labels->singular_name ),
esc_html( $order->get_order_number() )
@@ -192,35 +190,42 @@ class WC_Meta_Box_Order_Data {
$meta_list = array();
if ( $payment_method && 'other' !== $payment_method ) {
- /* translators: %s: payment method */
$payment_method_string = sprintf(
+ /* translators: %s: payment method */
__( 'Payment via %s', 'woocommerce' ),
esc_html( isset( $payment_gateways[ $payment_method ] ) ? $payment_gateways[ $payment_method ]->get_title() : $payment_method )
);
- if ( $transaction_id = $order->get_transaction_id() ) {
- if ( isset( $payment_gateways[ $payment_method ] ) && ( $url = $payment_gateways[ $payment_method ]->get_transaction_url( $order ) ) ) {
- $payment_method_string .= ' (' . esc_html( $transaction_id ) . ')';
- } else {
- $payment_method_string .= ' (' . esc_html( $transaction_id ) . ')';
+ $transaction_id = $order->get_transaction_id();
+ if ( $transaction_id ) {
+ $to_add = null;
+ if ( isset( $payment_gateways[ $payment_method ] ) ) {
+ $url = $payment_gateways[ $payment_method ]->get_transaction_url( $order );
+ if ( $url ) {
+ $to_add .= ' (' . esc_html( $transaction_id ) . ')';
+ }
}
+
+ $to_add = $to_add ?? ' (' . esc_html( $transaction_id ) . ')';
+ $payment_method_string .= $to_add;
}
$meta_list[] = $payment_method_string;
}
if ( $order->get_date_paid() ) {
- /* translators: 1: date 2: time */
$meta_list[] = sprintf(
+ /* translators: 1: date 2: time */
__( 'Paid on %1$s @ %2$s', 'woocommerce' ),
wc_format_datetime( $order->get_date_paid() ),
wc_format_datetime( $order->get_date_paid(), get_option( 'time_format' ) )
);
}
- if ( $ip_address = $order->get_customer_ip_address() ) {
- /* translators: %s: IP address */
+ $ip_address = $order->get_customer_ip_address();
+ if ( $ip_address ) {
$meta_list[] = sprintf(
+ /* translators: %s: IP address */
__( 'Customer IP: %s', 'woocommerce' ),
'' . esc_html( $ip_address ) . ''
);
@@ -235,7 +240,7 @@ class WC_Meta_Box_Order_Data {
-
+
@
:
@@ -246,12 +251,12 @@ class WC_Meta_Box_Order_Data {
@@ -327,7 +337,7 @@ class WC_Meta_Box_Order_Data {
if ( $order->get_formatted_billing_address() ) {
echo '
' . wp_kses( $order->get_formatted_billing_address(), array( 'br' => array() ) ) . '
';
} else {
- echo '
' . __( 'Address:', 'woocommerce' ) . ' ' . __( 'No billing address set.', 'woocommerce' ) . '
';
+ echo '
' . esc_html__( 'Address:', 'woocommerce' ) . ' ' . esc_html__( 'No billing address set.', 'woocommerce' ) . '
';
}
foreach ( self::$billing_fields as $key => $field ) {
@@ -402,7 +412,7 @@ class WC_Meta_Box_Order_Data {
foreach ( $payment_gateways as $gateway ) {
if ( 'yes' === $gateway->enabled ) {
echo '
';
- if ( $payment_method == $gateway->id ) {
+ if ( $payment_method === $gateway->id ) {
$found_method = true;
}
}
@@ -446,7 +456,7 @@ class WC_Meta_Box_Order_Data {
if ( $order->get_formatted_shipping_address() ) {
echo '
' . wp_kses( $order->get_formatted_shipping_address(), array( 'br' => array() ) ) . '
';
} else {
- echo '
' . __( 'Address:', 'woocommerce' ) . ' ' . __( 'No shipping address set.', 'woocommerce' ) . '
';
+ echo '
' . esc_html__( 'Address:', 'woocommerce' ) . ' ' . esc_html__( 'No shipping address set.', 'woocommerce' ) . '
';
}
if ( ! empty( self::$shipping_fields ) ) {
@@ -473,8 +483,8 @@ class WC_Meta_Box_Order_Data {
}
}
- if ( apply_filters( 'woocommerce_enable_order_notes_field', 'yes' == get_option( 'woocommerce_enable_order_comments', 'yes' ) ) && $post->post_excerpt ) {
- echo '
' . __( 'Customer provided note:', 'woocommerce' ) . ' ' . nl2br( esc_html( $post->post_excerpt ) ) . '
';
+ if ( apply_filters( 'woocommerce_enable_order_notes_field', 'yes' === get_option( 'woocommerce_enable_order_comments', 'yes' ) ) && $post->post_excerpt ) {
+ echo '
' . esc_html__( 'Customer provided note:', 'woocommerce' ) . ' ' . nl2br( esc_html( $post->post_excerpt ) ) . '
';
}
?>
@@ -510,10 +520,10 @@ class WC_Meta_Box_Order_Data {
}
}
- if ( apply_filters( 'woocommerce_enable_order_notes_field', 'yes' == get_option( 'woocommerce_enable_order_comments', 'yes' ) ) ) :
+ if ( apply_filters( 'woocommerce_enable_order_notes_field', 'yes' === get_option( 'woocommerce_enable_order_comments', 'yes' ) ) ) :
?>
@@ -532,8 +542,19 @@ class WC_Meta_Box_Order_Data {
* Save meta box data.
*
* @param int $order_id Order ID.
+ * @throws Exception Required request data is missing.
*/
public static function save( $order_id ) {
+ // phpcs:disable WordPress.Security.NonceVerification.Missing
+
+ if ( ! isset( $_POST['order_status'] ) ) {
+ throw new Exception( __( 'Order status is missing.', 'woocommerce' ), 400 );
+ }
+
+ if ( ! isset( $_POST['_payment_method'] ) ) {
+ throw new Exception( __( 'Payment method is missing.', 'woocommerce' ), 400 );
+ }
+
self::init_address_fields();
// Ensure gateways are loaded in case they need to insert data into the emails.
@@ -598,7 +619,7 @@ class WC_Meta_Box_Order_Data {
}
// Payment method handling.
- if ( $order->get_payment_method() !== wp_unslash( $_POST['_payment_method'] ) ) {
+ if ( $order->get_payment_method() !== wc_clean( wp_unslash( $_POST['_payment_method'] ) ) ) {
$methods = WC()->payment_gateways->payment_gateways();
$payment_method = wc_clean( wp_unslash( $_POST['_payment_method'] ) );
$payment_method_title = $payment_method;
@@ -607,10 +628,10 @@ class WC_Meta_Box_Order_Data {
$payment_method_title = $methods[ $payment_method ]->get_title();
}
- if ( $payment_method == 'other') {
+ if ( 'other' === $payment_method ) {
$payment_method_title = esc_html__( 'Other', 'woocommerce' );
}
-
+
$props['payment_method'] = $payment_method;
$props['payment_method_title'] = $payment_method_title;
}
@@ -619,13 +640,17 @@ class WC_Meta_Box_Order_Data {
if ( empty( $_POST['order_date'] ) ) {
$date = time();
} else {
+ if ( ! isset( $_POST['order_date_hour'] ) || ! isset( $_POST['order_date_minute'] ) || ! isset( $_POST['order_date_second'] ) ) {
+ throw new Exception( __( 'Order date, hour, minute and/or second are missing.', 'woocommerce' ), 400 );
+ }
+ // phpcs:ignore WordPress.Security.ValidatedSanitizedInput
$date = gmdate( 'Y-m-d H:i:s', strtotime( $_POST['order_date'] . ' ' . (int) $_POST['order_date_hour'] . ':' . (int) $_POST['order_date_minute'] . ':' . (int) $_POST['order_date_second'] ) );
}
$props['date_created'] = $date;
// Set created via prop if new post.
- if ( isset( $_POST['original_post_status'] ) && $_POST['original_post_status'] === 'auto-draft' ) {
+ if ( isset( $_POST['original_post_status'] ) && 'auto-draft' === $_POST['original_post_status'] ) {
$props['created_via'] = 'admin';
}
@@ -633,5 +658,7 @@ class WC_Meta_Box_Order_Data {
$order->set_props( $props );
$order->set_status( wc_clean( wp_unslash( $_POST['order_status'] ) ), '', true );
$order->save();
+
+ // phpcs:enable WordPress.Security.NonceVerification.Missing
}
}
diff --git a/plugins/woocommerce/includes/class-wc-order.php b/plugins/woocommerce/includes/class-wc-order.php
index 97e10351cbc..6bef3618b8c 100644
--- a/plugins/woocommerce/includes/class-wc-order.php
+++ b/plugins/woocommerce/includes/class-wc-order.php
@@ -2053,7 +2053,7 @@ class WC_Order extends WC_Abstract_Order {
* @param string $tax_display Tax to display.
*/
protected function add_order_item_totals_payment_method_row( &$total_rows, $tax_display ) {
- if ( $this->get_total() > 0 && $this->get_payment_method_title() && 'other' !== $this->get_payment_method_title() ) {
+ if ( $this->get_total() > 0 && $this->get_payment_method_title() && 'other' !== $this->get_payment_method() ) {
$total_rows['payment_method'] = array(
'label' => __( 'Payment method:', 'woocommerce' ),
'value' => $this->get_payment_method_title(),