Merge pull request #19437 from woocommerce/fix/checkout-class-phpcs

Fixed includes/class-wc-checkout.php PHPCS violations
This commit is contained in:
Mike Jolley 2018-03-19 10:45:53 +00:00 committed by GitHub
commit e957b05aea
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 221 additions and 191 deletions

View File

@ -1,18 +1,17 @@
<?php <?php
if ( ! defined( 'ABSPATH' ) ) {
exit;
}
/** /**
* Main checkout class. * Checkout functionality
* *
* The WooCommerce checkout class handles the checkout process, collecting user data and processing the payment. * The WooCommerce checkout class handles the checkout process, collecting user data and processing the payment.
* *
* @class WC_Checkout
* @package WooCommerce/Classes * @package WooCommerce/Classes
* @category Class * @version 3.4.0
* @author WooThemes */
defined( 'ABSPATH' ) || exit;
/**
* Checkout class.
*/ */
class WC_Checkout { class WC_Checkout {
@ -32,6 +31,7 @@ class WC_Checkout {
/** /**
* Holds posted data for backwards compatibility. * Holds posted data for backwards compatibility.
*
* @var array * @var array
*/ */
protected $legacy_posted_data = array(); protected $legacy_posted_data = array();
@ -60,11 +60,13 @@ class WC_Checkout {
/** /**
* See if variable is set. Used to support legacy public variables which are no longer defined. * See if variable is set. Used to support legacy public variables which are no longer defined.
* *
* @param string $key * @param string $key Key.
* @return bool * @return bool
*/ */
public function __isset( $key ) { public function __isset( $key ) {
return in_array( $key, array( return in_array(
$key,
array(
'enable_signup', 'enable_signup',
'enable_guest_checkout', 'enable_guest_checkout',
'must_create_account', 'must_create_account',
@ -74,14 +76,16 @@ class WC_Checkout {
'payment_method', 'payment_method',
'customer_id', 'customer_id',
'shipping_methods', 'shipping_methods',
) ); ),
true
);
} }
/** /**
* Sets the legacy public variables for backwards compatibility. * Sets the legacy public variables for backwards compatibility.
* *
* @param string $key * @param string $key Key.
* @param mixed $value * @param mixed $value Value.
*/ */
public function __set( $key, $value ) { public function __set( $key, $value ) {
switch ( $key ) { switch ( $key ) {
@ -118,12 +122,11 @@ class WC_Checkout {
/** /**
* Gets the legacy public variables for backwards compatibility. * Gets the legacy public variables for backwards compatibility.
* *
* @param string $key * @param string $key Key.
*
* @return array|string * @return array|string
*/ */
public function __get( $key ) { public function __get( $key ) {
if ( in_array( $key, array( 'posted', 'shipping_method', 'payment_method' ) ) && empty( $this->legacy_posted_data ) ) { if ( in_array( $key, array( 'posted', 'shipping_method', 'payment_method' ), true ) && empty( $this->legacy_posted_data ) ) {
$this->legacy_posted_data = $this->get_posted_data(); $this->legacy_posted_data = $this->get_posted_data();
} }
switch ( $key ) { switch ( $key ) {
@ -263,20 +266,22 @@ class WC_Checkout {
* 528 - Cannot create tax item. * 528 - Cannot create tax item.
* 529 - Cannot create coupon item. * 529 - Cannot create coupon item.
* *
* @throws Exception * @throws Exception When checkout validation fails.
* @param $data Posted data. * @param array $data Posted data.
* @return int|WP_ERROR * @return int|WP_ERROR
*/ */
public function create_order( $data ) { public function create_order( $data ) {
// Give plugins the opportunity to create an order themselves. // Give plugins the opportunity to create an order themselves.
if ( $order_id = apply_filters( 'woocommerce_create_order', null, $this ) ) { $order_id = apply_filters( 'woocommerce_create_order', null, $this );
if ( $order_id ) {
return $order_id; return $order_id;
} }
try { try {
$order_id = absint( WC()->session->get( 'order_awaiting_payment' ) ); $order_id = absint( WC()->session->get( 'order_awaiting_payment' ) );
$cart_hash = md5( json_encode( wc_clean( WC()->cart->get_cart_for_session() ) ) . WC()->cart->total ); $cart_hash = md5( wp_json_encode( wc_clean( WC()->cart->get_cart_for_session() ) ) . WC()->cart->total );
$available_gateways = WC()->payment_gateways->get_available_payment_gateways(); $available_gateways = WC()->payment_gateways->get_available_payment_gateways();
$order = $order_id ? wc_get_order( $order_id ) : null;
/** /**
* If there is an order pending payment, we can resume it here so * If there is an order pending payment, we can resume it here so
@ -284,7 +289,7 @@ class WC_Checkout {
* different items or cost, create a new order. We use a hash to * different items or cost, create a new order. We use a hash to
* detect changes which is based on cart items + order total. * detect changes which is based on cart items + order total.
*/ */
if ( $order_id && ( $order = wc_get_order( $order_id ) ) && $order->has_cart_hash( $cart_hash ) && $order->has_status( array( 'pending', 'failed' ) ) ) { if ( $order && $order->has_cart_hash( $cart_hash ) && $order->has_status( array( 'pending', 'failed' ) ) ) {
// Action for 3rd parties. // Action for 3rd parties.
do_action( 'woocommerce_resume_order', $order_id ); do_action( 'woocommerce_resume_order', $order_id );
@ -301,7 +306,7 @@ class WC_Checkout {
// Store custom fields prefixed with wither shipping_ or billing_. This is for backwards compatibility with 2.6.x. // Store custom fields prefixed with wither shipping_ or billing_. This is for backwards compatibility with 2.6.x.
// TODO: Fix conditional to only include shipping/billing address fields in a smarter way without str(i)pos. // TODO: Fix conditional to only include shipping/billing address fields in a smarter way without str(i)pos.
} elseif ( ( 0 === stripos( $key, 'billing_' ) || 0 === stripos( $key, 'shipping_' ) ) } elseif ( ( 0 === stripos( $key, 'billing_' ) || 0 === stripos( $key, 'shipping_' ) )
&& ! in_array( $key, array( 'shipping_method', 'shipping_total', 'shipping_tax' ) ) ) { && ! in_array( $key, array( 'shipping_method', 'shipping_total', 'shipping_tax' ), true ) ) {
$order->update_meta_data( '_' . $key, $value ); $order->update_meta_data( '_' . $key, $value );
} }
} }
@ -329,6 +334,7 @@ class WC_Checkout {
/** /**
* Action hook to adjust order before save. * Action hook to adjust order before save.
*
* @since 3.0.0 * @since 3.0.0
*/ */
do_action( 'woocommerce_checkout_create_order', $order, $data ); do_action( 'woocommerce_checkout_create_order', $order, $data );
@ -347,20 +353,22 @@ class WC_Checkout {
/** /**
* Add line items to the order. * Add line items to the order.
* *
* @param WC_Order $order * @param WC_Order $order Order instance.
* @param WC_Cart $cart * @param WC_Cart $cart Cart instance.
*/ */
public function create_order_line_items( &$order, $cart ) { public function create_order_line_items( &$order, $cart ) {
foreach ( $cart->get_cart() as $cart_item_key => $values ) { foreach ( $cart->get_cart() as $cart_item_key => $values ) {
/** /**
* Filter hook to get initial item object. * Filter hook to get initial item object.
*
* @since 3.1.0 * @since 3.1.0
*/ */
$item = apply_filters( 'woocommerce_checkout_create_order_line_item_object', new WC_Order_Item_Product(), $cart_item_key, $values, $order ); $item = apply_filters( 'woocommerce_checkout_create_order_line_item_object', new WC_Order_Item_Product(), $cart_item_key, $values, $order );
$product = $values['data']; $product = $values['data'];
$item->legacy_values = $values; // @deprecated For legacy actions. $item->legacy_values = $values; // @deprecated For legacy actions.
$item->legacy_cart_item_key = $cart_item_key; // @deprecated For legacy actions. $item->legacy_cart_item_key = $cart_item_key; // @deprecated For legacy actions.
$item->set_props( array( $item->set_props(
array(
'quantity' => $values['quantity'], 'quantity' => $values['quantity'],
'variation' => $values['variation'], 'variation' => $values['variation'],
'subtotal' => $values['line_subtotal'], 'subtotal' => $values['line_subtotal'],
@ -368,19 +376,23 @@ class WC_Checkout {
'subtotal_tax' => $values['line_subtotal_tax'], 'subtotal_tax' => $values['line_subtotal_tax'],
'total_tax' => $values['line_tax'], 'total_tax' => $values['line_tax'],
'taxes' => $values['line_tax_data'], 'taxes' => $values['line_tax_data'],
) ); )
);
if ( $product ) { if ( $product ) {
$item->set_props( array( $item->set_props(
array(
'name' => $product->get_name(), 'name' => $product->get_name(),
'tax_class' => $product->get_tax_class(), 'tax_class' => $product->get_tax_class(),
'product_id' => $product->is_type( 'variation' ) ? $product->get_parent_id() : $product->get_id(), 'product_id' => $product->is_type( 'variation' ) ? $product->get_parent_id() : $product->get_id(),
'variation_id' => $product->is_type( 'variation' ) ? $product->get_id() : 0, 'variation_id' => $product->is_type( 'variation' ) ? $product->get_id() : 0,
) ); )
);
} }
$item->set_backorder_meta(); $item->set_backorder_meta();
/** /**
* Action hook to adjust item before save. * Action hook to adjust item before save.
*
* @since 3.0.0 * @since 3.0.0
*/ */
do_action( 'woocommerce_checkout_create_order_line_item', $item, $cart_item_key, $values, $order ); do_action( 'woocommerce_checkout_create_order_line_item', $item, $cart_item_key, $values, $order );
@ -393,15 +405,16 @@ class WC_Checkout {
/** /**
* Add fees to the order. * Add fees to the order.
* *
* @param WC_Order $order * @param WC_Order $order Order instance.
* @param WC_Cart $cart * @param WC_Cart $cart Cart instance.
*/ */
public function create_order_fee_lines( &$order, $cart ) { public function create_order_fee_lines( &$order, $cart ) {
foreach ( $cart->get_fees() as $fee_key => $fee ) { foreach ( $cart->get_fees() as $fee_key => $fee ) {
$item = new WC_Order_Item_Fee(); $item = new WC_Order_Item_Fee();
$item->legacy_fee = $fee; // @deprecated For legacy actions. $item->legacy_fee = $fee; // @deprecated For legacy actions.
$item->legacy_fee_key = $fee_key; // @deprecated For legacy actions. $item->legacy_fee_key = $fee_key; // @deprecated For legacy actions.
$item->set_props( array( $item->set_props(
array(
'name' => $fee->name, 'name' => $fee->name,
'tax_class' => $fee->taxable ? $fee->tax_class : 0, 'tax_class' => $fee->taxable ? $fee->tax_class : 0,
'amount' => $fee->amount, 'amount' => $fee->amount,
@ -410,10 +423,12 @@ class WC_Checkout {
'taxes' => array( 'taxes' => array(
'total' => $fee->tax_data, 'total' => $fee->tax_data,
), ),
) ); )
);
/** /**
* Action hook to adjust item before save. * Action hook to adjust item before save.
*
* @since 3.0.0 * @since 3.0.0
*/ */
do_action( 'woocommerce_checkout_create_order_fee_item', $item, $fee_key, $fee, $order ); do_action( 'woocommerce_checkout_create_order_fee_item', $item, $fee_key, $fee, $order );
@ -426,18 +441,18 @@ class WC_Checkout {
/** /**
* Add shipping lines to the order. * Add shipping lines to the order.
* *
* @param WC_Order $order * @param WC_Order $order Order Instance.
* @param array $chosen_shipping_methods * @param array $chosen_shipping_methods Chosen shipping methods.
* @param array $packages * @param array $packages Packages.
*/ */
public function create_order_shipping_lines( &$order, $chosen_shipping_methods, $packages ) { public function create_order_shipping_lines( &$order, $chosen_shipping_methods, $packages ) {
foreach ( $packages as $package_key => $package ) { foreach ( $packages as $package_key => $package ) {
if ( isset( $chosen_shipping_methods[ $package_key ], $package['rates'][ $chosen_shipping_methods[ $package_key ] ] ) ) { if ( isset( $chosen_shipping_methods[ $package_key ], $package['rates'][ $chosen_shipping_methods[ $package_key ] ] ) ) {
/** @var WC_Shipping_Rate $shipping_rate */
$shipping_rate = $package['rates'][ $chosen_shipping_methods[ $package_key ] ]; $shipping_rate = $package['rates'][ $chosen_shipping_methods[ $package_key ] ];
$item = new WC_Order_Item_Shipping(); $item = new WC_Order_Item_Shipping();
$item->legacy_package_key = $package_key; // @deprecated For legacy actions. $item->legacy_package_key = $package_key; // @deprecated For legacy actions.
$item->set_props( array( $item->set_props(
array(
'method_title' => $shipping_rate->label, 'method_title' => $shipping_rate->label,
'method_id' => $shipping_rate->method_id, 'method_id' => $shipping_rate->method_id,
'instance_id' => $shipping_rate->instance_id, 'instance_id' => $shipping_rate->instance_id,
@ -445,7 +460,8 @@ class WC_Checkout {
'taxes' => array( 'taxes' => array(
'total' => $shipping_rate->taxes, 'total' => $shipping_rate->taxes,
), ),
) ); )
);
foreach ( $shipping_rate->get_meta_data() as $key => $value ) { foreach ( $shipping_rate->get_meta_data() as $key => $value ) {
$item->add_meta_data( $key, $value, true ); $item->add_meta_data( $key, $value, true );
@ -453,6 +469,7 @@ class WC_Checkout {
/** /**
* Action hook to adjust item before save. * Action hook to adjust item before save.
*
* @since 3.0.0 * @since 3.0.0
*/ */
do_action( 'woocommerce_checkout_create_order_shipping_item', $item, $package_key, $package, $order ); do_action( 'woocommerce_checkout_create_order_shipping_item', $item, $package_key, $package, $order );
@ -466,24 +483,27 @@ class WC_Checkout {
/** /**
* Add tax lines to the order. * Add tax lines to the order.
* *
* @param WC_Order $order * @param WC_Order $order Order instance.
* @param WC_Cart $cart * @param WC_Cart $cart Cart instance.
*/ */
public function create_order_tax_lines( &$order, $cart ) { public function create_order_tax_lines( &$order, $cart ) {
foreach ( array_keys( $cart->get_cart_contents_taxes() + $cart->get_shipping_taxes() + $cart->get_fee_taxes() ) as $tax_rate_id ) { foreach ( array_keys( $cart->get_cart_contents_taxes() + $cart->get_shipping_taxes() + $cart->get_fee_taxes() ) as $tax_rate_id ) {
if ( $tax_rate_id && apply_filters( 'woocommerce_cart_remove_taxes_zero_rate_id', 'zero-rated' ) !== $tax_rate_id ) { if ( $tax_rate_id && apply_filters( 'woocommerce_cart_remove_taxes_zero_rate_id', 'zero-rated' ) !== $tax_rate_id ) {
$item = new WC_Order_Item_Tax(); $item = new WC_Order_Item_Tax();
$item->set_props( array( $item->set_props(
array(
'rate_id' => $tax_rate_id, 'rate_id' => $tax_rate_id,
'tax_total' => $cart->get_tax_amount( $tax_rate_id ), 'tax_total' => $cart->get_tax_amount( $tax_rate_id ),
'shipping_tax_total' => $cart->get_shipping_tax_amount( $tax_rate_id ), 'shipping_tax_total' => $cart->get_shipping_tax_amount( $tax_rate_id ),
'rate_code' => WC_Tax::get_rate_code( $tax_rate_id ), 'rate_code' => WC_Tax::get_rate_code( $tax_rate_id ),
'label' => WC_Tax::get_rate_label( $tax_rate_id ), 'label' => WC_Tax::get_rate_label( $tax_rate_id ),
'compound' => WC_Tax::is_compound( $tax_rate_id ), 'compound' => WC_Tax::is_compound( $tax_rate_id ),
) ); )
);
/** /**
* Action hook to adjust item before save. * Action hook to adjust item before save.
*
* @since 3.0.0 * @since 3.0.0
*/ */
do_action( 'woocommerce_checkout_create_order_tax_item', $item, $tax_rate_id, $order ); do_action( 'woocommerce_checkout_create_order_tax_item', $item, $tax_rate_id, $order );
@ -497,21 +517,24 @@ class WC_Checkout {
/** /**
* Add coupon lines to the order. * Add coupon lines to the order.
* *
* @param WC_Order $order * @param WC_Order $order Order instance.
* @param WC_Cart $cart * @param WC_Cart $cart Cart instance.
*/ */
public function create_order_coupon_lines( &$order, $cart ) { public function create_order_coupon_lines( &$order, $cart ) {
foreach ( $cart->get_coupons() as $code => $coupon ) { foreach ( $cart->get_coupons() as $code => $coupon ) {
$item = new WC_Order_Item_Coupon(); $item = new WC_Order_Item_Coupon();
$item->set_props( array( $item->set_props(
array(
'code' => $code, 'code' => $code,
'discount' => $cart->get_coupon_discount_amount( $code ), 'discount' => $cart->get_coupon_discount_amount( $code ),
'discount_tax' => $cart->get_coupon_discount_tax_amount( $code ), 'discount_tax' => $cart->get_coupon_discount_tax_amount( $code ),
) ); )
);
$item->add_meta_data( 'coupon_data', $coupon->get_data() ); $item->add_meta_data( 'coupon_data', $coupon->get_data() );
/** /**
* Action hook to adjust item before save. * Action hook to adjust item before save.
*
* @since 3.0.0 * @since 3.0.0
*/ */
do_action( 'woocommerce_checkout_create_order_coupon_item', $item, $code, $coupon, $order ); do_action( 'woocommerce_checkout_create_order_coupon_item', $item, $code, $coupon, $order );
@ -525,10 +548,8 @@ class WC_Checkout {
* See if a fieldset should be skipped. * See if a fieldset should be skipped.
* *
* @since 3.0.0 * @since 3.0.0
* * @param string $fieldset_key Fieldset key.
* @param string $fieldset_key * @param array $data Posted data.
* @param array $data
*
* @return bool * @return bool
*/ */
protected function maybe_skip_fieldset( $fieldset_key, $data ) { protected function maybe_skip_fieldset( $fieldset_key, $data ) {
@ -550,12 +571,12 @@ class WC_Checkout {
public function get_posted_data() { public function get_posted_data() {
$skipped = array(); $skipped = array();
$data = array( $data = array(
'terms' => (int) isset( $_POST['terms'] ), 'terms' => (int) isset( $_POST['terms'] ), // WPCS: input var ok, CSRF ok.
'createaccount' => (int) ! empty( $_POST['createaccount'] ), 'createaccount' => (int) ! empty( $_POST['createaccount'] ), // WPCS: input var ok, CSRF ok.
'payment_method' => isset( $_POST['payment_method'] ) ? wc_clean( $_POST['payment_method'] ) : '', 'payment_method' => isset( $_POST['payment_method'] ) ? wc_clean( wp_unslash( $_POST['payment_method'] ) ) : '', // WPCS: input var ok, CSRF ok.
'shipping_method' => isset( $_POST['shipping_method'] ) ? wc_clean( $_POST['shipping_method'] ) : '', 'shipping_method' => isset( $_POST['shipping_method'] ) ? wc_clean( wp_unslash( $_POST['shipping_method'] ) ) : '', // WPCS: input var ok, CSRF ok.
'ship_to_different_address' => ! empty( $_POST['ship_to_different_address'] ) && ! wc_ship_to_billing_address_only(), 'ship_to_different_address' => ! empty( $_POST['ship_to_different_address'] ) && ! wc_ship_to_billing_address_only(), // WPCS: input var ok, CSRF ok.
'woocommerce_checkout_update_totals' => isset( $_POST['woocommerce_checkout_update_totals'] ), 'woocommerce_checkout_update_totals' => isset( $_POST['woocommerce_checkout_update_totals'] ), // WPCS: input var ok, CSRF ok.
); );
foreach ( $this->get_checkout_fields() as $fieldset_key => $fieldset ) { foreach ( $this->get_checkout_fields() as $fieldset_key => $fieldset ) {
if ( $this->maybe_skip_fieldset( $fieldset_key, $data ) ) { if ( $this->maybe_skip_fieldset( $fieldset_key, $data ) ) {
@ -567,16 +588,16 @@ class WC_Checkout {
switch ( $type ) { switch ( $type ) {
case 'checkbox': case 'checkbox':
$value = isset( $_POST[ $key ] ) ? 1 : ''; $value = isset( $_POST[ $key ] ) ? 1 : ''; // WPCS: input var ok, CSRF ok.
break; break;
case 'multiselect': case 'multiselect':
$value = isset( $_POST[ $key ] ) ? implode( ', ', wc_clean( $_POST[ $key ] ) ) : ''; $value = isset( $_POST[ $key ] ) ? implode( ', ', wc_clean( wp_unslash( $_POST[ $key ] ) ) ) : ''; // WPCS: input var ok, CSRF ok.
break; break;
case 'textarea': case 'textarea':
$value = isset( $_POST[ $key ] ) ? wc_sanitize_textarea( $_POST[ $key ] ) : ''; $value = isset( $_POST[ $key ] ) ? wc_sanitize_textarea( wp_unslash( $_POST[ $key ] ) ) : ''; // WPCS: input var ok, CSRF ok.
break; break;
default: default:
$value = isset( $_POST[ $key ] ) ? wc_clean( $_POST[ $key ] ) : ''; $value = isset( $_POST[ $key ] ) ? wc_clean( wp_unslash( $_POST[ $key ] ) ) : ''; // WPCS: input var ok, CSRF ok.
break; break;
} }
@ -584,7 +605,7 @@ class WC_Checkout {
} }
} }
if ( in_array( 'shipping', $skipped ) && ( WC()->cart->needs_shipping_address() || wc_ship_to_billing_address_only() ) ) { if ( in_array( 'shipping', $skipped, true ) && ( WC()->cart->needs_shipping_address() || wc_ship_to_billing_address_only() ) ) {
foreach ( $this->get_checkout_fields( 'shipping' ) as $key => $field ) { foreach ( $this->get_checkout_fields( 'shipping' ) as $key => $field ) {
$data[ $key ] = isset( $data[ 'billing_' . substr( $key, 9 ) ] ) ? $data[ 'billing_' . substr( $key, 9 ) ] : ''; $data[ $key ] = isset( $data[ 'billing_' . substr( $key, 9 ) ] ) ? $data[ 'billing_' . substr( $key, 9 ) ] : '';
} }
@ -601,7 +622,7 @@ class WC_Checkout {
* *
* @since 3.0.0 * @since 3.0.0
* @param array $data An array of posted data. * @param array $data An array of posted data.
* @param WP_Error $errors * @param WP_Error $errors Validation error.
*/ */
protected function validate_posted_data( &$data, &$errors ) { protected function validate_posted_data( &$data, &$errors ) {
foreach ( $this->get_checkout_fields() as $fieldset_key => $fieldset ) { foreach ( $this->get_checkout_fields() as $fieldset_key => $fieldset ) {
@ -627,16 +648,17 @@ class WC_Checkout {
break; break;
} }
if ( in_array( 'postcode', $format ) ) { if ( in_array( 'postcode', $format, true ) ) {
$country = isset( $data[ $fieldset_key . '_country' ] ) ? $data[ $fieldset_key . '_country' ] : WC()->customer->{"get_{$fieldset_key}_country"}(); $country = isset( $data[ $fieldset_key . '_country' ] ) ? $data[ $fieldset_key . '_country' ] : WC()->customer->{"get_{$fieldset_key}_country"}();
$data[ $key ] = wc_format_postcode( $data[ $key ], $country ); $data[ $key ] = wc_format_postcode( $data[ $key ], $country );
if ( '' !== $data[ $key ] && ! WC_Validation::is_postcode( $data[ $key ], $country ) ) { if ( '' !== $data[ $key ] && ! WC_Validation::is_postcode( $data[ $key ], $country ) ) {
/* translators: %s: field name */
$errors->add( 'validation', sprintf( __( '%s is not a valid postcode / ZIP.', 'woocommerce' ), '<strong>' . esc_html( $field_label ) . '</strong>' ) ); $errors->add( 'validation', sprintf( __( '%s is not a valid postcode / ZIP.', 'woocommerce' ), '<strong>' . esc_html( $field_label ) . '</strong>' ) );
} }
} }
if ( in_array( 'phone', $format ) ) { if ( in_array( 'phone', $format, true ) ) {
$data[ $key ] = wc_format_phone_number( $data[ $key ] ); $data[ $key ] = wc_format_phone_number( $data[ $key ] );
if ( '' !== $data[ $key ] && ! WC_Validation::is_phone( $data[ $key ] ) ) { if ( '' !== $data[ $key ] && ! WC_Validation::is_phone( $data[ $key ] ) ) {
@ -645,7 +667,7 @@ class WC_Checkout {
} }
} }
if ( in_array( 'email', $format ) && '' !== $data[ $key ] ) { if ( in_array( 'email', $format, true ) && '' !== $data[ $key ] ) {
$data[ $key ] = sanitize_email( $data[ $key ] ); $data[ $key ] = sanitize_email( $data[ $key ] );
if ( ! is_email( $data[ $key ] ) ) { if ( ! is_email( $data[ $key ] ) ) {
@ -655,11 +677,11 @@ class WC_Checkout {
} }
} }
if ( '' !== $data[ $key ] && in_array( 'state', $format ) ) { if ( '' !== $data[ $key ] && in_array( 'state', $format, true ) ) {
$country = isset( $data[ $fieldset_key . '_country' ] ) ? $data[ $fieldset_key . '_country' ] : WC()->customer->{"get_{$fieldset_key}_country"}(); $country = isset( $data[ $fieldset_key . '_country' ] ) ? $data[ $fieldset_key . '_country' ] : WC()->customer->{"get_{$fieldset_key}_country"}();
$valid_states = WC()->countries->get_states( $country ); $valid_states = WC()->countries->get_states( $country );
if ( ! empty( $valid_states ) && is_array( $valid_states ) && sizeof( $valid_states ) > 0 ) { if ( ! empty( $valid_states ) && is_array( $valid_states ) && count( $valid_states ) > 0 ) {
$valid_state_values = array_map( 'wc_strtoupper', array_flip( array_map( 'wc_strtoupper', $valid_states ) ) ); $valid_state_values = array_map( 'wc_strtoupper', array_flip( array_map( 'wc_strtoupper', $valid_states ) ) );
$data[ $key ] = wc_strtoupper( $data[ $key ] ); $data[ $key ] = wc_strtoupper( $data[ $key ] );
@ -668,7 +690,7 @@ class WC_Checkout {
$data[ $key ] = $valid_state_values[ $data[ $key ] ]; $data[ $key ] = $valid_state_values[ $data[ $key ] ];
} }
if ( ! in_array( $data[ $key ], $valid_state_values ) ) { if ( ! in_array( $data[ $key ], $valid_state_values, true ) ) {
/* translators: 1: state field 2: valid states */ /* translators: 1: state field 2: valid states */
$errors->add( 'validation', sprintf( __( '%1$s is not valid. Please enter one of the following: %2$s', 'woocommerce' ), '<strong>' . esc_html( $field_label ) . '</strong>', implode( ', ', $valid_states ) ) ); $errors->add( 'validation', sprintf( __( '%1$s is not valid. Please enter one of the following: %2$s', 'woocommerce' ), '<strong>' . esc_html( $field_label ) . '</strong>', implode( ', ', $valid_states ) ) );
} }
@ -688,13 +710,13 @@ class WC_Checkout {
* *
* @since 3.0.0 * @since 3.0.0
* @param array $data An array of posted data. * @param array $data An array of posted data.
* @param WP_Error $errors * @param WP_Error $errors Validation errors.
*/ */
protected function validate_checkout( &$data, &$errors ) { protected function validate_checkout( &$data, &$errors ) {
$this->validate_posted_data( $data, $errors ); $this->validate_posted_data( $data, $errors );
$this->check_cart_items(); $this->check_cart_items();
if ( empty( $data['woocommerce_checkout_update_totals'] ) && ! empty( $_POST['terms-field'] ) && empty( $data['terms'] ) && apply_filters( 'woocommerce_checkout_show_terms', wc_get_page_id( 'terms' ) > 0 ) ) { if ( empty( $data['woocommerce_checkout_update_totals'] ) && ! empty( $_POST['terms-field'] ) && empty( $data['terms'] ) && apply_filters( 'woocommerce_checkout_show_terms', wc_get_page_id( 'terms' ) > 0 ) ) { // WPCS: input var ok, CSRF ok.
$errors->add( 'terms', __( 'You must accept our Terms &amp; Conditions.', 'woocommerce' ) ); $errors->add( 'terms', __( 'You must accept our Terms &amp; Conditions.', 'woocommerce' ) );
} }
@ -703,7 +725,8 @@ class WC_Checkout {
if ( empty( $shipping_country ) ) { if ( empty( $shipping_country ) ) {
$errors->add( 'shipping', __( 'Please enter an address to continue.', 'woocommerce' ) ); $errors->add( 'shipping', __( 'Please enter an address to continue.', 'woocommerce' ) );
} elseif ( ! in_array( WC()->customer->get_shipping_country(), array_keys( WC()->countries->get_shipping_countries() ) ) ) { } elseif ( ! in_array( WC()->customer->get_shipping_country(), array_keys( WC()->countries->get_shipping_countries() ), true ) ) {
/* translators: %s: shipping location */
$errors->add( 'shipping', sprintf( __( 'Unfortunately <strong>we do not ship %s</strong>. Please enter an alternative shipping address.', 'woocommerce' ), WC()->countries->shipping_to_prefix() . ' ' . WC()->customer->get_shipping_country() ) ); $errors->add( 'shipping', sprintf( __( 'Unfortunately <strong>we do not ship %s</strong>. Please enter an alternative shipping address.', 'woocommerce' ), WC()->countries->shipping_to_prefix() . ' ' . WC()->customer->get_shipping_country() ) );
} else { } else {
$chosen_shipping_methods = WC()->session->get( 'chosen_shipping_methods' ); $chosen_shipping_methods = WC()->session->get( 'chosen_shipping_methods' );
@ -733,9 +756,9 @@ class WC_Checkout {
* Set address field for customer. * Set address field for customer.
* *
* @since 3.0.7 * @since 3.0.7
* @param $field string to update * @param string $field String to update.
* @param $key * @param string $key Field key.
* @param $data array of data to get the value from * @param array $data Array of data to get the value from.
*/ */
protected function set_customer_address_fields( $field, $key, $data ) { protected function set_customer_address_fields( $field, $key, $data ) {
if ( isset( $data[ "billing_{$field}" ] ) ) { if ( isset( $data[ "billing_{$field}" ] ) ) {
@ -751,7 +774,7 @@ class WC_Checkout {
* Update customer and session data from the posted checkout data. * Update customer and session data from the posted checkout data.
* *
* @since 3.0.0 * @since 3.0.0
* @param array $data * @param array $data Posted data.
*/ */
protected function update_session( $data ) { protected function update_session( $data ) {
// Update both shipping and billing to the passed billing address first if set. // Update both shipping and billing to the passed billing address first if set.
@ -767,7 +790,7 @@ class WC_Checkout {
array_walk( $address_fields, array( $this, 'set_customer_address_fields' ), $data ); array_walk( $address_fields, array( $this, 'set_customer_address_fields' ), $data );
WC()->customer->save(); WC()->customer->save();
// Update customer shipping and payment method to posted method // Update customer shipping and payment method to posted method.
$chosen_shipping_methods = WC()->session->get( 'chosen_shipping_methods' ); $chosen_shipping_methods = WC()->session->get( 'chosen_shipping_methods' );
if ( is_array( $data['shipping_method'] ) ) { if ( is_array( $data['shipping_method'] ) ) {
@ -788,8 +811,8 @@ class WC_Checkout {
* Process an order that does require payment. * Process an order that does require payment.
* *
* @since 3.0.0 * @since 3.0.0
* @param int $order_id * @param int $order_id Order ID.
* @param string $payment_method * @param string $payment_method Payment method.
*/ */
protected function process_order_payment( $order_id, $payment_method ) { protected function process_order_payment( $order_id, $payment_method ) {
$available_gateways = WC()->payment_gateways->get_available_payment_gateways(); $available_gateways = WC()->payment_gateways->get_available_payment_gateways();
@ -798,13 +821,13 @@ class WC_Checkout {
return; return;
} }
// Store Order ID in session so it can be re-used after payment failure // Store Order ID in session so it can be re-used after payment failure.
WC()->session->set( 'order_awaiting_payment', $order_id ); WC()->session->set( 'order_awaiting_payment', $order_id );
// Process Payment // Process Payment.
$result = $available_gateways[ $payment_method ]->process_payment( $order_id ); $result = $available_gateways[ $payment_method ]->process_payment( $order_id );
// Redirect to success/confirmation/payment page // Redirect to success/confirmation/payment page.
if ( isset( $result['result'] ) && 'success' === $result['result'] ) { if ( isset( $result['result'] ) && 'success' === $result['result'] ) {
$result = apply_filters( 'woocommerce_payment_successful_result', $result, $order_id ); $result = apply_filters( 'woocommerce_payment_successful_result', $result, $order_id );
@ -821,7 +844,7 @@ class WC_Checkout {
* Process an order that doesn't require payment. * Process an order that doesn't require payment.
* *
* @since 3.0.0 * @since 3.0.0
* @param int $order_id * @param int $order_id Order ID.
*/ */
protected function process_order_without_payment( $order_id ) { protected function process_order_without_payment( $order_id ) {
$order = wc_get_order( $order_id ); $order = wc_get_order( $order_id );
@ -829,10 +852,12 @@ class WC_Checkout {
wc_empty_cart(); wc_empty_cart();
if ( is_ajax() ) { if ( is_ajax() ) {
wp_send_json( array( wp_send_json(
array(
'result' => 'success', 'result' => 'success',
'redirect' => apply_filters( 'woocommerce_checkout_no_payment_needed_redirect', $order->get_checkout_order_received_url(), $order ), 'redirect' => apply_filters( 'woocommerce_checkout_no_payment_needed_redirect', $order->get_checkout_order_received_url(), $order ),
) ); )
);
} else { } else {
wp_safe_redirect( wp_safe_redirect(
apply_filters( 'woocommerce_checkout_no_payment_needed_redirect', $order->get_checkout_order_received_url(), $order ) apply_filters( 'woocommerce_checkout_no_payment_needed_redirect', $order->get_checkout_order_received_url(), $order )
@ -843,8 +868,9 @@ class WC_Checkout {
/** /**
* Create a new customer account if needed. * Create a new customer account if needed.
* @param array $data *
* @throws Exception * @throws Exception When not able to create customer.
* @param array $data Posted data.
*/ */
protected function process_customer( $data ) { protected function process_customer( $data ) {
$customer_id = apply_filters( 'woocommerce_checkout_customer_id', get_current_user_id() ); $customer_id = apply_filters( 'woocommerce_checkout_customer_id', get_current_user_id() );
@ -861,10 +887,10 @@ class WC_Checkout {
wp_set_current_user( $customer_id ); wp_set_current_user( $customer_id );
wc_set_customer_auth_cookie( $customer_id ); wc_set_customer_auth_cookie( $customer_id );
// As we are now logged in, checkout will need to refresh to show logged in data // As we are now logged in, checkout will need to refresh to show logged in data.
WC()->session->set( 'reload_checkout', true ); WC()->session->set( 'reload_checkout', true );
// Also, recalculate cart totals to reveal any role-based discounts that were unavailable before registering // Also, recalculate cart totals to reveal any role-based discounts that were unavailable before registering.
WC()->cart->calculate_totals(); WC()->cart->calculate_totals();
} }
@ -903,6 +929,7 @@ class WC_Checkout {
/** /**
* Action hook to adjust customer before save. * Action hook to adjust customer before save.
*
* @since 3.0.0 * @since 3.0.0
*/ */
do_action( 'woocommerce_checkout_update_customer', $customer, $data ); do_action( 'woocommerce_checkout_update_customer', $customer, $data );
@ -918,7 +945,7 @@ class WC_Checkout {
*/ */
protected function send_ajax_failure_response() { protected function send_ajax_failure_response() {
if ( is_ajax() ) { if ( is_ajax() ) {
// only print notices if not reloading the checkout, otherwise they're lost in the page reload // Only print notices if not reloading the checkout, otherwise they're lost in the page reload.
if ( ! isset( WC()->session->reload_checkout ) ) { if ( ! isset( WC()->session->reload_checkout ) ) {
ob_start(); ob_start();
wc_print_notices(); wc_print_notices();
@ -940,10 +967,12 @@ class WC_Checkout {
/** /**
* Process the checkout after the confirm order button is pressed. * Process the checkout after the confirm order button is pressed.
*
* @throws Exception When validation fails.
*/ */
public function process_checkout() { public function process_checkout() {
try { try {
if ( empty( $_POST['_wpnonce'] ) || ! wp_verify_nonce( $_POST['_wpnonce'], 'woocommerce-process_checkout' ) ) { if ( empty( $_POST['_wpnonce'] ) || ! wp_verify_nonce( sanitize_key( wp_unslash( $_POST['_wpnonce'] ) ), 'woocommerce-process_checkout' ) ) { // WPCS: input var ok.
WC()->session->set( 'refresh_totals', true ); WC()->session->set( 'refresh_totals', true );
throw new Exception( __( 'We were unable to process your order, please try again.', 'woocommerce' ) ); throw new Exception( __( 'We were unable to process your order, please try again.', 'woocommerce' ) );
} }
@ -954,6 +983,7 @@ class WC_Checkout {
do_action( 'woocommerce_before_checkout_process' ); do_action( 'woocommerce_before_checkout_process' );
if ( WC()->cart->is_empty() ) { if ( WC()->cart->is_empty() ) {
/* translators: %s: shop cart url */
throw new Exception( sprintf( __( 'Sorry, your session has expired. <a href="%s" class="wc-backward">Return to shop</a>', 'woocommerce' ), esc_url( wc_get_page_permalink( 'shop' ) ) ) ); throw new Exception( sprintf( __( 'Sorry, your session has expired. <a href="%s" class="wc-backward">Return to shop</a>', 'woocommerce' ), esc_url( wc_get_page_permalink( 'shop' ) ) ) );
} }
@ -998,8 +1028,8 @@ class WC_Checkout {
/** /**
* Get a posted address field after sanitization and validation. * Get a posted address field after sanitization and validation.
* *
* @param string $key * @param string $key Field key.
* @param string $type billing for shipping * @param string $type Type of address. Available options: 'billing' or 'shipping'.
* @return string * @return string
*/ */
public function get_posted_address_data( $key, $type = 'billing' ) { public function get_posted_address_data( $key, $type = 'billing' ) {
@ -1014,12 +1044,12 @@ class WC_Checkout {
/** /**
* Gets the value either from the posted data, or from the users meta data. * Gets the value either from the posted data, or from the users meta data.
* *
* @param string $input * @param string $input Input key.
* @return string * @return string
*/ */
public function get_value( $input ) { public function get_value( $input ) {
if ( ! empty( $_POST[ $input ] ) ) { if ( ! empty( $_POST[ $input ] ) ) { // WPCS: input var ok, CSRF OK.
return wc_clean( $_POST[ $input ] ); return wc_clean( wp_unslash( $_POST[ $input ] ) ); // WPCS: input var ok, CSRF OK.
} else { } else {

View File

@ -41,7 +41,7 @@
</rule> </rule>
<rule ref="WordPress.VIP.ValidatedSanitizedInput"> <rule ref="WordPress.VIP.ValidatedSanitizedInput">
<properties> <properties>
<property name="customSanitizingFunctions" type="array" value="wc_clean,wc_sanitize_tooltip,wc_format_decimal,wc_stock_amount,wc_sanitize_permalink" /> <property name="customSanitizingFunctions" type="array" value="wc_clean,wc_sanitize_tooltip,wc_format_decimal,wc_stock_amount,wc_sanitize_permalink,wc_sanitize_textarea" />
</properties> </properties>
</rule> </rule>
<rule ref="WordPress.XSS.EscapeOutput"> <rule ref="WordPress.XSS.EscapeOutput">