Steve-Dee-Designs
/
woocommerce
mirror of https://github.com/woocommerce/woocommerce.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #19437 from woocommerce/fix/checkout-class-phpcs 

Fixed includes/class-wc-checkout.php PHPCS violations
This commit is contained in:
Mike Jolley 2018-03-19 10:45:53 +00:00 committed by GitHub
parent db3924f2c7 47894cc64d
commit e957b05aea
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 221 additions and 191 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

222
includes/class-wc-checkout.php
View File

@ -1,18 +1,17 @@
<?php
if ( ! defined( 'ABSPATH' ) ) {
exit;
}
/**
* Main checkout class.
* Checkout functionality
*
* The WooCommerce checkout class handles the checkout process, collecting user data and processing the payment.
*
* @class WC_Checkout
* @package WooCommerce/Classes
* @category Class
* @author WooThemes
* @version 3.4.0
*/
defined( 'ABSPATH' ) || exit;
/**
* Checkout class.
*/
class WC_Checkout {
@ -32,6 +31,7 @@ class WC_Checkout {
/**
* Holds posted data for backwards compatibility.
*
* @var array
*/
protected $legacy_posted_data = array();
@ -60,11 +60,13 @@ class WC_Checkout {
/**
* See if variable is set. Used to support legacy public variables which are no longer defined.
*
* @param string $key
* @param string $key Key.
* @return bool
*/
public function __isset( $key ) {
return in_array( $key, array(
return in_array(
$key,
array(
'enable_signup',
'enable_guest_checkout',
'must_create_account',
@ -74,14 +76,16 @@ class WC_Checkout {
'payment_method',
'customer_id',
'shipping_methods',
) );
),
true
);
}
/**
* Sets the legacy public variables for backwards compatibility.
*
* @param string $key
* @param mixed $value
* @param string $key Key.
* @param mixed $value Value.
*/
public function __set( $key, $value ) {
switch ( $key ) {
@ -118,12 +122,11 @@ class WC_Checkout {
/**
* Gets the legacy public variables for backwards compatibility.
*
* @param string $key
*
* @param string $key Key.
* @return array|string
*/
public function __get( $key ) {
if ( in_array( $key, array( 'posted', 'shipping_method', 'payment_method' ) ) && empty( $this->legacy_posted_data ) ) {
if ( in_array( $key, array( 'posted', 'shipping_method', 'payment_method' ), true ) && empty( $this->legacy_posted_data ) ) {
$this->legacy_posted_data = $this->get_posted_data();
}
switch ( $key ) {
@ -263,20 +266,22 @@ class WC_Checkout {
* 528 - Cannot create tax item.
* 529 - Cannot create coupon item.
*
* @throws Exception
* @param $data Posted data.
* @throws Exception When checkout validation fails.
* @param array $data Posted data.
* @return int|WP_ERROR
*/
public function create_order( $data ) {
// Give plugins the opportunity to create an order themselves.
if ( $order_id = apply_filters( 'woocommerce_create_order', null, $this ) ) {
$order_id = apply_filters( 'woocommerce_create_order', null, $this );
if ( $order_id ) {
return $order_id;
}
try {
$order_id = absint( WC()->session->get( 'order_awaiting_payment' ) );
$cart_hash = md5( json_encode( wc_clean( WC()->cart->get_cart_for_session() ) ) . WC()->cart->total );
$cart_hash = md5( wp_json_encode( wc_clean( WC()->cart->get_cart_for_session() ) ) . WC()->cart->total );
$available_gateways = WC()->payment_gateways->get_available_payment_gateways();
$order = $order_id ? wc_get_order( $order_id ) : null;
/**
* If there is an order pending payment, we can resume it here so
@ -284,7 +289,7 @@ class WC_Checkout {
* different items or cost, create a new order. We use a hash to
* detect changes which is based on cart items + order total.
*/
if ( $order_id && ( $order = wc_get_order( $order_id ) ) && $order->has_cart_hash( $cart_hash ) && $order->has_status( array( 'pending', 'failed' ) ) ) {
if ( $order && $order->has_cart_hash( $cart_hash ) && $order->has_status( array( 'pending', 'failed' ) ) ) {
// Action for 3rd parties.
do_action( 'woocommerce_resume_order', $order_id );
@ -301,7 +306,7 @@ class WC_Checkout {
// Store custom fields prefixed with wither shipping_ or billing_. This is for backwards compatibility with 2.6.x.
// TODO: Fix conditional to only include shipping/billing address fields in a smarter way without str(i)pos.
} elseif ( ( 0 === stripos( $key, 'billing_' ) || 0 === stripos( $key, 'shipping_' ) )
&& ! in_array( $key, array( 'shipping_method', 'shipping_total', 'shipping_tax' ) ) ) {
&& ! in_array( $key, array( 'shipping_method', 'shipping_total', 'shipping_tax' ), true ) ) {
$order->update_meta_data( '_' . $key, $value );
}
}
@ -329,6 +334,7 @@ class WC_Checkout {
/**
* Action hook to adjust order before save.
*
* @since 3.0.0
*/
do_action( 'woocommerce_checkout_create_order', $order, $data );
@ -347,20 +353,22 @@ class WC_Checkout {
/**
* Add line items to the order.
*
* @param WC_Order $order
* @param WC_Cart $cart
* @param WC_Order $order Order instance.
* @param WC_Cart $cart Cart instance.
*/
public function create_order_line_items( &$order, $cart ) {
foreach ( $cart->get_cart() as $cart_item_key => $values ) {
/**
* Filter hook to get initial item object.
*
* @since 3.1.0
*/
$item = apply_filters( 'woocommerce_checkout_create_order_line_item_object', new WC_Order_Item_Product(), $cart_item_key, $values, $order );
$product = $values['data'];
$item->legacy_values = $values; // @deprecated For legacy actions.
$item->legacy_cart_item_key = $cart_item_key; // @deprecated For legacy actions.
$item->set_props( array(
$item->set_props(
array(
'quantity' => $values['quantity'],
'variation' => $values['variation'],
'subtotal' => $values['line_subtotal'],
@ -368,19 +376,23 @@ class WC_Checkout {
'subtotal_tax' => $values['line_subtotal_tax'],
'total_tax' => $values['line_tax'],
'taxes' => $values['line_tax_data'],
) );
)
);
if ( $product ) {
$item->set_props( array(
$item->set_props(
array(
'name' => $product->get_name(),
'tax_class' => $product->get_tax_class(),
'product_id' => $product->is_type( 'variation' ) ? $product->get_parent_id() : $product->get_id(),
'variation_id' => $product->is_type( 'variation' ) ? $product->get_id() : 0,
) );
)
);
}
$item->set_backorder_meta();
/**
* Action hook to adjust item before save.
*
* @since 3.0.0
*/
do_action( 'woocommerce_checkout_create_order_line_item', $item, $cart_item_key, $values, $order );
@ -393,15 +405,16 @@ class WC_Checkout {
/**
* Add fees to the order.
*
* @param WC_Order $order
* @param WC_Cart $cart
* @param WC_Order $order Order instance.
* @param WC_Cart $cart Cart instance.
*/
public function create_order_fee_lines( &$order, $cart ) {
foreach ( $cart->get_fees() as $fee_key => $fee ) {
$item = new WC_Order_Item_Fee();
$item->legacy_fee = $fee; // @deprecated For legacy actions.
$item->legacy_fee_key = $fee_key; // @deprecated For legacy actions.
$item->set_props( array(
$item->set_props(
array(
'name' => $fee->name,
'tax_class' => $fee->taxable ? $fee->tax_class : 0,
'amount' => $fee->amount,
@ -410,10 +423,12 @@ class WC_Checkout {
'taxes' => array(
'total' => $fee->tax_data,
),
) );
)
);
/**
* Action hook to adjust item before save.
*
* @since 3.0.0
*/
do_action( 'woocommerce_checkout_create_order_fee_item', $item, $fee_key, $fee, $order );
@ -426,18 +441,18 @@ class WC_Checkout {
/**
* Add shipping lines to the order.
*
* @param WC_Order $order
* @param array $chosen_shipping_methods
* @param array $packages
* @param WC_Order $order Order Instance.
* @param array $chosen_shipping_methods Chosen shipping methods.
* @param array $packages Packages.
*/
public function create_order_shipping_lines( &$order, $chosen_shipping_methods, $packages ) {
foreach ( $packages as $package_key => $package ) {
if ( isset( $chosen_shipping_methods[ $package_key ], $package['rates'][ $chosen_shipping_methods[ $package_key ] ] ) ) {
/** @var WC_Shipping_Rate $shipping_rate */
$shipping_rate = $package['rates'][ $chosen_shipping_methods[ $package_key ] ];
$item = new WC_Order_Item_Shipping();
$item->legacy_package_key = $package_key; // @deprecated For legacy actions.
$item->set_props( array(
$item->set_props(
array(
'method_title' => $shipping_rate->label,
'method_id' => $shipping_rate->method_id,
'instance_id' => $shipping_rate->instance_id,
@ -445,7 +460,8 @@ class WC_Checkout {
'taxes' => array(
'total' => $shipping_rate->taxes,
),
) );
)
);
foreach ( $shipping_rate->get_meta_data() as $key => $value ) {
$item->add_meta_data( $key, $value, true );
@ -453,6 +469,7 @@ class WC_Checkout {
/**
* Action hook to adjust item before save.
*
* @since 3.0.0
*/
do_action( 'woocommerce_checkout_create_order_shipping_item', $item, $package_key, $package, $order );
@ -466,24 +483,27 @@ class WC_Checkout {
/**
* Add tax lines to the order.
*
* @param WC_Order $order
* @param WC_Cart $cart
* @param WC_Order $order Order instance.
* @param WC_Cart $cart Cart instance.
*/
public function create_order_tax_lines( &$order, $cart ) {
foreach ( array_keys( $cart->get_cart_contents_taxes() + $cart->get_shipping_taxes() + $cart->get_fee_taxes() ) as $tax_rate_id ) {
if ( $tax_rate_id && apply_filters( 'woocommerce_cart_remove_taxes_zero_rate_id', 'zero-rated' ) !== $tax_rate_id ) {
$item = new WC_Order_Item_Tax();
$item->set_props( array(
$item->set_props(
array(
'rate_id' => $tax_rate_id,
'tax_total' => $cart->get_tax_amount( $tax_rate_id ),
'shipping_tax_total' => $cart->get_shipping_tax_amount( $tax_rate_id ),
'rate_code' => WC_Tax::get_rate_code( $tax_rate_id ),
'label' => WC_Tax::get_rate_label( $tax_rate_id ),
'compound' => WC_Tax::is_compound( $tax_rate_id ),
) );
)
);
/**
* Action hook to adjust item before save.
*
* @since 3.0.0
*/
do_action( 'woocommerce_checkout_create_order_tax_item', $item, $tax_rate_id, $order );
@ -497,21 +517,24 @@ class WC_Checkout {
/**
* Add coupon lines to the order.
*
* @param WC_Order $order
* @param WC_Cart $cart
* @param WC_Order $order Order instance.
* @param WC_Cart $cart Cart instance.
*/
public function create_order_coupon_lines( &$order, $cart ) {
foreach ( $cart->get_coupons() as $code => $coupon ) {
$item = new WC_Order_Item_Coupon();
$item->set_props( array(
$item->set_props(
array(
'code' => $code,
'discount' => $cart->get_coupon_discount_amount( $code ),
'discount_tax' => $cart->get_coupon_discount_tax_amount( $code ),
) );
)
);
$item->add_meta_data( 'coupon_data', $coupon->get_data() );
/**
* Action hook to adjust item before save.
*
* @since 3.0.0
*/
do_action( 'woocommerce_checkout_create_order_coupon_item', $item, $code, $coupon, $order );
@ -525,10 +548,8 @@ class WC_Checkout {
* See if a fieldset should be skipped.
*
* @since 3.0.0
*
* @param string $fieldset_key
* @param array $data
*
* @param string $fieldset_key Fieldset key.
* @param array $data Posted data.
* @return bool
*/
protected function maybe_skip_fieldset( $fieldset_key, $data ) {
@ -550,12 +571,12 @@ class WC_Checkout {
public function get_posted_data() {
$skipped = array();
$data = array(
'terms' => (int) isset( $_POST['terms'] ),
'createaccount' => (int) ! empty( $_POST['createaccount'] ),
'payment_method' => isset( $_POST['payment_method'] ) ? wc_clean( $_POST['payment_method'] ) : '',
'shipping_method' => isset( $_POST['shipping_method'] ) ? wc_clean( $_POST['shipping_method'] ) : '',
'ship_to_different_address' => ! empty( $_POST['ship_to_different_address'] ) && ! wc_ship_to_billing_address_only(),
'woocommerce_checkout_update_totals' => isset( $_POST['woocommerce_checkout_update_totals'] ),
'terms' => (int) isset( $_POST['terms'] ), // WPCS: input var ok, CSRF ok.
'createaccount' => (int) ! empty( $_POST['createaccount'] ), // WPCS: input var ok, CSRF ok.
'payment_method' => isset( $_POST['payment_method'] ) ? wc_clean( wp_unslash( $_POST['payment_method'] ) ) : '', // WPCS: input var ok, CSRF ok.
'shipping_method' => isset( $_POST['shipping_method'] ) ? wc_clean( wp_unslash( $_POST['shipping_method'] ) ) : '', // WPCS: input var ok, CSRF ok.
'ship_to_different_address' => ! empty( $_POST['ship_to_different_address'] ) && ! wc_ship_to_billing_address_only(), // WPCS: input var ok, CSRF ok.
'woocommerce_checkout_update_totals' => isset( $_POST['woocommerce_checkout_update_totals'] ), // WPCS: input var ok, CSRF ok.
);
foreach ( $this->get_checkout_fields() as $fieldset_key => $fieldset ) {
if ( $this->maybe_skip_fieldset( $fieldset_key, $data ) ) {
@ -567,16 +588,16 @@ class WC_Checkout {
switch ( $type ) {
case 'checkbox':
$value = isset( $_POST[ $key ] ) ? 1 : '';
$value = isset( $_POST[ $key ] ) ? 1 : ''; // WPCS: input var ok, CSRF ok.
break;
case 'multiselect':
$value = isset( $_POST[ $key ] ) ? implode( ', ', wc_clean( $_POST[ $key ] ) ) : '';
$value = isset( $_POST[ $key ] ) ? implode( ', ', wc_clean( wp_unslash( $_POST[ $key ] ) ) ) : ''; // WPCS: input var ok, CSRF ok.
break;
case 'textarea':
$value = isset( $_POST[ $key ] ) ? wc_sanitize_textarea( $_POST[ $key ] ) : '';
$value = isset( $_POST[ $key ] ) ? wc_sanitize_textarea( wp_unslash( $_POST[ $key ] ) ) : ''; // WPCS: input var ok, CSRF ok.
break;
default:
$value = isset( $_POST[ $key ] ) ? wc_clean( $_POST[ $key ] ) : '';
$value = isset( $_POST[ $key ] ) ? wc_clean( wp_unslash( $_POST[ $key ] ) ) : ''; // WPCS: input var ok, CSRF ok.
break;
}
@ -584,7 +605,7 @@ class WC_Checkout {
}
}
if ( in_array( 'shipping', $skipped ) && ( WC()->cart->needs_shipping_address() || wc_ship_to_billing_address_only() ) ) {
if ( in_array( 'shipping', $skipped, true ) && ( WC()->cart->needs_shipping_address() || wc_ship_to_billing_address_only() ) ) {
foreach ( $this->get_checkout_fields( 'shipping' ) as $key => $field ) {
$data[ $key ] = isset( $data[ 'billing_' . substr( $key, 9 ) ] ) ? $data[ 'billing_' . substr( $key, 9 ) ] : '';
}
@ -601,7 +622,7 @@ class WC_Checkout {
*
* @since 3.0.0
* @param array $data An array of posted data.
* @param WP_Error $errors
* @param WP_Error $errors Validation error.
*/
protected function validate_posted_data( &$data, &$errors ) {
foreach ( $this->get_checkout_fields() as $fieldset_key => $fieldset ) {
@ -627,16 +648,17 @@ class WC_Checkout {
break;
}
if ( in_array( 'postcode', $format ) ) {
if ( in_array( 'postcode', $format, true ) ) {
$country = isset( $data[ $fieldset_key . '_country' ] ) ? $data[ $fieldset_key . '_country' ] : WC()->customer->{"get_{$fieldset_key}_country"}();
$data[ $key ] = wc_format_postcode( $data[ $key ], $country );
if ( '' !== $data[ $key ] && ! WC_Validation::is_postcode( $data[ $key ], $country ) ) {
/* translators: %s: field name */
$errors->add( 'validation', sprintf( __( '%s is not a valid postcode / ZIP.', 'woocommerce' ), '<strong>' . esc_html( $field_label ) . '</strong>' ) );
}
}
if ( in_array( 'phone', $format ) ) {
if ( in_array( 'phone', $format, true ) ) {
$data[ $key ] = wc_format_phone_number( $data[ $key ] );
if ( '' !== $data[ $key ] && ! WC_Validation::is_phone( $data[ $key ] ) ) {
@ -645,7 +667,7 @@ class WC_Checkout {
}
}
if ( in_array( 'email', $format ) && '' !== $data[ $key ] ) {
if ( in_array( 'email', $format, true ) && '' !== $data[ $key ] ) {
$data[ $key ] = sanitize_email( $data[ $key ] );
if ( ! is_email( $data[ $key ] ) ) {
@ -655,11 +677,11 @@ class WC_Checkout {
}
}
if ( '' !== $data[ $key ] && in_array( 'state', $format ) ) {
if ( '' !== $data[ $key ] && in_array( 'state', $format, true ) ) {
$country = isset( $data[ $fieldset_key . '_country' ] ) ? $data[ $fieldset_key . '_country' ] : WC()->customer->{"get_{$fieldset_key}_country"}();
$valid_states = WC()->countries->get_states( $country );
if ( ! empty( $valid_states ) && is_array( $valid_states ) && sizeof( $valid_states ) > 0 ) {
if ( ! empty( $valid_states ) && is_array( $valid_states ) && count( $valid_states ) > 0 ) {
$valid_state_values = array_map( 'wc_strtoupper', array_flip( array_map( 'wc_strtoupper', $valid_states ) ) );
$data[ $key ] = wc_strtoupper( $data[ $key ] );
@ -668,7 +690,7 @@ class WC_Checkout {
$data[ $key ] = $valid_state_values[ $data[ $key ] ];
}
if ( ! in_array( $data[ $key ], $valid_state_values ) ) {
if ( ! in_array( $data[ $key ], $valid_state_values, true ) ) {
/* translators: 1: state field 2: valid states */
$errors->add( 'validation', sprintf( __( '%1$s is not valid. Please enter one of the following: %2$s', 'woocommerce' ), '<strong>' . esc_html( $field_label ) . '</strong>', implode( ', ', $valid_states ) ) );
}
@ -688,13 +710,13 @@ class WC_Checkout {
*
* @since 3.0.0
* @param array $data An array of posted data.
* @param WP_Error $errors
* @param WP_Error $errors Validation errors.
*/
protected function validate_checkout( &$data, &$errors ) {
$this->validate_posted_data( $data, $errors );
$this->check_cart_items();
if ( empty( $data['woocommerce_checkout_update_totals'] ) && ! empty( $_POST['terms-field'] ) && empty( $data['terms'] ) && apply_filters( 'woocommerce_checkout_show_terms', wc_get_page_id( 'terms' ) > 0 ) ) {
if ( empty( $data['woocommerce_checkout_update_totals'] ) && ! empty( $_POST['terms-field'] ) && empty( $data['terms'] ) && apply_filters( 'woocommerce_checkout_show_terms', wc_get_page_id( 'terms' ) > 0 ) ) { // WPCS: input var ok, CSRF ok.
$errors->add( 'terms', __( 'You must accept our Terms &amp; Conditions.', 'woocommerce' ) );
}
@ -703,7 +725,8 @@ class WC_Checkout {
if ( empty( $shipping_country ) ) {
$errors->add( 'shipping', __( 'Please enter an address to continue.', 'woocommerce' ) );
} elseif ( ! in_array( WC()->customer->get_shipping_country(), array_keys( WC()->countries->get_shipping_countries() ) ) ) {
} elseif ( ! in_array( WC()->customer->get_shipping_country(), array_keys( WC()->countries->get_shipping_countries() ), true ) ) {
/* translators: %s: shipping location */
$errors->add( 'shipping', sprintf( __( 'Unfortunately <strong>we do not ship %s</strong>. Please enter an alternative shipping address.', 'woocommerce' ), WC()->countries->shipping_to_prefix() . ' ' . WC()->customer->get_shipping_country() ) );
} else {
$chosen_shipping_methods = WC()->session->get( 'chosen_shipping_methods' );
@ -733,9 +756,9 @@ class WC_Checkout {
* Set address field for customer.
*
* @since 3.0.7
* @param $field string to update
* @param $key
* @param $data array of data to get the value from
* @param string $field String to update.
* @param string $key Field key.
* @param array $data Array of data to get the value from.
*/
protected function set_customer_address_fields( $field, $key, $data ) {
if ( isset( $data[ "billing_{$field}" ] ) ) {
@ -751,7 +774,7 @@ class WC_Checkout {
* Update customer and session data from the posted checkout data.
*
* @since 3.0.0
* @param array $data
* @param array $data Posted data.
*/
protected function update_session( $data ) {
// Update both shipping and billing to the passed billing address first if set.
@ -767,7 +790,7 @@ class WC_Checkout {
array_walk( $address_fields, array( $this, 'set_customer_address_fields' ), $data );
WC()->customer->save();
// Update customer shipping and payment method to posted method
// Update customer shipping and payment method to posted method.
$chosen_shipping_methods = WC()->session->get( 'chosen_shipping_methods' );
if ( is_array( $data['shipping_method'] ) ) {
@ -788,8 +811,8 @@ class WC_Checkout {
* Process an order that does require payment.
*
* @since 3.0.0
* @param int $order_id
* @param string $payment_method
* @param int $order_id Order ID.
* @param string $payment_method Payment method.
*/
protected function process_order_payment( $order_id, $payment_method ) {
$available_gateways = WC()->payment_gateways->get_available_payment_gateways();
@ -798,13 +821,13 @@ class WC_Checkout {
return;
}
// Store Order ID in session so it can be re-used after payment failure
// Store Order ID in session so it can be re-used after payment failure.
WC()->session->set( 'order_awaiting_payment', $order_id );
// Process Payment
// Process Payment.
$result = $available_gateways[ $payment_method ]->process_payment( $order_id );
// Redirect to success/confirmation/payment page
// Redirect to success/confirmation/payment page.
if ( isset( $result['result'] ) && 'success' === $result['result'] ) {
$result = apply_filters( 'woocommerce_payment_successful_result', $result, $order_id );
@ -821,7 +844,7 @@ class WC_Checkout {
* Process an order that doesn't require payment.
*
* @since 3.0.0
* @param int $order_id
* @param int $order_id Order ID.
*/
protected function process_order_without_payment( $order_id ) {
$order = wc_get_order( $order_id );
@ -829,10 +852,12 @@ class WC_Checkout {
wc_empty_cart();
if ( is_ajax() ) {
wp_send_json( array(
wp_send_json(
array(
'result' => 'success',
'redirect' => apply_filters( 'woocommerce_checkout_no_payment_needed_redirect', $order->get_checkout_order_received_url(), $order ),
) );
)
);
} else {
wp_safe_redirect(
apply_filters( 'woocommerce_checkout_no_payment_needed_redirect', $order->get_checkout_order_received_url(), $order )
@ -843,8 +868,9 @@ class WC_Checkout {
/**
* Create a new customer account if needed.
* @param array $data
* @throws Exception
*
* @throws Exception When not able to create customer.
* @param array $data Posted data.
*/
protected function process_customer( $data ) {
$customer_id = apply_filters( 'woocommerce_checkout_customer_id', get_current_user_id() );
@ -861,10 +887,10 @@ class WC_Checkout {
wp_set_current_user( $customer_id );
wc_set_customer_auth_cookie( $customer_id );
// As we are now logged in, checkout will need to refresh to show logged in data
// As we are now logged in, checkout will need to refresh to show logged in data.
WC()->session->set( 'reload_checkout', true );
// Also, recalculate cart totals to reveal any role-based discounts that were unavailable before registering
// Also, recalculate cart totals to reveal any role-based discounts that were unavailable before registering.
WC()->cart->calculate_totals();
}
@ -903,6 +929,7 @@ class WC_Checkout {
/**
* Action hook to adjust customer before save.
*
* @since 3.0.0
*/
do_action( 'woocommerce_checkout_update_customer', $customer, $data );
@ -918,7 +945,7 @@ class WC_Checkout {
*/
protected function send_ajax_failure_response() {
if ( is_ajax() ) {
// only print notices if not reloading the checkout, otherwise they're lost in the page reload
// Only print notices if not reloading the checkout, otherwise they're lost in the page reload.
if ( ! isset( WC()->session->reload_checkout ) ) {
ob_start();
wc_print_notices();
@ -940,10 +967,12 @@ class WC_Checkout {
/**
* Process the checkout after the confirm order button is pressed.
*
* @throws Exception When validation fails.
*/
public function process_checkout() {
try {
if ( empty( $_POST['_wpnonce'] ) || ! wp_verify_nonce( $_POST['_wpnonce'], 'woocommerce-process_checkout' ) ) {
if ( empty( $_POST['_wpnonce'] ) || ! wp_verify_nonce( sanitize_key( wp_unslash( $_POST['_wpnonce'] ) ), 'woocommerce-process_checkout' ) ) { // WPCS: input var ok.
WC()->session->set( 'refresh_totals', true );
throw new Exception( __( 'We were unable to process your order, please try again.', 'woocommerce' ) );
}
@ -954,6 +983,7 @@ class WC_Checkout {
do_action( 'woocommerce_before_checkout_process' );
if ( WC()->cart->is_empty() ) {
/* translators: %s: shop cart url */
throw new Exception( sprintf( __( 'Sorry, your session has expired. <a href="%s" class="wc-backward">Return to shop</a>', 'woocommerce' ), esc_url( wc_get_page_permalink( 'shop' ) ) ) );
}
@ -998,8 +1028,8 @@ class WC_Checkout {
/**
* Get a posted address field after sanitization and validation.
*
* @param string $key
* @param string $type billing for shipping
* @param string $key Field key.
* @param string $type Type of address. Available options: 'billing' or 'shipping'.
* @return string
*/
public function get_posted_address_data( $key, $type = 'billing' ) {
@ -1014,12 +1044,12 @@ class WC_Checkout {
/**
* Gets the value either from the posted data, or from the users meta data.
*
* @param string $input
* @param string $input Input key.
* @return string
*/
public function get_value( $input ) {
if ( ! empty( $_POST[ $input ] ) ) {
return wc_clean( $_POST[ $input ] );
if ( ! empty( $_POST[ $input ] ) ) { // WPCS: input var ok, CSRF OK.
return wc_clean( wp_unslash( $_POST[ $input ] ) ); // WPCS: input var ok, CSRF OK.
} else {

2
phpcs.xml
View File

@ -41,7 +41,7 @@
</rule>
<rule ref="WordPress.VIP.ValidatedSanitizedInput">
<properties>
<property name="customSanitizingFunctions" type="array" value="wc_clean,wc_sanitize_tooltip,wc_format_decimal,wc_stock_amount,wc_sanitize_permalink" />
<property name="customSanitizingFunctions" type="array" value="wc_clean,wc_sanitize_tooltip,wc_format_decimal,wc_stock_amount,wc_sanitize_permalink,wc_sanitize_textarea" />
</properties>
</rule>
<rule ref="WordPress.XSS.EscapeOutput">