class-wc-comments.php — WooCommerce 8.6.4

woocommerce / includes / class-wc-comments.php

woocommerce / includes Last commit date

class-wc-comments.php

519 lines

1	<?php
2	/**
3	* Comments
4	*
5	* Handle comments (reviews and order notes).
6	*
7	* @package WooCommerce\Classes\Products
8	* @version 2.3.0
9	*/
10
11	use Automattic\WooCommerce\Internal\Admin\ProductReviews\ReviewsUtil;
12
13	defined( 'ABSPATH' ) \|\| exit;
14
15	/**
16	* Comments class.
17	*/
18	class WC_Comments {
19
20	/**
21	* Hook in methods.
22	*/
23	public static function init() {
24	// Rating posts.
25	add_filter( 'comments_open', array( __CLASS__, 'comments_open' ), 10, 2 );
26	add_filter( 'preprocess_comment', array( __CLASS__, 'check_comment_rating' ), 0 );
27	add_action( 'comment_post', array( __CLASS__, 'add_comment_rating' ), 1 );
28	add_action( 'comment_moderation_recipients', array( __CLASS__, 'comment_moderation_recipients' ), 10, 2 );
29
30	// Clear transients.
31	add_action( 'wp_update_comment_count', array( __CLASS__, 'clear_transients' ) );
32
33	// Secure order notes.
34	add_filter( 'comments_clauses', array( __CLASS__, 'exclude_order_comments' ), 10, 1 );
35	add_filter( 'comment_feed_where', array( __CLASS__, 'exclude_order_comments_from_feed_where' ) );
36
37	// Secure webhook comments.
38	add_filter( 'comments_clauses', array( __CLASS__, 'exclude_webhook_comments' ), 10, 1 );
39	add_filter( 'comment_feed_where', array( __CLASS__, 'exclude_webhook_comments_from_feed_where' ) );
40
41	// Exclude product reviews.
42	add_filter( 'comments_clauses', array( ReviewsUtil::class, 'comments_clauses_without_product_reviews' ), 10, 1 );
43
44	// Count comments.
45	add_filter( 'wp_count_comments', array( __CLASS__, 'wp_count_comments' ), 10, 2 );
46
47	// Delete comments count cache whenever there is a new comment or a comment status changes.
48	add_action( 'wp_insert_comment', array( __CLASS__, 'delete_comments_count_cache' ) );
49	add_action( 'wp_set_comment_status', array( __CLASS__, 'delete_comments_count_cache' ) );
50
51	// Support avatars for `review` comment type.
52	add_filter( 'get_avatar_comment_types', array( __CLASS__, 'add_avatar_for_review_comment_type' ) );
53
54	// Add Product Reviews filter for `review` comment type.
55	add_filter( 'admin_comment_types_dropdown', array( __CLASS__, 'add_review_comment_filter' ) );
56
57	// Review of verified purchase.
58	add_action( 'comment_post', array( __CLASS__, 'add_comment_purchase_verification' ) );
59
60	// Set comment type.
61	add_action( 'preprocess_comment', array( __CLASS__, 'update_comment_type' ), 1 );
62
63	// Validate product reviews if requires verified owners.
64	add_action( 'pre_comment_on_post', array( __CLASS__, 'validate_product_review_verified_owners' ) );
65	}
66
67	/**
68	* See if comments are open.
69	*
70	* @since 3.1.0
71	* @param bool $open Whether the current post is open for comments.
72	* @param int $post_id Post ID.
73	* @return bool
74	*/
75	public static function comments_open( $open, $post_id ) {
76	if ( 'product' === get_post_type( $post_id ) && ! post_type_supports( 'product', 'comments' ) ) {
77	$open = false;
78	}
79	return $open;
80	}
81
82	/**
83	* Exclude order comments from queries and RSS.
84	*
85	* This code should exclude shop_order comments from queries. Some queries (like the recent comments widget on the dashboard) are hardcoded.
86	* and are not filtered, however, the code current_user_can( 'read_post', $comment->comment_post_ID ) should keep them safe since only admin and.
87	* shop managers can view orders anyway.
88	*
89	* The frontend view order pages get around this filter by using remove_filter('comments_clauses', array( 'WC_Comments' ,'exclude_order_comments'), 10, 1 );
90	*
91	* @param array $clauses A compacted array of comment query clauses.
92	* @return array
93	*/
94	public static function exclude_order_comments( $clauses ) {
95	$clauses['where'] .= ( $clauses['where'] ? ' AND ' : '' ) . " comment_type != 'order_note' ";
96	return $clauses;
97	}
98
99	/**
100	* Exclude order comments from feed.
101	*
102	* @deprecated 3.1
103	* @param mixed $join Deprecated.
104	*/
105	public static function exclude_order_comments_from_feed_join( $join ) {
106	wc_deprecated_function( 'WC_Comments::exclude_order_comments_from_feed_join', '3.1' );
107	}
108
109	/**
110	* Exclude order comments from queries and RSS.
111	*
112	* @param string $where The WHERE clause of the query.
113	* @return string
114	*/
115	public static function exclude_order_comments_from_feed_where( $where ) {
116	return $where . ( $where ? ' AND ' : '' ) . " comment_type != 'order_note' ";
117	}
118
119	/**
120	* Exclude webhook comments from queries and RSS.
121	*
122	* @since 2.2
123	* @param array $clauses A compacted array of comment query clauses.
124	* @return array
125	*/
126	public static function exclude_webhook_comments( $clauses ) {
127	$clauses['where'] .= ( $clauses['where'] ? ' AND ' : '' ) . " comment_type != 'webhook_delivery' ";
128	return $clauses;
129	}
130
131	/**
132	* Exclude webhooks comments from feed.
133	*
134	* @deprecated 3.1
135	* @param mixed $join Deprecated.
136	*/
137	public static function exclude_webhook_comments_from_feed_join( $join ) {
138	wc_deprecated_function( 'WC_Comments::exclude_webhook_comments_from_feed_join', '3.1' );
139	}
140
141	/**
142	* Exclude webhook comments from queries and RSS.
143	*
144	* @since 2.1
145	* @param string $where The WHERE clause of the query.
146	* @return string
147	*/
148	public static function exclude_webhook_comments_from_feed_where( $where ) {
149	return $where . ( $where ? ' AND ' : '' ) . " comment_type != 'webhook_delivery' ";
150	}
151
152	/**
153	* Validate the comment ratings.
154	*
155	* @param array $comment_data Comment data.
156	* @return array
157	*/
158	public static function check_comment_rating( $comment_data ) {
159	// If posting a comment (not trackback etc) and not logged in.
160	if ( ! is_admin() && isset( $_POST['comment_post_ID'], $_POST['rating'], $comment_data['comment_type'] ) && 'product' === get_post_type( absint( $_POST['comment_post_ID'] ) ) && empty( $_POST['rating'] ) && self::is_default_comment_type( $comment_data['comment_type'] ) && wc_review_ratings_enabled() && wc_review_ratings_required() ) { // WPCS: input var ok, CSRF ok.
161	wp_die( esc_html__( 'Please rate the product.', 'woocommerce' ) );
162	exit;
163	}
164	return $comment_data;
165	}
166
167	/**
168	* Rating field for comments.
169	*
170	* @param int $comment_id Comment ID.
171	*/
172	public static function add_comment_rating( $comment_id ) {
173	if ( isset( $_POST['rating'], $_POST['comment_post_ID'] ) && 'product' === get_post_type( absint( $_POST['comment_post_ID'] ) ) ) { // WPCS: input var ok, CSRF ok.
174	if ( ! $_POST['rating'] \|\| $_POST['rating'] > 5 \|\| $_POST['rating'] < 0 ) { // WPCS: input var ok, CSRF ok, sanitization ok.
175	return;
176	}
177	add_comment_meta( $comment_id, 'rating', intval( $_POST['rating'] ), true ); // WPCS: input var ok, CSRF ok.
178
179	$post_id = isset( $_POST['comment_post_ID'] ) ? absint( $_POST['comment_post_ID'] ) : 0; // WPCS: input var ok, CSRF ok.
180	if ( $post_id ) {
181	self::clear_transients( $post_id );
182	}
183	}
184	}
185
186	/**
187	* Modify recipient of review email.
188	*
189	* @param array $emails Emails.
190	* @param int $comment_id Comment ID.
191	* @return array
192	*/
193	public static function comment_moderation_recipients( $emails, $comment_id ) {
194	$comment = get_comment( $comment_id );
195
196	if ( $comment && 'product' === get_post_type( $comment->comment_post_ID ) ) {
197	$emails = array( get_option( 'admin_email' ) );
198	}
199
200	return $emails;
201	}
202
203	/**
204	* Ensure product average rating and review count is kept up to date.
205	*
206	* @param int $post_id Post ID.
207	*/
208	public static function clear_transients( $post_id ) {
209	if ( 'product' === get_post_type( $post_id ) ) {
210	$product = wc_get_product( $post_id );
211	$product->set_rating_counts( self::get_rating_counts_for_product( $product ) );
212	$product->set_average_rating( self::get_average_rating_for_product( $product ) );
213	$product->set_review_count( self::get_review_count_for_product( $product ) );
214	$product->save();
215	}
216	}
217
218	/**
219	* Delete comments count cache whenever there is
220	* new comment or the status of a comment changes. Cache
221	* will be regenerated next time WC_Comments::wp_count_comments()
222	* is called.
223	*/
224	public static function delete_comments_count_cache() {
225	delete_transient( 'wc_count_comments' );
226	}
227
228	/**
229	* Remove order notes, webhook delivery logs, and product reviews from wp_count_comments().
230	*
231	* @since 2.2
232	* @param object $stats Comment stats.
233	* @param int $post_id Post ID.
234	* @return object
235	*/
236	public static function wp_count_comments( $stats, $post_id ) {
237	global $wpdb;
238
239	if ( 0 === $post_id ) {
240	$stats = get_transient( 'wc_count_comments' );
241
242	if ( ! $stats ) {
243	$stats = array(
244	'total_comments' => 0,
245	'all' => 0,
246	);
247
248	$count = $wpdb->get_results(
249	"
250	SELECT comment_approved, COUNT(*) AS num_comments
251	FROM {$wpdb->comments}
252	LEFT JOIN {$wpdb->posts} ON comment_post_ID = {$wpdb->posts}.ID
253	WHERE comment_type NOT IN ('action_log', 'order_note', 'webhook_delivery') AND {$wpdb->posts}.post_type NOT IN ('product')
254	GROUP BY comment_approved
255	",
256	ARRAY_A
257	);
258
259	$approved = array(
260	'0' => 'moderated',
261	'1' => 'approved',
262	'spam' => 'spam',
263	'trash' => 'trash',
264	'post-trashed' => 'post-trashed',
265	);
266
267	foreach ( (array) $count as $row ) {
268	// Don't count post-trashed toward totals.
269	if ( ! in_array( $row['comment_approved'], array( 'post-trashed', 'trash', 'spam' ), true ) ) {
270	$stats['all'] += $row['num_comments'];
271	$stats['total_comments'] += $row['num_comments'];
272	} elseif ( ! in_array( $row['comment_approved'], array( 'post-trashed', 'trash' ), true ) ) {
273	$stats['total_comments'] += $row['num_comments'];
274	}
275	if ( isset( $approved[ $row['comment_approved'] ] ) ) {
276	$stats[ $approved[ $row['comment_approved'] ] ] = $row['num_comments'];
277	}
278	}
279
280	foreach ( $approved as $key ) {
281	if ( empty( $stats[ $key ] ) ) {
282	$stats[ $key ] = 0;
283	}
284	}
285
286	$stats = (object) $stats;
287	set_transient( 'wc_count_comments', $stats );
288	}
289	}
290
291	return $stats;
292	}
293
294	/**
295	* Make sure WP displays avatars for comments with the `review` type.
296	*
297	* @since 2.3
298	* @param array $comment_types Comment types.
299	* @return array
300	*/
301	public static function add_avatar_for_review_comment_type( $comment_types ) {
302	return array_merge( $comment_types, array( 'review' ) );
303	}
304
305	/**
306	* Add Product Reviews filter for `review` comment type.
307	*
308	* @since 6.0.0
309	*
310	* @param array $comment_types Array of comment type labels keyed by their name.
311	*
312	* @return array
313	*/
314	public static function add_review_comment_filter( array $comment_types ): array {
315	$comment_types['review'] = __( 'Product Reviews', 'woocommerce' );
316	return $comment_types;
317	}
318
319	/**
320	* Determine if a review is from a verified owner at submission.
321	*
322	* @param int $comment_id Comment ID.
323	* @return bool
324	*/
325	public static function add_comment_purchase_verification( $comment_id ) {
326	$comment = get_comment( $comment_id );
327	$verified = false;
328	if ( 'product' === get_post_type( $comment->comment_post_ID ) ) {
329	$verified = wc_customer_bought_product( $comment->comment_author_email, $comment->user_id, $comment->comment_post_ID );
330	add_comment_meta( $comment_id, 'verified', (int) $verified, true );
331	}
332	return $verified;
333	}
334
335	/**
336	* Get product rating for a product. Please note this is not cached.
337	*
338	* @since 3.0.0
339	* @param WC_Product $product Product instance.
340	* @return float
341	*/
342	public static function get_average_rating_for_product( &$product ) {
343	global $wpdb;
344
345	$count = $product->get_rating_count();
346
347	if ( $count ) {
348	$ratings = $wpdb->get_var(
349	$wpdb->prepare(
350	"
351	SELECT SUM(meta_value) FROM $wpdb->commentmeta
352	LEFT JOIN $wpdb->comments ON $wpdb->commentmeta.comment_id = $wpdb->comments.comment_ID
353	WHERE meta_key = 'rating'
354	AND comment_post_ID = %d
355	AND comment_approved = '1'
356	AND meta_value > 0
357	",
358	$product->get_id()
359	)
360	);
361	$average = number_format( $ratings / $count, 2, '.', '' );
362	} else {
363	$average = 0;
364	}
365
366	return $average;
367	}
368
369	/**
370	* Utility function for getting review counts for multiple products in one query. This is not cached.
371	*
372	* @since 5.0.0
373	*
374	* @param array $product_ids Array of product IDs.
375	*
376	* @return array
377	*/
378	public static function get_review_counts_for_product_ids( $product_ids ) {
379	global $wpdb;
380
381	if ( empty( $product_ids ) ) {
382	return array();
383	}
384
385	$product_id_string_placeholder = substr( str_repeat( ',%s', count( $product_ids ) ), 1 );
386
387	$review_counts = $wpdb->get_results(
388	// phpcs:disable WordPress.DB.PreparedSQL.InterpolatedNotPrepared -- Ignored for allowing interpolation in IN query.
389	$wpdb->prepare(
390	"
391	SELECT comment_post_ID as product_id, COUNT( comment_post_ID ) as review_count
392	FROM $wpdb->comments
393	WHERE
394	comment_parent = 0
395	AND comment_post_ID IN ( $product_id_string_placeholder )
396	AND comment_approved = '1'
397	AND comment_type in ( 'review', '', 'comment' )
398	GROUP BY product_id
399	",
400	$product_ids
401	),
402	// phpcs:enable WordPress.DB.PreparedSQL.InterpolatedNotPrepared.
403	ARRAY_A
404	);
405
406	// Convert to key value pairs.
407	$counts = array_replace( array_fill_keys( $product_ids, 0 ), array_column( $review_counts, 'review_count', 'product_id' ) );
408
409	return $counts;
410	}
411
412	/**
413	* Get product review count for a product (not replies). Please note this is not cached.
414	*
415	* @since 3.0.0
416	* @param WC_Product $product Product instance.
417	* @return int
418	*/
419	public static function get_review_count_for_product( &$product ) {
420	$counts = self::get_review_counts_for_product_ids( array( $product->get_id() ) );
421
422	return $counts[ $product->get_id() ];
423	}
424
425	/**
426	* Get product rating count for a product. Please note this is not cached.
427	*
428	* @since 3.0.0
429	* @param WC_Product $product Product instance.
430	* @return int[]
431	*/
432	public static function get_rating_counts_for_product( &$product ) {
433	global $wpdb;
434
435	$counts = array();
436	$raw_counts = $wpdb->get_results(
437	$wpdb->prepare(
438	"
439	SELECT meta_value, COUNT( * ) as meta_value_count FROM $wpdb->commentmeta
440	LEFT JOIN $wpdb->comments ON $wpdb->commentmeta.comment_id = $wpdb->comments.comment_ID
441	WHERE meta_key = 'rating'
442	AND comment_post_ID = %d
443	AND comment_approved = '1'
444	AND meta_value > 0
445	GROUP BY meta_value
446	",
447	$product->get_id()
448	)
449	);
450
451	foreach ( $raw_counts as $count ) {
452	$counts[ $count->meta_value ] = absint( $count->meta_value_count ); // WPCS: slow query ok.
453	}
454
455	return $counts;
456	}
457
458	/**
459	* Update comment type of product reviews.
460	*
461	* @since 3.5.0
462	* @param array $comment_data Comment data.
463	* @return array
464	*/
465	public static function update_comment_type( $comment_data ) {
466	if ( ! is_admin() && isset( $_POST['comment_post_ID'], $comment_data['comment_type'] ) && self::is_default_comment_type( $comment_data['comment_type'] ) && 'product' === get_post_type( absint( $_POST['comment_post_ID'] ) ) ) { // WPCS: input var ok, CSRF ok.
467	$comment_data['comment_type'] = 'review';
468	}
469
470	return $comment_data;
471	}
472
473	/**
474	* Validate product reviews if requires a verified owner.
475	*
476	* @param int $comment_post_id Post ID.
477	*/
478	public static function validate_product_review_verified_owners( $comment_post_id ) {
479	// Only validate if option is enabled.
480	if ( 'yes' !== get_option( 'woocommerce_review_rating_verification_required' ) ) {
481	return;
482	}
483
484	// Validate only products.
485	if ( 'product' !== get_post_type( $comment_post_id ) ) {
486	return;
487	}
488
489	// Skip if is a verified owner.
490	if ( wc_customer_bought_product( '', get_current_user_id(), $comment_post_id ) ) {
491	return;
492	}
493
494	wp_die(
495	esc_html__( 'Only logged in customers who have purchased this product may leave a review.', 'woocommerce' ),
496	esc_html__( 'Reviews can only be left by "verified owners"', 'woocommerce' ),
497	array(
498	'code' => 403,
499	)
500	);
501	}
502
503	/**
504	* Determines if a comment is of the default type.
505	*
506	* Prior to WordPress 5.5, '' was the default comment type.
507	* As of 5.5, the default type is 'comment'.
508	*
509	* @since 4.3.0
510	* @param string $comment_type Comment type.
511	* @return bool
512	*/
513	private static function is_default_comment_type( $comment_type ) {
514	return ( '' === $comment_type \|\| 'comment' === $comment_type );
515	}
516	}
517
518	WC_Comments::init();
519