* Fix code standards errors in class-wc-meta-box-orrder-data.php
- Sanitize all input
- Escape all output
- Verify nonce on save
- Verify that all required POST parameters are present on save
- Minor fixes (periods at end of comments, function docs, Yodas...)
* Check payment method name, not title, on add_order_item_totals_payment_method_row
* Remove unnecessary nonce verification in "save" for orders.
Also move comment to new line for readability.
* Remove unnecessary nonce check in WC_Meta_Box_Order_Data::save
The check is already performed in the code that invokes "save".
* Add transaction id to payment method string if URL doesn't exist
* Minor fix
Co-authored-by: Jorge A. Torres <jorge.torres@automattic.com>
* Update woocommerce admin scripts to align more with monorepo
* Add changelog
* Add dev script back in
* Add install-if-deps-outdated back into build script
* Remove --force from dev script and add WC_ADMIN_PHASE to turbo cache key
* Remove install-if-deps-outdated from build
* Add composer install step to pr unit tests workflow
* Remove old install scripts, that are not needed anymore
* Make sure client changes are part of the cache hit
* Add composer install to code coverage and code sniff as well
* Add composer_no_dev input to install-build workflow
* Add sass dependency to woocommerce/admin/client turbo cache
* Add validations to `recordEvent`
* Add changelog
* Use always class constant
* Changed trow exception by console.error
* Add tests to `validate_and_sanitize`
* Created 2 different methods to test `event_validation_and_sanitization`
* Fix tests
Co-authored-by: Fernando Marichal <contacto@fernandomarichal.com>
* Fix free features is still rendered when there is no recommendation
* Add changelog
* Update BusinessDetails tab to go to next step if no installable extensions
* Update spinner
* Set retries to 4 on CI
* Use variable for authentication path storage
* Handle test cleanup in after hook
* Improve conditional
* Clean up global attributes
* Update customer email address
* Changelog file
Co-authored-by: Jon Lane <jon.lane@automattic.com>
* Updated wp-env test port
* Added script to init test env
* Added env helper scripts
* Updated admin email to match wp-env
* Fixed flaky tests
* Updated test readme
* Updated workflow to use wp-env
* Added changelog
* Stored admin email in variable
* Added check for flaky test
* Updated workflow to work with both envs
* Updated README.md
* Updated condition
* Updated changelog
* Fixed workflow
* Fixed workflow
* Fixed workflow
* Restored workflow
* Updated check to be a string
* API: System Status: Cache plugins data
This is a follow up to https://github.com/woocommerce/woocommerce/pull/32823
where we introduced caching for retrieving theme data. Here we're
cachcing plugin data. Since we have to read from the filesystem and
parse the plugin headers, this can be kind of slow.
We should see an improvement on sites with more than a few plugins and
the improvement could be significant on sites that have many plugins
installed (even if they're not active).
* add CLI com command class and hook it
* Update php docs and change registered command names for wc com.
* Fix lint issues.
* Retrieve and display extension list and for the connected site.
* Adding the changelog for wc com extension list
* Remove the install command which not implemented in current branch.
* Update example usages for wp wc com extension list command.
* Update changelog.
* Fix the changelog file formatting
Co-authored-by: Rommel Castro <rommelxcastro@gmail.com>
Co-authored-by: Néstor Soriano <konamiman@konamiman.com>
* Update github action to equire valid changelog file
* Update github action for changelogger to install depedencies and composer
* Make valid changelog files that were invalid
* `add_meta()` should be more flexible
* Add `delete_order_data_from_custom_order_tables()`
* Add private method `trash_order()` to COT datastore for handling order trashing
* First stab at COT datastore `delete()`
* Delete COT data for orders when deleting its associated post
* Add changelog
* Simplify delete logic
* Minor fixes
* Rework `create()` tests
* Add tests for `delete()`
* Remove unnecessary var
* Set allowedTextDomain to only allow woocommmerce text domain
* Set allowedTextDomain to only allow woocommerce text domain
* Fix wrong or missing i18n text domain
* Add changelog
* Add changelog
* Updates to simple product test to reduce flakiness
* Remove focus
* Fix to improve flakiness of order refund test
* Added a wait to help page loads test
* Add a couple more waits to refund tests
* Changelog
* Retry key generation during global setup
* Setup checklist has changed, update
* Update to setup task list
* Add wait for setup checklist
* Update locator for install checklist
* Changelogger: Fix PHPCS violations (#33664)
* Deploy header task variant from task list experiment (#33750)
* Deploy task list experiment 1
* Add changelog
* Fix wrong copy in the payment task (#33749)
* Add headingDescription prop to PaymentGatewaySuggestions list
* Fix payment suggestions heading text
* Add changelog
* Fix missing manage button for TikTok (#33731)
* Fix missing manage button for TikTok
* Add changelog
* Packages: Fix postinstall errors on install (#33724)
* Fix additional payment task name (#33727)
* Rename "Set up additional payment providers" task -> "Set up additional payment options"
* Add changelog
* Remove change files for #33704 (#33734)
* Add shipping class data store (#33765)
* Add initial shipping classes data store
* Add types for the product shipping class store
* Filter out undefined items in list for when an item is deleted
* Add changelog
* Add data store README
* Fix onboarding test
* Skipping flaky test
Co-authored-by: Jon Lane <jon.lane@automattic.com>
Co-authored-by: Paul Sealock <psealock@gmail.com>
Co-authored-by: Chi-Hsuan Huang <chihsuan.tw@gmail.com>
Co-authored-by: jonathansadowski <jonathansadowski@users.noreply.github.com>
Co-authored-by: louwie17 <lourensschep@gmail.com>
* Final updates for Playwright
* Update config
* Add uuid dependency
* Increase retries to 2
* Update selectors on shipping page
* Use baseURL instead of hard-coded URL for API
* Clarify comment
* Use baseURL instead of hard-coded URL
* Check to see if an order was created before attempting to delete it
* Add changelog
* Turn on Playwright tests in GitHub
* Increase timeout for CI execution
* Update configuration options (minor edit)
* Fix for checkout flaky test
* Parse orderId from URL
* Check for substring
* Streamline email tests
* Remove .only
* Only clear email logs of messages for test
* Get orderId from page element
* Fix for test not waiting for reset
* Add in second wait for Performance section
* Change significance from minor to patch
Co-authored-by: Jon Lane <jon.lane@automattic.com>
* Make sure the default form value tooltip is initialiazed when adding the first variation
* Update copy of default form value tooltip in variations
* Add changelog
* Fix auto formatting
* Add pointer events: none to tooltip to prevent flickering
* Change review shipping task id to 'review-shipping'
* Add click track for shipping-recommendation task from the settings page
* Changelog
* Add test
* Add more specific test param
* Add pyament icons
* Add changelog
* Text and logo changes when wc pay is installed and setup
* Use PaymentSuggestions to query plugins
* Make sure image_72x72 exists
* Remove unused namespaces
* Remove stripe2 image -- no longer needed
* Make sure recommended payment is not already active
* Check plugins field to filter out active plugins
add: intro tooltips for shipping smart defaults
- removed php code for setting 'reviewed' option as it was being set on page load and thus always evaluated to true before the user sees it
- added intro tooltips
Update wp-background-process.php to use wp_convert_hr_to_bytes()
Currently the code is typecasting the memory limit to an int. This assumes that the memory limit is in MB, so if you set your memory limit to 4G this will return 4194304 bytes (4.19304 MB.) Instead, we should use the native WordPress function `wp_convert_hr_to_bytes` to handle the conversion into bytes correctly.
* Update StoreDetails task action url to navigate to the setting page
* Add changelog
* Update complete logic of StoreDetails task
* Update store details unit tests for new task completion logic
Added `triggerHandler` before each ajax request.
* Added namespace to event name
* Linting.
Co-authored-by: Luigi Pulcini <luigi@barn2.com>
Co-authored-by: Barry Hughes <3594411+barryhughes@users.noreply.github.com>
This reverts commit bccc80366d.
When we merged this PR, we thought the Woo mobile apps would have enough time to implement some corresponding changes on their side. That turned out not to be the case. Without the ability to force a refresh of the analytics cache, this PR causes the apps to have a greater risk of showing users stale analytics data that they can’t immediately update.
* Include Tracks property indicating block editor on product update.
* Add changelog
* In a block editor the Update button does not have the selector.
* Remove - from Tracks even property.
* Refine a condition of a non-empty object.
* Incorporate feedback: add callback for rendering the Update button.
* Add recent feedback- jQuery way of handling post render execution.
* Remove `console.log
* Fix `product_update` event recording
* Removed `hasRecordedEvent` and fixed `description validation
Co-authored-by: Fernando Marichal <contacto@fernandomarichal.com>
* Update shipping task fields when shipping smart default feature is enabled.
* Always display the shipping task regardless of having a physical product
* Updated text copy for the fields
* Do not display the step description if it is not the current step
* Added a banner for the shipping printing step
Remove description if the it is not the current step
* Add changelog
* Fix namespace conflict after the rebase
* Re-use wcs banner from the experimental shipping recommendation
* Delete ShippingLabelPrinting -- replaced by wcs banner from experimental-shipping-recommendation
* Add TOS link
* Remove ShippingPrintLabel styles -- no longer needed
* Minor refactor
* Move description set logic to getSteps()
* Use map to override step fields
* Remove unnecessary feature check
* Remove description in the map func
* Render ShipStation banner if plugins includes woocommerce-shipstation-integration
* Plugins component skip button is now optional
* Add link from payment settings page
* Add new experimental shipping task flow
* Changelog
* Update plugins/woocommerce/src/Admin/Features/OnboardingTasks/Tasks/ExperimentalShippingRecommendation.php
Co-authored-by: Chi-Hsuan Huang <chihsuan.tw@gmail.com>
* Rename all tracks to shipping_recommendation
* Add back skip installer bind
* Pass plugins list to pluginSlugs to be more predictable
Co-authored-by: Chi-Hsuan Huang <chihsuan.tw@gmail.com>
* Add logic to set the default shipping options
* Set the flat rate cost to 15 (temp cost)
* Add changelog
* Update plugins/woocommerce/src/Internal/Admin/Homescreen.php
Co-authored-by: Chi-Hsuan Huang <chihsuan.tw@gmail.com>
* Run the changes only if shipping-smart-defaults is enabled
* Assume user is going to sell physical products if obw is skipped or the store details has not been completed
* Make sure store country is set by an actual user by checking the value of woocommerce_store_addres
* Remove flat late logic
* Use woocommerce_store_address. store_address is always empty
Co-authored-by: Chi-Hsuan Huang <chihsuan.tw@gmail.com>
* Add phpcs-changed
* Put report flag value in quotes
* Use phpcs action workflow instead
* Remove no longer used phpcs script
* Remove phpcs ignore rule
* Use proper name for code sniffer step
* Fixes issue #33335
Check for an empty string instead of an empty variable.
* Update wc-product-functions.php
* Update wc-product-functions.php
* Changelog
* Fix cases when $term is false or empty array
Co-authored-by: Peter Fabian <peter.fabian.github@gmail.com>
* Fix broken design of Single Product template in block themes and on sale badge being partially hidden
* Update changelog to mention Twenty Twenty-Two explicitly.
Co-authored-by: Albert Juhé Lluveras <contact@albertjuhe.com>
Co-authored-by: Albert Juhé Lluveras <contact@albertjuhe.com>
* Fix phpcs errors and warnings
* Fix code that throw deprecation notices in PHP 8.1
The deprecation notices are about:
- Various "passing null to parameter (...) is deprecated"
- Usage of strftime
- Using "false" as if it was an empty array
- Mismatching return type of implemented interfaces,
that's fixed by adding #[\ReturnTypeWillChange]
* Fix some more code that throw deprecation notices in PHP 8.1
* Small commenting/formatting fixes.
* Add changelog file
* Formatting.
Co-authored-by: Peter Fabian <peter.fabian.github@gmail.com>
During migration $wpdb->prepare would force null and empty values to be zero for %f placeholder. This was causing verification logic to fail, which is being addressed in this commit.
The alternative was to insert null values without running them via $wpdb->prepare, but that seemed less safer than converting to zero because it would have to done manually since $wpdb->prepare wouldn't support it.
This commit adds documentation for WooCommerce's client component commands. This should make it easier to know what commands to run to work in these components.
This commit changes it to woocommerce/client/admin. This is an invalid NPM package name and an invalid Composer package name. This will prevent conflicts but also identify it as a component of Core.
In line with the fact that it's a component of WooCommerce rather than a standalone package, `woocommerce-legacy-assets` has been renamed `woocommerce/client/legacy`.
* Trigger the hook that record the track events
once the option settings are updated:navigation and analytics. Tracks do not include yes/no properties, so we record the latter as _disabled.
* Changelog
* Prevent reloading of page immediately after feature updates
* Remove feature specific code in tracks class
Co-authored-by: Joshua Flowers <joshuatf@gmail.com>
* Changes the frequency at which the Reports API cache can be invalidated via the cache version number to be at most once every 10 minutes, instead of with every change to the store.
* Changes the TTL of Reports API cache entries so that they expire after an hour instead of after a week.
The goal of these changes is to increase the chance that a request to the Reports API for store stats will result in a cache hit, thus avoiding expensive, slow queries. The reason for lowering the TTL is so that if multiple store changes are made within the new 10-minute frequency window, the cache data will only be stale for up to an hour. With #33325 users will be able to refresh entries in the cache manually if they think something is stale.
Closes#33315
Make sure payment gateway title is a string before sanitizing.
* Add changelog
* Drop type-hint in `validate_safe_text_field()`
* Update plugins/woocommerce/includes/abstracts/abstract-wc-settings-api.php
Co-authored-by: Barry Hughes <3594411+barryhughes@users.noreply.github.com>
* Add `OrdersTableDataStoreMeta` to handle metadata for orders
* Add `OrdersTableDataStoreHelper` with various helper functions used in the COT datastore
* Pass some helper classes as args to the COT datastore
* Use `OrdersTableDataStoreMeta` for meta in COT datastore
* Minor fixes to columns definition in COT datastore
* First pass at update() in the COT datastore
* PHPCS fixes
* Remove duplicate `read_meta` calls.
* Register `OrdersTableDataStore` earlier to make container happy
* Do not hardcode table metadata in `OrdersTableDataStoreMeta`
* Correctly format decimals for storing in the db
* read() shouldn’t success on non-existing orders
* Rework persisting to db in OrdersTableDataStore
* Correctly handle some props in OrdersTableDataStore
* Add changelog
* Add missing TODOs
* Remove unused variables
* No need to query db before deleting meta in `OrdersTableDataStoreMeta`
* Simplify OrdersTableDataStoreMeta::update_meta()
* Explicitly enumerate columns in OrdersTableDataStoreMeta::get_metadata_by_id()
* Make COT metadata implementation more generic
* Do not use property_exists() to determine existence of meta value
* Move some methods over to DatabaseUtil and get rid of COT datastore helper
* Rename `CustomDataStoreMeta` to `CustomMetaDataStore`
* Make PHPCS happy
* Add unit test.
* Correct arg passed to persist_order_to_db()
* Remove comment
* Split conditional on multiple lines
Co-authored-by: vedanshujain <vedanshu.jain.2012@gmail.com>
Adds a new collection parameter to all Reports API endpoints that utilize caching, `force_cache_refresh`, which will cause the current request to bypass the cache, re-run the queries for the requested data, and overwrite the previous cache entry with the new results.
Note that this doesn't invalidate the entire cache, only the entry for the particular set of collection parameters and values specified in the request.
This also adds a way to include debugging information related to the cache in the API response. Modeled after the way the Query Monitor plugin adds such information, you can get this by including an `_envelope` parameter in your API request. The debugging info includes whether the cache has been disabled via filter (`should_use_cache`), whether the `force_cache_refresh` parameter was used, whether the returned data was a `cache_hit` or not, and an array of the query parameters that were actually used to create the cache key.
Closes#33221
* Introduce a 'safe_text' field that allows a reduced subset of HTML tags.
* Escape on input as well as output; generalize sanitization function.
* Set reasonable default rules.
* Guard against invalid callbacks (escaping/sanitizing) functions.
* Update plugins/woocommerce/src/Internal/Utilities/HtmlSanitizer.php
Co-authored-by: Peter Fabian <peter.fabian.github@gmail.com>
* Allow alt (accessibility) for img tags; allow class attributes for img and span tags.
* Allow class attr for p tags.
* Use safe_text for payment gateway titles.
* Make HtmlSanitizer available through Utils service provider.
* Update settings code to pull HtmlSanitizer as a service and to use the new sanitize() method.
* Remove `style` from list of allowed attributes.
Allowing arbitrary CSS rules through style could undo the intent of this change, since that would allow a range of positioning and sizing changes to be effected.
* Remove unusued import.
* If no (KSES) rules are specifed, then strip all tags (this is a safer default strategy).
* For better safety, only apply pre-processor callbacks; remove responsibility for trimming of strings.
Applying callbacks to a string after it ahs passed through wp_kses() could (potentially) undo the work done by that function, and result in unexpected tags in the sanitizer's output.
Co-authored-by: barryhughes <3594411+barryhughes@users.noreply.github.com>
Co-authored-by: Peter Fabian <peter.fabian.github@gmail.com>
* Update WooStep to have name in meta
* Add useProductStepChange hook and use it to detect form value changes in product tourkit, added tracking for tour view, tour dismiss, tour complete, and step complete
* Add tour view, tour dismiss, tour completion track to old product walkthrough
* Changelog
* Fix test
* Add listener to publish button for product spotlight tour
* Add track for old walkthrough publish button
This replaces all `nx` commands with `turbo` commands and removes Nx from the repository. All of the `project.json` files have been removed and any commands that broke with Turborepo have been adjusted.
This new method is syntactic sugar for array_map. It scans an array
of arrays and/or objects and selects one value from each using
an array key name, an object method, or an object property.
* Add optional usage of database transactions for orders sync.
Includes a new setting in Advanced - Custom data stores to enable
or disable transactions usage and to select the transaction
isolation level.
* Improve the selection of data to be updated when syncing orders.
The SQL query that chooses records to be migrated to core tables
now explicitly excludes unchanged records based on the column mappings.
Also when syncing meta tables with single meta values, records for
which the value hasn't changed are now excluded from the update.
* Fix MetaToCustomTableMigrator to work with order addresses table.
* Add unit tests for db transactions on PostsToOrdersMigrationController
Also add the DynamicDecorator::call_original_method method
* Add product-tour admin script
* Update class-wc-admin-pointers.php to show experimental product tour
* Remove unnecessary window.onload
* Replace add new button with Enable guided mode button for product editing
* Show tour when tutorial query = true
* Add logic to show new tour only when a user select the physical product template
* Update product tour last step button text
* Add auto-scroll effect
* Fix i18n text
* Use bottom-start placement and align the arrow to the left
* Update pnpm-lock.yaml
* Update product tour effects
* Add changelog
* Add doc comments & check for tour-kit
* Add focus elements to product tour and wait initial element for tour showup
* Use spotlight query param to toggle new product tour feature
* Update wait seconds
* Update border style for product description & short description when editor is focused
* Add experimental-product-tour feature flag
* Refactor product-tour and support html editor focus style
Co-authored-by: moon <moon.kyong@automattic.com>
* Fix root namespace indicator in parameter
For LookupDataStore::on_product_created_or_updated_via_rest_api.
This was preventing the v1 REST API endpoint for batch insert of
products from working.
Co-authored-by: barryhughes <3594411+barryhughes@users.noreply.github.com>
Add individual analytics leaderboard endpoints
Register routes for each of the individual leaderboards.
These leaderboards can be pretty expensive to generate. If you only need
to data from one of them, it can be a pretty significant performance
boost to avoid generating all the leaderboards.
* Add e2e tests to check consistency in shipping costs for cart and checkout pages
Goal of these tests it to check if the cart and checkout pages are
consistent in calculuating shipping costs. Three tests added:
- shipping available to country with states
- shipping available to country without states
- no shipping available (fails, see issue #33205)
Reason to add these tests is PR #25916, which reverted PR #25128,
because the original PR worked for the cart page, but not for the
checkout page.
* Update e2e-core-tests changelog
* Skip failing e2e-core-test
* Fix incorrect URL for the wcAdminAssetUrl and deprecate both wcAdminAssetUrl and WC_ADMIN_IMAGES_FOLDER_URL
* Remove unused wcAdminAssetUrl var
* Remove use of wcAdminAssetUrl
* Add changelog
* Ignore hook PHPCS error -- they are pre-existing
* Add method to get total sales for a timeframe
* Add total payments volume rule processor
* Use start and end dates for total sales method
* Add method to get start and end dates from timeframe
* Update processor rule to use timeframes
* Fix up method calls
* Add tests for timeframes
* Add tests around getting total sales by date
* Add changelog entry
* Use revenue query instead of custom query for total sales
* Update since tag on hook
* Remove orderCount and publishedProductCount setting and make use of data stores
* Add test
* Add changelog
* Make use of orders data store instead of items data store
* Add users param to reports customers API params to allow filtering by user_id
* Fix invalidateResolution call that was misspelled
In order to ease the identification of private packages within the monorepo, this adds an `internal-` prefix to all of the current private packages. This makes it immediately clear when reviewing `packages/js` what is and isn't a private package.
* Add initial tracking for categories, tracks, and attribute product pages
* Update list action tracks that add new items without page refresh
* Add changelog
* Add extra category tracks
* Rename constant for add a new tag button
* Remove unneeded props from track
* Add logs for the attributes and tags on the product page
* Only trigger attributes_add on product screen when user hits save
* Add extra props to attribute add track
* Add tags delete track and fix count of tags add track
* Update use of wp_localize_script
* Fix completed card button
* Update sectioned task list to use onboarding data store
Co-authored-by: Fernando Marichal <contacto@fernandomarichal.com>
Co-authored-by: Joshua Flowers <joshuatf@gmail.com>
Néstor Soriano
louwie17
Paul Sealock
Alba Rincón
Fernando
Chi-Hsuan Huang
Lucas Bustamante
Joel Thiessen
Moon
Kirtan Gajjar
Jonathan Lane
Vedanshu Jain
jonathansadowski
aezazs-multidots
github-actions[bot]
Jamel Noel Reid
Josh Betz
Thilina Pituwala
Adrian Duffell
Niels Lange
RJ
Rommel Castro
Sam Seay
Christopher Allford
Rodrigue
Jorge A. Torres
Ilyas Foo
Noonan Web Group Limited
Luigi Pulcini
Corey McKrill
Matthew Hodge
AnnaMag
Tam Mullen
Roy Ho
Joshua T Flowers
Pierre Carrier
Dekadinious
nigeljamesstevenson
David Stone
Johan de Jong
Mathias Reker ⚡️
David Marín
Michael P. Pfeiffer
Luigi Teschio
Brian
Kamil
saboanca
Dharmesh Patel
Heba Fareed
Daniel Morell
mrleemon
Kathy
Adp5067
Sakri Koskimies
Barry Hughes
Deiva Magalhaes
Joep Schuurkes
Albert Juhé Lluveras
Tung Du
Hugo Derre
Viktor Szépe
erikdemarco
Ninos Ego
Ian Forrest