This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | /** |
||
3 | * WooCommerce Admin Setup Wizard Tracking |
||
4 | * |
||
5 | * @package WooCommerce\Tracks |
||
6 | */ |
||
7 | |||
8 | defined( 'ABSPATH' ) || exit; |
||
9 | |||
10 | /** |
||
11 | * This class adds actions to track usage of the WooCommerce Onboarding Wizard. |
||
12 | */ |
||
13 | class WC_Admin_Setup_Wizard_Tracking { |
||
14 | /** |
||
15 | * Steps for the setup wizard |
||
16 | * |
||
17 | * @var array |
||
18 | */ |
||
19 | private $steps = array(); |
||
20 | |||
21 | /** |
||
22 | * Init tracking. |
||
23 | */ |
||
24 | public function init() { |
||
25 | if ( empty( $_GET['page'] ) || 'wc-setup' !== $_GET['page'] ) { // WPCS: CSRF ok, input var ok. |
||
26 | return; |
||
27 | } |
||
28 | |||
29 | add_filter( 'woocommerce_setup_wizard_steps', array( $this, 'set_obw_steps' ) ); |
||
30 | add_action( 'shutdown', array( $this, 'track_skip_step' ), 1 ); |
||
31 | add_action( 'add_option_woocommerce_allow_tracking', array( $this, 'track_start' ), 10, 2 ); |
||
32 | add_action( 'admin_init', array( $this, 'track_ready_next_steps' ), 1 ); |
||
33 | add_action( 'wp_print_scripts', array( $this, 'dequeue_non_whitelisted_scripts' ) ); |
||
34 | $this->add_step_save_events(); |
||
35 | add_action( 'woocommerce_setup_footer', array( $this, 'add_footer_scripts' ) ); |
||
36 | } |
||
37 | |||
38 | /** |
||
39 | * Get the name of the current step. |
||
40 | * |
||
41 | * @return string |
||
42 | */ |
||
43 | public function get_current_step() { |
||
44 | return isset( $_GET['step'] ) ? sanitize_key( $_GET['step'] ) : ''; // phpcs:ignore WordPress.Security.NonceVerification.NoNonceVerification |
||
45 | } |
||
46 | |||
47 | /** |
||
48 | * Add footer scripts to OBW via woocommerce_setup_footer |
||
49 | */ |
||
50 | public function add_footer_scripts() { |
||
51 | wp_print_scripts(); |
||
52 | WC_Site_Tracking::add_tracking_function(); |
||
53 | wc_print_js(); |
||
54 | } |
||
55 | |||
56 | /** |
||
57 | * Dequeue unwanted scripts from OBW footer. |
||
58 | */ |
||
59 | public function dequeue_non_whitelisted_scripts() { |
||
60 | global $wp_scripts; |
||
61 | $whitelist = array( 'woo-tracks' ); |
||
62 | |||
63 | foreach ( $wp_scripts->queue as $script ) { |
||
64 | if ( in_array( $script, $whitelist, true ) ) { |
||
65 | continue; |
||
66 | } |
||
67 | wp_dequeue_script( $script ); |
||
68 | } |
||
69 | } |
||
70 | |||
71 | /** |
||
72 | * Track when tracking is opted into and OBW has started. |
||
73 | * |
||
74 | * @param string $option Option name. |
||
75 | * @param string $value Option value. |
||
76 | * @return void |
||
77 | */ |
||
78 | public function track_start( $option, $value ) { |
||
79 | if ( 'yes' !== $value || empty( $_GET['page'] ) || 'wc-setup' !== $_GET['page'] ) { // phpcs:ignore WordPress.Security.NonceVerification.NoNonceVerification |
||
80 | return; |
||
81 | } |
||
82 | |||
83 | WC_Tracks::record_event( 'obw_start' ); |
||
84 | } |
||
85 | |||
86 | /** |
||
87 | * Track the marketing form on submit. |
||
88 | */ |
||
89 | public function track_ready_next_steps() { |
||
90 | if ( 'next_steps' !== $this->get_current_step() ) { |
||
91 | return; |
||
92 | } |
||
93 | |||
94 | wc_enqueue_js( |
||
95 | " |
||
96 | jQuery( '#mc-embedded-subscribe' ).click( function() { |
||
97 | window.wcTracks.recordEvent( 'obw_marketing_signup' ); |
||
98 | } ); |
||
99 | jQuery( '.wc-setup-content a' ).click( function trackNextScreen( e ) { |
||
100 | var properties = { |
||
101 | next_url: e.target.href, |
||
102 | button: e.target.textContent && e.target.textContent.trim() |
||
103 | }; |
||
104 | window.wcTracks.recordEvent( 'obw_ready_next_step', properties ); |
||
105 | } ); |
||
106 | " |
||
107 | ); |
||
108 | } |
||
109 | |||
110 | /** |
||
111 | * Track various events when a step is saved. |
||
112 | */ |
||
113 | public function add_step_save_events() { |
||
114 | // Always record a track on this page view. |
||
115 | if ( 'next_steps' === $this->get_current_step() ) { |
||
116 | add_action( 'admin_init', array( $this, 'track_next_steps' ), 1 ); |
||
117 | } |
||
118 | |||
119 | if ( empty( $_POST['save_step'] ) ) { // phpcs:ignore WordPress.Security.NonceVerification.NoNonceVerification |
||
120 | return; |
||
121 | } |
||
122 | |||
123 | update_option( 'woocommerce_obw_last_completed_step', $this->get_current_step() ); |
||
124 | |||
125 | switch ( $this->get_current_step() ) { |
||
126 | case '': |
||
127 | case 'store_setup': |
||
128 | add_action( 'admin_init', array( $this, 'track_store_setup' ), 1 ); |
||
129 | break; |
||
130 | case 'payment': |
||
131 | add_action( 'admin_init', array( $this, 'track_payments' ), 1 ); |
||
132 | break; |
||
133 | case 'shipping': |
||
134 | add_action( 'admin_init', array( $this, 'track_shipping' ), 1 ); |
||
135 | break; |
||
136 | case 'recommended': |
||
137 | add_action( 'admin_init', array( $this, 'track_recommended' ), 1 ); |
||
138 | break; |
||
139 | case 'activate': |
||
140 | add_action( 'admin_init', array( $this, 'track_jetpack_activate' ), 1 ); |
||
141 | break; |
||
142 | } |
||
143 | } |
||
144 | |||
145 | /** |
||
146 | * Track store setup and store properties on save. |
||
147 | * |
||
148 | * @return void |
||
149 | */ |
||
150 | View Code Duplication | public function track_store_setup() { |
|
0 ignored issues
–
show
|
|||
151 | // phpcs:disable WordPress.Security.NonceVerification.NoNonceVerification, WordPress.Security.ValidatedSanitizedInput |
||
152 | $properties = array( |
||
153 | 'country' => isset( $_POST['store_country'] ) ? sanitize_text_field( $_POST['store_country'] ) : '', |
||
154 | 'currency_code' => isset( $_POST['currency_code'] ) ? sanitize_text_field( $_POST['currency_code'] ) : '', |
||
155 | 'product_type' => isset( $_POST['product_type'] ) ? sanitize_text_field( $_POST['product_type'] ) : '', |
||
156 | 'sell_in_person' => isset( $_POST['sell_in_person'] ) && ( 'yes' === sanitize_text_field( $_POST['sell_in_person'] ) ), |
||
157 | ); |
||
158 | // phpcs:enable |
||
159 | |||
160 | WC_Tracks::record_event( 'obw_store_setup', $properties ); |
||
161 | } |
||
162 | |||
163 | /** |
||
164 | * Track payment gateways selected. |
||
165 | * |
||
166 | * @return void |
||
167 | */ |
||
168 | public function track_payments() { |
||
169 | $selected_gateways = array(); |
||
170 | $created_accounts = array(); |
||
171 | $wc_admin_setup_wizard = new WC_Admin_Setup_Wizard(); |
||
172 | $gateways = array_merge( $wc_admin_setup_wizard->get_wizard_in_cart_payment_gateways(), $wc_admin_setup_wizard->get_wizard_manual_payment_gateways() ); |
||
173 | |||
174 | foreach ( $gateways as $gateway_id => $gateway ) { |
||
175 | if ( ! empty( $_POST[ 'wc-wizard-service-' . $gateway_id . '-enabled' ] ) ) { // WPCS: CSRF ok, input var ok. |
||
176 | $selected_gateways[] = $gateway_id; |
||
177 | } |
||
178 | } |
||
179 | |||
180 | // Stripe account being created. |
||
181 | if ( |
||
182 | ! empty( $_POST['wc-wizard-service-stripe-enabled'] ) && // WPCS: CSRF ok, input var ok. |
||
183 | ! empty( $_POST['stripe_create_account'] ) // WPCS: CSRF ok, input var ok. |
||
184 | ) { |
||
185 | $created_accounts[] = 'stripe'; |
||
186 | } |
||
187 | // PayPal account being created. |
||
188 | if ( |
||
189 | ! empty( $_POST['wc-wizard-service-ppec_paypal-enabled'] ) && // WPCS: CSRF ok, input var ok. |
||
190 | ! empty( $_POST['ppec_paypal_reroute_requests'] ) // WPCS: CSRF ok, input var ok. |
||
191 | ) { |
||
192 | $created_accounts[] = 'ppec_paypal'; |
||
193 | } |
||
194 | |||
195 | // phpcs:disable WordPress.Security.NonceVerification.NoNonceVerification, WordPress.Security.ValidatedSanitizedInput |
||
196 | $properties = array( |
||
197 | 'selected_gateways' => implode( ', ', $selected_gateways ), |
||
198 | 'created_accounts' => implode( ', ', $created_accounts ), |
||
199 | ); |
||
200 | // phpcs:enable |
||
201 | |||
202 | WC_Tracks::record_event( 'obw_payments', $properties ); |
||
203 | } |
||
204 | |||
205 | /** |
||
206 | * Track shipping units and whether or not labels are set. |
||
207 | * |
||
208 | * @return void |
||
209 | */ |
||
210 | View Code Duplication | public function track_shipping() { |
|
0 ignored issues
–
show
This method seems to be duplicated in your project.
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository.
Loading history...
|
|||
211 | // phpcs:disable WordPress.Security.NonceVerification.NoNonceVerification, WordPress.Security.ValidatedSanitizedInput |
||
212 | $properties = array( |
||
213 | 'weight_unit' => isset( $_POST['weight_unit'] ) ? sanitize_text_field( wp_unslash( $_POST['weight_unit'] ) ) : '', |
||
214 | 'dimension_unit' => isset( $_POST['dimension_unit'] ) ? sanitize_text_field( wp_unslash( $_POST['dimension_unit'] ) ) : '', |
||
215 | 'setup_wcs_labels' => isset( $_POST['setup_woocommerce_services'] ) && 'yes' === $_POST['setup_woocommerce_services'], |
||
216 | 'setup_shipstation' => isset( $_POST['setup_shipstation'] ) && 'yes' === $_POST['setup_shipstation'], |
||
217 | ); |
||
218 | // phpcs:enable |
||
219 | |||
220 | WC_Tracks::record_event( 'obw_shipping', $properties ); |
||
221 | } |
||
222 | |||
223 | /** |
||
224 | * Track recommended plugins selected for install. |
||
225 | * |
||
226 | * @return void |
||
227 | */ |
||
228 | public function track_recommended() { |
||
229 | // phpcs:disable WordPress.Security.NonceVerification.NoNonceVerification |
||
230 | $properties = array( |
||
231 | 'setup_storefront' => isset( $_POST['setup_storefront_theme'] ) && 'yes' === $_POST['setup_storefront_theme'], |
||
232 | 'setup_automated_tax' => isset( $_POST['setup_automated_taxes'] ) && 'yes' === $_POST['setup_automated_taxes'], |
||
233 | 'setup_mailchimp' => isset( $_POST['setup_mailchimp'] ) && 'yes' === $_POST['setup_mailchimp'], |
||
234 | 'setup_facebook' => isset( $_POST['setup_facebook'] ) && 'yes' === $_POST['setup_facebook'], |
||
235 | 'setup_wc_admin' => isset( $_POST['setup_wc_admin'] ) && 'yes' === $_POST['setup_wc_admin'], |
||
236 | ); |
||
237 | // phpcs:enable |
||
238 | |||
239 | WC_Tracks::record_event( 'obw_recommended', $properties ); |
||
240 | } |
||
241 | |||
242 | /** |
||
243 | * Tracks when Jetpack is activated through the OBW. |
||
244 | * |
||
245 | * @return void |
||
246 | */ |
||
247 | public function track_jetpack_activate() { |
||
248 | WC_Tracks::record_event( 'obw_activate' ); |
||
249 | } |
||
250 | |||
251 | /** |
||
252 | * Tracks when last next_steps screen is viewed in the OBW. |
||
253 | * |
||
254 | * @return void |
||
255 | */ |
||
256 | public function track_next_steps() { |
||
257 | WC_Tracks::record_event( 'obw_ready_view' ); |
||
258 | } |
||
259 | |||
260 | /** |
||
261 | * Track skipped steps. |
||
262 | * |
||
263 | * @return void |
||
264 | */ |
||
265 | public function track_skip_step() { |
||
266 | $previous_step = get_option( 'woocommerce_obw_last_completed_step' ); |
||
267 | $current_step = $this->get_current_step(); |
||
268 | if ( ! $previous_step || ! $current_step ) { |
||
269 | return; |
||
270 | } |
||
271 | |||
272 | $steps = array_keys( $this->steps ); |
||
273 | $current_step_index = array_search( $current_step, $steps, true ); |
||
274 | $previous_step_index = array_search( $previous_step, $steps, true ); |
||
275 | |||
276 | // If we're going forward more than 1 completed step. |
||
277 | if ( $current_step_index > $previous_step_index + 1 ) { |
||
278 | $properties = array( |
||
279 | 'step' => $steps[ $current_step_index - 1 ], |
||
280 | ); |
||
281 | WC_Tracks::record_event( 'obw_skip_step', $properties ); |
||
282 | } |
||
283 | } |
||
284 | |||
285 | /** |
||
286 | * Set the OBW steps inside this class instance. |
||
287 | * |
||
288 | * @param array $steps Array of OBW steps. |
||
289 | */ |
||
290 | public function set_obw_steps( $steps ) { |
||
291 | $this->steps = $steps; |
||
292 | |||
293 | return $steps; |
||
294 | } |
||
295 | } |
||
296 |
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.
You can also find more detailed suggestions in the “Code” section of your repository.