Steve-Dee-Designs
/
woocommerce
mirror of https://github.com/woocommerce/woocommerce.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #19330 from woocommerce/update/gdpr-actions 

GDPR - Personal data export and removal
This commit is contained in:
Claudiu Lodromanean 2018-04-17 13:29:35 -07:00 committed by GitHub
parent 718c91f920 f9e45bea91
commit 5c8adcd0d8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
10 changed files with 848 additions and 73 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

88
includes/admin/list-tables/class-wc-admin-list-table-orders.php
View File

@ -135,9 +135,10 @@ class WC_Admin_List_Table_Orders extends WC_Admin_List_Table {
unset( $actions['edit'] );
}
$actions['mark_processing'] = __( 'Change status to processing', 'woocommerce' );
$actions['mark_on-hold'] = __( 'Change status to on-hold', 'woocommerce' );
$actions['mark_completed'] = __( 'Change status to completed', 'woocommerce' );
$actions['mark_processing'] = __( 'Change status to processing', 'woocommerce' );
$actions['mark_on-hold'] = __( 'Change status to on-hold', 'woocommerce' );
$actions['mark_completed'] = __( 'Change status to completed', 'woocommerce' );
$actions['remove_personal_data'] = __( 'Remove personal data', 'woocommerce' );
return $actions;
}
@ -622,39 +623,46 @@ class WC_Admin_List_Table_Orders extends WC_Admin_List_Table {
* @return string
*/
public function handle_bulk_actions( $redirect_to, $action, $ids ) {
// Bail out if this is not a status-changing action.
if ( false === strpos( $action, 'mark_' ) ) {
return $redirect_to;
}
$order_statuses = wc_get_order_statuses();
$new_status = substr( $action, 5 ); // Get the status name from action.
$report_action = 'marked_' . $new_status;
// Sanity check: bail out if this is actually not a status, or is
// not a registered status.
if ( ! isset( $order_statuses[ 'wc-' . $new_status ] ) ) {
return $redirect_to;
}
$changed = 0;
$ids = array_map( 'absint', $ids );
$changed = 0;
foreach ( $ids as $id ) {
$order = wc_get_order( $id );
$order->update_status( $new_status, __( 'Order status changed by bulk edit:', 'woocommerce' ), true );
do_action( 'woocommerce_order_edit_status', $id, $new_status );
$changed++;
if ( 'remove_personal_data' === $action ) {
$report_action = 'removed_personal_data';
foreach ( $ids as $id ) {
$order = wc_get_order( $id );
if ( $order ) {
do_action( 'woocommerce_remove_order_personal_data', $order );
$changed++;
}
}
} elseif ( false !== strpos( $action, 'mark_' ) ) {
$order_statuses = wc_get_order_statuses();
$new_status = substr( $action, 5 ); // Get the status name from action.
$report_action = 'marked_' . $new_status;
// Sanity check: bail out if this is actually not a status, or is not a registered status.
if ( isset( $order_statuses[ 'wc-' . $new_status ] ) ) {
foreach ( $ids as $id ) {
$order = wc_get_order( $id );
$order->update_status( $new_status, __( 'Order status changed by bulk edit:', 'woocommerce' ), true );
do_action( 'woocommerce_order_edit_status', $id, $new_status );
$changed++;
}
}
}
$redirect_to = add_query_arg(
array(
'post_type' => $this->list_table_type,
$report_action => true,
'changed' => $changed,
'ids' => join( ',', $ids ),
), $redirect_to
);
if ( $changed ) {
$redirect_to = add_query_arg(
array(
'post_type' => $this->list_table_type,
'bulk_action' => $report_action,
'changed' => $changed,
'ids' => join( ',', $ids ),
), $redirect_to
);
}
return esc_url_raw( $redirect_to );
}
@ -666,23 +674,29 @@ class WC_Admin_List_Table_Orders extends WC_Admin_List_Table {
global $post_type, $pagenow;
// Bail out if not on shop order list page.
if ( 'edit.php' !== $pagenow || 'shop_order' !== $post_type ) {
if ( 'edit.php' !== $pagenow || 'shop_order' !== $post_type || ! isset( $_REQUEST['bulk_action'] ) ) { // WPCS: input var ok, CSRF ok.
return;
}
$order_statuses = wc_get_order_statuses();
$number = isset( $_REQUEST['changed'] ) ? absint( $_REQUEST['changed'] ) : 0; // WPCS: input var ok, CSRF ok.
$bulk_action = wc_clean( wp_unslash( $_REQUEST['bulk_action'] ) ); // WPCS: input var ok, CSRF ok.
// Check if any status changes happened.
foreach ( $order_statuses as $slug => $name ) {
if ( isset( $_REQUEST[ 'marked_' . str_replace( 'wc-', '', $slug ) ] ) ) { // WPCS: input var ok.
$number = isset( $_REQUEST['changed'] ) ? absint( $_REQUEST['changed'] ) : 0; // WPCS: input var ok.
/* translators: %s: orders count */
if ( 'marked_' . str_replace( 'wc-', '', $slug ) === $bulk_action ) { // WPCS: input var ok, CSRF ok.
/* translators: %d: orders count */
$message = sprintf( _n( '%d order status changed.', '%d order statuses changed.', $number, 'woocommerce' ), number_format_i18n( $number ) );
echo '<div class="updated"><p>' . esc_html( $message ) . '</p></div>';
break;
}
}
if ( 'removed_personal_data' === $bulk_action ) { // WPCS: input var ok, CSRF ok.
/* translators: %d: orders count */
$message = sprintf( _n( 'Removed personal data from %d order.', 'Removed personal data from %d orders.', $number, 'woocommerce' ), number_format_i18n( $number ) );
echo '<div class="updated"><p>' . esc_html( $message ) . '</p></div>';
}
}
/**

8
includes/admin/meta-boxes/class-wc-meta-box-order-data.php
View File

@ -344,7 +344,9 @@ class WC_Meta_Box_Order_Data {
$field_value = make_clickable( esc_html( $field_value ) );
}
echo '<p><strong>' . esc_html( $field['label'] ) . ':</strong> ' . wp_kses_post( $field_value ) . '</p>';
if ( $field_value ) {
echo '<p><strong>' . esc_html( $field['label'] ) . ':</strong> ' . wp_kses_post( $field_value ) . '</p>';
}
}
?>
</div>
@ -450,7 +452,9 @@ class WC_Meta_Box_Order_Data {
$field_value = $order->get_meta( '_' . $field_name );
}
echo '<p><strong>' . esc_html( $field['label'] ) . ':</strong> ' . make_clickable( esc_html( $field_value ) ) . '</p>';
if ( $field_value ) {
echo '<p><strong>' . esc_html( $field['label'] ) . ':</strong> ' . wp_kses_post( $field_value ) . '</p>';
}
}
}

3
includes/class-wc-install.php
View File

@ -527,6 +527,9 @@ class WC_Install {
// used by WC_Comments::wp_count_comments() to get the number of comments by type.
$wpdb->query( "ALTER TABLE {$wpdb->comments} ADD INDEX woo_idx_comment_type (comment_type)" );
}
// Add constraint to download logs.
$wpdb->query( "ALTER TABLE {$wpdb->prefix}wc_download_log ADD FOREIGN KEY (permission_id) REFERENCES {$wpdb->prefix}woocommerce_downloadable_product_permissions(permission_id) ON DELETE CASCADE" );
}
/**

519
includes/class-wc-privacy.php Normal file
View File

@ -0,0 +1,519 @@
<?php
/**
* Privacy/GDPR related functionality which ties into WordPress functionality.
*
* @since 3.4.0
* @package WooCommerce\Classes
*/
defined( 'ABSPATH' ) || exit;
/**
* WC_Privacy Class.
*/
class WC_Privacy {
/**
* Init - hook into events.
*/
public static function init() {
// We need to ensure we're using a version of WP with GDPR support.
if ( ! function_exists( 'wp_privacy_anonymize_data' ) ) {
return;
}
// This hook registers WooCommerce data exporters.
add_filter( 'wp_privacy_personal_data_exporters', array( __CLASS__, 'register_data_exporters' ), 10 );
// When this is fired, data is removed in a given order. Called from bulk actions.
add_action( 'woocommerce_remove_order_personal_data', array( __CLASS__, 'remove_order_personal_data' ) );
// Handles custom anonomization types not included in core.
add_filter( 'wp_privacy_anonymize_data', array( __CLASS__, 'anonymize_custom_data_types' ), 10, 3 );
}
/**
* Registers the personal data exporter for comments.
*
* @since 3.4.0
* @param array $exporters An array of personal data exporters.
* @return array An array of personal data exporters.
*/
public static function register_data_exporters( $exporters ) {
$exporters[] = array(
'exporter_friendly_name' => __( 'WooCommerce Customer Data', 'woocommerce' ),
'callback' => array( __CLASS__, 'customer_data_exporter' ),
);
$exporters[] = array(
'exporter_friendly_name' => __( 'WooCommerce Order Data', 'woocommerce' ),
'callback' => array( __CLASS__, 'order_data_exporter' ),
);
$exporters[] = array(
'exporter_friendly_name' => __( 'WooCommerce Downloads', 'woocommerce' ),
'callback' => array( __CLASS__, 'download_data_exporter' ),
);
return $exporters;
}
/**
* Finds and exports customer data by email address.
*
* @since 3.4.0
* @param string $email_address The user email address.
* @param int $page Page.
* @return array An array of personal data in name value pairs
*/
public static function customer_data_exporter( $email_address, $page ) {
$user = get_user_by( 'email', $email_address ); // Check if user has an ID in the DB to load stored personal data.
$data_to_export = array();
if ( $user instanceof WP_User ) {
$data_to_export[] = array(
'group_id' => 'woocommerce_customer',
'group_label' => __( 'Customer Data', 'woocommerce' ),
'item_id' => 'user',
'data' => self::get_user_personal_data( $user ),
);
}
return array(
'data' => $data_to_export,
'done' => true,
);
}
/**
* Finds and exports data which could be used to identify a person from WooCommerce data assocated with an email address.
*
* Orders are exported in blocks of 10 to avoid timeouts.
*
* @since 3.4.0
* @param string $email_address The user email address.
* @param int $page Page.
* @return array An array of personal data in name value pairs
*/
public static function order_data_exporter( $email_address, $page ) {
$done = false;
$page = (int) $page;
$user = get_user_by( 'email', $email_address ); // Check if user has an ID in the DB to load stored personal data.
$data_to_export = array();
$order_query = array(
'limit' => 10,
'page' => $page,
);
if ( $user instanceof WP_User ) {
$order_query['customer_id'] = (int) $user->ID;
} else {
$order_query['billing_email'] = $email_address;
}
$orders = wc_get_orders( $order_query );
if ( 0 < count( $orders ) ) {
foreach ( $orders as $order ) {
$data_to_export[] = array(
'group_id' => 'woocommerce_orders',
'group_label' => __( 'Orders', 'woocommerce' ),
'item_id' => 'order-' . $order->get_id(),
'data' => self::get_order_personal_data( $order ),
);
}
$done = 10 > count( $orders );
} else {
$done = true;
}
return array(
'data' => $data_to_export,
'done' => $done,
);
}
/**
* Finds and exports customer download logs by email address.
*
* @since 3.4.0
* @param string $email_address The user email address.
* @param int $page Page.
* @return array An array of personal data in name value pairs
*/
public static function download_data_exporter( $email_address, $page ) {
$done = false;
$page = (int) $page;
$user = get_user_by( 'email', $email_address ); // Check if user has an ID in the DB to load stored personal data.
$data_to_export = array();
$downloads_query = array(
'limit' => 10,
'page' => $page,
);
if ( $user instanceof WP_User ) {
$downloads_query['user_id'] = (int) $user->ID;
} else {
$downloads_query['user_email'] = $email_address;
}
$customer_download_data_store = WC_Data_Store::load( 'customer-download' );
$customer_download_log_data_store = WC_Data_Store::load( 'customer-download-log' );
$downloads = $customer_download_data_store->get_downloads( $downloads_query );
if ( 0 < count( $downloads ) ) {
foreach ( $downloads as $download ) {
$data_to_export[] = array(
'group_id' => 'woocommerce_downloads',
'group_label' => __( 'Order Downloads', 'woocommerce' ),
'item_id' => 'download-' . $download->get_id(),
'data' => array(
array(
'name' => __( 'Download ID', 'woocommerce' ),
'value' => $download->get_id(),
),
array(
'name' => __( 'Order ID', 'woocommerce' ),
'value' => $download->get_order_id(),
),
array(
'name' => __( 'Product', 'woocommerce' ),
'value' => get_the_title( $download->get_product_id() ),
),
array(
'name' => __( 'User email', 'woocommerce' ),
'value' => $download->get_user_email(),
),
array(
'name' => __( 'Downloads remaining', 'woocommerce' ),
'value' => $download->get_downloads_remaining(),
),
array(
'name' => __( 'Download count', 'woocommerce' ),
'value' => $download->get_download_count(),
),
array(
'name' => __( 'Access granted', 'woocommerce' ),
'value' => date( 'Y-m-d', $download->get_access_granted( 'edit' )->getTimestamp() ),
),
array(
'name' => __( 'Access expires', 'woocommerce' ),
'value' => ! is_null( $download->get_access_expires( 'edit' ) ) ? date( 'Y-m-d', $download->get_access_expires( 'edit' )->getTimestamp() ) : null,
),
),
);
$download_logs = $customer_download_log_data_store->get_download_logs_for_permission( $download->get_id() );
foreach ( $download_logs as $download_log ) {
$data_to_export[] = array(
'group_id' => 'woocommerce_download_logs',
'group_label' => __( 'Download Logs', 'woocommerce' ),
'item_id' => 'download-log-' . $download_log->get_id(),
'data' => array(
array(
'name' => __( 'Download ID', 'woocommerce' ),
'value' => $download_log->get_permission_id(),
),
array(
'name' => __( 'Timestamp', 'woocommerce' ),
'value' => $download_log->get_timestamp(),
),
array(
'name' => __( 'IP Address', 'woocommerce' ),
'value' => $download_log->get_user_ip_address(),
),
),
);
}
}
$done = 10 > count( $downloads );
} else {
$done = true;
}
return array(
'data' => $data_to_export,
'done' => $done,
);
}
/**
* Get personal data (key/value pairs) for a user object.
*
* @since 3.4.0
* @param WP_User $user user object.
* @return array
*/
protected static function get_user_personal_data( $user ) {
$personal_data = array();
$customer = new WC_Customer( $user->ID );
$props_to_export = array(
'billing_first_name' => __( 'Billing First Name', 'woocommerce' ),
'billing_last_name' => __( 'Billing Last Name', 'woocommerce' ),
'billing_company' => __( 'Billing Company', 'woocommerce' ),
'billing_address_1' => __( 'Billing Address 1', 'woocommerce' ),
'billing_address_2' => __( 'Billing Address 2', 'woocommerce' ),
'billing_city' => __( 'Billing City', 'woocommerce' ),
'billing_postcode' => __( 'Billing Postal/Zip Code', 'woocommerce' ),
'billing_state' => __( 'Billing State', 'woocommerce' ),
'billing_country' => __( 'Billing Country', 'woocommerce' ),
'billing_phone' => __( 'Phone Number', 'woocommerce' ),
'billing_email' => __( 'Email Address', 'woocommerce' ),
'shipping_first_name' => __( 'Shipping First Name', 'woocommerce' ),
'shipping_last_name' => __( 'Shipping Last Name', 'woocommerce' ),
'shipping_company' => __( 'Shipping Company', 'woocommerce' ),
'shipping_address_1' => __( 'Shipping Address 1', 'woocommerce' ),
'shipping_address_2' => __( 'Shipping Address 2', 'woocommerce' ),
'shipping_city' => __( 'Shipping City', 'woocommerce' ),
'shipping_postcode' => __( 'Shipping Postal/Zip Code', 'woocommerce' ),
'shipping_state' => __( 'Shipping State', 'woocommerce' ),
'shipping_country' => __( 'Shipping Country', 'woocommerce' ),
);
foreach ( $props_to_export as $prop => $description ) {
$value = $customer->{"get_$prop"}( 'edit' );
if ( $value ) {
$personal_data[] = array(
'name' => $description,
'value' => $value,
);
}
}
/**
* Allow extensions to register their own personal data for this customer for the export.
*
* @since 3.4.0
* @param array $personal_data Array of name value pairs.
* @param WC_Order $order A customer object.
*/
$personal_data = apply_filters( 'woocommerce_privacy_export_personal_data_customer', $personal_data, $customer );
return $personal_data;
}
/**
* Get personal data (key/value pairs) for an order object.
*
* @since 3.4.0
* @param WC_Order $order Order object.
* @return array
*/
protected static function get_order_personal_data( $order ) {
$personal_data = array();
$props_to_export = array(
'order_number' => __( 'Order Number', 'woocommerce' ),
'date_created' => __( 'Order Date', 'woocommerce' ),
'total' => __( 'Order Total', 'woocommerce' ),
'items' => __( 'Items Purchased', 'woocommerce' ),
'customer_ip_address' => __( 'IP Address', 'woocommerce' ),
'customer_user_agent' => __( 'Browser User Agent', 'woocommerce' ),
'formatted_billing_address' => __( 'Billing Address', 'woocommerce' ),
'formatted_shipping_address' => __( 'Shipping Address', 'woocommerce' ),
'billing_phone' => __( 'Phone Number', 'woocommerce' ),
'billing_email' => __( 'Email Address', 'woocommerce' ),
);
foreach ( $props_to_export as $prop => $name ) {
switch ( $prop ) {
case 'items':
$item_names = array();
foreach ( $order->get_items() as $item ) {
$item_names[] = $item->get_name() . ' x ' . $item->get_quantity();
}
$value = implode( ', ', $item_names );
break;
case 'date_created':
$value = wc_format_datetime( $order->get_date_created(), get_option( 'date_format' ) . ', ' . get_option( 'time_format' ) );
break;
case 'formatted_billing_address':
case 'formatted_shipping_address':
$value = preg_replace( '#<br\s*/?>#i', ', ', $order->{"get_$prop"}() );
break;
default:
$value = $order->{"get_$prop"}();
break;
}
if ( $value ) {
$personal_data[] = array(
'name' => $name,
'value' => $value,
);
}
}
/**
* Allow extensions to register their own personal data for this order for the export.
*
* @since 3.4.0
* @param array $personal_data Array of name value pairs to expose in the export.
* @param WC_Order $order An order object.
*/
$personal_data = apply_filters( 'woocommerce_privacy_export_personal_data_order', $personal_data, $order );
return $personal_data;
}
/**
* Anonymize/remove personal data for a given EMAIL ADDRESS. This user may not have an account.
*
* Note; this is separate to account deletion. WooCommerce handles account deletion/cleanup elsewhere.
* This logic is simply to clean up data for guest users.
*
* @todo Add option to determine if order data should be left alone when removing personal data for a user.
* @todo Hook into core UI.
*
* @param string $email_address Customer email address.
*/
public static function remove_personal_data( $email_address ) {
$user = get_user_by( 'email', $email_address ); // Check if user has an ID in the DB.
$has_account = $user instanceof WP_User;
/**
* Allow 3rd parties to modify this behavior. If true, orders belonging to this user will be anonyimized.
*
* @since 3.4.0
*/
if ( apply_filters( 'woocommerce_privacy_remove_personal_data_includes_orders', true, $email_address ) ) {
$order_query = array(
'limit' => -1,
);
if ( $user instanceof WP_User ) {
$order_query['customer_id'] = (int) $user->ID;
} else {
$order_query['billing_email'] = $email_address;
}
$orders = wc_get_orders( $order_query );
if ( 0 < count( $orders ) ) {
foreach ( $orders as $order ) {
self::remove_order_personal_data( $order );
}
}
}
// Revoke download permissions.
$data_store = WC_Data_Store::load( 'customer-download' );
if ( $user instanceof WP_User ) {
$data_store->delete_by_user_id( (int) $user->ID );
} else {
$data_store->delete_by_user_email( $email_address );
}
/**
* Allow extensions to remove their own personal data for this customer.
*
* @since 3.4.0
* @param string $email_address Customer email address.
*/
do_action( 'woocommerce_privacy_remove_personal_data', $email_address );
}
/**
* Remove personal data specific to WooCommerce from an order object.
*
* Note; this will hinder order processing for obvious reasons!
*
* @param WC_Order $order Order object.
*/
public static function remove_order_personal_data( $order ) {
$anonymized_data = array();
/**
* Expose props and data types we'll be anonymizing.
*
* @since 3.4.0
* @param array $props Keys are the prop names, values are the data type we'll be passing to wp_privacy_anonymize_data().
* @param WC_Order $order A customer object.
*/
$props_to_remove = apply_filters( 'woocommerce_privacy_remove_order_personal_data_props', array(
'customer_ip_address' => 'ip',
'customer_user_agent' => 'text',
'billing_first_name' => 'text',
'billing_last_name' => 'text',
'billing_company' => 'text',
'billing_address_1' => 'text',
'billing_address_2' => 'text',
'billing_city' => 'text',
'billing_postcode' => 'text',
'billing_state' => 'address_state',
'billing_country' => 'address_country',
'billing_phone' => 'phone',
'billing_email' => 'email',
'shipping_first_name' => 'text',
'shipping_last_name' => 'text',
'shipping_company' => 'text',
'shipping_address_1' => 'text',
'shipping_address_2' => 'text',
'shipping_city' => 'text',
'shipping_postcode' => 'text',
'shipping_state' => 'address_state',
'shipping_country' => 'address_country',
), $order );
if ( ! empty( $props_to_remove ) && is_array( $props_to_remove ) ) {
foreach ( $props_to_remove as $prop => $data_type ) {
// Get the current value in edit context.
$value = $order->{"get_$prop"}( 'edit' );
// If the value is empty, it does not need to be anonymized.
if ( empty( $value ) || empty( $data_type ) ) {
continue;
}
/**
* Expose a way to control the anonymized value of a prop via 3rd party code.
*
* @since 3.4.0
* @param bool $anonymized_data Value of this prop after anonymization.
* @param string $prop Name of the prop being removed.
* @param string $value Current value of the data.
* @param string $data_type Type of data.
* @param WC_Order $order An order object.
*/
$anonymized_data[ $prop ] = apply_filters( 'woocommerce_privacy_remove_order_personal_data_prop_value', wp_privacy_anonymize_data( $data_type, $value ), $prop, $value, $data_type, $order );
}
}
// Set all new props and persist the new data to the database.
$order->set_props( $anonymized_data );
$order->save();
/**
* Allow extensions to remove their own personal data for this order.
*
* @since 3.4.0
* @param WC_Order $order A customer object.
*/
do_action( 'woocommerce_privacy_remove_order_personal_data', $order );
// Add note that this event occured.
$order->add_order_note( __( 'Personal data removed.', 'woocommerce' ) );
}
/**
* Handle some custom types of data and anonymize them.
*
* @param string $anonymous Anonymized string.
* @param string $type Type of data.
* @param string $data The data being anonymized.
* @return string Anonymized string.
*/
public static function anonymize_custom_data_types( $anonymous, $type, $data ) {
switch ( $type ) {
case 'address_state':
case 'address_country':
$anonymous = ''; // Empty string - we don't want to store anything after removal.
break;
case 'phone':
$anonymous = preg_replace( '/\d/u', '0', $data );
break;
}
return $anonymous;
}
}
WC_Privacy::init();

1
includes/class-woocommerce.php
View File

@ -326,6 +326,7 @@ final class WooCommerce {
include_once WC_ABSPATH . 'includes/class-wc-cart-totals.php';
include_once WC_ABSPATH . 'includes/customizer/class-wc-shop-customizer.php';
include_once WC_ABSPATH . 'includes/class-wc-regenerate-images.php';
include_once WC_ABSPATH . 'includes/class-wc-privacy.php';
/**
* Data stores - used to store and retrieve CRUD object data from the database.

42
includes/data-stores/class-wc-customer-download-data-store.php
View File

@ -225,6 +225,40 @@ class WC_Customer_Download_Data_Store implements WC_Customer_Download_Data_Store
);
}
/**
* Method to delete a download permission from the database by user ID.
*
* @since 3.4.0
* @param int $id user ID of the downloads that will be deleted.
*/
public function delete_by_user_id( $id ) {
global $wpdb;
$wpdb->query(
$wpdb->prepare(
"DELETE FROM {$wpdb->prefix}woocommerce_downloadable_product_permissions
WHERE user_id = %d",
$id
)
);
}
/**
* Method to delete a download permission from the database by user email.
*
* @since 3.4.0
* @param string $email email of the downloads that will be deleted.
*/
public function delete_by_user_email( $email ) {
global $wpdb;
$wpdb->query(
$wpdb->prepare(
"DELETE FROM {$wpdb->prefix}woocommerce_downloadable_product_permissions
WHERE user_email = %s",
$email
)
);
}
/**
* Get a download object.
*
@ -247,6 +281,7 @@ class WC_Customer_Download_Data_Store implements WC_Customer_Download_Data_Store
$args = wp_parse_args(
$args, array(
'user_email' => '',
'user_id' => '',
'order_id' => '',
'order_key' => '',
'product_id' => '',
@ -254,6 +289,7 @@ class WC_Customer_Download_Data_Store implements WC_Customer_Download_Data_Store
'orderby' => 'permission_id',
'order' => 'ASC',
'limit' => -1,
'page' => 1,
'return' => 'objects',
)
);
@ -278,6 +314,10 @@ class WC_Customer_Download_Data_Store implements WC_Customer_Download_Data_Store
$query[] = $wpdb->prepare( 'AND user_email = %s', sanitize_email( $args['user_email'] ) );
}
if ( $args['user_id'] ) {
$query[] = $wpdb->prepare( 'AND user_id = %d', absint( $args['user_id'] ) );
}
if ( $args['order_id'] ) {
$query[] = $wpdb->prepare( 'AND order_id = %d', $args['order_id'] );
}
@ -300,7 +340,7 @@ class WC_Customer_Download_Data_Store implements WC_Customer_Download_Data_Store
$query[] = "ORDER BY {$orderby_sql}";
if ( 0 < $args['limit'] ) {
$query[] = $wpdb->prepare( 'LIMIT %d', $args['limit'] );
$query[] = $wpdb->prepare( 'LIMIT %d, %d', absint( $args['limit'] ) * absint( $args['page'] - 1 ), absint( $args['limit'] ) );
}
// phpcs:ignore WordPress.WP.PreparedSQL.NotPrepared

68
includes/data-stores/class-wc-customer-download-log-data-store.php
View File

@ -2,17 +2,14 @@
/**
* Class WC_Customer_Download_Log_Data_Store file.
*
* @package WooCommerce\DataStores
* @version 3.3.0
* @package WooCommerce\Classes
*/
if ( ! defined( 'ABSPATH' ) ) {
exit;
}
defined( 'ABSPATH' ) || exit;
/**
* WC Customer Download Log Data Store.
*
* @version 3.3.0
* WC_Customer_Download_Log_Data_Store class.
*/
class WC_Customer_Download_Log_Data_Store implements WC_Customer_Download_Log_Data_Store_Interface {
@ -74,9 +71,8 @@ class WC_Customer_Download_Log_Data_Store implements WC_Customer_Download_Log_Da
/**
* Method to read a download log from the database.
*
* @param WC_Customer_Download_Log $download_log Customer download log object.
*
* @throws Exception If invalid download log.
* @param WC_Customer_Download_Log $download_log Download log object.
* @throws Exception Exception when read is not possible.
*/
public function read( &$download_log ) {
global $wpdb;
@ -88,13 +84,11 @@ class WC_Customer_Download_Log_Data_Store implements WC_Customer_Download_Log_Da
throw new Exception( __( 'Invalid download log: no ID.', 'woocommerce' ) );
}
$table = $wpdb->prefix . self::get_table_name();
// Query the DB for the download log.
$raw_download_log = $wpdb->get_row(
$wpdb->prepare(
"SELECT * FROM {$wpdb->prefix}" . self::get_table_name() . ' WHERE download_log_id = %d', // phpcs:ignore WordPress.WP.PreparedSQL.NotPrepared
$download_log->get_id()
)
);
$raw_download_log = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM {$table} WHERE download_log_id = %d", $download_log->get_id() ) ); // WPCS: unprepared SQL ok.
if ( ! $raw_download_log ) {
throw new Exception( __( 'Invalid download log: not found.', 'woocommerce' ) );
}
@ -114,7 +108,7 @@ class WC_Customer_Download_Log_Data_Store implements WC_Customer_Download_Log_Da
/**
* Method to update a download log in the database.
*
* @param WC_Customer_Download_Log $download_log Customer download log object.
* @param WC_Customer_Download_Log $download_log Download log object.
*/
public function update( &$download_log ) {
global $wpdb;
@ -163,20 +157,20 @@ class WC_Customer_Download_Log_Data_Store implements WC_Customer_Download_Log_Da
public function get_download_logs( $args = array() ) {
global $wpdb;
$args = wp_parse_args(
$args, array(
'permission_id' => '',
'user_id' => '',
'user_ip_address' => '',
'orderby' => 'download_log_id',
'order' => 'DESC',
'limit' => -1,
'return' => 'objects',
)
);
$args = wp_parse_args( $args, array(
'permission_id' => '',
'user_id' => '',
'user_ip_address' => '',
'orderby' => 'download_log_id',
'order' => 'DESC',
'limit' => -1,
'page' => 1,
'return' => 'objects',
) );
$query = array();
$query[] = "SELECT * FROM {$wpdb->prefix}" . self::get_table_name() . ' WHERE 1=1';
$table = $wpdb->prefix . self::get_table_name();
$query[] = "SELECT * FROM {$table} WHERE 1=1";
if ( $args['permission_id'] ) {
$query[] = $wpdb->prepare( 'AND permission_id = %d', $args['permission_id'] );
@ -197,10 +191,10 @@ class WC_Customer_Download_Log_Data_Store implements WC_Customer_Download_Log_Da
$query[] = "ORDER BY {$orderby_sql}";
if ( 0 < $args['limit'] ) {
$query[] = $wpdb->prepare( 'LIMIT %d', $args['limit'] );
$query[] = $wpdb->prepare( 'LIMIT %d, %d', absint( $args['limit'] ) * absint( $args['page'] - 1 ), absint( $args['limit'] ) );
}
$raw_download_logs = $wpdb->get_results( implode( ' ', $query ) ); // phpcs:ignore WordPress.WP.PreparedSQL.NotPrepared
$raw_download_logs = $wpdb->get_results( implode( ' ', $query ) ); // WPCS: unprepared SQL ok.
switch ( $args['return'] ) {
case 'ids':
@ -213,7 +207,7 @@ class WC_Customer_Download_Log_Data_Store implements WC_Customer_Download_Log_Da
/**
* Get download logs for a given download permission.
*
* @param int $permission_id Permission ID.
* @param int $permission_id Permission to get logs for.
* @return array
*/
public function get_download_logs_for_permission( $permission_id ) {
@ -229,4 +223,14 @@ class WC_Customer_Download_Log_Data_Store implements WC_Customer_Download_Log_Da
);
}
/**
* Method to delete download logs for a given permission ID.
*
* @since 3.4.0
* @param int $id download_id of the downloads that will be deleted.
*/
public function delete_by_permission_id( $id ) {
global $wpdb;
$wpdb->query( $wpdb->prepare( "DELETE FROM {$wpdb->prefix}woocommerce_downloadable_product_permissions WHERE permission_id = %d", $id ) );
}
}

2
includes/wc-core-functions.php
View File

@ -1877,7 +1877,7 @@ function wc_restore_locale() {
function wc_make_phone_clickable( $phone ) {
$number = trim( preg_replace( '/[^\d|\+]/', '', $phone ) );
return '<a href="tel:' . esc_attr( $number ) . '">' . esc_html( $phone ) . '</a>';
return $number ? '<a href="tel:' . esc_attr( $number ) . '">' . esc_html( $phone ) . '</a>' : '';
}
/**

33
includes/wc-user-functions.php
View File

@ -635,3 +635,36 @@ function wc_user_search_columns( $search_columns ) {
return $search_columns;
}
add_filter( 'user_search_columns', 'wc_user_search_columns' );
/**
* When a user is deleted in WordPress, delete corresponding WooCommerce data.
*
* @param int $user_id User ID being deleted.
*/
function wc_delete_user_data( $user_id ) {
global $wpdb;
// Clean up sessions.
$wpdb->delete(
$wpdb->prefix . 'woocommerce_sessions',
array(
'session_key' => $user_id,
)
);
// Revoke API keys.
$wpdb->delete(
$wpdb->prefix . 'woocommerce_api_keys',
array(
'user_id' => $user_id,
)
);
// Clean up payment tokens.
$payment_tokens = WC_Payment_Tokens::get_customer_tokens( $user_id );
foreach ( $payment_tokens as $payment_token ) {
$payment_token->delete();
}
}
add_action( 'delete_user', 'wc_delete_user_data' );

157
tests/unit-tests/privacy/export.php Normal file
View File

@ -0,0 +1,157 @@
<?php
/**
* Privacy data exporter.
*
* @package WooCommerce\Tests\Util
*/
class WC_Test_Privacy_Export extends WC_Unit_Test_Case {
/**
* Order tracking for cleanup.
*
* @var array
*/
protected $orders = array();
/**
* Customer tracking for cleanup.
*
* @var array
*/
protected $customers = array();
/**
* Load up the importer classes since they aren't loaded by default.
*/
public function setUp() {
$customer1 = WC_Helper_Customer::create_customer( 'customer1', 'password', 'test1@test.com' );
$customer1->set_billing_email( 'customer1@test.com' );
$customer1->save();
$customer2 = WC_Helper_Customer::create_customer( 'customer2', 'password', 'test2@test.com' );
$customer2->set_billing_email( 'customer2@test.com' );
$customer2->save();
$this->customers[] = $customer1;
$this->customers[] = $customer2;
// Create a bunch of dummy orders for some users.
$this->orders[] = WC_Helper_Order::create_order( $customer1->get_id() );
$this->orders[] = WC_Helper_Order::create_order( $customer1->get_id() );
$this->orders[] = WC_Helper_Order::create_order( $customer1->get_id() );
$this->orders[] = WC_Helper_Order::create_order( $customer1->get_id() );
$this->orders[] = WC_Helper_Order::create_order( $customer1->get_id() );
$this->orders[] = WC_Helper_Order::create_order( $customer1->get_id() );
$this->orders[] = WC_Helper_Order::create_order( $customer1->get_id() );
$this->orders[] = WC_Helper_Order::create_order( $customer1->get_id() );
$this->orders[] = WC_Helper_Order::create_order( $customer1->get_id() );
$this->orders[] = WC_Helper_Order::create_order( $customer1->get_id() );
$this->orders[] = WC_Helper_Order::create_order( $customer1->get_id() );
$this->orders[] = WC_Helper_Order::create_order( $customer2->get_id() );
$this->orders[] = WC_Helper_Order::create_order( $customer2->get_id() );
}
/**
* Clean up after test.
*/
public function tearDown() {
foreach ( $this->orders as $object ) {
$object->delete( true );
}
foreach ( $this->customers as $object ) {
$object->delete( true );
}
}
/**
* Test: Customer data exporter.
*/
public function test_customer_data_exporter() {
// Test a non existing user.
$response = WC_Privacy::customer_data_exporter( 'doesnotexist@test.com', 1 );
$this->assertEquals( array(), $response['data'] );
// Do a test export and check response.
$response = WC_Privacy::customer_data_exporter( 'test1@test.com', 1 );
$this->assertTrue( $response['done'] );
$this->assertEquals( array(
array(
'group_id' => 'woocommerce_customer',
'group_label' => 'Customer Data',
'item_id' => 'user',
'data' => array(
array(
'name' => 'Billing Address 1',
'value' => '123 South Street',
),
array(
'name' => 'Billing Address 2',
'value' => 'Apt 1',
),
array(
'name' => 'Billing City',
'value' => 'Philadelphia',
),
array(
'name' => 'Billing Postal/Zip Code',
'value' => '19123',
),
array(
'name' => 'Billing State',
'value' => 'PA',
),
array(
'name' => 'Billing Country',
'value' => 'US',
),
array(
'name' => 'Email Address',
'value' => 'customer1@test.com',
),
array(
'name' => 'Shipping Address 1',
'value' => '123 South Street',
),
array(
'name' => 'Shipping Address 2',
'value' => 'Apt 1',
),
array(
'name' => 'Shipping City',
'value' => 'Philadelphia',
),
array(
'name' => 'Shipping Postal/Zip Code',
'value' => '19123',
),
array(
'name' => 'Shipping State',
'value' => 'PA',
),
array(
'name' => 'Shipping Country',
'value' => 'US',
),
),
),
), $response['data'] );
}
/**
* Test: Order data exporter.
*/
public function test_order_data_exporter() {
$response = WC_Privacy::order_data_exporter( 'test1@test.com', 1 );
$this->assertEquals( 'woocommerce_orders', $response['data'][0]['group_id'] );
$this->assertEquals( 'Orders', $response['data'][0]['group_label'] );
$this->assertContains( 'order-', $response['data'][0]['item_id'] );
$this->assertArrayHasKey( 'data', $response['data'][0] );
$this->assertTrue( 8 === count( $response['data'][0]['data'] ), count( $response['data'][0]['data'] ) );
// Next page should be orders.
$response = WC_Privacy::order_data_exporter( 'test1@test.com', 2 );
$this->assertTrue( $response['done'] );
$this->assertTrue( 8 === count( $response['data'][0]['data'] ), count( $response['data'][0]['data'] ) );
}
}