From dc060fe700f1a6b940e073e69ff63d26cd079de1 Mon Sep 17 00:00:00 2001 From: vedanshujain Date: Mon, 13 Jan 2020 18:57:25 +0530 Subject: [PATCH] Add notice when "redirect only" download method is selected. This download is insecure as it reveals the original file location. We will try to nudge user to use any of the other download method instead. --- includes/admin/class-wc-admin-notices.php | 28 +++++++++++++++++++ .../html-notice-redirect-only-download.php | 24 ++++++++++++++++ 2 files changed, 52 insertions(+) create mode 100644 includes/admin/views/html-notice-redirect-only-download.php diff --git a/includes/admin/class-wc-admin-notices.php b/includes/admin/class-wc-admin-notices.php index 9fa28b060f0..df9257bd375 100644 --- a/includes/admin/class-wc-admin-notices.php +++ b/includes/admin/class-wc-admin-notices.php @@ -38,6 +38,7 @@ class WC_Admin_Notices { 'no_secure_connection' => 'secure_connection_notice', WC_PHP_MIN_REQUIREMENTS_NOTICE => 'wp_php_min_requirements_notice', 'maxmind_license_key' => 'maxmind_missing_license_key_notice', + 'wc_redirect_download_method' => 'wc_redirect_download_method_notice', ); /** @@ -48,6 +49,7 @@ class WC_Admin_Notices { add_action( 'switch_theme', array( __CLASS__, 'reset_admin_notices' ) ); add_action( 'woocommerce_installed', array( __CLASS__, 'reset_admin_notices' ) ); + add_action( 'wp_loaded', array( __CLASS__, 'add_redirect_download_method_notice' ) ); add_action( 'wp_loaded', array( __CLASS__, 'hide_notices' ) ); // @TODO: This prevents Action Scheduler async jobs from storing empty list of notices during WC installation. // That could lead to OBW not starting and 'Run setup wizard' notice not appearing in WP admin, which we want @@ -422,6 +424,18 @@ class WC_Admin_Notices { $integration_options = get_option( 'woocommerce_maxmind_geolocation_settings' ); if ( empty( $integration_options['license_key'] ) ) { self::add_notice( 'maxmind_license_key' ); + + } + } + + /** + * Add notice about Redirect-only download method, nudging user to switch to a different method instead. + */ + public static function add_redirect_download_method_notice() { + if ( 'redirect' === get_option( 'woocommerce_file_download_method' ) ) { + self::add_notice( 'wc_redirect_download_method' ); + } else { + self::remove_notice( 'wc_redirect_download_method' ); } } @@ -442,6 +456,20 @@ class WC_Admin_Notices { include dirname( __FILE__ ) . '/views/html-notice-maxmind-license-key.php'; } + /** + * Notice about Redirect-Only download method. + * + * @since 3.10.0 + */ + public static function wc_redirect_download_method_notice() { + if ( apply_filters( 'woocommerce_hide_redirect_method_nag', get_user_meta( get_current_user_id(), 'dismissed_wc_redirect_download_method_notice', true ) ) ) { + self::remove_notice( 'wc_redirect_download_method' ); + return; + } + + include dirname( __FILE__ ) . '/views/html-notice-redirect-only-download.php'; + } + /** * Determine if the store is running SSL. * diff --git a/includes/admin/views/html-notice-redirect-only-download.php b/includes/admin/views/html-notice-redirect-only-download.php new file mode 100644 index 00000000000..80aa197da94 --- /dev/null +++ b/includes/admin/views/html-notice-redirect-only-download.php @@ -0,0 +1,24 @@ + +
+ +

+ please switch to a different method instead.', 'woocommerce' ), + '/wp-admin/admin.php?page=wc-settings&tab=products§ion=downloadable' + ) + ); + ?> +

+