true, + 'title' => sprintf( __( '"%s" shipping class cost', 'woocommerce' ), esc_html( $shipping_class->name ) ), + 'type' => 'text', + 'placeholder' => __( 'N/A', 'woocommerce' ), + 'description' => $cost_desc, + 'default' => $this->get_option( 'class_cost_' . $shipping_class->slug ), // Before 2.5.0, we used slug here which caused issues with long setting names. + 'desc_tip' => true, + 'sanitize_callback' => array( $this, 'sanitize_cost' ), ); } + $settings['no_class_cost'] = array( - 'title' => __( 'No shipping class cost', 'woocommerce' ), - 'type' => 'text', - 'placeholder' => __( 'N/A', 'woocommerce' ), - 'description' => $cost_desc, - 'default' => '', - 'desc_tip' => true, + 'title' => __( 'No shipping class cost', 'woocommerce' ), + 'type' => 'text', + 'placeholder' => __( 'N/A', 'woocommerce' ), + 'description' => $cost_desc, + 'default' => '', + 'desc_tip' => true, + 'sanitize_callback' => array( $this, 'sanitize_cost' ), ); + $settings['type'] = array( - 'title' => __( 'Calculation type', 'woocommerce' ), - 'type' => 'select', - 'class' => 'wc-enhanced-select', - 'default' => 'class', - 'options' => array( - 'class' => __( 'Per class: Charge shipping for each shipping class individually', 'woocommerce' ), - 'order' => __( 'Per order: Charge shipping for the most expensive shipping class', 'woocommerce' ), + 'title' => __( 'Calculation type', 'woocommerce' ), + 'type' => 'select', + 'class' => 'wc-enhanced-select', + 'default' => 'class', + 'options' => array( + 'class' => __( 'Per class: Charge shipping for each shipping class individually', 'woocommerce' ), + 'order' => __( 'Per order: Charge shipping for the most expensive shipping class', 'woocommerce' ), ), ); }