abstract-wc-settings-api.php — WooCommerce 7.1.0-rc.2

woocommerce / includes / abstracts / abstract-wc-settings-api.php

woocommerce / includes / abstracts Last commit date

abstract-wc-settings-api.php

998 lines

1	<?php
2	/**
3	* Abstract Settings API Class
4	*
5	* Admin Settings API used by Integrations, Shipping Methods, and Payment Gateways.
6	*
7	* @package WooCommerce\Abstracts
8	*/
9
10	defined( 'ABSPATH' ) \|\| exit;
11
12	use Automattic\WooCommerce\Internal\Utilities\HtmlSanitizer;
13
14	/**
15	* WC_Settings_API class.
16	*/
17	abstract class WC_Settings_API {
18
19	/**
20	* The plugin ID. Used for option names.
21	*
22	* @var string
23	*/
24	public $plugin_id = 'woocommerce_';
25
26	/**
27	* ID of the class extending the settings API. Used in option names.
28	*
29	* @var string
30	*/
31	public $id = '';
32
33	/**
34	* Validation errors.
35	*
36	* @var array of strings
37	*/
38	public $errors = array();
39
40	/**
41	* Setting values.
42	*
43	* @var array
44	*/
45	public $settings = array();
46
47	/**
48	* Form option fields.
49	*
50	* @var array
51	*/
52	public $form_fields = array();
53
54	/**
55	* The posted settings data. When empty, $_POST data will be used.
56	*
57	* @var array
58	*/
59	protected $data = array();
60
61	/**
62	* Get the form fields after they are initialized.
63	*
64	* @return array of options
65	*/
66	public function get_form_fields() {
67	return apply_filters( 'woocommerce_settings_api_form_fields_' . $this->id, array_map( array( $this, 'set_defaults' ), $this->form_fields ) );
68	}
69
70	/**
71	* Set default required properties for each field.
72	*
73	* @param array $field Setting field array.
74	* @return array
75	*/
76	protected function set_defaults( $field ) {
77	if ( ! isset( $field['default'] ) ) {
78	$field['default'] = '';
79	}
80	return $field;
81	}
82
83	/**
84	* Output the admin options table.
85	*/
86	public function admin_options() {
87	echo '<table class="form-table">' . $this->generate_settings_html( $this->get_form_fields(), false ) . '</table>'; // WPCS: XSS ok.
88	}
89
90	/**
91	* Initialise settings form fields.
92	*
93	* Add an array of fields to be displayed on the gateway's settings screen.
94	*
95	* @since 1.0.0
96	*/
97	public function init_form_fields() {}
98
99	/**
100	* Return the name of the option in the WP DB.
101	*
102	* @since 2.6.0
103	* @return string
104	*/
105	public function get_option_key() {
106	return $this->plugin_id . $this->id . '_settings';
107	}
108
109	/**
110	* Get a fields type. Defaults to "text" if not set.
111	*
112	* @param array $field Field key.
113	* @return string
114	*/
115	public function get_field_type( $field ) {
116	return empty( $field['type'] ) ? 'text' : $field['type'];
117	}
118
119	/**
120	* Get a fields default value. Defaults to "" if not set.
121	*
122	* @param array $field Field key.
123	* @return string
124	*/
125	public function get_field_default( $field ) {
126	return empty( $field['default'] ) ? '' : $field['default'];
127	}
128
129	/**
130	* Get a field's posted and validated value.
131	*
132	* @param string $key Field key.
133	* @param array $field Field array.
134	* @param array $post_data Posted data.
135	* @return string
136	*/
137	public function get_field_value( $key, $field, $post_data = array() ) {
138	$type = $this->get_field_type( $field );
139	$field_key = $this->get_field_key( $key );
140	$post_data = empty( $post_data ) ? $_POST : $post_data; // WPCS: CSRF ok, input var ok.
141	$value = isset( $post_data[ $field_key ] ) ? $post_data[ $field_key ] : null;
142
143	if ( isset( $field['sanitize_callback'] ) && is_callable( $field['sanitize_callback'] ) ) {
144	return call_user_func( $field['sanitize_callback'], $value );
145	}
146
147	// Look for a validate_FIELDID_field method for special handling.
148	if ( is_callable( array( $this, 'validate_' . $key . '_field' ) ) ) {
149	return $this->{'validate_' . $key . '_field'}( $key, $value );
150	}
151
152	// Look for a validate_FIELDTYPE_field method.
153	if ( is_callable( array( $this, 'validate_' . $type . '_field' ) ) ) {
154	return $this->{'validate_' . $type . '_field'}( $key, $value );
155	}
156
157	// Fallback to text.
158	return $this->validate_text_field( $key, $value );
159	}
160
161	/**
162	* Sets the POSTed data. This method can be used to set specific data, instead of taking it from the $_POST array.
163	*
164	* @param array $data Posted data.
165	*/
166	public function set_post_data( $data = array() ) {
167	$this->data = $data;
168	}
169
170	/**
171	* Returns the POSTed data, to be used to save the settings.
172	*
173	* @return array
174	*/
175	public function get_post_data() {
176	if ( ! empty( $this->data ) && is_array( $this->data ) ) {
177	return $this->data;
178	}
179	return $_POST; // WPCS: CSRF ok, input var ok.
180	}
181
182	/**
183	* Update a single option.
184	*
185	* @since 3.4.0
186	* @param string $key Option key.
187	* @param mixed $value Value to set.
188	* @return bool was anything saved?
189	*/
190	public function update_option( $key, $value = '' ) {
191	if ( empty( $this->settings ) ) {
192	$this->init_settings();
193	}
194
195	$this->settings[ $key ] = $value;
196
197	return update_option( $this->get_option_key(), apply_filters( 'woocommerce_settings_api_sanitized_fields_' . $this->id, $this->settings ), 'yes' );
198	}
199
200	/**
201	* Processes and saves options.
202	* If there is an error thrown, will continue to save and validate fields, but will leave the erroring field out.
203	*
204	* @return bool was anything saved?
205	*/
206	public function process_admin_options() {
207	$this->init_settings();
208
209	$post_data = $this->get_post_data();
210
211	foreach ( $this->get_form_fields() as $key => $field ) {
212	if ( 'title' !== $this->get_field_type( $field ) ) {
213	try {
214	$this->settings[ $key ] = $this->get_field_value( $key, $field, $post_data );
215	} catch ( Exception $e ) {
216	$this->add_error( $e->getMessage() );
217	}
218	}
219	}
220
221	$option_key = $this->get_option_key();
222	do_action( 'woocommerce_update_option', array( 'id' => $option_key ) );
223	return update_option( $option_key, apply_filters( 'woocommerce_settings_api_sanitized_fields_' . $this->id, $this->settings ), 'yes' );
224	}
225
226	/**
227	* Add an error message for display in admin on save.
228	*
229	* @param string $error Error message.
230	*/
231	public function add_error( $error ) {
232	$this->errors[] = $error;
233	}
234
235	/**
236	* Get admin error messages.
237	*/
238	public function get_errors() {
239	return $this->errors;
240	}
241
242	/**
243	* Display admin error messages.
244	*/
245	public function display_errors() {
246	if ( $this->get_errors() ) {
247	echo '<div id="woocommerce_errors" class="error notice is-dismissible">';
248	foreach ( $this->get_errors() as $error ) {
249	echo '<p>' . wp_kses_post( $error ) . '</p>';
250	}
251	echo '</div>';
252	}
253	}
254
255	/**
256	* Initialise Settings.
257	*
258	* Store all settings in a single database entry
259	* and make sure the $settings array is either the default
260	* or the settings stored in the database.
261	*
262	* @since 1.0.0
263	* @uses get_option(), add_option()
264	*/
265	public function init_settings() {
266	$this->settings = get_option( $this->get_option_key(), null );
267
268	// If there are no settings defined, use defaults.
269	if ( ! is_array( $this->settings ) ) {
270	$form_fields = $this->get_form_fields();
271	$this->settings = array_merge( array_fill_keys( array_keys( $form_fields ), '' ), wp_list_pluck( $form_fields, 'default' ) );
272	}
273	}
274
275	/**
276	* Get option from DB.
277	*
278	* Gets an option from the settings API, using defaults if necessary to prevent undefined notices.
279	*
280	* @param string $key Option key.
281	* @param mixed $empty_value Value when empty.
282	* @return string The value specified for the option or a default value for the option.
283	*/
284	public function get_option( $key, $empty_value = null ) {
285	if ( empty( $this->settings ) ) {
286	$this->init_settings();
287	}
288
289	// Get option default if unset.
290	if ( ! isset( $this->settings[ $key ] ) ) {
291	$form_fields = $this->get_form_fields();
292	$this->settings[ $key ] = isset( $form_fields[ $key ] ) ? $this->get_field_default( $form_fields[ $key ] ) : '';
293	}
294
295	if ( ! is_null( $empty_value ) && '' === $this->settings[ $key ] ) {
296	$this->settings[ $key ] = $empty_value;
297	}
298
299	return $this->settings[ $key ];
300	}
301
302	/**
303	* Prefix key for settings.
304	*
305	* @param string $key Field key.
306	* @return string
307	*/
308	public function get_field_key( $key ) {
309	return $this->plugin_id . $this->id . '_' . $key;
310	}
311
312	/**
313	* Generate Settings HTML.
314	*
315	* Generate the HTML for the fields on the "settings" screen.
316	*
317	* @param array $form_fields (default: array()) Array of form fields.
318	* @param bool $echo Echo or return.
319	* @return string the html for the settings
320	* @since 1.0.0
321	* @uses method_exists()
322	*/
323	public function generate_settings_html( $form_fields = array(), $echo = true ) {
324	if ( empty( $form_fields ) ) {
325	$form_fields = $this->get_form_fields();
326	}
327
328	$html = '';
329	foreach ( $form_fields as $k => $v ) {
330	$type = $this->get_field_type( $v );
331
332	if ( method_exists( $this, 'generate_' . $type . '_html' ) ) {
333	$html .= $this->{'generate_' . $type . '_html'}( $k, $v );
334	} elseif ( has_filter( 'woocommerce_generate_' . $type . '_html' ) ) {
335	/**
336	* Allow the generation of custom field types on the settings screen.
337	*
338	* The dynamic portion of the hook name refers to the slug of the custom field type.
339	* For instance, to introduce a new field type `fancy_lazy_dropdown` you would use
340	* the hook `woocommerce_generate_fancy_lazy_dropdown_html`.
341	*
342	* @since 6.5.0
343	*
344	* @param string $field_html The markup of the field being generated (initiated as an empty string).
345	* @param string $key The key of the field.
346	* @param array $data The attributes of the field as an associative array.
347	* @param object $wc_settings The current WC_Settings_API object.
348	*/
349	$html .= apply_filters( 'woocommerce_generate_' . $type . '_html', '', $k, $v, $this );
350	} else {
351	$html .= $this->generate_text_html( $k, $v );
352	}
353	}
354
355	if ( $echo ) {
356	echo $html; // WPCS: XSS ok.
357	} else {
358	return $html;
359	}
360	}
361
362	/**
363	* Get HTML for tooltips.
364	*
365	* @param array $data Data for the tooltip.
366	* @return string
367	*/
368	public function get_tooltip_html( $data ) {
369	if ( true === $data['desc_tip'] ) {
370	$tip = $data['description'];
371	} elseif ( ! empty( $data['desc_tip'] ) ) {
372	$tip = $data['desc_tip'];
373	} else {
374	$tip = '';
375	}
376
377	return $tip ? wc_help_tip( $tip, true ) : '';
378	}
379
380	/**
381	* Get HTML for descriptions.
382	*
383	* @param array $data Data for the description.
384	* @return string
385	*/
386	public function get_description_html( $data ) {
387	if ( true === $data['desc_tip'] ) {
388	$description = '';
389	} elseif ( ! empty( $data['desc_tip'] ) ) {
390	$description = $data['description'];
391	} elseif ( ! empty( $data['description'] ) ) {
392	$description = $data['description'];
393	} else {
394	$description = '';
395	}
396
397	return $description ? '<p class="description">' . wp_kses_post( $description ) . '</p>' . "\n" : '';
398	}
399
400	/**
401	* Get custom attributes.
402	*
403	* @param array $data Field data.
404	* @return string
405	*/
406	public function get_custom_attribute_html( $data ) {
407	$custom_attributes = array();
408
409	if ( ! empty( $data['custom_attributes'] ) && is_array( $data['custom_attributes'] ) ) {
410	foreach ( $data['custom_attributes'] as $attribute => $attribute_value ) {
411	$custom_attributes[] = esc_attr( $attribute ) . '="' . esc_attr( $attribute_value ) . '"';
412	}
413	}
414
415	return implode( ' ', $custom_attributes );
416	}
417
418	/**
419	* Generate Text Input HTML.
420	*
421	* @param string $key Field key.
422	* @param array $data Field data.
423	* @since 1.0.0
424	* @return string
425	*/
426	public function generate_text_html( $key, $data ) {
427	$field_key = $this->get_field_key( $key );
428	$defaults = array(
429	'title' => '',
430	'disabled' => false,
431	'class' => '',
432	'css' => '',
433	'placeholder' => '',
434	'type' => 'text',
435	'desc_tip' => false,
436	'description' => '',
437	'custom_attributes' => array(),
438	);
439
440	$data = wp_parse_args( $data, $defaults );
441
442	ob_start();
443	?>
444	<tr valign="top">
445	<th scope="row" class="titledesc">
446	<label for="<?php echo esc_attr( $field_key ); ?>"><?php echo wp_kses_post( $data['title'] ); ?> <?php echo $this->get_tooltip_html( $data ); // WPCS: XSS ok. ?></label>
447	</th>
448	<td class="forminp">
449	<fieldset>
450	<legend class="screen-reader-text"><span><?php echo wp_kses_post( $data['title'] ); ?></span></legend>
451	<input class="input-text regular-input <?php echo esc_attr( $data['class'] ); ?>" type="<?php echo esc_attr( $data['type'] ); ?>" name="<?php echo esc_attr( $field_key ); ?>" id="<?php echo esc_attr( $field_key ); ?>" style="<?php echo esc_attr( $data['css'] ); ?>" value="<?php echo esc_attr( $this->get_option( $key ) ); ?>" placeholder="<?php echo esc_attr( $data['placeholder'] ); ?>" <?php disabled( $data['disabled'], true ); ?> <?php echo $this->get_custom_attribute_html( $data ); // WPCS: XSS ok. ?> />
452	<?php echo $this->get_description_html( $data ); // WPCS: XSS ok. ?>
453	</fieldset>
454	</td>
455	</tr>
456	<?php
457
458	return ob_get_clean();
459	}
460
461	/**
462	* Generate Price Input HTML.
463	*
464	* @param string $key Field key.
465	* @param array $data Field data.
466	* @since 1.0.0
467	* @return string
468	*/
469	public function generate_price_html( $key, $data ) {
470	$field_key = $this->get_field_key( $key );
471	$defaults = array(
472	'title' => '',
473	'disabled' => false,
474	'class' => '',
475	'css' => '',
476	'placeholder' => '',
477	'type' => 'text',
478	'desc_tip' => false,
479	'description' => '',
480	'custom_attributes' => array(),
481	);
482
483	$data = wp_parse_args( $data, $defaults );
484
485	ob_start();
486	?>
487	<tr valign="top">
488	<th scope="row" class="titledesc">
489	<label for="<?php echo esc_attr( $field_key ); ?>"><?php echo wp_kses_post( $data['title'] ); ?> <?php echo $this->get_tooltip_html( $data ); // WPCS: XSS ok. ?></label>
490	</th>
491	<td class="forminp">
492	<fieldset>
493	<legend class="screen-reader-text"><span><?php echo wp_kses_post( $data['title'] ); ?></span></legend>
494	<input class="wc_input_price input-text regular-input <?php echo esc_attr( $data['class'] ); ?>" type="text" name="<?php echo esc_attr( $field_key ); ?>" id="<?php echo esc_attr( $field_key ); ?>" style="<?php echo esc_attr( $data['css'] ); ?>" value="<?php echo esc_attr( wc_format_localized_price( $this->get_option( $key ) ) ); ?>" placeholder="<?php echo esc_attr( $data['placeholder'] ); ?>" <?php disabled( $data['disabled'], true ); ?> <?php echo $this->get_custom_attribute_html( $data ); // WPCS: XSS ok. ?> />
495	<?php echo $this->get_description_html( $data ); // WPCS: XSS ok. ?>
496	</fieldset>
497	</td>
498	</tr>
499	<?php
500
501	return ob_get_clean();
502	}
503
504	/**
505	* Generate Decimal Input HTML.
506	*
507	* @param string $key Field key.
508	* @param array $data Field data.
509	* @since 1.0.0
510	* @return string
511	*/
512	public function generate_decimal_html( $key, $data ) {
513	$field_key = $this->get_field_key( $key );
514	$defaults = array(
515	'title' => '',
516	'disabled' => false,
517	'class' => '',
518	'css' => '',
519	'placeholder' => '',
520	'type' => 'text',
521	'desc_tip' => false,
522	'description' => '',
523	'custom_attributes' => array(),
524	);
525
526	$data = wp_parse_args( $data, $defaults );
527
528	ob_start();
529	?>
530	<tr valign="top">
531	<th scope="row" class="titledesc">
532	<label for="<?php echo esc_attr( $field_key ); ?>"><?php echo wp_kses_post( $data['title'] ); ?> <?php echo $this->get_tooltip_html( $data ); // WPCS: XSS ok. ?></label>
533	</th>
534	<td class="forminp">
535	<fieldset>
536	<legend class="screen-reader-text"><span><?php echo wp_kses_post( $data['title'] ); ?></span></legend>
537	<input class="wc_input_decimal input-text regular-input <?php echo esc_attr( $data['class'] ); ?>" type="text" name="<?php echo esc_attr( $field_key ); ?>" id="<?php echo esc_attr( $field_key ); ?>" style="<?php echo esc_attr( $data['css'] ); ?>" value="<?php echo esc_attr( wc_format_localized_decimal( $this->get_option( $key ) ) ); ?>" placeholder="<?php echo esc_attr( $data['placeholder'] ); ?>" <?php disabled( $data['disabled'], true ); ?> <?php echo $this->get_custom_attribute_html( $data ); // WPCS: XSS ok. ?> />
538	<?php echo $this->get_description_html( $data ); // WPCS: XSS ok. ?>
539	</fieldset>
540	</td>
541	</tr>
542	<?php
543
544	return ob_get_clean();
545	}
546
547	/**
548	* Generate Password Input HTML.
549	*
550	* @param string $key Field key.
551	* @param array $data Field data.
552	* @since 1.0.0
553	* @return string
554	*/
555	public function generate_password_html( $key, $data ) {
556	$data['type'] = 'password';
557	return $this->generate_text_html( $key, $data );
558	}
559
560	/**
561	* Generate Color Picker Input HTML.
562	*
563	* @param string $key Field key.
564	* @param array $data Field data.
565	* @since 1.0.0
566	* @return string
567	*/
568	public function generate_color_html( $key, $data ) {
569	$field_key = $this->get_field_key( $key );
570	$defaults = array(
571	'title' => '',
572	'disabled' => false,
573	'class' => '',
574	'css' => '',
575	'placeholder' => '',
576	'desc_tip' => false,
577	'description' => '',
578	'custom_attributes' => array(),
579	);
580
581	$data = wp_parse_args( $data, $defaults );
582
583	ob_start();
584	?>
585	<tr valign="top">
586	<th scope="row" class="titledesc">
587	<label for="<?php echo esc_attr( $field_key ); ?>"><?php echo wp_kses_post( $data['title'] ); ?> <?php echo $this->get_tooltip_html( $data ); // WPCS: XSS ok. ?></label>
588	</th>
589	<td class="forminp">
590	<fieldset>
591	<legend class="screen-reader-text"><span><?php echo wp_kses_post( $data['title'] ); ?></span></legend>
592	<span class="colorpickpreview" style="background:<?php echo esc_attr( $this->get_option( $key ) ); ?>;"> </span>
593	<input class="colorpick <?php echo esc_attr( $data['class'] ); ?>" type="text" name="<?php echo esc_attr( $field_key ); ?>" id="<?php echo esc_attr( $field_key ); ?>" style="<?php echo esc_attr( $data['css'] ); ?>" value="<?php echo esc_attr( $this->get_option( $key ) ); ?>" placeholder="<?php echo esc_attr( $data['placeholder'] ); ?>" <?php disabled( $data['disabled'], true ); ?> <?php echo $this->get_custom_attribute_html( $data ); // WPCS: XSS ok. ?> />
594	<div id="colorPickerDiv_<?php echo esc_attr( $field_key ); ?>" class="colorpickdiv" style="z-index: 100; background: #eee; border: 1px solid #ccc; position: absolute; display: none;"></div>
595	<?php echo $this->get_description_html( $data ); // WPCS: XSS ok. ?>
596	</fieldset>
597	</td>
598	</tr>
599	<?php
600
601	return ob_get_clean();
602	}
603
604	/**
605	* Generate Textarea HTML.
606	*
607	* @param string $key Field key.
608	* @param array $data Field data.
609	* @since 1.0.0
610	* @return string
611	*/
612	public function generate_textarea_html( $key, $data ) {
613	$field_key = $this->get_field_key( $key );
614	$defaults = array(
615	'title' => '',
616	'disabled' => false,
617	'class' => '',
618	'css' => '',
619	'placeholder' => '',
620	'type' => 'text',
621	'desc_tip' => false,
622	'description' => '',
623	'custom_attributes' => array(),
624	);
625
626	$data = wp_parse_args( $data, $defaults );
627
628	ob_start();
629	?>
630	<tr valign="top">
631	<th scope="row" class="titledesc">
632	<label for="<?php echo esc_attr( $field_key ); ?>"><?php echo wp_kses_post( $data['title'] ); ?> <?php echo $this->get_tooltip_html( $data ); // WPCS: XSS ok. ?></label>
633	</th>
634	<td class="forminp">
635	<fieldset>
636	<legend class="screen-reader-text"><span><?php echo wp_kses_post( $data['title'] ); ?></span></legend>
637	<textarea rows="3" cols="20" class="input-text wide-input <?php echo esc_attr( $data['class'] ); ?>" type="<?php echo esc_attr( $data['type'] ); ?>" name="<?php echo esc_attr( $field_key ); ?>" id="<?php echo esc_attr( $field_key ); ?>" style="<?php echo esc_attr( $data['css'] ); ?>" placeholder="<?php echo esc_attr( $data['placeholder'] ); ?>" <?php disabled( $data['disabled'], true ); ?> <?php echo $this->get_custom_attribute_html( $data ); // WPCS: XSS ok. ?>><?php echo esc_textarea( $this->get_option( $key ) ); ?></textarea>
638	<?php echo $this->get_description_html( $data ); // WPCS: XSS ok. ?>
639	</fieldset>
640	</td>
641	</tr>
642	<?php
643
644	return ob_get_clean();
645	}
646
647	/**
648	* Generate Checkbox HTML.
649	*
650	* @param string $key Field key.
651	* @param array $data Field data.
652	* @since 1.0.0
653	* @return string
654	*/
655	public function generate_checkbox_html( $key, $data ) {
656	$field_key = $this->get_field_key( $key );
657	$defaults = array(
658	'title' => '',
659	'label' => '',
660	'disabled' => false,
661	'class' => '',
662	'css' => '',
663	'type' => 'text',
664	'desc_tip' => false,
665	'description' => '',
666	'custom_attributes' => array(),
667	);
668
669	$data = wp_parse_args( $data, $defaults );
670
671	if ( ! $data['label'] ) {
672	$data['label'] = $data['title'];
673	}
674
675	ob_start();
676	?>
677	<tr valign="top">
678	<th scope="row" class="titledesc">
679	<label for="<?php echo esc_attr( $field_key ); ?>"><?php echo wp_kses_post( $data['title'] ); ?> <?php echo $this->get_tooltip_html( $data ); // WPCS: XSS ok. ?></label>
680	</th>
681	<td class="forminp">
682	<fieldset>
683	<legend class="screen-reader-text"><span><?php echo wp_kses_post( $data['title'] ); ?></span></legend>
684	<label for="<?php echo esc_attr( $field_key ); ?>">
685	<input <?php disabled( $data['disabled'], true ); ?> class="<?php echo esc_attr( $data['class'] ); ?>" type="checkbox" name="<?php echo esc_attr( $field_key ); ?>" id="<?php echo esc_attr( $field_key ); ?>" style="<?php echo esc_attr( $data['css'] ); ?>" value="1" <?php checked( $this->get_option( $key ), 'yes' ); ?> <?php echo $this->get_custom_attribute_html( $data ); // WPCS: XSS ok. ?> /> <?php echo wp_kses_post( $data['label'] ); ?></label><br/>
686	<?php echo $this->get_description_html( $data ); // WPCS: XSS ok. ?>
687	</fieldset>
688	</td>
689	</tr>
690	<?php
691
692	return ob_get_clean();
693	}
694
695	/**
696	* Generate Select HTML.
697	*
698	* @param string $key Field key.
699	* @param array $data Field data.
700	* @since 1.0.0
701	* @return string
702	*/
703	public function generate_select_html( $key, $data ) {
704	$field_key = $this->get_field_key( $key );
705	$defaults = array(
706	'title' => '',
707	'disabled' => false,
708	'class' => '',
709	'css' => '',
710	'placeholder' => '',
711	'type' => 'text',
712	'desc_tip' => false,
713	'description' => '',
714	'custom_attributes' => array(),
715	'options' => array(),
716	);
717
718	$data = wp_parse_args( $data, $defaults );
719	$value = $this->get_option( $key );
720
721	ob_start();
722	?>
723	<tr valign="top">
724	<th scope="row" class="titledesc">
725	<label for="<?php echo esc_attr( $field_key ); ?>"><?php echo wp_kses_post( $data['title'] ); ?> <?php echo $this->get_tooltip_html( $data ); // WPCS: XSS ok. ?></label>
726	</th>
727	<td class="forminp">
728	<fieldset>
729	<legend class="screen-reader-text"><span><?php echo wp_kses_post( $data['title'] ); ?></span></legend>
730	<select class="select <?php echo esc_attr( $data['class'] ); ?>" name="<?php echo esc_attr( $field_key ); ?>" id="<?php echo esc_attr( $field_key ); ?>" style="<?php echo esc_attr( $data['css'] ); ?>" <?php disabled( $data['disabled'], true ); ?> <?php echo $this->get_custom_attribute_html( $data ); // WPCS: XSS ok. ?>>
731	<?php foreach ( (array) $data['options'] as $option_key => $option_value ) : ?>
732	<?php if ( is_array( $option_value ) ) : ?>
733	<optgroup label="<?php echo esc_attr( $option_key ); ?>">
734	<?php foreach ( $option_value as $option_key_inner => $option_value_inner ) : ?>
735	<option value="<?php echo esc_attr( $option_key_inner ); ?>" <?php selected( (string) $option_key_inner, esc_attr( $value ) ); ?>><?php echo esc_html( $option_value_inner ); ?></option>
736	<?php endforeach; ?>
737	</optgroup>
738	<?php else : ?>
739	<option value="<?php echo esc_attr( $option_key ); ?>" <?php selected( (string) $option_key, esc_attr( $value ) ); ?>><?php echo esc_html( $option_value ); ?></option>
740	<?php endif; ?>
741	<?php endforeach; ?>
742	</select>
743	<?php echo $this->get_description_html( $data ); // WPCS: XSS ok. ?>
744	</fieldset>
745	</td>
746	</tr>
747	<?php
748
749	return ob_get_clean();
750	}
751
752	/**
753	* Generate Multiselect HTML.
754	*
755	* @param string $key Field key.
756	* @param array $data Field data.
757	* @since 1.0.0
758	* @return string
759	*/
760	public function generate_multiselect_html( $key, $data ) {
761	$field_key = $this->get_field_key( $key );
762	$defaults = array(
763	'title' => '',
764	'disabled' => false,
765	'class' => '',
766	'css' => '',
767	'placeholder' => '',
768	'type' => 'text',
769	'desc_tip' => false,
770	'description' => '',
771	'custom_attributes' => array(),
772	'select_buttons' => false,
773	'options' => array(),
774	);
775
776	$data = wp_parse_args( $data, $defaults );
777	$value = (array) $this->get_option( $key, array() );
778
779	ob_start();
780	?>
781	<tr valign="top">
782	<th scope="row" class="titledesc">
783	<label for="<?php echo esc_attr( $field_key ); ?>"><?php echo wp_kses_post( $data['title'] ); ?> <?php echo $this->get_tooltip_html( $data ); // WPCS: XSS ok. ?></label>
784	</th>
785	<td class="forminp">
786	<fieldset>
787	<legend class="screen-reader-text"><span><?php echo wp_kses_post( $data['title'] ); ?></span></legend>
788	<select multiple="multiple" class="multiselect <?php echo esc_attr( $data['class'] ); ?>" name="<?php echo esc_attr( $field_key ); ?>[]" id="<?php echo esc_attr( $field_key ); ?>" style="<?php echo esc_attr( $data['css'] ); ?>" <?php disabled( $data['disabled'], true ); ?> <?php echo $this->get_custom_attribute_html( $data ); // WPCS: XSS ok. ?>>
789	<?php foreach ( (array) $data['options'] as $option_key => $option_value ) : ?>
790	<?php if ( is_array( $option_value ) ) : ?>
791	<optgroup label="<?php echo esc_attr( $option_key ); ?>">
792	<?php foreach ( $option_value as $option_key_inner => $option_value_inner ) : ?>
793	<option value="<?php echo esc_attr( $option_key_inner ); ?>" <?php selected( in_array( (string) $option_key_inner, $value, true ), true ); ?>><?php echo esc_html( $option_value_inner ); ?></option>
794	<?php endforeach; ?>
795	</optgroup>
796	<?php else : ?>
797	<option value="<?php echo esc_attr( $option_key ); ?>" <?php selected( in_array( (string) $option_key, $value, true ), true ); ?>><?php echo esc_html( $option_value ); ?></option>
798	<?php endif; ?>
799	<?php endforeach; ?>
800	</select>
801	<?php echo $this->get_description_html( $data ); // WPCS: XSS ok. ?>
802	<?php if ( $data['select_buttons'] ) : ?>
803	<br/><a class="select_all button" href="#"><?php esc_html_e( 'Select all', 'woocommerce' ); ?></a> <a class="select_none button" href="#"><?php esc_html_e( 'Select none', 'woocommerce' ); ?></a>
804	<?php endif; ?>
805	</fieldset>
806	</td>
807	</tr>
808	<?php
809
810	return ob_get_clean();
811	}
812
813	/**
814	* Generate Title HTML.
815	*
816	* @param string $key Field key.
817	* @param array $data Field data.
818	* @since 1.0.0
819	* @return string
820	*/
821	public function generate_title_html( $key, $data ) {
822	$field_key = $this->get_field_key( $key );
823	$defaults = array(
824	'title' => '',
825	'class' => '',
826	);
827
828	$data = wp_parse_args( $data, $defaults );
829
830	ob_start();
831	?>
832	</table>
833	<h3 class="wc-settings-sub-title <?php echo esc_attr( $data['class'] ); ?>" id="<?php echo esc_attr( $field_key ); ?>"><?php echo wp_kses_post( $data['title'] ); ?></h3>
834	<?php if ( ! empty( $data['description'] ) ) : ?>
835	<p><?php echo wp_kses_post( $data['description'] ); ?></p>
836	<?php endif; ?>
837	<table class="form-table">
838	<?php
839
840	return ob_get_clean();
841	}
842
843	/**
844	* Validate Text Field.
845	*
846	* Make sure the data is escaped correctly, etc.
847	*
848	* @param string $key Field key.
849	* @param string $value Posted Value.
850	* @return string
851	*/
852	public function validate_text_field( $key, $value ) {
853	$value = is_null( $value ) ? '' : $value;
854	return wp_kses_post( trim( stripslashes( $value ) ) );
855	}
856
857	/**
858	* Sanitize 'Safe Text' fields.
859	*
860	* These fields are similar to regular text fields, but a much smaller set of HTML tags are allowed. By default,
861	* this means `<br>`, `<img>`, `<p>` and `<span>` tags.
862	*
863	* Note: this is a sanitization method, rather than a validation method (the name is due to some historic naming
864	* choices).
865	*
866	* @param string $key Field key (currently unused).
867	* @param string $value Posted Value.
868	*
869	* @return string
870	*/
871	public function validate_safe_text_field( string $key, ?string $value ): string {
872	return wc_get_container()->get( HtmlSanitizer::class )->sanitize( (string) $value, HtmlSanitizer::LOW_HTML_BALANCED_TAGS_NO_LINKS );
873	}
874
875	/**
876	* Validate Price Field.
877	*
878	* Make sure the data is escaped correctly, etc.
879	*
880	* @param string $key Field key.
881	* @param string $value Posted Value.
882	* @return string
883	*/
884	public function validate_price_field( $key, $value ) {
885	$value = is_null( $value ) ? '' : $value;
886	return ( '' === $value ) ? '' : wc_format_decimal( trim( stripslashes( $value ) ) );
887	}
888
889	/**
890	* Validate Decimal Field.
891	*
892	* Make sure the data is escaped correctly, etc.
893	*
894	* @param string $key Field key.
895	* @param string $value Posted Value.
896	* @return string
897	*/
898	public function validate_decimal_field( $key, $value ) {
899	$value = is_null( $value ) ? '' : $value;
900	return ( '' === $value ) ? '' : wc_format_decimal( trim( stripslashes( $value ) ) );
901	}
902
903	/**
904	* Validate Password Field. No input sanitization is used to avoid corrupting passwords.
905	*
906	* @param string $key Field key.
907	* @param string $value Posted Value.
908	* @return string
909	*/
910	public function validate_password_field( $key, $value ) {
911	$value = is_null( $value ) ? '' : $value;
912	return trim( stripslashes( $value ) );
913	}
914
915	/**
916	* Validate Textarea Field.
917	*
918	* @param string $key Field key.
919	* @param string $value Posted Value.
920	* @return string
921	*/
922	public function validate_textarea_field( $key, $value ) {
923	$value = is_null( $value ) ? '' : $value;
924	return wp_kses(
925	trim( stripslashes( $value ) ),
926	array_merge(
927	array(
928	'iframe' => array(
929	'src' => true,
930	'style' => true,
931	'id' => true,
932	'class' => true,
933	),
934	),
935	wp_kses_allowed_html( 'post' )
936	)
937	);
938	}
939
940	/**
941	* Validate Checkbox Field.
942	*
943	* If not set, return "no", otherwise return "yes".
944	*
945	* @param string $key Field key.
946	* @param string $value Posted Value.
947	* @return string
948	*/
949	public function validate_checkbox_field( $key, $value ) {
950	return ! is_null( $value ) ? 'yes' : 'no';
951	}
952
953	/**
954	* Validate Select Field.
955	*
956	* @param string $key Field key.
957	* @param string $value Posted Value.
958	* @return string
959	*/
960	public function validate_select_field( $key, $value ) {
961	$value = is_null( $value ) ? '' : $value;
962	return wc_clean( stripslashes( $value ) );
963	}
964
965	/**
966	* Validate Multiselect Field.
967	*
968	* @param string $key Field key.
969	* @param string $value Posted Value.
970	* @return string\|array
971	*/
972	public function validate_multiselect_field( $key, $value ) {
973	return is_array( $value ) ? array_map( 'wc_clean', array_map( 'stripslashes', $value ) ) : '';
974	}
975
976	/**
977	* Validate the data on the "Settings" form.
978	*
979	* @deprecated 2.6.0 No longer used.
980	* @param array $form_fields Array of fields.
981	*/
982	public function validate_settings_fields( $form_fields = array() ) {
983	wc_deprecated_function( 'validate_settings_fields', '2.6' );
984	}
985
986	/**
987	* Format settings if needed.
988	*
989	* @deprecated 2.6.0 Unused.
990	* @param array $value Value to format.
991	* @return array
992	*/
993	public function format_settings( $value ) {
994	wc_deprecated_function( 'format_settings', '2.6' );
995	return $value;
996	}
997	}
998