DependencyDetection.php — WooCommerce 10.8.1

woocommerce / src / Blocks / DependencyDetection.php

woocommerce / src / Blocks Last commit date

AI 1 year ago AIContent 1 year ago Assets 2 months ago BlockTypes 1 week ago Domain 4 weeks ago Images 1 year ago Integrations 2 years ago Patterns 5 months ago Payments 4 months ago Registry 2 years ago SharedStores 4 weeks ago Shipping 6 months ago Templates 4 weeks ago Utils 4 weeks ago Assets.php 2 years ago AssetsController.php 4 months ago BlockPatterns.php 6 months ago BlockTemplatesController.php 6 months ago BlockTemplatesRegistry.php 9 months ago BlockTypesController.php 3 months ago DependencyDetection.php 4 months ago InboxNotifications.php 2 years ago Installer.php 4 weeks ago Library.php 2 years ago Options.php 2 years ago Package.php 1 year ago QueryFilters.php 6 months ago TemplateOptions.php 1 year ago

DependencyDetection.php

358 lines

1	<?php
2	declare( strict_types = 1 );
3
4	namespace Automattic\WooCommerce\Blocks;
5
6	use Automattic\WooCommerce\Internal\Utilities\BlocksUtil;
7
8	/**
9	* DependencyDetection class.
10	*
11	* Provides runtime detection of extensions that use Blocks related WooCommerce globals
12	* (window.wc.*) without properly declaring their PHP script dependencies.
13	*
14	* This runs by default to warn developers about missing dependencies.
15	*
16	* @since 10.5.0
17	* @internal
18	*/
19	final class DependencyDetection {
20
21	/**
22	* WooCommerce blocks that use the tracked globals.
23	*
24	* Detection script only runs on pages containing these blocks.
25	*
26	* @var array<string>
27	*/
28	private const TRACKED_BLOCKS = array(
29	'woocommerce/checkout',
30	'woocommerce/cart',
31	'woocommerce/mini-cart',
32	);
33
34	/**
35	* Maps window.wc.* property names to their required script handles.
36	*
37	* This is the source of truth for both PHP and JS dependency detection.
38	* Based on wcDepMap and wcHandleMap in client/blocks/bin/webpack-helpers.js.
39	*
40	* @var array<string, string>
41	*/
42	private const WC_GLOBAL_EXPORTS = array(
43	'wcBlocksRegistry' => 'wc-blocks-registry',
44	'wcSettings' => 'wc-settings',
45	'wcBlocksData' => 'wc-blocks-data-store',
46	'data' => 'wc-store-data',
47	'wcBlocksSharedContext' => 'wc-blocks-shared-context',
48	'wcBlocksSharedHocs' => 'wc-blocks-shared-hocs',
49	'priceFormat' => 'wc-price-format',
50	'blocksCheckout' => 'wc-blocks-checkout',
51	'blocksCheckoutEvents' => 'wc-blocks-checkout-events',
52	'blocksComponents' => 'wc-blocks-components',
53	'wcTypes' => 'wc-types',
54	'sanitize' => 'wc-sanitize',
55	);
56
57	/**
58	* Whether the proxy script was output.
59	*
60	* Used to ensure we only output the registry if the proxy was set up.
61	*
62	* @var bool
63	*/
64	private bool $proxy_output = false;
65
66	/**
67	* Constructor.
68	*/
69	public function __construct() {
70	$this->init();
71	}
72
73	/**
74	* Initialize hooks.
75	*
76	* @since 10.5.0
77	*/
78	public function init(): void {
79	// Only run when debugging is enabled.
80	if ( ! defined( 'WP_DEBUG' ) \|\| ! WP_DEBUG ) {
81	return;
82	}
83
84	// Output an early inline script to set up the Proxy before any other scripts run.
85	add_action( 'wp_head', array( $this, 'output_early_proxy_setup' ), 1 );
86	add_action( 'admin_head', array( $this, 'output_early_proxy_setup' ), 1 );
87
88	// Output registry late when all scripts (including IntegrationInterface) are registered.
89	add_action( 'wp_print_footer_scripts', array( $this, 'output_script_registry' ), 1 );
90	add_action( 'admin_print_footer_scripts', array( $this, 'output_script_registry' ), 1 );
91	}
92
93	/**
94	* Output early inline script to set up the Proxy on window.wc.
95	*
96	* This must run before any WooCommerce scripts to intercept access.
97	* The script is loaded from a separate file for better IDE support and testing,
98	* but output inline to ensure correct timing (before any enqueued scripts).
99	*
100	* @since 10.5.0
101	*/
102	public function output_early_proxy_setup(): void {
103	// Only run on pages that have the tracked blocks.
104	if ( ! $this->page_has_tracked_blocks() ) {
105	return;
106	}
107
108	// Load from the production assets directory (built by webpack and copied during release build).
109	$script_path = __DIR__ . '/../../assets/client/blocks/dependency-detection.js';
110
111	if ( ! file_exists( $script_path ) ) {
112	return;
113	}
114
115	// phpcs:ignore WordPress.WP.AlternativeFunctions.file_get_contents_file_get_contents -- Local file read for inline script output.
116	$script_content = file_get_contents( $script_path );
117
118	if ( ! $script_content ) {
119	return;
120	}
121
122	// Inject the global-to-handle mapping from PHP (source of truth).
123	$mapping_json = \wp_json_encode( self::WC_GLOBAL_EXPORTS );
124	if ( false === $mapping_json ) {
125	return;
126	}
127	$script_content = str_replace(
128	'__WC_GLOBAL_EXPORTS_PLACEHOLDER__',
129	$mapping_json,
130	$script_content
131	);
132
133	// Inject the WooCommerce plugin URL for script origin detection.
134	// This accounts for custom plugin directories (WP_PLUGIN_DIR, WP_CONTENT_DIR).
135	$wc_plugin_url = \plugins_url( '/', WC_PLUGIN_FILE );
136	$script_content = str_replace(
137	'__WC_PLUGIN_URL_PLACEHOLDER__',
138	'"' . esc_js( $wc_plugin_url ) . '"',
139	$script_content
140	);
141
142	// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- Script content is from a trusted local file, JSON is safely encoded.
143	echo '<script id="wc-dependency-detection">' . $script_content . '</script>' . "\n";
144
145	$this->proxy_output = true;
146	}
147
148	/**
149	* Output the script registry JSON for dependency checking.
150	*
151	* This runs late (wp_print_footer_scripts) to ensure all scripts,
152	* including those registered via IntegrationInterface, are captured.
153	*
154	* @since 10.5.0
155	*/
156	public function output_script_registry(): void {
157	// Only output registry if the proxy was set up earlier.
158	// This avoids the duplicate page_has_tracked_blocks() check and ensures
159	// we don't output a registry without a proxy to consume it.
160	if ( ! $this->proxy_output ) {
161	return;
162	}
163
164	// Build the script registry mapping URLs to handles and dependencies.
165	$script_registry = $this->build_script_registry();
166	$registry_json = \wp_json_encode( $script_registry );
167
168	if ( false === $registry_json ) {
169	return;
170	}
171
172	// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- JSON is safely encoded by wp_json_encode.
173	echo '<script id="wc-dependency-detection-registry">if(typeof window.wc.wcUpdateDependencyRegistry==="function"){window.wc.wcUpdateDependencyRegistry(' . $registry_json . ');}</script>' . "\n";
174	}
175
176	/**
177	* Build a registry of all enqueued scripts with their URLs and dependencies.
178	*
179	* @return array<string, array{handle: string, deps: array<string>}>
180	*/
181	private function build_script_registry(): array {
182	$wp_scripts = wp_scripts();
183	$registry = array();
184
185	foreach ( $wp_scripts->registered as $handle => $script ) {
186	// Skip scripts without a source URL.
187	if ( empty( $script->src ) ) {
188	continue;
189	}
190
191	// Get the full URL.
192	$src = $script->src;
193	if ( ! is_string( $src ) ) {
194	// Skip malformed src.
195	continue;
196	}
197	if ( ! preg_match( '\|^(https?:)?//\|', $src ) ) {
198	// Relative URL - make it absolute.
199	$src = $wp_scripts->base_url . $src;
200	}
201
202	// Skip WooCommerce's own scripts - we don't need to check those.
203	if ( $this->is_woocommerce_script( $src ) ) {
204	continue;
205	}
206
207	// Skip WordPress core scripts - they won't use wc.* globals.
208	if ( $this->is_wordpress_core_script( $src ) ) {
209	continue;
210	}
211
212	// Normalize the URL for consistent matching.
213	$src = $this->normalize_url( $src );
214
215	$registry[ $src ] = array(
216	'handle' => $handle,
217	'deps' => $this->get_all_dependencies( $script->deps ),
218	);
219	}
220
221	return $registry;
222	}
223
224	/**
225	* Check if a script URL belongs to WooCommerce core.
226	*
227	* Checks if the script is loaded from the WooCommerce core plugin directory,
228	* not from third-party extensions that may use similar handle naming.
229	*
230	* @param string $url Script URL.
231	* @return bool
232	*/
233	private function is_woocommerce_script( string $url ): bool {
234	// Get the WooCommerce plugin URL (accounts for custom plugin directories).
235	$wc_plugin_url = \plugins_url( '/', WC_PLUGIN_FILE );
236
237	// Check if the URL starts with the WooCommerce plugin URL and is in a known subdirectory.
238	if ( strpos( $url, $wc_plugin_url ) !== 0 ) {
239	return false;
240	}
241
242	// Get the path after the WooCommerce plugin URL.
243	$relative_path = substr( $url, strlen( $wc_plugin_url ) );
244
245	// Check if it's in one of the known WooCommerce asset directories.
246	return (bool) preg_match( '#^(client\|assets\|build\|vendor)/#', $relative_path );
247	}
248
249	/**
250	* Check if a script URL belongs to WordPress core.
251	*
252	* WordPress core scripts (wp-includes, wp-admin) won't use wc.* globals,
253	* so we can skip them to reduce registry size.
254	*
255	* @param string $url Script URL.
256	* @return bool
257	*/
258	private function is_wordpress_core_script( string $url ): bool {
259	return (bool) preg_match( '#/(wp-includes\|wp-admin)/#', $url );
260	}
261
262	/**
263	* Recursively get all dependencies including nested ones.
264	*
265	* @param array<string> $deps Direct dependencies.
266	* @return array<string> All dependencies (flattened).
267	*/
268	private function get_all_dependencies( array $deps ): array {
269	$wp_scripts = wp_scripts();
270	$all_deps = array();
271	$deps_to_process = $deps;
272
273	while ( ! empty( $deps_to_process ) ) {
274	$handle = array_shift( $deps_to_process );
275
276	if ( in_array( $handle, $all_deps, true ) ) {
277	continue;
278	}
279
280	$all_deps[] = $handle;
281
282	// Add nested dependencies to process.
283	if ( isset( $wp_scripts->registered[ $handle ] ) ) {
284	foreach ( $wp_scripts->registered[ $handle ]->deps as $nested_dep ) {
285	if ( ! in_array( $nested_dep, $all_deps, true ) ) {
286	$deps_to_process[] = $nested_dep;
287	}
288	}
289	}
290	}
291
292	// Filter to only include WooCommerce handles we care about.
293	$wc_handles = array_values( self::WC_GLOBAL_EXPORTS );
294	return array_values(
295	array_filter(
296	$all_deps,
297	function ( $dep ) use ( $wc_handles ) {
298	return in_array( $dep, $wc_handles, true );
299	}
300	)
301	);
302	}
303
304	/**
305	* Check if the current page contains any of the tracked blocks.
306	* Checks post content, widget areas, and template parts (header) for blocks.
307	*
308	* @return bool True if page has tracked blocks.
309	*/
310	private function page_has_tracked_blocks(): bool {
311	// Check post content for blocks.
312	foreach ( self::TRACKED_BLOCKS as $block_name ) {
313	if ( \has_block( $block_name ) ) {
314	return true;
315	}
316	}
317
318	// Check widget areas for mini-cart (classic themes).
319	$mini_cart_in_widgets = BlocksUtil::get_blocks_from_widget_area( 'woocommerce/mini-cart' );
320	if ( ! empty( $mini_cart_in_widgets ) ) {
321	return true;
322	}
323
324	// Check header template part for mini-cart (block themes).
325	try {
326	$mini_cart_in_header = BlocksUtil::get_block_from_template_part( 'woocommerce/mini-cart', 'header' );
327	if ( ! empty( $mini_cart_in_header ) ) {
328	return true;
329	}
330	} catch ( \Throwable $e ) { // phpcs:ignore Generic.CodeAnalysis.EmptyStatement.DetectedCatch
331	// Template part may not exist in all themes, silently continue.
332	}
333
334	return false;
335	}
336
337	/**
338	* Normalize a URL by removing query strings and hash fragments.
339	*
340	* This helps match URLs in stack traces which don't include query strings.
341	*
342	* @param string $url URL to normalize.
343	* @return string Normalized URL without query string or hash.
344	*/
345	private function normalize_url( string $url ): string {
346	$scheme = wp_parse_url( $url, PHP_URL_SCHEME );
347	$host = wp_parse_url( $url, PHP_URL_HOST );
348	$path = wp_parse_url( $url, PHP_URL_PATH );
349
350	if ( $scheme && $host && $path ) {
351	$port = wp_parse_url( $url, PHP_URL_PORT );
352	return $scheme . '://' . $host . ( $port ? ':' . $port : '' ) . $path;
353	}
354
355	return $url;
356	}
357	}
358