Merge pull request #19437 from woocommerce/fix/checkout-class-phpcs

Fixed includes/class-wc-checkout.php PHPCS violations
This commit is contained in:
Mike Jolley 2018-03-19 10:45:53 +00:00 committed by GitHub
commit e957b05aea
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 221 additions and 191 deletions

View File

@ -1,18 +1,17 @@
<?php <?php
if ( ! defined( 'ABSPATH' ) ) {
exit;
}
/** /**
* Main checkout class. * Checkout functionality
* *
* The WooCommerce checkout class handles the checkout process, collecting user data and processing the payment. * The WooCommerce checkout class handles the checkout process, collecting user data and processing the payment.
* *
* @class WC_Checkout * @package WooCommerce/Classes
* @package WooCommerce/Classes * @version 3.4.0
* @category Class */
* @author WooThemes
defined( 'ABSPATH' ) || exit;
/**
* Checkout class.
*/ */
class WC_Checkout { class WC_Checkout {
@ -32,6 +31,7 @@ class WC_Checkout {
/** /**
* Holds posted data for backwards compatibility. * Holds posted data for backwards compatibility.
*
* @var array * @var array
*/ */
protected $legacy_posted_data = array(); protected $legacy_posted_data = array();
@ -60,32 +60,36 @@ class WC_Checkout {
/** /**
* See if variable is set. Used to support legacy public variables which are no longer defined. * See if variable is set. Used to support legacy public variables which are no longer defined.
* *
* @param string $key * @param string $key Key.
* @return bool * @return bool
*/ */
public function __isset( $key ) { public function __isset( $key ) {
return in_array( $key, array( return in_array(
'enable_signup', $key,
'enable_guest_checkout', array(
'must_create_account', 'enable_signup',
'checkout_fields', 'enable_guest_checkout',
'posted', 'must_create_account',
'shipping_method', 'checkout_fields',
'payment_method', 'posted',
'customer_id', 'shipping_method',
'shipping_methods', 'payment_method',
) ); 'customer_id',
'shipping_methods',
),
true
);
} }
/** /**
* Sets the legacy public variables for backwards compatibility. * Sets the legacy public variables for backwards compatibility.
* *
* @param string $key * @param string $key Key.
* @param mixed $value * @param mixed $value Value.
*/ */
public function __set( $key, $value ) { public function __set( $key, $value ) {
switch ( $key ) { switch ( $key ) {
case 'enable_signup' : case 'enable_signup':
$bool_value = wc_string_to_bool( $value ); $bool_value = wc_string_to_bool( $value );
if ( $bool_value !== $this->is_registration_enabled() ) { if ( $bool_value !== $this->is_registration_enabled() ) {
@ -94,7 +98,7 @@ class WC_Checkout {
add_filter( 'woocommerce_checkout_registration_enabled', $bool_value ? '__return_true' : '__return_false', 0 ); add_filter( 'woocommerce_checkout_registration_enabled', $bool_value ? '__return_true' : '__return_false', 0 );
} }
break; break;
case 'enable_guest_checkout' : case 'enable_guest_checkout':
$bool_value = wc_string_to_bool( $value ); $bool_value = wc_string_to_bool( $value );
if ( $bool_value === $this->is_registration_required() ) { if ( $bool_value === $this->is_registration_required() ) {
@ -103,13 +107,13 @@ class WC_Checkout {
add_filter( 'woocommerce_checkout_registration_required', $bool_value ? '__return_false' : '__return_true', 0 ); add_filter( 'woocommerce_checkout_registration_required', $bool_value ? '__return_false' : '__return_true', 0 );
} }
break; break;
case 'checkout_fields' : case 'checkout_fields':
$this->fields = $value; $this->fields = $value;
break; break;
case 'shipping_methods' : case 'shipping_methods':
WC()->session->set( 'chosen_shipping_methods', $value ); WC()->session->set( 'chosen_shipping_methods', $value );
break; break;
case 'posted' : case 'posted':
$this->legacy_posted_data = $value; $this->legacy_posted_data = $value;
break; break;
} }
@ -118,33 +122,32 @@ class WC_Checkout {
/** /**
* Gets the legacy public variables for backwards compatibility. * Gets the legacy public variables for backwards compatibility.
* *
* @param string $key * @param string $key Key.
*
* @return array|string * @return array|string
*/ */
public function __get( $key ) { public function __get( $key ) {
if ( in_array( $key, array( 'posted', 'shipping_method', 'payment_method' ) ) && empty( $this->legacy_posted_data ) ) { if ( in_array( $key, array( 'posted', 'shipping_method', 'payment_method' ), true ) && empty( $this->legacy_posted_data ) ) {
$this->legacy_posted_data = $this->get_posted_data(); $this->legacy_posted_data = $this->get_posted_data();
} }
switch ( $key ) { switch ( $key ) {
case 'enable_signup' : case 'enable_signup':
return $this->is_registration_enabled(); return $this->is_registration_enabled();
case 'enable_guest_checkout' : case 'enable_guest_checkout':
return ! $this->is_registration_required(); return ! $this->is_registration_required();
case 'must_create_account' : case 'must_create_account':
return $this->is_registration_required() && ! is_user_logged_in(); return $this->is_registration_required() && ! is_user_logged_in();
case 'checkout_fields' : case 'checkout_fields':
return $this->get_checkout_fields(); return $this->get_checkout_fields();
case 'posted' : case 'posted':
wc_doing_it_wrong( 'WC_Checkout->posted', 'Use $_POST directly.', '3.0.0' ); wc_doing_it_wrong( 'WC_Checkout->posted', 'Use $_POST directly.', '3.0.0' );
return $this->legacy_posted_data; return $this->legacy_posted_data;
case 'shipping_method' : case 'shipping_method':
return $this->legacy_posted_data['shipping_method']; return $this->legacy_posted_data['shipping_method'];
case 'payment_method' : case 'payment_method':
return $this->legacy_posted_data['payment_method']; return $this->legacy_posted_data['payment_method'];
case 'customer_id' : case 'customer_id':
return apply_filters( 'woocommerce_checkout_customer_id', get_current_user_id() ); return apply_filters( 'woocommerce_checkout_customer_id', get_current_user_id() );
case 'shipping_methods' : case 'shipping_methods':
return (array) WC()->session->get( 'chosen_shipping_methods' ); return (array) WC()->session->get( 'chosen_shipping_methods' );
} }
} }
@ -206,19 +209,19 @@ class WC_Checkout {
); );
if ( 'no' === get_option( 'woocommerce_registration_generate_username' ) ) { if ( 'no' === get_option( 'woocommerce_registration_generate_username' ) ) {
$this->fields['account']['account_username'] = array( $this->fields['account']['account_username'] = array(
'type' => 'text', 'type' => 'text',
'label' => __( 'Account username', 'woocommerce' ), 'label' => __( 'Account username', 'woocommerce' ),
'required' => true, 'required' => true,
'placeholder' => esc_attr__( 'Username', 'woocommerce' ), 'placeholder' => esc_attr__( 'Username', 'woocommerce' ),
); );
} }
if ( 'no' === get_option( 'woocommerce_registration_generate_password' ) ) { if ( 'no' === get_option( 'woocommerce_registration_generate_password' ) ) {
$this->fields['account']['account_password'] = array( $this->fields['account']['account_password'] = array(
'type' => 'password', 'type' => 'password',
'label' => __( 'Create account password', 'woocommerce' ), 'label' => __( 'Create account password', 'woocommerce' ),
'required' => true, 'required' => true,
'placeholder' => esc_attr__( 'Password', 'woocommerce' ), 'placeholder' => esc_attr__( 'Password', 'woocommerce' ),
); );
} }
@ -254,29 +257,31 @@ class WC_Checkout {
/** /**
* Create an order. Error codes: * Create an order. Error codes:
* 520 - Cannot insert order into the database. * 520 - Cannot insert order into the database.
* 521 - Cannot get order after creation. * 521 - Cannot get order after creation.
* 522 - Cannot update order. * 522 - Cannot update order.
* 525 - Cannot create line item. * 525 - Cannot create line item.
* 526 - Cannot create fee item. * 526 - Cannot create fee item.
* 527 - Cannot create shipping item. * 527 - Cannot create shipping item.
* 528 - Cannot create tax item. * 528 - Cannot create tax item.
* 529 - Cannot create coupon item. * 529 - Cannot create coupon item.
* *
* @throws Exception * @throws Exception When checkout validation fails.
* @param $data Posted data. * @param array $data Posted data.
* @return int|WP_ERROR * @return int|WP_ERROR
*/ */
public function create_order( $data ) { public function create_order( $data ) {
// Give plugins the opportunity to create an order themselves. // Give plugins the opportunity to create an order themselves.
if ( $order_id = apply_filters( 'woocommerce_create_order', null, $this ) ) { $order_id = apply_filters( 'woocommerce_create_order', null, $this );
if ( $order_id ) {
return $order_id; return $order_id;
} }
try { try {
$order_id = absint( WC()->session->get( 'order_awaiting_payment' ) ); $order_id = absint( WC()->session->get( 'order_awaiting_payment' ) );
$cart_hash = md5( json_encode( wc_clean( WC()->cart->get_cart_for_session() ) ) . WC()->cart->total ); $cart_hash = md5( wp_json_encode( wc_clean( WC()->cart->get_cart_for_session() ) ) . WC()->cart->total );
$available_gateways = WC()->payment_gateways->get_available_payment_gateways(); $available_gateways = WC()->payment_gateways->get_available_payment_gateways();
$order = $order_id ? wc_get_order( $order_id ) : null;
/** /**
* If there is an order pending payment, we can resume it here so * If there is an order pending payment, we can resume it here so
@ -284,7 +289,7 @@ class WC_Checkout {
* different items or cost, create a new order. We use a hash to * different items or cost, create a new order. We use a hash to
* detect changes which is based on cart items + order total. * detect changes which is based on cart items + order total.
*/ */
if ( $order_id && ( $order = wc_get_order( $order_id ) ) && $order->has_cart_hash( $cart_hash ) && $order->has_status( array( 'pending', 'failed' ) ) ) { if ( $order && $order->has_cart_hash( $cart_hash ) && $order->has_status( array( 'pending', 'failed' ) ) ) {
// Action for 3rd parties. // Action for 3rd parties.
do_action( 'woocommerce_resume_order', $order_id ); do_action( 'woocommerce_resume_order', $order_id );
@ -298,10 +303,10 @@ class WC_Checkout {
if ( is_callable( array( $order, "set_{$key}" ) ) ) { if ( is_callable( array( $order, "set_{$key}" ) ) ) {
$order->{"set_{$key}"}( $value ); $order->{"set_{$key}"}( $value );
// Store custom fields prefixed with wither shipping_ or billing_. This is for backwards compatibility with 2.6.x. // Store custom fields prefixed with wither shipping_ or billing_. This is for backwards compatibility with 2.6.x.
// TODO: Fix conditional to only include shipping/billing address fields in a smarter way without str(i)pos. // TODO: Fix conditional to only include shipping/billing address fields in a smarter way without str(i)pos.
} elseif ( ( 0 === stripos( $key, 'billing_' ) || 0 === stripos( $key, 'shipping_' ) ) } elseif ( ( 0 === stripos( $key, 'billing_' ) || 0 === stripos( $key, 'shipping_' ) )
&& ! in_array( $key, array( 'shipping_method', 'shipping_total', 'shipping_tax' ) ) ) { && ! in_array( $key, array( 'shipping_method', 'shipping_total', 'shipping_tax' ), true ) ) {
$order->update_meta_data( '_' . $key, $value ); $order->update_meta_data( '_' . $key, $value );
} }
} }
@ -314,7 +319,7 @@ class WC_Checkout {
$order->set_customer_ip_address( WC_Geolocation::get_ip_address() ); $order->set_customer_ip_address( WC_Geolocation::get_ip_address() );
$order->set_customer_user_agent( wc_get_user_agent() ); $order->set_customer_user_agent( wc_get_user_agent() );
$order->set_customer_note( isset( $data['order_comments'] ) ? $data['order_comments'] : '' ); $order->set_customer_note( isset( $data['order_comments'] ) ? $data['order_comments'] : '' );
$order->set_payment_method( isset( $available_gateways[ $data['payment_method'] ] ) ? $available_gateways[ $data['payment_method'] ] : $data['payment_method'] ); $order->set_payment_method( isset( $available_gateways[ $data['payment_method'] ] ) ? $available_gateways[ $data['payment_method'] ] : $data['payment_method'] );
$order->set_shipping_total( WC()->cart->get_shipping_total() ); $order->set_shipping_total( WC()->cart->get_shipping_total() );
$order->set_discount_total( WC()->cart->get_discount_total() ); $order->set_discount_total( WC()->cart->get_discount_total() );
$order->set_discount_tax( WC()->cart->get_discount_tax() ); $order->set_discount_tax( WC()->cart->get_discount_tax() );
@ -329,6 +334,7 @@ class WC_Checkout {
/** /**
* Action hook to adjust order before save. * Action hook to adjust order before save.
*
* @since 3.0.0 * @since 3.0.0
*/ */
do_action( 'woocommerce_checkout_create_order', $order, $data ); do_action( 'woocommerce_checkout_create_order', $order, $data );
@ -347,40 +353,46 @@ class WC_Checkout {
/** /**
* Add line items to the order. * Add line items to the order.
* *
* @param WC_Order $order * @param WC_Order $order Order instance.
* @param WC_Cart $cart * @param WC_Cart $cart Cart instance.
*/ */
public function create_order_line_items( &$order, $cart ) { public function create_order_line_items( &$order, $cart ) {
foreach ( $cart->get_cart() as $cart_item_key => $values ) { foreach ( $cart->get_cart() as $cart_item_key => $values ) {
/** /**
* Filter hook to get initial item object. * Filter hook to get initial item object.
*
* @since 3.1.0 * @since 3.1.0
*/ */
$item = apply_filters( 'woocommerce_checkout_create_order_line_item_object', new WC_Order_Item_Product(), $cart_item_key, $values, $order ); $item = apply_filters( 'woocommerce_checkout_create_order_line_item_object', new WC_Order_Item_Product(), $cart_item_key, $values, $order );
$product = $values['data']; $product = $values['data'];
$item->legacy_values = $values; // @deprecated For legacy actions. $item->legacy_values = $values; // @deprecated For legacy actions.
$item->legacy_cart_item_key = $cart_item_key; // @deprecated For legacy actions. $item->legacy_cart_item_key = $cart_item_key; // @deprecated For legacy actions.
$item->set_props( array( $item->set_props(
'quantity' => $values['quantity'], array(
'variation' => $values['variation'], 'quantity' => $values['quantity'],
'subtotal' => $values['line_subtotal'], 'variation' => $values['variation'],
'total' => $values['line_total'], 'subtotal' => $values['line_subtotal'],
'subtotal_tax' => $values['line_subtotal_tax'], 'total' => $values['line_total'],
'total_tax' => $values['line_tax'], 'subtotal_tax' => $values['line_subtotal_tax'],
'taxes' => $values['line_tax_data'], 'total_tax' => $values['line_tax'],
) ); 'taxes' => $values['line_tax_data'],
)
);
if ( $product ) { if ( $product ) {
$item->set_props( array( $item->set_props(
'name' => $product->get_name(), array(
'tax_class' => $product->get_tax_class(), 'name' => $product->get_name(),
'product_id' => $product->is_type( 'variation' ) ? $product->get_parent_id() : $product->get_id(), 'tax_class' => $product->get_tax_class(),
'variation_id' => $product->is_type( 'variation' ) ? $product->get_id() : 0, 'product_id' => $product->is_type( 'variation' ) ? $product->get_parent_id() : $product->get_id(),
) ); 'variation_id' => $product->is_type( 'variation' ) ? $product->get_id() : 0,
)
);
} }
$item->set_backorder_meta(); $item->set_backorder_meta();
/** /**
* Action hook to adjust item before save. * Action hook to adjust item before save.
*
* @since 3.0.0 * @since 3.0.0
*/ */
do_action( 'woocommerce_checkout_create_order_line_item', $item, $cart_item_key, $values, $order ); do_action( 'woocommerce_checkout_create_order_line_item', $item, $cart_item_key, $values, $order );
@ -393,27 +405,30 @@ class WC_Checkout {
/** /**
* Add fees to the order. * Add fees to the order.
* *
* @param WC_Order $order * @param WC_Order $order Order instance.
* @param WC_Cart $cart * @param WC_Cart $cart Cart instance.
*/ */
public function create_order_fee_lines( &$order, $cart ) { public function create_order_fee_lines( &$order, $cart ) {
foreach ( $cart->get_fees() as $fee_key => $fee ) { foreach ( $cart->get_fees() as $fee_key => $fee ) {
$item = new WC_Order_Item_Fee(); $item = new WC_Order_Item_Fee();
$item->legacy_fee = $fee; // @deprecated For legacy actions. $item->legacy_fee = $fee; // @deprecated For legacy actions.
$item->legacy_fee_key = $fee_key; // @deprecated For legacy actions. $item->legacy_fee_key = $fee_key; // @deprecated For legacy actions.
$item->set_props( array( $item->set_props(
'name' => $fee->name, array(
'tax_class' => $fee->taxable ? $fee->tax_class: 0, 'name' => $fee->name,
'amount' => $fee->amount, 'tax_class' => $fee->taxable ? $fee->tax_class : 0,
'total' => $fee->total, 'amount' => $fee->amount,
'total_tax' => $fee->tax, 'total' => $fee->total,
'taxes' => array( 'total_tax' => $fee->tax,
'total' => $fee->tax_data, 'taxes' => array(
), 'total' => $fee->tax_data,
) ); ),
)
);
/** /**
* Action hook to adjust item before save. * Action hook to adjust item before save.
*
* @since 3.0.0 * @since 3.0.0
*/ */
do_action( 'woocommerce_checkout_create_order_fee_item', $item, $fee_key, $fee, $order ); do_action( 'woocommerce_checkout_create_order_fee_item', $item, $fee_key, $fee, $order );
@ -426,26 +441,27 @@ class WC_Checkout {
/** /**
* Add shipping lines to the order. * Add shipping lines to the order.
* *
* @param WC_Order $order * @param WC_Order $order Order Instance.
* @param array $chosen_shipping_methods * @param array $chosen_shipping_methods Chosen shipping methods.
* @param array $packages * @param array $packages Packages.
*/ */
public function create_order_shipping_lines( &$order, $chosen_shipping_methods, $packages ) { public function create_order_shipping_lines( &$order, $chosen_shipping_methods, $packages ) {
foreach ( $packages as $package_key => $package ) { foreach ( $packages as $package_key => $package ) {
if ( isset( $chosen_shipping_methods[ $package_key ], $package['rates'][ $chosen_shipping_methods[ $package_key ] ] ) ) { if ( isset( $chosen_shipping_methods[ $package_key ], $package['rates'][ $chosen_shipping_methods[ $package_key ] ] ) ) {
/** @var WC_Shipping_Rate $shipping_rate */
$shipping_rate = $package['rates'][ $chosen_shipping_methods[ $package_key ] ]; $shipping_rate = $package['rates'][ $chosen_shipping_methods[ $package_key ] ];
$item = new WC_Order_Item_Shipping(); $item = new WC_Order_Item_Shipping();
$item->legacy_package_key = $package_key; // @deprecated For legacy actions. $item->legacy_package_key = $package_key; // @deprecated For legacy actions.
$item->set_props( array( $item->set_props(
'method_title' => $shipping_rate->label, array(
'method_id' => $shipping_rate->method_id, 'method_title' => $shipping_rate->label,
'instance_id' => $shipping_rate->instance_id, 'method_id' => $shipping_rate->method_id,
'total' => wc_format_decimal( $shipping_rate->cost ), 'instance_id' => $shipping_rate->instance_id,
'taxes' => array( 'total' => wc_format_decimal( $shipping_rate->cost ),
'total' => $shipping_rate->taxes, 'taxes' => array(
), 'total' => $shipping_rate->taxes,
) ); ),
)
);
foreach ( $shipping_rate->get_meta_data() as $key => $value ) { foreach ( $shipping_rate->get_meta_data() as $key => $value ) {
$item->add_meta_data( $key, $value, true ); $item->add_meta_data( $key, $value, true );
@ -453,6 +469,7 @@ class WC_Checkout {
/** /**
* Action hook to adjust item before save. * Action hook to adjust item before save.
*
* @since 3.0.0 * @since 3.0.0
*/ */
do_action( 'woocommerce_checkout_create_order_shipping_item', $item, $package_key, $package, $order ); do_action( 'woocommerce_checkout_create_order_shipping_item', $item, $package_key, $package, $order );
@ -466,24 +483,27 @@ class WC_Checkout {
/** /**
* Add tax lines to the order. * Add tax lines to the order.
* *
* @param WC_Order $order * @param WC_Order $order Order instance.
* @param WC_Cart $cart * @param WC_Cart $cart Cart instance.
*/ */
public function create_order_tax_lines( &$order, $cart ) { public function create_order_tax_lines( &$order, $cart ) {
foreach ( array_keys( $cart->get_cart_contents_taxes() + $cart->get_shipping_taxes() + $cart->get_fee_taxes() ) as $tax_rate_id ) { foreach ( array_keys( $cart->get_cart_contents_taxes() + $cart->get_shipping_taxes() + $cart->get_fee_taxes() ) as $tax_rate_id ) {
if ( $tax_rate_id && apply_filters( 'woocommerce_cart_remove_taxes_zero_rate_id', 'zero-rated' ) !== $tax_rate_id ) { if ( $tax_rate_id && apply_filters( 'woocommerce_cart_remove_taxes_zero_rate_id', 'zero-rated' ) !== $tax_rate_id ) {
$item = new WC_Order_Item_Tax(); $item = new WC_Order_Item_Tax();
$item->set_props( array( $item->set_props(
'rate_id' => $tax_rate_id, array(
'tax_total' => $cart->get_tax_amount( $tax_rate_id ), 'rate_id' => $tax_rate_id,
'shipping_tax_total' => $cart->get_shipping_tax_amount( $tax_rate_id ), 'tax_total' => $cart->get_tax_amount( $tax_rate_id ),
'rate_code' => WC_Tax::get_rate_code( $tax_rate_id ), 'shipping_tax_total' => $cart->get_shipping_tax_amount( $tax_rate_id ),
'label' => WC_Tax::get_rate_label( $tax_rate_id ), 'rate_code' => WC_Tax::get_rate_code( $tax_rate_id ),
'compound' => WC_Tax::is_compound( $tax_rate_id ), 'label' => WC_Tax::get_rate_label( $tax_rate_id ),
) ); 'compound' => WC_Tax::is_compound( $tax_rate_id ),
)
);
/** /**
* Action hook to adjust item before save. * Action hook to adjust item before save.
*
* @since 3.0.0 * @since 3.0.0
*/ */
do_action( 'woocommerce_checkout_create_order_tax_item', $item, $tax_rate_id, $order ); do_action( 'woocommerce_checkout_create_order_tax_item', $item, $tax_rate_id, $order );
@ -497,21 +517,24 @@ class WC_Checkout {
/** /**
* Add coupon lines to the order. * Add coupon lines to the order.
* *
* @param WC_Order $order * @param WC_Order $order Order instance.
* @param WC_Cart $cart * @param WC_Cart $cart Cart instance.
*/ */
public function create_order_coupon_lines( &$order, $cart ) { public function create_order_coupon_lines( &$order, $cart ) {
foreach ( $cart->get_coupons() as $code => $coupon ) { foreach ( $cart->get_coupons() as $code => $coupon ) {
$item = new WC_Order_Item_Coupon(); $item = new WC_Order_Item_Coupon();
$item->set_props( array( $item->set_props(
'code' => $code, array(
'discount' => $cart->get_coupon_discount_amount( $code ), 'code' => $code,
'discount_tax' => $cart->get_coupon_discount_tax_amount( $code ), 'discount' => $cart->get_coupon_discount_amount( $code ),
) ); 'discount_tax' => $cart->get_coupon_discount_tax_amount( $code ),
)
);
$item->add_meta_data( 'coupon_data', $coupon->get_data() ); $item->add_meta_data( 'coupon_data', $coupon->get_data() );
/** /**
* Action hook to adjust item before save. * Action hook to adjust item before save.
*
* @since 3.0.0 * @since 3.0.0
*/ */
do_action( 'woocommerce_checkout_create_order_coupon_item', $item, $code, $coupon, $order ); do_action( 'woocommerce_checkout_create_order_coupon_item', $item, $code, $coupon, $order );
@ -525,10 +548,8 @@ class WC_Checkout {
* See if a fieldset should be skipped. * See if a fieldset should be skipped.
* *
* @since 3.0.0 * @since 3.0.0
* * @param string $fieldset_key Fieldset key.
* @param string $fieldset_key * @param array $data Posted data.
* @param array $data
*
* @return bool * @return bool
*/ */
protected function maybe_skip_fieldset( $fieldset_key, $data ) { protected function maybe_skip_fieldset( $fieldset_key, $data ) {
@ -550,12 +571,12 @@ class WC_Checkout {
public function get_posted_data() { public function get_posted_data() {
$skipped = array(); $skipped = array();
$data = array( $data = array(
'terms' => (int) isset( $_POST['terms'] ), 'terms' => (int) isset( $_POST['terms'] ), // WPCS: input var ok, CSRF ok.
'createaccount' => (int) ! empty( $_POST['createaccount'] ), 'createaccount' => (int) ! empty( $_POST['createaccount'] ), // WPCS: input var ok, CSRF ok.
'payment_method' => isset( $_POST['payment_method'] ) ? wc_clean( $_POST['payment_method'] ) : '', 'payment_method' => isset( $_POST['payment_method'] ) ? wc_clean( wp_unslash( $_POST['payment_method'] ) ) : '', // WPCS: input var ok, CSRF ok.
'shipping_method' => isset( $_POST['shipping_method'] ) ? wc_clean( $_POST['shipping_method'] ) : '', 'shipping_method' => isset( $_POST['shipping_method'] ) ? wc_clean( wp_unslash( $_POST['shipping_method'] ) ) : '', // WPCS: input var ok, CSRF ok.
'ship_to_different_address' => ! empty( $_POST['ship_to_different_address'] ) && ! wc_ship_to_billing_address_only(), 'ship_to_different_address' => ! empty( $_POST['ship_to_different_address'] ) && ! wc_ship_to_billing_address_only(), // WPCS: input var ok, CSRF ok.
'woocommerce_checkout_update_totals' => isset( $_POST['woocommerce_checkout_update_totals'] ), 'woocommerce_checkout_update_totals' => isset( $_POST['woocommerce_checkout_update_totals'] ), // WPCS: input var ok, CSRF ok.
); );
foreach ( $this->get_checkout_fields() as $fieldset_key => $fieldset ) { foreach ( $this->get_checkout_fields() as $fieldset_key => $fieldset ) {
if ( $this->maybe_skip_fieldset( $fieldset_key, $data ) ) { if ( $this->maybe_skip_fieldset( $fieldset_key, $data ) ) {
@ -566,17 +587,17 @@ class WC_Checkout {
$type = sanitize_title( isset( $field['type'] ) ? $field['type'] : 'text' ); $type = sanitize_title( isset( $field['type'] ) ? $field['type'] : 'text' );
switch ( $type ) { switch ( $type ) {
case 'checkbox' : case 'checkbox':
$value = isset( $_POST[ $key ] ) ? 1 : ''; $value = isset( $_POST[ $key ] ) ? 1 : ''; // WPCS: input var ok, CSRF ok.
break; break;
case 'multiselect' : case 'multiselect':
$value = isset( $_POST[ $key ] ) ? implode( ', ', wc_clean( $_POST[ $key ] ) ) : ''; $value = isset( $_POST[ $key ] ) ? implode( ', ', wc_clean( wp_unslash( $_POST[ $key ] ) ) ) : ''; // WPCS: input var ok, CSRF ok.
break; break;
case 'textarea' : case 'textarea':
$value = isset( $_POST[ $key ] ) ? wc_sanitize_textarea( $_POST[ $key ] ) : ''; $value = isset( $_POST[ $key ] ) ? wc_sanitize_textarea( wp_unslash( $_POST[ $key ] ) ) : ''; // WPCS: input var ok, CSRF ok.
break; break;
default : default:
$value = isset( $_POST[ $key ] ) ? wc_clean( $_POST[ $key ] ) : ''; $value = isset( $_POST[ $key ] ) ? wc_clean( wp_unslash( $_POST[ $key ] ) ) : ''; // WPCS: input var ok, CSRF ok.
break; break;
} }
@ -584,7 +605,7 @@ class WC_Checkout {
} }
} }
if ( in_array( 'shipping', $skipped ) && ( WC()->cart->needs_shipping_address() || wc_ship_to_billing_address_only() ) ) { if ( in_array( 'shipping', $skipped, true ) && ( WC()->cart->needs_shipping_address() || wc_ship_to_billing_address_only() ) ) {
foreach ( $this->get_checkout_fields( 'shipping' ) as $key => $field ) { foreach ( $this->get_checkout_fields( 'shipping' ) as $key => $field ) {
$data[ $key ] = isset( $data[ 'billing_' . substr( $key, 9 ) ] ) ? $data[ 'billing_' . substr( $key, 9 ) ] : ''; $data[ $key ] = isset( $data[ 'billing_' . substr( $key, 9 ) ] ) ? $data[ 'billing_' . substr( $key, 9 ) ] : '';
} }
@ -600,8 +621,8 @@ class WC_Checkout {
* Validates the posted checkout data based on field properties. * Validates the posted checkout data based on field properties.
* *
* @since 3.0.0 * @since 3.0.0
* @param array $data An array of posted data. * @param array $data An array of posted data.
* @param WP_Error $errors * @param WP_Error $errors Validation error.
*/ */
protected function validate_posted_data( &$data, &$errors ) { protected function validate_posted_data( &$data, &$errors ) {
foreach ( $this->get_checkout_fields() as $fieldset_key => $fieldset ) { foreach ( $this->get_checkout_fields() as $fieldset_key => $fieldset ) {
@ -617,26 +638,27 @@ class WC_Checkout {
$field_label = isset( $field['label'] ) ? $field['label'] : ''; $field_label = isset( $field['label'] ) ? $field['label'] : '';
switch ( $fieldset_key ) { switch ( $fieldset_key ) {
case 'shipping' : case 'shipping':
/* translators: %s: field name */ /* translators: %s: field name */
$field_label = sprintf( __( 'Shipping %s', 'woocommerce' ), $field_label ); $field_label = sprintf( __( 'Shipping %s', 'woocommerce' ), $field_label );
break; break;
case 'billing' : case 'billing':
/* translators: %s: field name */ /* translators: %s: field name */
$field_label = sprintf( __( 'Billing %s', 'woocommerce' ), $field_label ); $field_label = sprintf( __( 'Billing %s', 'woocommerce' ), $field_label );
break; break;
} }
if ( in_array( 'postcode', $format ) ) { if ( in_array( 'postcode', $format, true ) ) {
$country = isset( $data[ $fieldset_key . '_country' ] ) ? $data[ $fieldset_key . '_country' ] : WC()->customer->{"get_{$fieldset_key}_country"}(); $country = isset( $data[ $fieldset_key . '_country' ] ) ? $data[ $fieldset_key . '_country' ] : WC()->customer->{"get_{$fieldset_key}_country"}();
$data[ $key ] = wc_format_postcode( $data[ $key ], $country ); $data[ $key ] = wc_format_postcode( $data[ $key ], $country );
if ( '' !== $data[ $key ] && ! WC_Validation::is_postcode( $data[ $key ], $country ) ) { if ( '' !== $data[ $key ] && ! WC_Validation::is_postcode( $data[ $key ], $country ) ) {
/* translators: %s: field name */
$errors->add( 'validation', sprintf( __( '%s is not a valid postcode / ZIP.', 'woocommerce' ), '<strong>' . esc_html( $field_label ) . '</strong>' ) ); $errors->add( 'validation', sprintf( __( '%s is not a valid postcode / ZIP.', 'woocommerce' ), '<strong>' . esc_html( $field_label ) . '</strong>' ) );
} }
} }
if ( in_array( 'phone', $format ) ) { if ( in_array( 'phone', $format, true ) ) {
$data[ $key ] = wc_format_phone_number( $data[ $key ] ); $data[ $key ] = wc_format_phone_number( $data[ $key ] );
if ( '' !== $data[ $key ] && ! WC_Validation::is_phone( $data[ $key ] ) ) { if ( '' !== $data[ $key ] && ! WC_Validation::is_phone( $data[ $key ] ) ) {
@ -645,7 +667,7 @@ class WC_Checkout {
} }
} }
if ( in_array( 'email', $format ) && '' !== $data[ $key ] ) { if ( in_array( 'email', $format, true ) && '' !== $data[ $key ] ) {
$data[ $key ] = sanitize_email( $data[ $key ] ); $data[ $key ] = sanitize_email( $data[ $key ] );
if ( ! is_email( $data[ $key ] ) ) { if ( ! is_email( $data[ $key ] ) ) {
@ -655,11 +677,11 @@ class WC_Checkout {
} }
} }
if ( '' !== $data[ $key ] && in_array( 'state', $format ) ) { if ( '' !== $data[ $key ] && in_array( 'state', $format, true ) ) {
$country = isset( $data[ $fieldset_key . '_country' ] ) ? $data[ $fieldset_key . '_country' ] : WC()->customer->{"get_{$fieldset_key}_country"}(); $country = isset( $data[ $fieldset_key . '_country' ] ) ? $data[ $fieldset_key . '_country' ] : WC()->customer->{"get_{$fieldset_key}_country"}();
$valid_states = WC()->countries->get_states( $country ); $valid_states = WC()->countries->get_states( $country );
if ( ! empty( $valid_states ) && is_array( $valid_states ) && sizeof( $valid_states ) > 0 ) { if ( ! empty( $valid_states ) && is_array( $valid_states ) && count( $valid_states ) > 0 ) {
$valid_state_values = array_map( 'wc_strtoupper', array_flip( array_map( 'wc_strtoupper', $valid_states ) ) ); $valid_state_values = array_map( 'wc_strtoupper', array_flip( array_map( 'wc_strtoupper', $valid_states ) ) );
$data[ $key ] = wc_strtoupper( $data[ $key ] ); $data[ $key ] = wc_strtoupper( $data[ $key ] );
@ -668,7 +690,7 @@ class WC_Checkout {
$data[ $key ] = $valid_state_values[ $data[ $key ] ]; $data[ $key ] = $valid_state_values[ $data[ $key ] ];
} }
if ( ! in_array( $data[ $key ], $valid_state_values ) ) { if ( ! in_array( $data[ $key ], $valid_state_values, true ) ) {
/* translators: 1: state field 2: valid states */ /* translators: 1: state field 2: valid states */
$errors->add( 'validation', sprintf( __( '%1$s is not valid. Please enter one of the following: %2$s', 'woocommerce' ), '<strong>' . esc_html( $field_label ) . '</strong>', implode( ', ', $valid_states ) ) ); $errors->add( 'validation', sprintf( __( '%1$s is not valid. Please enter one of the following: %2$s', 'woocommerce' ), '<strong>' . esc_html( $field_label ) . '</strong>', implode( ', ', $valid_states ) ) );
} }
@ -687,14 +709,14 @@ class WC_Checkout {
* Validates that the checkout has enough info to proceed. * Validates that the checkout has enough info to proceed.
* *
* @since 3.0.0 * @since 3.0.0
* @param array $data An array of posted data. * @param array $data An array of posted data.
* @param WP_Error $errors * @param WP_Error $errors Validation errors.
*/ */
protected function validate_checkout( &$data, &$errors ) { protected function validate_checkout( &$data, &$errors ) {
$this->validate_posted_data( $data, $errors ); $this->validate_posted_data( $data, $errors );
$this->check_cart_items(); $this->check_cart_items();
if ( empty( $data['woocommerce_checkout_update_totals'] ) && ! empty( $_POST['terms-field'] ) && empty( $data['terms'] ) && apply_filters( 'woocommerce_checkout_show_terms', wc_get_page_id( 'terms' ) > 0 ) ) { if ( empty( $data['woocommerce_checkout_update_totals'] ) && ! empty( $_POST['terms-field'] ) && empty( $data['terms'] ) && apply_filters( 'woocommerce_checkout_show_terms', wc_get_page_id( 'terms' ) > 0 ) ) { // WPCS: input var ok, CSRF ok.
$errors->add( 'terms', __( 'You must accept our Terms &amp; Conditions.', 'woocommerce' ) ); $errors->add( 'terms', __( 'You must accept our Terms &amp; Conditions.', 'woocommerce' ) );
} }
@ -703,7 +725,8 @@ class WC_Checkout {
if ( empty( $shipping_country ) ) { if ( empty( $shipping_country ) ) {
$errors->add( 'shipping', __( 'Please enter an address to continue.', 'woocommerce' ) ); $errors->add( 'shipping', __( 'Please enter an address to continue.', 'woocommerce' ) );
} elseif ( ! in_array( WC()->customer->get_shipping_country(), array_keys( WC()->countries->get_shipping_countries() ) ) ) { } elseif ( ! in_array( WC()->customer->get_shipping_country(), array_keys( WC()->countries->get_shipping_countries() ), true ) ) {
/* translators: %s: shipping location */
$errors->add( 'shipping', sprintf( __( 'Unfortunately <strong>we do not ship %s</strong>. Please enter an alternative shipping address.', 'woocommerce' ), WC()->countries->shipping_to_prefix() . ' ' . WC()->customer->get_shipping_country() ) ); $errors->add( 'shipping', sprintf( __( 'Unfortunately <strong>we do not ship %s</strong>. Please enter an alternative shipping address.', 'woocommerce' ), WC()->countries->shipping_to_prefix() . ' ' . WC()->customer->get_shipping_country() ) );
} else { } else {
$chosen_shipping_methods = WC()->session->get( 'chosen_shipping_methods' ); $chosen_shipping_methods = WC()->session->get( 'chosen_shipping_methods' );
@ -733,9 +756,9 @@ class WC_Checkout {
* Set address field for customer. * Set address field for customer.
* *
* @since 3.0.7 * @since 3.0.7
* @param $field string to update * @param string $field String to update.
* @param $key * @param string $key Field key.
* @param $data array of data to get the value from * @param array $data Array of data to get the value from.
*/ */
protected function set_customer_address_fields( $field, $key, $data ) { protected function set_customer_address_fields( $field, $key, $data ) {
if ( isset( $data[ "billing_{$field}" ] ) ) { if ( isset( $data[ "billing_{$field}" ] ) ) {
@ -750,8 +773,8 @@ class WC_Checkout {
/** /**
* Update customer and session data from the posted checkout data. * Update customer and session data from the posted checkout data.
* *
* @since 3.0.0 * @since 3.0.0
* @param array $data * @param array $data Posted data.
*/ */
protected function update_session( $data ) { protected function update_session( $data ) {
// Update both shipping and billing to the passed billing address first if set. // Update both shipping and billing to the passed billing address first if set.
@ -767,7 +790,7 @@ class WC_Checkout {
array_walk( $address_fields, array( $this, 'set_customer_address_fields' ), $data ); array_walk( $address_fields, array( $this, 'set_customer_address_fields' ), $data );
WC()->customer->save(); WC()->customer->save();
// Update customer shipping and payment method to posted method // Update customer shipping and payment method to posted method.
$chosen_shipping_methods = WC()->session->get( 'chosen_shipping_methods' ); $chosen_shipping_methods = WC()->session->get( 'chosen_shipping_methods' );
if ( is_array( $data['shipping_method'] ) ) { if ( is_array( $data['shipping_method'] ) ) {
@ -787,9 +810,9 @@ class WC_Checkout {
/** /**
* Process an order that does require payment. * Process an order that does require payment.
* *
* @since 3.0.0 * @since 3.0.0
* @param int $order_id * @param int $order_id Order ID.
* @param string $payment_method * @param string $payment_method Payment method.
*/ */
protected function process_order_payment( $order_id, $payment_method ) { protected function process_order_payment( $order_id, $payment_method ) {
$available_gateways = WC()->payment_gateways->get_available_payment_gateways(); $available_gateways = WC()->payment_gateways->get_available_payment_gateways();
@ -798,13 +821,13 @@ class WC_Checkout {
return; return;
} }
// Store Order ID in session so it can be re-used after payment failure // Store Order ID in session so it can be re-used after payment failure.
WC()->session->set( 'order_awaiting_payment', $order_id ); WC()->session->set( 'order_awaiting_payment', $order_id );
// Process Payment // Process Payment.
$result = $available_gateways[ $payment_method ]->process_payment( $order_id ); $result = $available_gateways[ $payment_method ]->process_payment( $order_id );
// Redirect to success/confirmation/payment page // Redirect to success/confirmation/payment page.
if ( isset( $result['result'] ) && 'success' === $result['result'] ) { if ( isset( $result['result'] ) && 'success' === $result['result'] ) {
$result = apply_filters( 'woocommerce_payment_successful_result', $result, $order_id ); $result = apply_filters( 'woocommerce_payment_successful_result', $result, $order_id );
@ -820,8 +843,8 @@ class WC_Checkout {
/** /**
* Process an order that doesn't require payment. * Process an order that doesn't require payment.
* *
* @since 3.0.0 * @since 3.0.0
* @param int $order_id * @param int $order_id Order ID.
*/ */
protected function process_order_without_payment( $order_id ) { protected function process_order_without_payment( $order_id ) {
$order = wc_get_order( $order_id ); $order = wc_get_order( $order_id );
@ -829,10 +852,12 @@ class WC_Checkout {
wc_empty_cart(); wc_empty_cart();
if ( is_ajax() ) { if ( is_ajax() ) {
wp_send_json( array( wp_send_json(
'result' => 'success', array(
'redirect' => apply_filters( 'woocommerce_checkout_no_payment_needed_redirect', $order->get_checkout_order_received_url(), $order ), 'result' => 'success',
) ); 'redirect' => apply_filters( 'woocommerce_checkout_no_payment_needed_redirect', $order->get_checkout_order_received_url(), $order ),
)
);
} else { } else {
wp_safe_redirect( wp_safe_redirect(
apply_filters( 'woocommerce_checkout_no_payment_needed_redirect', $order->get_checkout_order_received_url(), $order ) apply_filters( 'woocommerce_checkout_no_payment_needed_redirect', $order->get_checkout_order_received_url(), $order )
@ -843,8 +868,9 @@ class WC_Checkout {
/** /**
* Create a new customer account if needed. * Create a new customer account if needed.
* @param array $data *
* @throws Exception * @throws Exception When not able to create customer.
* @param array $data Posted data.
*/ */
protected function process_customer( $data ) { protected function process_customer( $data ) {
$customer_id = apply_filters( 'woocommerce_checkout_customer_id', get_current_user_id() ); $customer_id = apply_filters( 'woocommerce_checkout_customer_id', get_current_user_id() );
@ -861,10 +887,10 @@ class WC_Checkout {
wp_set_current_user( $customer_id ); wp_set_current_user( $customer_id );
wc_set_customer_auth_cookie( $customer_id ); wc_set_customer_auth_cookie( $customer_id );
// As we are now logged in, checkout will need to refresh to show logged in data // As we are now logged in, checkout will need to refresh to show logged in data.
WC()->session->set( 'reload_checkout', true ); WC()->session->set( 'reload_checkout', true );
// Also, recalculate cart totals to reveal any role-based discounts that were unavailable before registering // Also, recalculate cart totals to reveal any role-based discounts that were unavailable before registering.
WC()->cart->calculate_totals(); WC()->cart->calculate_totals();
} }
@ -895,7 +921,7 @@ class WC_Checkout {
if ( is_callable( array( $customer, "set_{$key}" ) ) ) { if ( is_callable( array( $customer, "set_{$key}" ) ) ) {
$customer->{"set_{$key}"}( $value ); $customer->{"set_{$key}"}( $value );
// Store custom fields prefixed with wither shipping_ or billing_. // Store custom fields prefixed with wither shipping_ or billing_.
} elseif ( 0 === stripos( $key, 'billing_' ) || 0 === stripos( $key, 'shipping_' ) ) { } elseif ( 0 === stripos( $key, 'billing_' ) || 0 === stripos( $key, 'shipping_' ) ) {
$customer->update_meta_data( $key, $value ); $customer->update_meta_data( $key, $value );
} }
@ -903,6 +929,7 @@ class WC_Checkout {
/** /**
* Action hook to adjust customer before save. * Action hook to adjust customer before save.
*
* @since 3.0.0 * @since 3.0.0
*/ */
do_action( 'woocommerce_checkout_update_customer', $customer, $data ); do_action( 'woocommerce_checkout_update_customer', $customer, $data );
@ -918,7 +945,7 @@ class WC_Checkout {
*/ */
protected function send_ajax_failure_response() { protected function send_ajax_failure_response() {
if ( is_ajax() ) { if ( is_ajax() ) {
// only print notices if not reloading the checkout, otherwise they're lost in the page reload // Only print notices if not reloading the checkout, otherwise they're lost in the page reload.
if ( ! isset( WC()->session->reload_checkout ) ) { if ( ! isset( WC()->session->reload_checkout ) ) {
ob_start(); ob_start();
wc_print_notices(); wc_print_notices();
@ -940,10 +967,12 @@ class WC_Checkout {
/** /**
* Process the checkout after the confirm order button is pressed. * Process the checkout after the confirm order button is pressed.
*
* @throws Exception When validation fails.
*/ */
public function process_checkout() { public function process_checkout() {
try { try {
if ( empty( $_POST['_wpnonce'] ) || ! wp_verify_nonce( $_POST['_wpnonce'], 'woocommerce-process_checkout' ) ) { if ( empty( $_POST['_wpnonce'] ) || ! wp_verify_nonce( sanitize_key( wp_unslash( $_POST['_wpnonce'] ) ), 'woocommerce-process_checkout' ) ) { // WPCS: input var ok.
WC()->session->set( 'refresh_totals', true ); WC()->session->set( 'refresh_totals', true );
throw new Exception( __( 'We were unable to process your order, please try again.', 'woocommerce' ) ); throw new Exception( __( 'We were unable to process your order, please try again.', 'woocommerce' ) );
} }
@ -954,6 +983,7 @@ class WC_Checkout {
do_action( 'woocommerce_before_checkout_process' ); do_action( 'woocommerce_before_checkout_process' );
if ( WC()->cart->is_empty() ) { if ( WC()->cart->is_empty() ) {
/* translators: %s: shop cart url */
throw new Exception( sprintf( __( 'Sorry, your session has expired. <a href="%s" class="wc-backward">Return to shop</a>', 'woocommerce' ), esc_url( wc_get_page_permalink( 'shop' ) ) ) ); throw new Exception( sprintf( __( 'Sorry, your session has expired. <a href="%s" class="wc-backward">Return to shop</a>', 'woocommerce' ), esc_url( wc_get_page_permalink( 'shop' ) ) ) );
} }
@ -998,8 +1028,8 @@ class WC_Checkout {
/** /**
* Get a posted address field after sanitization and validation. * Get a posted address field after sanitization and validation.
* *
* @param string $key * @param string $key Field key.
* @param string $type billing for shipping * @param string $type Type of address. Available options: 'billing' or 'shipping'.
* @return string * @return string
*/ */
public function get_posted_address_data( $key, $type = 'billing' ) { public function get_posted_address_data( $key, $type = 'billing' ) {
@ -1014,12 +1044,12 @@ class WC_Checkout {
/** /**
* Gets the value either from the posted data, or from the users meta data. * Gets the value either from the posted data, or from the users meta data.
* *
* @param string $input * @param string $input Input key.
* @return string * @return string
*/ */
public function get_value( $input ) { public function get_value( $input ) {
if ( ! empty( $_POST[ $input ] ) ) { if ( ! empty( $_POST[ $input ] ) ) { // WPCS: input var ok, CSRF OK.
return wc_clean( $_POST[ $input ] ); return wc_clean( wp_unslash( $_POST[ $input ] ) ); // WPCS: input var ok, CSRF OK.
} else { } else {

View File

@ -41,7 +41,7 @@
</rule> </rule>
<rule ref="WordPress.VIP.ValidatedSanitizedInput"> <rule ref="WordPress.VIP.ValidatedSanitizedInput">
<properties> <properties>
<property name="customSanitizingFunctions" type="array" value="wc_clean,wc_sanitize_tooltip,wc_format_decimal,wc_stock_amount,wc_sanitize_permalink" /> <property name="customSanitizingFunctions" type="array" value="wc_clean,wc_sanitize_tooltip,wc_format_decimal,wc_stock_amount,wc_sanitize_permalink,wc_sanitize_textarea" />
</properties> </properties>
</rule> </rule>
<rule ref="WordPress.XSS.EscapeOutput"> <rule ref="WordPress.XSS.EscapeOutput">