class-wc-admin.php — WooCommerce 10.8.1

woocommerce / includes / admin / class-wc-admin.php

woocommerce / includes / admin Last commit date

class-wc-admin.php

440 lines

1	<?php
2	/**
3	* WooCommerce Admin
4	*
5	* @class WC_Admin
6	* @package WooCommerce\Admin
7	* @version 2.6.0
8	*/
9
10	declare(strict_types=1);
11
12	use Automattic\WooCommerce\Admin\PageController;
13	use Automattic\WooCommerce\Internal\Admin\EmailPreview\EmailPreview;
14
15	if ( ! defined( 'ABSPATH' ) ) {
16	exit; // Exit if accessed directly.
17	}
18
19	/**
20	* WC_Admin class.
21	*/
22	class WC_Admin {
23
24	/**
25	* Constructor.
26	*/
27	public function __construct() {
28	add_action( 'init', array( $this, 'includes' ) );
29
30	// Hook in early (priority 1) to make sure the PageController's hooks are added before any WC admin pages or
31	// menus logic is run, including the enqueuing of assets via \Automattic\WooCommerce\Internal\Admin\WCAdminAssets.
32	// While it may not sound like it, the admin_menu action is triggered quite early,
33	// before the admin_init or admin_enqueue_scripts action.
34	// @see https://developer.wordpress.org/apis/hooks/action-reference/#actions-run-during-an-admin-page-request.
35	add_action( 'admin_menu', array( $this, 'init_page_controller' ), 1 );
36
37	add_action( 'current_screen', array( $this, 'conditional_includes' ) );
38	add_action( 'admin_init', array( $this, 'buffer' ), 1 );
39	add_action( 'admin_init', array( $this, 'preview_emails' ) );
40	add_action( 'admin_init', array( $this, 'prevent_admin_access' ) );
41	add_action( 'admin_init', array( $this, 'admin_redirects' ) );
42	add_action( 'admin_footer', 'wc_print_js', 25 );
43	add_filter( 'admin_footer_text', array( $this, 'admin_footer_text' ), 1 );
44	add_filter( 'update_footer', array( $this, 'update_footer_version' ), 20 );
45
46	// Disable WXR export of schedule action posts.
47	add_filter( 'action_scheduler_post_type_args', array( $this, 'disable_webhook_post_export' ) );
48
49	// Add body class for WP 5.3+ compatibility.
50	add_filter( 'admin_body_class', array( $this, 'include_admin_body_class' ), 9999 );
51
52	// Add body class for Marketplace and My Subscriptions pages.
53	if ( isset( $_GET['page'] ) && 'wc-addons' === $_GET['page'] ) { // phpcs:ignore WordPress.Security.NonceVerification.Recommended
54	add_filter( 'admin_body_class', array( 'WC_Admin_Addons', 'filter_admin_body_classes' ) );
55	}
56	}
57
58	/**
59	* Output buffering allows admin screens to make redirects later on.
60	*/
61	public function buffer() {
62	ob_start();
63	}
64
65	/**
66	* Include any classes we need within admin.
67	*/
68	public function includes() {
69	include_once __DIR__ . '/wc-admin-functions.php';
70	include_once __DIR__ . '/wc-meta-box-functions.php';
71	include_once __DIR__ . '/class-wc-admin-post-types.php';
72	include_once __DIR__ . '/class-wc-admin-taxonomies.php';
73	include_once __DIR__ . '/class-wc-admin-menus.php';
74	include_once __DIR__ . '/class-wc-admin-customize.php';
75	include_once __DIR__ . '/class-wc-admin-notices.php';
76	include_once __DIR__ . '/class-wc-admin-assets.php';
77	include_once __DIR__ . '/class-wc-admin-api-keys.php';
78	include_once __DIR__ . '/class-wc-admin-webhooks.php';
79	include_once __DIR__ . '/class-wc-admin-pointers.php';
80	include_once __DIR__ . '/class-wc-admin-importers.php';
81	include_once __DIR__ . '/class-wc-admin-exporters.php';
82
83	// Help Tabs.
84	/**
85	* Filter to enable/disable admin help tab.
86	*
87	* @since 3.6.0
88	*/
89	if ( apply_filters( 'woocommerce_enable_admin_help_tab', true ) ) {
90	include_once __DIR__ . '/class-wc-admin-help.php';
91	}
92
93	// Helper.
94	include_once __DIR__ . '/helper/class-wc-helper.php';
95
96	// Marketplace suggestions & related REST API.
97	include_once __DIR__ . '/marketplace-suggestions/class-wc-marketplace-suggestions.php';
98	include_once __DIR__ . '/marketplace-suggestions/class-wc-marketplace-updater.php';
99	}
100
101	/**
102	* Initialize the admin page controller logic.
103	*/
104	public function init_page_controller() {
105	// We only need to make sure the controller is instantiated since the hooking is done in the constructor.
106	PageController::get_instance();
107	}
108
109	/**
110	* Include admin files conditionally.
111	*/
112	public function conditional_includes() {
113	$screen = get_current_screen();
114
115	if ( ! $screen ) {
116	return;
117	}
118
119	switch ( $screen->id ) {
120	case 'dashboard':
121	case 'dashboard-network':
122	include __DIR__ . '/class-wc-admin-dashboard-setup.php';
123	include __DIR__ . '/class-wc-admin-dashboard.php';
124	break;
125	case 'options-permalink':
126	include __DIR__ . '/class-wc-admin-permalink-settings.php';
127	break;
128	case 'plugins':
129	include __DIR__ . '/plugin-updates/class-wc-plugins-screen-updates.php';
130	break;
131	case 'update-core':
132	include __DIR__ . '/plugin-updates/class-wc-updates-screen-updates.php';
133	break;
134	case 'users':
135	case 'user':
136	case 'profile':
137	case 'user-edit':
138	include __DIR__ . '/class-wc-admin-profile.php';
139	break;
140	}
141	}
142
143	/**
144	* Handle redirects:
145	* 1. Nonced plugin install redirects.
146	*
147	* The user must have access rights, and we must ignore the network/bulk plugin updaters.
148	*/
149	public function admin_redirects() {
150	// Don't run this fn from Action Scheduler requests.
151	if ( wc_is_running_from_async_action_scheduler() ) {
152	return;
153	}
154
155	// phpcs:disable WordPress.Security.NonceVerification.Recommended
156	// Nonced plugin install redirects.
157	if ( ! empty( $_GET['wc-install-plugin-redirect'] ) ) {
158	$plugin_slug = wc_clean( wp_unslash( $_GET['wc-install-plugin-redirect'] ) );
159
160	if ( current_user_can( 'install_plugins' ) && in_array( $plugin_slug, array( 'woocommerce-gateway-stripe' ), true ) ) {
161	$nonce = wp_create_nonce( 'install-plugin_' . $plugin_slug );
162	$url = self_admin_url( 'update.php?action=install-plugin&plugin=' . $plugin_slug . '&_wpnonce=' . $nonce );
163	} else {
164	$url = admin_url( 'plugin-install.php?tab=search&type=term&s=' . $plugin_slug );
165	}
166
167	wp_safe_redirect( $url );
168	exit;
169	}
170	// phpcs:enable WordPress.Security.NonceVerification.Recommended
171	}
172
173	/**
174	* Prevent any user who cannot 'edit_posts' (subscribers, customers etc) from accessing admin.
175	*/
176	public function prevent_admin_access() {
177	$prevent_access = false;
178
179	// Do not interfere with admin-post or admin-ajax requests.
180	$exempted_paths = array( 'admin-post.php', 'admin-ajax.php' );
181
182	if (
183	/**
184	* This filter is documented in ../wc-user-functions.php
185	*
186	* @since 3.6.0
187	*/
188	apply_filters( 'woocommerce_disable_admin_bar', true )
189	&& isset( $_SERVER['SCRIPT_FILENAME'] )
190	&& ! in_array( basename( sanitize_text_field( wp_unslash( $_SERVER['SCRIPT_FILENAME'] ) ) ), $exempted_paths, true )
191	) {
192	$has_cap = false;
193	$access_caps = array( 'edit_posts', 'manage_woocommerce', 'view_admin_dashboard' );
194
195	foreach ( $access_caps as $access_cap ) {
196	if ( current_user_can( $access_cap ) ) {
197	$has_cap = true;
198	break;
199	}
200	}
201
202	if ( ! $has_cap ) {
203	$prevent_access = true;
204	}
205	}
206
207	/**
208	* Filter to prevent admin access.
209	*
210	* @since 3.6.0
211	*/
212	if ( apply_filters( 'woocommerce_prevent_admin_access', $prevent_access ) ) {
213	wp_safe_redirect( wc_get_page_permalink( 'myaccount' ) );
214	exit;
215	}
216	}
217
218	/**
219	* Preview email template.
220	*/
221	public function preview_emails() {
222
223	if ( isset( $_GET['preview_woocommerce_mail'] ) ) {
224	if ( ! ( isset( $_REQUEST['_wpnonce'] ) && wp_verify_nonce( sanitize_text_field( wp_unslash( $_REQUEST['_wpnonce'] ) ), 'preview-mail' ) ) ) {
225	die( 'Security check' );
226	}
227
228	$email_preview = wc_get_container()->get( EmailPreview::class );
229
230	if ( isset( $_GET['type'] ) ) {
231	$type_param = sanitize_text_field( wp_unslash( $_GET['type'] ) );
232	try {
233	$email_preview->set_email_type( $type_param );
234	} catch ( InvalidArgumentException $e ) {
235	wp_die( esc_html__( 'Invalid email type.', 'woocommerce' ), 400 );
236	}
237	}
238
239	if ( defined( 'WP_DEBUG' ) && WP_DEBUG ) {
240	$message = $email_preview->render();
241	$message = $email_preview->ensure_links_open_in_new_tab( $message );
242	} else {
243	// Start output buffering to prevent partial renders with PHP notices or warnings.
244	ob_start();
245	try {
246	$message = $email_preview->render();
247	$message = $email_preview->ensure_links_open_in_new_tab( $message );
248	} catch ( Throwable $e ) {
249	ob_end_clean();
250	wp_die(
251	esc_html__(
252	'There was an error rendering the email preview. This doesn\'t affect actual email delivery. Please contact the extension author for assistance.',
253	'woocommerce'
254	),
255	404
256	);
257	}
258	ob_end_clean();
259	}
260
261	// print the preview email.
262	// phpcs:ignore WordPress.Security.EscapeOutput
263	echo $message;
264	// phpcs:enable
265	exit;
266	}
267	}
268
269	/**
270	* Change the admin footer text on WooCommerce admin pages.
271	*
272	* @since 2.3
273	*
274	* @param string $footer_text Footer text to be rendered.
275	* @return string
276	*/
277	public function admin_footer_text( $footer_text ) {
278	if ( ! current_user_can( 'manage_woocommerce' ) \|\| ! function_exists( 'wc_get_screen_ids' ) ) {
279	return $footer_text;
280	}
281	$current_screen = get_current_screen();
282	$wc_pages = array_merge( wc_get_screen_ids(), array( 'woocommerce_page_wc-admin' ) );
283
284	// Set only WC pages.
285	$wc_pages = array_diff( $wc_pages, array( 'profile', 'user-edit' ) );
286
287	/**
288	* Filter to determine if admin footer text should be displayed.
289	*
290	* @since 2.3
291	*/
292	if ( isset( $current_screen->id ) && apply_filters( 'woocommerce_display_admin_footer_text', in_array( $current_screen->id, $wc_pages, true ) ) ) {
293	// Change the footer text.
294	if ( ! get_option( 'woocommerce_admin_footer_text_rated' ) ) {
295	$footer_text = sprintf(
296	/* translators: 1: WooCommerce 2:: five stars */
297	__( 'If you like %1$s please leave us a %2$s rating. A huge thanks in advance!', 'woocommerce' ),
298	sprintf( '<strong>%s</strong>', esc_html__( 'WooCommerce', 'woocommerce' ) ),
299	'<a href="https://wordpress.org/support/plugin/woocommerce/reviews?rate=5#new-post" target="_blank" class="wc-rating-link" aria-label="' . esc_attr__( 'five star', 'woocommerce' ) . '" data-rated="' . esc_attr__( 'Thanks :)', 'woocommerce' ) . '">★★★★★</a>'
300	);
301
302	$script = "
303	(function() {
304	'use strict';
305	var ratingLink = document.querySelector('a.wc-rating-link');
306	if (ratingLink) {
307	ratingLink.addEventListener('click', function(e) {
308	var link = e.currentTarget;
309	var formData = new FormData();
310	formData.append('action', 'woocommerce_rated');
311
312	fetch('" . esc_js( WC()->ajax_url() ) . "', {
313	method: 'POST',
314	body: formData,
315	credentials: 'same-origin'
316	});
317
318	var parent = link.parentElement;
319	if (parent) {
320	parent.textContent = link.getAttribute('data-rated');
321	}
322	});
323	}
324	})();
325	";
326
327	$handle = 'wc-admin-footer-rating';
328	wp_register_script( $handle, '', array(), WC_VERSION, true );
329	wp_enqueue_script( $handle );
330	wp_add_inline_script( $handle, $script );
331	} else {
332	$footer_text = __( 'Thank you for selling with WooCommerce.', 'woocommerce' );
333	}
334	}
335
336	return '<span id="footer-thankyou">' . $footer_text . '</span>';
337	}
338
339	/**
340	* Update the footer version text.
341	*
342	* @since 10.2.0
343	*
344	* @param string $version The current version string.
345	* @return string
346	*/
347	public function update_footer_version( $version ) {
348	if ( ! function_exists( 'wc_get_screen_ids' ) ) {
349	return $version;
350	}
351	$current_screen = get_current_screen();
352	$wc_pages = array_merge( wc_get_screen_ids(), array( 'woocommerce_page_wc-admin' ) );
353
354	// Set only WC pages.
355	$wc_pages = array_diff( $wc_pages, array( 'profile', 'user-edit' ) );
356
357	// Check to make sure we're on a WooCommerce admin page.
358	/**
359	* Filter to determine if update footer text should be displayed.
360	*
361	* @since 2.3
362	*/
363	if ( isset( $current_screen->id ) && apply_filters( 'woocommerce_display_update_footer_text', in_array( $current_screen->id, $wc_pages, true ) ) ) {
364	// Replace WordPress version with WooCommerce version.
365	$version = sprintf(
366	/* translators: %s: WooCommerce version */
367	__( 'Version %s', 'woocommerce' ),
368	esc_html( WC()->version )
369	);
370	}
371
372	return $version;
373	}
374
375	/**
376	* Check on a Jetpack install queued by the Setup Wizard.
377	*
378	* See: WC_Admin_Setup_Wizard::install_jetpack()
379	*/
380	public function setup_wizard_check_jetpack() {
381	$jetpack_active = class_exists( 'Jetpack' );
382
383	wp_send_json_success(
384	array(
385	'is_active' => $jetpack_active ? 'yes' : 'no',
386	)
387	);
388	}
389
390	/**
391	* Disable WXR export of scheduled action posts.
392	*
393	* @since 3.6.2
394	*
395	* @param array $args Scheduled action post type registration args.
396	*
397	* @return array
398	*/
399	public function disable_webhook_post_export( $args ) {
400	$args['can_export'] = false;
401	return $args;
402	}
403
404	/**
405	* Include admin classes.
406	*
407	* @since 4.2.0
408	* @param string $classes Body classes string.
409	* @return string
410	*/
411	public function include_admin_body_class( $classes ) {
412	$raw_version = get_bloginfo( 'version' );
413
414	if ( ! $raw_version ) {
415	return $classes;
416	}
417
418	$version_parts = explode( '-', $raw_version );
419	$version = count( $version_parts ) > 1 ? $version_parts[0] : $raw_version;
420	$class_list = explode( ' ', $classes );
421
422	// WP version compatibility classes.
423	$version_classes = array(
424	'5.3' => 'wc-wp-version-gte-53',
425	'5.5' => 'wc-wp-version-gte-55',
426	'7.0' => 'wc-wp-version-gte-70',
427	);
428
429	foreach ( $version_classes as $min_version => $class_name ) {
430	if ( ! in_array( $class_name, $class_list, true ) && version_compare( $version, $min_version, '>=' ) ) {
431	$classes .= ' ' . $class_name;
432	}
433	}
434
435	return $classes;
436	}
437	}
438
439	return new WC_Admin();
440