class-wc-admin-settings.php — WooCommerce 10.8.1

woocommerce / includes / admin / class-wc-admin-settings.php

woocommerce / includes / admin Last commit date

class-wc-admin-settings.php

1096 lines

1	<?php
2	/**
3	* WooCommerce Admin Settings Class
4	*
5	* @package WooCommerce\Admin
6	* @version 3.4.0
7	*/
8
9	use Automattic\Jetpack\Constants;
10	use Automattic\WooCommerce\Internal\Features\FeaturesController;
11	use Automattic\WooCommerce\Utilities\FeaturesUtil;
12
13	if ( ! defined( 'ABSPATH' ) ) {
14	exit;
15	}
16
17	if ( ! class_exists( 'WC_Admin_Settings', false ) ) :
18
19	/**
20	* WC_Admin_Settings Class.
21	*/
22	class WC_Admin_Settings {
23
24	/**
25	* Setting pages.
26	*
27	* @var array
28	*/
29	private static $settings = array();
30
31	/**
32	* Error messages.
33	*
34	* @var array
35	*/
36	private static $errors = array();
37
38	/**
39	* Update messages.
40	*
41	* @var array
42	*/
43	private static $messages = array();
44
45	/**
46	* Include the settings page classes.
47	*/
48	public static function get_settings_pages() {
49	if ( empty( self::$settings ) ) {
50	$settings = array();
51
52	include_once __DIR__ . '/settings/class-wc-settings-page.php';
53
54	$settings[] = include_once __DIR__ . '/settings/class-wc-settings-general.php';
55	$settings[] = include_once __DIR__ . '/settings/class-wc-settings-products.php';
56	$settings[] = include_once __DIR__ . '/settings/class-wc-settings-tax.php';
57	$settings[] = include_once __DIR__ . '/settings/class-wc-settings-shipping.php';
58	$settings[] = include_once __DIR__ . '/settings/class-wc-settings-payment-gateways.php';
59	$settings[] = include_once __DIR__ . '/settings/class-wc-settings-accounts.php';
60	$settings[] = include_once __DIR__ . '/settings/class-wc-settings-emails.php';
61	$settings[] = include_once __DIR__ . '/settings/class-wc-settings-integrations.php';
62	if ( \Automattic\WooCommerce\Admin\Features\Features::is_enabled( 'launch-your-store' ) ) {
63	$settings[] = include_once __DIR__ . '/settings/class-wc-settings-site-visibility.php';
64	}
65	if ( FeaturesUtil::feature_is_enabled( 'point_of_sale' ) ) {
66	$settings[] = include_once __DIR__ . '/settings/class-wc-settings-point-of-sale.php';
67	}
68	$settings[] = include_once __DIR__ . '/settings/class-wc-settings-advanced.php';
69
70	self::$settings = apply_filters( 'woocommerce_get_settings_pages', $settings );
71	add_action(
72	'admin_head',
73	function () {
74	if ( function_exists( 'get_current_screen' ) ) {
75	$screen = get_current_screen();
76	if ( 'woocommerce_page_wc-settings' === $screen->id ) {
77	$screen->remove_help_tabs();
78	}
79	}
80	}
81	);
82
83	// Reset settings when features that affect settings are toggled.
84	add_action( FeaturesController::FEATURE_ENABLED_CHANGED_ACTION, array( __CLASS__, 'reset_settings_pages_on_feature_change' ), 10, 2 );
85	}
86
87	return self::$settings;
88	}
89
90	/**
91	* Reset settings when features that affect settings are toggled.
92	*
93	* @param string $feature_id The feature ID.
94	* @param bool $is_enabled Whether the feature is enabled.
95	*
96	* @internal For exclusive usage within this class, backwards compatibility not guaranteed.
97	*/
98	public static function reset_settings_pages_on_feature_change( $feature_id, $is_enabled ) {
99	if ( 'point_of_sale' === $feature_id && $is_enabled ) {
100	self::$settings = array();
101	self::get_settings_pages();
102	}
103	}
104
105	/**
106	* Save the settings.
107	*/
108	public static function save() {
109	global $current_tab;
110
111	if ( ! current_user_can( 'manage_woocommerce' ) ) {
112	wp_die( esc_html__( 'You do not have permission to save settings.', 'woocommerce' ), 403 );
113	}
114
115	check_admin_referer( 'woocommerce-settings' );
116
117	// Trigger actions.
118	do_action( 'woocommerce_settings_save_' . $current_tab );
119	do_action( 'woocommerce_update_options_' . $current_tab );
120	do_action( 'woocommerce_update_options' );
121
122	self::add_message( __( 'Your settings have been saved.', 'woocommerce' ) );
123	self::check_download_folder_protection();
124
125	// Clear any unwanted data and flush rules.
126	update_option( 'woocommerce_queue_flush_rewrite_rules', 'yes' );
127	WC()->query->init_query_vars();
128	WC()->query->add_endpoints();
129
130	do_action( 'woocommerce_settings_saved' );
131	}
132
133	/**
134	* Add a message.
135	*
136	* @param string $text Message.
137	*/
138	public static function add_message( $text ) {
139	self::$messages[] = $text;
140	}
141
142	/**
143	* Add an error.
144	*
145	* @param string $text Message.
146	*/
147	public static function add_error( $text ) {
148	self::$errors[] = $text;
149	}
150
151	/**
152	* Output messages + errors.
153	*/
154	public static function show_messages() {
155	if ( count( self::$errors ) > 0 ) {
156	foreach ( self::$errors as $error ) {
157	echo '<div id="message" class="error inline"><p><strong>' . esc_html( $error ) . '</strong></p></div>';
158	}
159	} elseif ( count( self::$messages ) > 0 ) {
160	foreach ( self::$messages as $message ) {
161	echo '<div id="message" class="updated inline"><p><strong>' . esc_html( $message ) . '</strong></p></div>';
162	}
163	}
164	}
165
166	/**
167	* Settings page.
168	*
169	* Handles the display of the main woocommerce settings page in admin.
170	*/
171	public static function output() {
172	global $current_section, $current_tab;
173
174	$suffix = Constants::is_true( 'SCRIPT_DEBUG' ) ? '' : '.min';
175
176	do_action( 'woocommerce_settings_start' );
177
178	wp_enqueue_script( 'woocommerce_settings', WC()->plugin_url() . '/assets/js/admin/settings' . $suffix . '.js', array( 'jquery', 'wp-util', 'jquery-ui-datepicker', 'jquery-ui-sortable', 'iris', 'selectWoo' ), WC()->version, true );
179
180	wp_localize_script(
181	'woocommerce_settings',
182	'woocommerce_settings_params',
183	array(
184	'i18n_nav_warning' => __( 'The changes you made will be lost if you navigate away from this page.', 'woocommerce' ),
185	'i18n_moved_up' => __( 'Item moved up', 'woocommerce' ),
186	'i18n_moved_down' => __( 'Item moved down', 'woocommerce' ),
187	'i18n_no_specific_countries_selected' => __( 'Selecting no country / region to sell to prevents from completing the checkout. Continue anyway?', 'woocommerce' ),
188	)
189	);
190
191	// Get tabs for the settings page.
192	$tabs = apply_filters( 'woocommerce_settings_tabs_array', array() );
193
194	include __DIR__ . '/views/html-admin-settings.php';
195	}
196
197	/**
198	* Get a setting from the settings API.
199	*
200	* @param string $option_name Option name.
201	* @param mixed $default Default value.
202	* @return mixed
203	*/
204	public static function get_option( $option_name, $default = '' ) {
205	if ( ! $option_name ) {
206	return $default;
207	}
208
209	// Array value.
210	if ( strstr( $option_name, '[' ) ) {
211
212	parse_str( $option_name, $option_array );
213
214	// Option name is first key.
215	$option_name = current( array_keys( $option_array ) );
216
217	// Get value.
218	$option_values = get_option( $option_name, '' );
219
220	$key = key( $option_array[ $option_name ] );
221
222	if ( isset( $option_values[ $key ] ) ) {
223	$option_value = $option_values[ $key ];
224	} else {
225	$option_value = null;
226	}
227	} else {
228	// Single value.
229	$option_value = get_option( $option_name, null );
230	}
231
232	if ( is_array( $option_value ) ) {
233	$option_value = wp_unslash( $option_value );
234	} elseif ( ! is_null( $option_value ) ) {
235	$option_value = stripslashes( $option_value );
236	}
237
238	return ( null === $option_value ) ? $default : $option_value;
239	}
240
241	/**
242	* Output admin fields.
243	*
244	* Loops through the woocommerce options array and outputs each field.
245	*
246	* @param array[] $options Opens array to output.
247	*/
248	public static function output_fields( $options ) {
249	foreach ( $options as $value ) {
250	if ( ! isset( $value['type'] ) ) {
251	continue;
252	}
253	if ( ! isset( $value['id'] ) ) {
254	$value['id'] = '';
255	}
256
257	// The 'field_name' key can be used when it is useful to specify an input field name that is different
258	// from the input field ID. We use the key 'field_name' because 'name' is already in use for a different
259	// purpose.
260	if ( ! isset( $value['field_name'] ) ) {
261	$value['field_name'] = $value['id'];
262	}
263	if ( ! isset( $value['title'] ) ) {
264	$value['title'] = isset( $value['name'] ) ? $value['name'] : '';
265	}
266	if ( ! isset( $value['class'] ) ) {
267	$value['class'] = '';
268	}
269	if ( ! isset( $value['css'] ) ) {
270	$value['css'] = '';
271	}
272	if ( ! isset( $value['default'] ) ) {
273	$value['default'] = '';
274	}
275	if ( ! isset( $value['desc'] ) ) {
276	$value['desc'] = '';
277	}
278	if ( ! isset( $value['desc_tip'] ) ) {
279	$value['desc_tip'] = false;
280	}
281	if ( ! isset( $value['placeholder'] ) ) {
282	$value['placeholder'] = '';
283	}
284	if ( ! isset( $value['row_class'] ) ) {
285	$value['row_class'] = '';
286	}
287	if ( ! empty( $value['row_class'] ) && substr( $value['row_class'], 0, 16 ) !== 'wc-settings-row-' ) {
288	$value['row_class'] = 'wc-settings-row-' . $value['row_class'];
289	}
290	if ( ! isset( $value['suffix'] ) ) {
291	$value['suffix'] = '';
292	}
293	if ( ! isset( $value['value'] ) ) {
294	$value['value'] = self::get_option( $value['id'], $value['default'] );
295	}
296
297	if ( ! is_null( $value['fixed_value'] ?? null ) ) {
298	$value['value'] = $value['fixed_value'];
299	}
300
301	// Custom attribute handling.
302	$custom_attributes = array();
303
304	if ( ! empty( $value['custom_attributes'] ) && is_array( $value['custom_attributes'] ) ) {
305	foreach ( $value['custom_attributes'] as $attribute => $attribute_value ) {
306	$custom_attributes[] = esc_attr( $attribute ) . '="' . esc_attr( $attribute_value ) . '"';
307	}
308	}
309
310	// Description handling.
311	$field_description = self::get_field_description( $value );
312	$description = $field_description['description'];
313	$tooltip_html = $field_description['tooltip_html'];
314
315	// Switch based on type.
316	switch ( $value['type'] ) {
317
318	// Section Titles.
319	case 'title':
320	if ( ! empty( $value['title'] ) ) {
321	echo '<h2>' . esc_html( $value['title'] ) . '</h2>';
322	}
323	if ( ! empty( $value['desc'] ) ) {
324	echo '<div id="' . esc_attr( sanitize_title( $value['id'] ) ) . '-description">';
325	echo wp_kses_post( wpautop( wptexturize( $value['desc'] ) ) );
326	echo '</div>';
327	}
328	echo '<table class="form-table">' . "\n\n";
329	if ( ! empty( $value['id'] ) ) {
330	do_action( 'woocommerce_settings_' . sanitize_title( $value['id'] ) );
331	}
332	break;
333
334	case 'info':
335	?><tr class="<?php echo esc_attr( $value['row_class'] ); ?>">
336	<th scope="row" class="titledesc"><?php echo esc_html( $value['title'] ); ?></th>
337	<td style="<?php echo esc_attr( $value['css'] ); ?>">
338	<?php
339	echo wp_kses_post( wpautop( wptexturize( $value['text'] ) ) );
340	echo '</td></tr>';
341	break;
342
343	// Notice.
344	case 'notice':
345	$notice_type = $value['notice_type'] ?? 'info';
346	$notice_text = $value['text'] ?? '';
347
348	?>
349	</table>
350	<div class="notice notice-<?php echo esc_attr( $notice_type ); ?> inline">
351	<p><?php echo wp_kses_post( $notice_text ); ?></p>
352	</div>
353	<table class="form-table" role="presentation">
354	<?php
355	break;
356
357	// Section Ends.
358	case 'sectionend':
359	if ( ! empty( $value['id'] ) ) {
360	do_action( 'woocommerce_settings_' . sanitize_title( $value['id'] ) . '_end' );
361	}
362	echo '</table>';
363	if ( ! empty( $value['id'] ) ) {
364	do_action( 'woocommerce_settings_' . sanitize_title( $value['id'] ) . '_after' );
365	}
366	break;
367
368	// Standard text inputs and subtypes like 'number'.
369	case 'text':
370	case 'password':
371	case 'datetime':
372	case 'datetime-local':
373	case 'date':
374	case 'month':
375	case 'time':
376	case 'week':
377	case 'number':
378	case 'email':
379	case 'url':
380	case 'tel':
381	$option_value = $value['value'];
382
383	?>
384	<tr class="<?php echo esc_attr( $value['row_class'] ); ?>">
385	<th scope="row" class="titledesc">
386	<label for="<?php echo esc_attr( $value['id'] ); ?>"><?php echo esc_html( $value['title'] ); ?> <?php echo $tooltip_html; // WPCS: XSS ok. ?></label>
387	</th>
388	<td class="forminp forminp-<?php echo esc_attr( sanitize_title( $value['type'] ) ); ?>">
389	<input
390	name="<?php echo esc_attr( $value['field_name'] ); ?>"
391	id="<?php echo esc_attr( $value['id'] ); ?>"
392	type="<?php echo esc_attr( $value['type'] ); ?>"
393	style="<?php echo esc_attr( $value['css'] ); ?>"
394	value="<?php echo esc_attr( $option_value ); ?>"
395	class="<?php echo esc_attr( $value['class'] ); ?>"
396	placeholder="<?php echo esc_attr( $value['placeholder'] ); ?>"
397	<?php echo implode( ' ', $custom_attributes ); // WPCS: XSS ok. ?>
398	/><?php echo esc_html( $value['suffix'] ); ?> <?php echo $description; // WPCS: XSS ok. ?>
399	</td>
400	</tr>
401	<?php
402	break;
403
404	// Color picker.
405	case 'color':
406	$option_value = $value['value'];
407
408	?>
409	<tr class="<?php echo esc_attr( $value['row_class'] ); ?>">
410	<th scope="row" class="titledesc">
411	<label for="<?php echo esc_attr( $value['id'] ); ?>"><?php echo esc_html( $value['title'] ); ?> <?php echo $tooltip_html; // WPCS: XSS ok. ?></label>
412	</th>
413	<td class="forminp forminp-<?php echo esc_attr( sanitize_title( $value['type'] ) ); ?>">&lrm;
414	<span class="colorpickpreview" style="background: <?php echo esc_attr( $option_value ); ?>"> </span>
415	<input
416	name="<?php echo esc_attr( $value['field_name'] ); ?>"
417	id="<?php echo esc_attr( $value['id'] ); ?>"
418	type="text"
419	dir="ltr"
420	style="<?php echo esc_attr( $value['css'] ); ?>"
421	value="<?php echo esc_attr( $option_value ); ?>"
422	class="<?php echo esc_attr( $value['class'] ); ?>colorpick"
423	placeholder="<?php echo esc_attr( $value['placeholder'] ); ?>"
424	<?php echo implode( ' ', $custom_attributes ); // WPCS: XSS ok. ?>
425	/>&lrm; <?php echo $description; // WPCS: XSS ok. ?>
426	<div id="colorPickerDiv_<?php echo esc_attr( $value['id'] ); ?>" class="colorpickdiv" style="z-index: 100;background:#eee;border:1px solid #ccc;position:absolute;display:none;"></div>
427	</td>
428	</tr>
429	<?php
430	break;
431
432	// Textarea.
433	case 'textarea':
434	$option_value = $value['value'];
435	$show_desc_at_end = $value['desc_at_end'] ?? false;
436
437	?>
438	<tr class="<?php echo esc_attr( $value['row_class'] ); ?>">
439	<th scope="row" class="titledesc">
440	<label for="<?php echo esc_attr( $value['id'] ); ?>"><?php echo esc_html( $value['title'] ); ?> <?php echo $tooltip_html; // WPCS: XSS ok. ?></label>
441	</th>
442	<td class="forminp forminp-<?php echo esc_attr( sanitize_title( $value['type'] ) ); ?>">
443	<?php
444	if ( ! $show_desc_at_end ) {
445	echo wp_kses_post( $description );
446	}
447	?>
448	<textarea
449	name="<?php echo esc_attr( $value['field_name'] ); ?>"
450	id="<?php echo esc_attr( $value['id'] ); ?>"
451	style="<?php echo esc_attr( $value['css'] ); ?>"
452	class="<?php echo esc_attr( $value['class'] ); ?>"
453	placeholder="<?php echo esc_attr( $value['placeholder'] ); ?>"
454	<?php echo implode( ' ', $custom_attributes ); // WPCS: XSS ok. ?>
455	><?php echo esc_textarea( $option_value ); // WPCS: XSS ok. ?></textarea>
456	<?php
457	if ( $show_desc_at_end ) {
458	echo wp_kses_post( $description );
459	}
460	?>
461	</td>
462	</tr>
463	<?php
464	break;
465
466	// Select boxes.
467	case 'select':
468	case 'multiselect':
469	$option_value = $value['value'];
470
471	?>
472	<tr class="<?php echo esc_attr( $value['row_class'] ); ?>">
473	<th scope="row" class="titledesc">
474	<label for="<?php echo esc_attr( $value['id'] ); ?>"><?php echo esc_html( $value['title'] ); ?> <?php echo $tooltip_html; // WPCS: XSS ok. ?></label>
475	</th>
476	<td class="forminp forminp-<?php echo esc_attr( sanitize_title( $value['type'] ) ); ?>">
477	<select
478	name="<?php echo esc_attr( $value['field_name'] ); ?><?php echo ( 'multiselect' === $value['type'] ) ? '[]' : ''; ?>"
479	id="<?php echo esc_attr( $value['id'] ); ?>"
480	style="<?php echo esc_attr( $value['css'] ); ?>"
481	class="<?php echo esc_attr( $value['class'] ); ?>"
482	<?php echo implode( ' ', $custom_attributes ); // WPCS: XSS ok. ?>
483	<?php echo 'multiselect' === $value['type'] ? 'multiple="multiple"' : ''; ?>
484	>
485	<?php
486	foreach ( $value['options'] as $key => $val ) {
487	?>
488	<option value="<?php echo esc_attr( $key ); ?>"
489	<?php
490
491	if ( is_array( $option_value ) ) {
492	selected( in_array( (string) $key, $option_value, true ), true );
493	} else {
494	selected( $option_value, (string) $key );
495	}
496
497	?>
498	><?php echo esc_html( $val ); ?></option>
499	<?php
500	}
501	?>
502	</select> <?php echo $description; // WPCS: XSS ok. ?>
503	</td>
504	</tr>
505	<?php
506	break;
507
508	// Radio inputs.
509	case 'radio':
510	$option_value = $value['value'];
511	$disabled_values = $value['disabled'] ?? array();
512	$show_desc_at_end = $value['desc_at_end'] ?? false;
513
514	?>
515	<tr class="<?php echo esc_attr( $value['row_class'] ); ?>">
516	<th scope="row" class="titledesc">
517	<label for="<?php echo esc_attr( $value['id'] ); ?>"><?php echo esc_html( $value['title'] ); ?> <?php echo $tooltip_html; // WPCS: XSS ok. ?></label>
518	</th>
519	<td class="forminp forminp-<?php echo esc_attr( sanitize_title( $value['type'] ) ); ?>">
520	<fieldset>
521	<?php
522	if ( ! $show_desc_at_end ) {
523	echo wp_kses_post( $description );
524	}
525	?>
526	<ul>
527	<?php
528	foreach ( $value['options'] as $key => $val ) {
529	?>
530	<li>
531	<label><input
532	name="<?php echo esc_attr( $value['field_name'] ); ?>"
533	value="<?php echo esc_attr( $key ); ?>"
534	type="radio"
535	<?php
536	if ( in_array( $key, $disabled_values, true ) ) {
537	echo 'disabled'; }
538	?>
539	style="<?php echo esc_attr( $value['css'] ); ?>"
540	class="<?php echo esc_attr( $value['class'] ); ?>"
541	<?php echo implode( ' ', $custom_attributes ); // WPCS: XSS ok. ?>
542	<?php checked( $key, $option_value ); ?>
543	/> <?php echo esc_html( $val ); ?></label>
544	</li>
545	<?php
546	}
547	if ( $show_desc_at_end ) {
548	echo wp_kses_post( "<p class='description description-thin'>{$description}</p>" );
549	}
550	?>
551	</ul>
552	</fieldset>
553	</td>
554	</tr>
555	<?php
556	break;
557
558	// Checkbox input.
559	case 'checkbox':
560	$option_value = $value['value'];
561	$visibility_class = array();
562
563	if ( ! isset( $value['hide_if_checked'] ) ) {
564	$value['hide_if_checked'] = false;
565	}
566	if ( ! isset( $value['show_if_checked'] ) ) {
567	$value['show_if_checked'] = false;
568	}
569	if ( 'yes' === $value['hide_if_checked'] \|\| 'yes' === $value['show_if_checked'] ) {
570	$visibility_class[] = 'hidden_option';
571	}
572	if ( 'option' === $value['hide_if_checked'] ) {
573	$visibility_class[] = 'hide_options_if_checked';
574	}
575	if ( 'option' === $value['show_if_checked'] ) {
576	$visibility_class[] = 'show_options_if_checked';
577	}
578	if ( $value['row_class'] ) {
579	$visibility_class[] = $value['row_class'];
580	}
581
582	$must_disable = $value['disabled'] ?? false;
583
584	if ( $must_disable ) {
585	$visibility_class[] = 'disabled';
586	}
587
588	$container_class = implode( ' ', $visibility_class );
589	$has_title = isset( $value['title'] ) && '' !== $value['title'];
590	$has_legend = isset( $value['legend'] ) && '' !== $value['legend'];
591
592	if ( ! isset( $value['checkboxgroup'] ) \|\| 'start' === $value['checkboxgroup'] ) {
593	$has_tooltip = isset( $value['tooltip'] ) && '' !== $value['tooltip'];
594
595	$tooltip_container_class = $has_tooltip ? 'with-tooltip' : '';
596	?>
597	<tr class="<?php echo esc_attr( $container_class ); ?>">
598	<th scope="row" class="titledesc"><?php echo esc_html( $value['title'] ); ?></th>
599	<td class="forminp forminp-checkbox <?php echo esc_html( $tooltip_container_class ); ?>">
600	<?php if ( $has_tooltip ) : ?>
601	<span class="help-tooltip"><?php echo wc_help_tip( esc_html( $value['tooltip'] ) ); ?></span>
602	<?php endif; ?>
603	<fieldset>
604	<?php
605	} else {
606	?>
607	<fieldset class="<?php echo esc_attr( $container_class ); ?>">
608	<?php
609	}
610
611	if ( $has_title \|\| $has_legend ) {
612	?>
613	<legend class="<?php echo $has_legend ? '' : 'screen-reader-text'; ?>"><span><?php echo esc_html( $has_legend ? $value['legend'] : $value['title'] ); ?></span></legend>
614	<?php
615	}
616
617	?>
618	<label for="<?php echo esc_attr( $value['id'] ); ?>">
619	<input
620	<?php echo $must_disable ? 'disabled' : ''; ?>
621	name="<?php echo esc_attr( $value['field_name'] ); ?>"
622	id="<?php echo esc_attr( $value['id'] ); ?>"
623	type="checkbox"
624	class="<?php echo esc_attr( isset( $value['class'] ) ? $value['class'] : '' ); ?>"
625	value="1"
626	<?php checked( $option_value, 'yes' ); ?>
627	<?php echo implode( ' ', $custom_attributes ); // WPCS: XSS ok. ?>
628	/> <?php echo $description; // WPCS: XSS ok. ?>
629	</label> <?php echo $tooltip_html; // WPCS: XSS ok. ?>
630	<?php
631
632	if ( ! isset( $value['checkboxgroup'] ) \|\| 'end' === $value['checkboxgroup'] ) {
633	?>
634	</fieldset>
635	</td>
636	</tr>
637	<?php
638	} else {
639	?>
640	</fieldset>
641	<?php
642	}
643	break;
644
645	// Image width settings. @todo deprecate and remove in 4.0. No longer needed by core.
646	case 'image_width':
647	$image_size = str_replace( '_image_size', '', $value['id'] );
648	$size = wc_get_image_size( $image_size );
649	$width = isset( $size['width'] ) ? $size['width'] : $value['default']['width'];
650	$height = isset( $size['height'] ) ? $size['height'] : $value['default']['height'];
651	$crop = isset( $size['crop'] ) ? $size['crop'] : $value['default']['crop'];
652	$disabled_attr = '';
653	$disabled_message = '';
654
655	if ( has_filter( 'woocommerce_get_image_size_' . $image_size ) ) {
656	$disabled_attr = 'disabled="disabled"';
657	$disabled_message = '<p><small>' . esc_html__( 'The settings of this image size have been disabled because its values are being overwritten by a filter.', 'woocommerce' ) . '</small></p>';
658	}
659
660	?>
661	<tr class="<?php echo esc_attr( $value['row_class'] ); ?>">
662	<th scope="row" class="titledesc">
663	<label><?php echo esc_html( $value['title'] ); ?> <?php echo $tooltip_html . $disabled_message; // WPCS: XSS ok. ?></label>
664	</th>
665	<td class="forminp image_width_settings">
666
667	<input name="<?php echo esc_attr( $value['field_name'] ); ?>[width]" <?php echo $disabled_attr; // WPCS: XSS ok. ?> id="<?php echo esc_attr( $value['id'] ); ?>-width" type="text" size="3" value="<?php echo esc_attr( $width ); ?>" /> × <input name="<?php echo esc_attr( $value['id'] ); ?>[height]" <?php echo $disabled_attr; // WPCS: XSS ok. ?> id="<?php echo esc_attr( $value['id'] ); ?>-height" type="text" size="3" value="<?php echo esc_attr( $height ); ?>" />px
668
669	<label><input name="<?php echo esc_attr( $value['field_name'] ); ?>[crop]" <?php echo $disabled_attr; // WPCS: XSS ok. ?> id="<?php echo esc_attr( $value['id'] ); ?>-crop" type="checkbox" value="1" <?php checked( 1, $crop ); ?> /> <?php esc_html_e( 'Hard crop?', 'woocommerce' ); ?></label>
670
671	</td>
672	</tr>
673	<?php
674	break;
675
676	// Single page selects.
677	case 'single_select_page':
678	$args = array(
679	'name' => $value['field_name'],
680	'id' => $value['id'],
681	'sort_column' => 'menu_order',
682	'sort_order' => 'ASC',
683	'show_option_none' => ' ',
684	'class' => $value['class'],
685	'echo' => false,
686	'selected' => absint( $value['value'] ),
687	'post_status' => 'publish,private,draft',
688	);
689
690	if ( isset( $value['args'] ) ) {
691	$args = wp_parse_args( $value['args'], $args );
692	}
693
694	?>
695	<tr class="single_select_page <?php echo esc_attr( $value['row_class'] ); ?>">
696	<th scope="row" class="titledesc">
697	<label><?php echo esc_html( $value['title'] ); ?> <?php echo $tooltip_html; // WPCS: XSS ok. ?></label>
698	</th>
699	<td class="forminp">
700	<?php echo str_replace( ' id=', " data-placeholder='" . esc_attr__( 'Select a page…', 'woocommerce' ) . "' style='" . $value['css'] . "' class='" . $value['class'] . "' id=", wp_dropdown_pages( $args ) ); // WPCS: XSS ok. ?> <?php echo $description; // WPCS: XSS ok. ?>
701	</td>
702	</tr>
703	<?php
704	break;
705
706	case 'single_select_page_with_search':
707	$option_value = $value['value'];
708	$page = get_post( $option_value );
709
710	if ( ! is_null( $page ) ) {
711	$page = get_post( $option_value );
712	$option_display_name = sprintf(
713	/* translators: 1: page name 2: page ID */
714	__( '%1$s (ID: %2$s)', 'woocommerce' ),
715	$page->post_title,
716	$option_value
717	);
718	}
719	?>
720	<tr class="single_select_page <?php echo esc_attr( $value['row_class'] ); ?>">
721	<th scope="row" class="titledesc">
722	<label for="<?php echo esc_attr( $value['id'] ); ?>"><?php echo esc_html( $value['title'] ); ?> <?php echo $tooltip_html; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped ?></label>
723	</th>
724	<td class="forminp forminp-<?php echo esc_attr( sanitize_title( $value['type'] ) ); ?>">
725	<select
726	name="<?php echo esc_attr( $value['field_name'] ); ?>"
727	id="<?php echo esc_attr( $value['id'] ); ?>"
728	style="<?php echo esc_attr( $value['css'] ); ?>"
729	class="<?php echo esc_attr( $value['class'] ); ?>"
730	<?php echo implode( ' ', $custom_attributes ); // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped ?>
731	data-placeholder="<?php esc_attr_e( 'Search for a page…', 'woocommerce' ); ?>"
732	data-allow_clear="true"
733	data-exclude="<?php echo wc_esc_json( wp_json_encode( $value['args']['exclude'] ) ); ?>"
734	>
735	<option value=""></option>
736	<?php if ( ! is_null( $page ) ) { ?>
737	<option value="<?php echo esc_attr( $option_value ); ?>" selected="selected">
738	<?php echo wp_strip_all_tags( $option_display_name ); // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped ?>
739	</option>
740	<?php } ?>
741	</select> <?php echo $description; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped ?>
742	</td>
743	</tr>
744	<?php
745	break;
746
747	// Single country selects.
748	case 'single_select_country':
749	$country_setting = (string) $value['value'];
750
751	if ( strstr( $country_setting, ':' ) ) {
752	$country_setting = explode( ':', $country_setting );
753	$country = current( $country_setting );
754	$state = end( $country_setting );
755	} else {
756	$country = $country_setting;
757	$state = '*';
758	}
759	?>
760	<tr class="<?php echo esc_attr( $value['row_class'] ); ?>">
761	<th scope="row" class="titledesc">
762	<label for="<?php echo esc_attr( $value['id'] ); ?>"><?php echo esc_html( $value['title'] ); ?> <?php echo $tooltip_html; // WPCS: XSS ok. ?></label>
763	</th>
764	<td class="forminp"><select name="<?php echo esc_attr( $value['field_name'] ); ?>" id="<?php echo esc_attr( $value['id'] ); ?>" style="<?php echo esc_attr( $value['css'] ); ?>" data-placeholder="<?php esc_attr_e( 'Choose a country / region…', 'woocommerce' ); ?>" aria-label="<?php esc_attr_e( 'Country / Region', 'woocommerce' ); ?>" class="wc-enhanced-select">
765	<?php WC()->countries->country_dropdown_options( $country, $state ); ?>
766	</select> <?php echo $description; // WPCS: XSS ok. ?>
767	</td>
768	</tr>
769	<?php
770	break;
771
772	// Country multiselects.
773	case 'multi_select_countries':
774	$selections = (array) $value['value'];
775
776	if ( ! empty( $value['options'] ) ) {
777	$countries = $value['options'];
778	} else {
779	$countries = WC()->countries->countries;
780	}
781
782	asort( $countries );
783	?>
784	<tr class="<?php echo esc_attr( $value['row_class'] ); ?>">
785	<th scope="row" class="titledesc">
786	<label for="<?php echo esc_attr( $value['id'] ); ?>"><?php echo esc_html( $value['title'] ); ?> <?php echo $tooltip_html; // WPCS: XSS ok. ?></label>
787	</th>
788	<td class="forminp">
789	<select
790	multiple="multiple"
791	name="<?php echo esc_attr( $value['field_name'] ); ?>[]"
792	id="<?php echo esc_attr( $value['id'] ); ?>"
793	style="width:350px"
794	data-placeholder="<?php esc_attr_e( 'Choose countries / regions…', 'woocommerce' ); ?>"
795	aria-label="<?php esc_attr_e( 'Country / Region', 'woocommerce' ); ?>"
796	class="wc-enhanced-select">
797	<?php
798	if ( ! empty( $countries ) ) {
799	foreach ( $countries as $key => $val ) {
800	echo '<option value="' . esc_attr( $key ) . '"' . wc_selected( $key, $selections ) . '>' . esc_html( $val ) . '</option>'; // WPCS: XSS ok.
801	}
802	}
803	?>
804	</select> <?php echo ( $description ) ? $description : ''; // WPCS: XSS ok. ?> <br /><a class="select_all button" href="#"><?php esc_html_e( 'Select all', 'woocommerce' ); ?></a> <a class="select_none button" href="#"><?php esc_html_e( 'Select none', 'woocommerce' ); ?></a>
805	</td>
806	</tr>
807	<?php
808	break;
809
810	// Days/months/years selector.
811	case 'relative_date_selector':
812	$periods = array(
813	'days' => __( 'Day(s)', 'woocommerce' ),
814	'weeks' => __( 'Week(s)', 'woocommerce' ),
815	'months' => __( 'Month(s)', 'woocommerce' ),
816	'years' => __( 'Year(s)', 'woocommerce' ),
817	);
818	$option_value = wc_parse_relative_date_option( $value['value'] );
819	?>
820	<tr class="<?php echo esc_attr( $value['row_class'] ); ?>">
821	<th scope="row" class="titledesc">
822	<label for="<?php echo esc_attr( $value['id'] ); ?>"><?php echo esc_html( $value['title'] ); ?> <?php echo $tooltip_html; // WPCS: XSS ok. ?></label>
823	</th>
824	<td class="forminp">
825	<input
826	name="<?php echo esc_attr( $value['field_name'] ); ?>[number]"
827	id="<?php echo esc_attr( $value['id'] ); ?>"
828	type="number"
829	style="width: 80px;"
830	value="<?php echo esc_attr( $option_value['number'] ); ?>"
831	class="<?php echo esc_attr( $value['class'] ); ?>"
832	placeholder="<?php echo esc_attr( $value['placeholder'] ); ?>"
833	step="1"
834	min="1"
835	<?php echo implode( ' ', $custom_attributes ); // WPCS: XSS ok. ?>
836	/>
837	<select name="<?php echo esc_attr( $value['field_name'] ); ?>[unit]" style="width: auto;">
838	<?php
839	foreach ( $periods as $value => $label ) {
840	echo '<option value="' . esc_attr( $value ) . '"' . selected( $option_value['unit'], $value, false ) . '>' . esc_html( $label ) . '</option>';
841	}
842	?>
843	</select> <?php echo ( $description ) ? $description : ''; // WPCS: XSS ok. ?>
844	</td>
845	</tr>
846	<?php
847	break;
848
849	case 'slotfill_placeholder':
850	?>
851	<div
852	id="<?php echo esc_attr( $value['id'] ); ?>"
853	class="<?php echo esc_attr( $value['class'] ); ?>"
854	>
855	</div>
856	<?php
857	break;
858	// Default: run an action.
859	default:
860	do_action( 'woocommerce_admin_field_' . $value['type'], $value );
861	break;
862	}
863	}
864	}
865
866	/**
867	* Helper function to get the formatted description and tip HTML for a
868	* given form field. Plugins can call this when implementing their own custom
869	* settings types.
870	*
871	* @param array $value The form field value array.
872	* @return array The description and tip as a 2 element array.
873	*/
874	public static function get_field_description( $value ) {
875	$description = '';
876	$tooltip_html = '';
877
878	if ( true === $value['desc_tip'] ) {
879	$tooltip_html = $value['desc'];
880	} elseif ( ! empty( $value['desc_tip'] ) ) {
881	$description = $value['desc'];
882	$tooltip_html = $value['desc_tip'];
883	} elseif ( ! empty( $value['desc'] ) ) {
884	$description = $value['desc'];
885	}
886
887	$desc_at_end = ( isset( $value['desc_at_end'] ) ? $value['desc_at_end'] : false );
888	$error_class = ( ! empty( $value['description_is_error'] ) ) ? 'is-error' : '';
889
890	if ( $description && in_array( $value['type'], array( 'textarea' ), true ) && true !== $desc_at_end ) {
891	$description = '<p class="description ' . $error_class . '" style="margin-top:0;">' . wp_kses_post( $description ) . '</p>';
892	} elseif ( $description && in_array( $value['type'], array( 'radio' ), true ) ) {
893	$description = '<p style="margin-top:0">' . wp_kses_post( $description ) . '</p>';
894	} elseif ( $description && in_array( $value['type'], array( 'checkbox' ), true ) ) {
895	$description = wp_kses_post( $description );
896	} elseif ( $description ) {
897	$description = '<p class="description ' . $error_class . '">' . wp_kses_post( $description ) . '</p>';
898	}
899
900	if ( $tooltip_html && in_array( $value['type'], array( 'checkbox' ), true ) ) {
901	$tooltip_html = '<p class="description ' . $error_class . '">' . $tooltip_html . '</p>';
902	} elseif ( $tooltip_html ) {
903	$tooltip_html = wc_help_tip( $tooltip_html );
904	}
905
906	return array(
907	'description' => $description,
908	'tooltip_html' => $tooltip_html,
909	);
910	}
911
912	/**
913	* Save admin fields.
914	*
915	* Loops through the woocommerce options array and outputs each field.
916	*
917	* @param array $options Options array to output.
918	* @param array $data Optional. Data to use for saving. Defaults to $_POST.
919	* @return bool
920	*/
921	public static function save_fields( $options, $data = null ) {
922	if ( is_null( $data ) ) {
923	$data = $_POST; // WPCS: input var okay, CSRF ok.
924	}
925	if ( empty( $data ) ) {
926	return false;
927	}
928
929	// Options to update will be stored here and saved later.
930	$update_options = array();
931	$autoload_options = array();
932
933	// Loop options and get values to save.
934	foreach ( $options as $option ) {
935	if ( ! isset( $option['id'] ) \|\| ! isset( $option['type'] ) \|\| ( isset( $option['is_option'] ) && false === $option['is_option'] ) ) {
936	continue;
937	}
938
939	$option_name = $option['field_name'] ?? $option['id'];
940
941	// Get posted value.
942	if ( strstr( $option_name, '[' ) ) {
943	parse_str( $option_name, $option_name_array );
944	$option_name = current( array_keys( $option_name_array ) );
945	$setting_name = key( $option_name_array[ $option_name ] );
946	$raw_value = isset( $data[ $option_name ][ $setting_name ] ) ? wp_unslash( $data[ $option_name ][ $setting_name ] ) : null;
947	} else {
948	$setting_name = '';
949	$raw_value = isset( $data[ $option_name ] ) ? wp_unslash( $data[ $option_name ] ) : null;
950	}
951
952	// Format the value based on option type.
953	switch ( $option['type'] ) {
954	case 'checkbox':
955	$value = '1' === $raw_value \|\| 'yes' === $raw_value ? 'yes' : 'no';
956	break;
957	case 'textarea':
958	$value = wp_kses_post( trim( $raw_value ) );
959	break;
960	case 'multiselect':
961	case 'multi_select_countries':
962	$value = array_filter( array_map( 'wc_clean', (array) $raw_value ) );
963	break;
964	case 'image_width':
965	$value = array();
966	if ( isset( $raw_value['width'] ) ) {
967	$value['width'] = wc_clean( $raw_value['width'] );
968	$value['height'] = wc_clean( $raw_value['height'] );
969	$value['crop'] = isset( $raw_value['crop'] ) ? 1 : 0;
970	} else {
971	$value['width'] = $option['default']['width'];
972	$value['height'] = $option['default']['height'];
973	$value['crop'] = $option['default']['crop'];
974	}
975	break;
976	case 'select':
977	$allowed_values = empty( $option['options'] ) ? array() : array_map( 'strval', array_keys( $option['options'] ) );
978	if ( empty( $option['default'] ) && empty( $allowed_values ) ) {
979	$value = null;
980	break;
981	}
982	$default = ( empty( $option['default'] ) ? $allowed_values[0] : $option['default'] );
983	$value = in_array( $raw_value, $allowed_values, true ) ? $raw_value : $default;
984	break;
985	case 'relative_date_selector':
986	$value = wc_parse_relative_date_option( $raw_value );
987	break;
988	case 'password':
989	// Non-string or absent → null so the option is skipped, not overwritten.
990	// Only trim — no wp_strip_all_tags() or wc_clean() which would corrupt
991	// passwords containing '<' or percent-like sequences.
992	// $raw_value is already wp_unslash()ed upstream, so no stripslashes() needed.
993	// Matches WC_Settings_API::validate_password_field() behavior.
994	$value = is_string( $raw_value ) ? trim( $raw_value ) : null;
995	break;
996	default:
997	$value = wc_clean( $raw_value );
998	break;
999	}
1000
1001	/**
1002	* Fire an action when a certain 'type' of field is being saved.
1003	*
1004	* @deprecated 2.4.0 - doesn't allow manipulation of values!
1005	*/
1006	if ( has_action( 'woocommerce_update_option_' . sanitize_title( $option['type'] ) ) ) {
1007	wc_deprecated_function( 'The woocommerce_update_option_X action', '2.4.0', 'woocommerce_admin_settings_sanitize_option filter' );
1008	do_action( 'woocommerce_update_option_' . sanitize_title( $option['type'] ), $option );
1009	continue;
1010	}
1011
1012	/**
1013	* Sanitize the value of an option.
1014	*
1015	* @since 2.4.0
1016	*/
1017	$value = apply_filters( 'woocommerce_admin_settings_sanitize_option', $value, $option, $raw_value );
1018
1019	/**
1020	* Sanitize the value of an option by option name.
1021	*
1022	* @since 2.4.0
1023	*/
1024	$value = apply_filters( "woocommerce_admin_settings_sanitize_option_$option_name", $value, $option, $raw_value );
1025
1026	if ( is_null( $value ) ) {
1027	continue;
1028	}
1029
1030	// Check if option is an array and handle that differently to single values.
1031	if ( $option_name && $setting_name ) {
1032	if ( ! isset( $update_options[ $option_name ] ) ) {
1033	$update_options[ $option_name ] = get_option( $option_name, array() );
1034	}
1035	if ( ! is_array( $update_options[ $option_name ] ) ) {
1036	$update_options[ $option_name ] = array();
1037	}
1038	$update_options[ $option_name ][ $setting_name ] = $value;
1039	} else {
1040	$update_options[ $option_name ] = $value;
1041	}
1042
1043	$autoload_options[ $option_name ] = isset( $option['autoload'] ) ? (bool) $option['autoload'] : true;
1044
1045	/**
1046	* Fire an action before saved.
1047	*
1048	* @deprecated 2.4.0 - doesn't allow manipulation of values!
1049	*/
1050	do_action( 'woocommerce_update_option', $option );
1051	}
1052
1053	// Save all options in our array.
1054	foreach ( $update_options as $name => $value ) {
1055	update_option( $name, $value, $autoload_options[ $name ] ? 'yes' : 'no' );
1056	}
1057
1058	return true;
1059	}
1060
1061	/**
1062	* Checks which method we're using to serve downloads.
1063	*
1064	* If using force or x-sendfile, this ensures the .htaccess is in place.
1065	*/
1066	public static function check_download_folder_protection() {
1067	$upload_dir = wp_get_upload_dir();
1068	$downloads_path = $upload_dir['basedir'] . '/woocommerce_uploads';
1069	$download_method = get_option( 'woocommerce_file_download_method' );
1070	$file_path = $downloads_path . '/.htaccess';
1071	$file_content = 'redirect' === $download_method ? 'Options -Indexes' : 'deny from all';
1072	$create = false;
1073
1074	if ( wp_mkdir_p( $downloads_path ) && ! file_exists( $file_path ) ) {
1075	$create = true;
1076	} else {
1077	$current_content = @file_get_contents( $file_path ); // phpcs:ignore WordPress.PHP.NoSilencedErrors.Discouraged, WordPress.WP.AlternativeFunctions.file_get_contents_file_get_contents
1078
1079	if ( $current_content !== $file_content ) {
1080	unlink( $file_path );
1081	$create = true;
1082	}
1083	}
1084
1085	if ( $create ) {
1086	$file_handle = @fopen( $file_path, 'wb' ); // phpcs:ignore WordPress.PHP.NoSilencedErrors.Discouraged, WordPress.WP.AlternativeFunctions.file_system_read_fopen
1087	if ( $file_handle ) {
1088	fwrite( $file_handle, $file_content ); // phpcs:ignore WordPress.WP.AlternativeFunctions.file_system_read_fwrite
1089	fclose( $file_handle ); // phpcs:ignore WordPress.WP.AlternativeFunctions.file_system_read_fclose
1090	}
1091	}
1092	}
1093	}
1094
1095	endif;
1096