Issues in class-wc-meta-box-order-data.php - All Issues - Inspection of "Merge pull request #23137 from woocommerce/fix/230..." - woocommerce/woocommerce - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 15aa29...17da96 )

by Claudio

created 2019-05-23 00:19 UTC

admin/meta-boxes/class-wc-meta-box-order-data.php (2 issues)

Severity

Unknown 2

Claudio Sanches 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * Order Data
 *
 * Functions for displaying the order data meta box.
 *
 * @author      WooThemes
 * @category    Admin
 * @package     WooCommerce/Admin/Meta Boxes
 * @version     2.2.0
 */

if ( ! defined( 'ABSPATH' ) ) {
	exit; // Exit if accessed directly
}

/**
 * WC_Meta_Box_Order_Data Class.
 */
class WC_Meta_Box_Order_Data {

	/**
	 * Billing fields.
	 *
	 * @var array
	 */
	protected static $billing_fields = array();

	/**
	 * Shipping fields.
	 *
	 * @var array
	 */
	protected static $shipping_fields = array();

	/**
	 * Init billing and shipping fields we display + save.
	 */
	public static function init_address_fields() {

		self::$billing_fields = apply_filters(
			'woocommerce_admin_billing_fields', array(
				'first_name' => array(
					'label' => __( 'First name', 'woocommerce' ),
					'show'  => false,
				),
				'last_name'  => array(
					'label' => __( 'Last name', 'woocommerce' ),
					'show'  => false,
				),
				'company'    => array(
					'label' => __( 'Company', 'woocommerce' ),
					'show'  => false,
				),
				'address_1'  => array(
					'label' => __( 'Address line 1', 'woocommerce' ),
					'show'  => false,
				),
				'address_2'  => array(
					'label' => __( 'Address line 2', 'woocommerce' ),
					'show'  => false,
				),
				'city'       => array(
					'label' => __( 'City', 'woocommerce' ),
					'show'  => false,
				),
				'postcode'   => array(
					'label' => __( 'Postcode / ZIP', 'woocommerce' ),
					'show'  => false,
				),
				'country'    => array(
					'label'   => __( 'Country', 'woocommerce' ),
					'show'    => false,
					'class'   => 'js_field-country select short',
					'type'    => 'select',
					'options' => array( '' => __( 'Select a country&hellip;', 'woocommerce' ) ) + WC()->countries->get_allowed_countries(),
				),
				'state'      => array(
					'label' => __( 'State / County', 'woocommerce' ),
					'class' => 'js_field-state select short',
					'show'  => false,
				),
				'email'      => array(
					'label' => __( 'Email address', 'woocommerce' ),
				),
				'phone'      => array(
					'label' => __( 'Phone', 'woocommerce' ),
				),
			)
		);

		self::$shipping_fields = apply_filters(
			'woocommerce_admin_shipping_fields', array(
				'first_name' => array(
					'label' => __( 'First name', 'woocommerce' ),
					'show'  => false,
				),
				'last_name'  => array(
					'label' => __( 'Last name', 'woocommerce' ),
					'show'  => false,
				),
				'company'    => array(
					'label' => __( 'Company', 'woocommerce' ),
					'show'  => false,
				),
				'address_1'  => array(
					'label' => __( 'Address line 1', 'woocommerce' ),
					'show'  => false,
				),
				'address_2'  => array(
					'label' => __( 'Address line 2', 'woocommerce' ),
					'show'  => false,
				),
				'city'       => array(
					'label' => __( 'City', 'woocommerce' ),
					'show'  => false,
				),
				'postcode'   => array(
					'label' => __( 'Postcode / ZIP', 'woocommerce' ),
					'show'  => false,
				),
				'country'    => array(
					'label'   => __( 'Country', 'woocommerce' ),
					'show'    => false,
					'type'    => 'select',
					'class'   => 'js_field-country select short',
					'options' => array( '' => __( 'Select a country&hellip;', 'woocommerce' ) ) + WC()->countries->get_shipping_countries(),
				),
				'state'      => array(
					'label' => __( 'State / County', 'woocommerce' ),
					'class' => 'js_field-state select short',
					'show'  => false,
				),
			)
		);
	}

	/**
	 * Output the metabox.
	 *
	 * @param WP_Post $post
	 */
	public static function output( $post ) {
		global $theorder;

		if ( ! is_object( $theorder ) ) {
			$theorder = wc_get_order( $post->ID );
		}

		$order = $theorder;

		self::init_address_fields();

		if ( WC()->payment_gateways() ) {
			$payment_gateways = WC()->payment_gateways->payment_gateways();
		} else {
			$payment_gateways = array();
		}

		$payment_method = $order->get_payment_method();

		$order_type_object = get_post_type_object( $post->post_type );
		wp_nonce_field( 'woocommerce_save_data', 'woocommerce_meta_nonce' );
		?>
		<style type="text/css">
			#post-body-content, #titlediv { display:none }
		</style>
		<div class="panel-wrap woocommerce">
			<input name="post_title" type="hidden" value="<?php echo empty( $post->post_title ) ? __( 'Order', 'woocommerce' ) : esc_attr( $post->post_title ); ?>" />
			<input name="post_status" type="hidden" value="<?php echo esc_attr( $post->post_status ); ?>" />
			<div id="order_data" class="panel woocommerce-order-data">
				<h2 class="woocommerce-order-data__heading">
					<?php

					/* translators: 1: order type 2: order number */
					printf(
						esc_html__( '%1$s #%2$s details', 'woocommerce' ),
						esc_html( $order_type_object->labels->singular_name ),
						esc_html( $order->get_order_number() )
					);

					?>
				</h2>
				<p class="woocommerce-order-data__meta order_number">
					<?php

					$meta_list = array();

					if ( $payment_method && 'other' !== $payment_method ) {
						/* translators: %s: payment method */
						$payment_method_string = sprintf(
							__( 'Payment via %s', 'woocommerce' ),
							esc_html( isset( $payment_gateways[ $payment_method ] ) ? $payment_gateways[ $payment_method ]->get_title() : $payment_method )
						);

						if ( $transaction_id = $order->get_transaction_id() ) {
							if ( isset( $payment_gateways[ $payment_method ] ) && ( $url = $payment_gateways[ $payment_method ]->get_transaction_url( $order ) ) ) {
								$payment_method_string .= ' (<a href="' . esc_url( $url ) . '" target="_blank">' . esc_html( $transaction_id ) . '</a>)';
							} else {
								$payment_method_string .= ' (' . esc_html( $transaction_id ) . ')';
							}
						}

						$meta_list[] = $payment_method_string;
					}

					if ( $order->get_date_paid() ) {
						/* translators: 1: date 2: time */
						$meta_list[] = sprintf(
							__( 'Paid on %1$s @ %2$s', 'woocommerce' ),
							wc_format_datetime( $order->get_date_paid() ),
							wc_format_datetime( $order->get_date_paid(), get_option( 'time_format' ) )
						);
					}

					if ( $ip_address = $order->get_customer_ip_address() ) {
						/* translators: %s: IP address */
						$meta_list[] = sprintf(
							__( 'Customer IP: %s', 'woocommerce' ),
							'<span class="woocommerce-Order-customerIP">' . esc_html( $ip_address ) . '</span>'
						);
					}

					echo wp_kses_post( implode( '. ', $meta_list ) );

					?>
				</p>
				<div class="order_data_column_container">
					<div class="order_data_column">
						<h3><?php esc_html_e( 'General', 'woocommerce' ); ?></h3>

						<p class="form-field form-field-wide">
							<label for="order_date"><?php _e( 'Date created:', 'woocommerce' ); ?></label>
							<input type="text" class="date-picker" name="order_date" maxlength="10" value="<?php echo esc_attr( date_i18n( 'Y-m-d', strtotime( $post->post_date ) ) ); ?>" pattern="<?php echo esc_attr( apply_filters( 'woocommerce_date_input_html_pattern', '[0-9]{4}-(0[1-9]|1[012])-(0[1-9]|1[0-9]|2[0-9]|3[01])' ) ); ?>" />@
							&lrm;
							<input type="number" class="hour" placeholder="<?php esc_attr_e( 'h', 'woocommerce' ); ?>" name="order_date_hour" min="0" max="23" step="1" value="<?php echo esc_attr( date_i18n( 'H', strtotime( $post->post_date ) ) ); ?>" pattern="([01]?[0-9]{1}|2[0-3]{1})" />:
							<input type="number" class="minute" placeholder="<?php esc_attr_e( 'm', 'woocommerce' ); ?>" name="order_date_minute" min="0" max="59" step="1" value="<?php echo esc_attr( date_i18n( 'i', strtotime( $post->post_date ) ) ); ?>" pattern="[0-5]{1}[0-9]{1}" />
							<input type="hidden" name="order_date_second" value="<?php echo esc_attr( date_i18n( 's', strtotime( $post->post_date ) ) ); ?>" />
						</p>

						<p class="form-field form-field-wide wc-order-status">
							<label for="order_status">
								<?php
								_e( 'Status:', 'woocommerce' );
								if ( $order->needs_payment() ) {
									printf(
										'<a href="%s">%s</a>',
										esc_url( $order->get_checkout_payment_url() ),
										__( 'Customer payment page &rarr;', 'woocommerce' )
									);
								}
								?>
							</label>
							<select id="order_status" name="order_status" class="wc-enhanced-select">
								<?php
								$statuses = wc_get_order_statuses();
								foreach ( $statuses as $status => $status_name ) {
									echo '<option value="' . esc_attr( $status ) . '" ' . selected( $status, 'wc-' . $order->get_status( 'edit' ), false ) . '>' . esc_html( $status_name ) . '</option>';
								}
								?>
							</select>
						</p>

						<p class="form-field form-field-wide wc-customer-user">
							<!--email_off--> <!-- Disable CloudFlare email obfuscation -->
							<label for="customer_user">
								<?php
								_e( 'Customer:', 'woocommerce' );
								if ( $order->get_user_id( 'edit' ) ) {
									$args = array(
										'post_status'    => 'all',
										'post_type'      => 'shop_order',
										'_customer_user' => $order->get_user_id( 'edit' ),
									);
									printf(
										'<a href="%s">%s</a>',
										esc_url( add_query_arg( $args, admin_url( 'edit.php' ) ) ),
										' ' . __( 'View other orders &rarr;', 'woocommerce' )
									);
									printf(
										'<a href="%s">%s</a>',
										esc_url( add_query_arg( 'user_id', $order->get_user_id( 'edit' ), admin_url( 'user-edit.php' ) ) ),
										' ' . __( 'Profile &rarr;', 'woocommerce' )
									);
								}
								?>
							</label>
							<?php
							$user_string = '';
							$user_id     = '';
							if ( $order->get_user_id() ) {
								$user_id = absint( $order->get_user_id() );
								$user    = get_user_by( 'id', $user_id );
								/* translators: 1: user display name 2: user ID 3: user email */
								$user_string = sprintf(
									esc_html__( '%1$s (#%2$s &ndash; %3$s)', 'woocommerce' ),
									$user->display_name,
									absint( $user->ID ),
									$user->user_email
								);
							}
							?>
							<select class="wc-customer-search" id="customer_user" name="customer_user" data-placeholder="<?php esc_attr_e( 'Guest', 'woocommerce' ); ?>" data-allow_clear="true">
								<option value="<?php echo esc_attr( $user_id ); ?>" selected="selected"><?php echo htmlspecialchars( wp_kses_post( $user_string ) ); // htmlspecialchars to prevent XSS when rendered by selectWoo. ?></option>
							</select>
							<!--/email_off-->
						</p>
						<?php do_action( 'woocommerce_admin_order_data_after_order_details', $order ); ?>
					</div>
					<div class="order_data_column">
						<h3>
							<?php esc_html_e( 'Billing', 'woocommerce' ); ?>
							<a href="#" class="edit_address"><?php esc_html_e( 'Edit', 'woocommerce' ); ?></a>
							<span>
								<a href="#" class="load_customer_billing" style="display:none;"><?php esc_html_e( 'Load billing address', 'woocommerce' ); ?></a>
							</span>
						</h3>
						<div class="address">
							<?php

							// Display values.
							if ( $order->get_formatted_billing_address() ) {
								echo '<p>' . wp_kses( $order->get_formatted_billing_address(), array( 'br' => array() ) ) . '</p>';
							} else {
								echo '<p class="none_set"><strong>' . __( 'Address:', 'woocommerce' ) . '</strong> ' . __( 'No billing address set.', 'woocommerce' ) . '</p>';
							}

							foreach ( self::$billing_fields as $key => $field ) {
								if ( isset( $field['show'] ) && false === $field['show'] ) {
									continue;
								}

								$field_name = 'billing_' . $key;

								if ( isset( $field['value'] ) ) {
									$field_value = $field['value'];
								} elseif ( is_callable( array( $order, 'get_' . $field_name ) ) ) {
									$field_value = $order->{"get_$field_name"}( 'edit' );
								} else {
									$field_value = $order->get_meta( '_' . $field_name );
								}

								if ( 'billing_phone' === $field_name ) {
									$field_value = wc_make_phone_clickable( $field_value );
								} else {
									$field_value = make_clickable( esc_html( $field_value ) );
								}

								if ( $field_value ) {
									echo '<p><strong>' . esc_html( $field['label'] ) . ':</strong> ' . wp_kses_post( $field_value ) . '</p>';
								}
							}
							?>
						</div>

						<div class="edit_address">
							<?php

							// Display form.
							foreach ( self::$billing_fields as $key => $field ) {
								if ( ! isset( $field['type'] ) ) {
									$field['type'] = 'text';
								}
								if ( ! isset( $field['id'] ) ) {
									$field['id'] = '_billing_' . $key;
								}

								$field_name = 'billing_' . $key;

								if ( ! isset( $field['value'] ) ) {
									if ( is_callable( array( $order, 'get_' . $field_name ) ) ) {
										$field['value'] = $order->{"get_$field_name"}( 'edit' );
									} else {
										$field['value'] = $order->get_meta( '_' . $field_name );
									}
								}

								switch ( $field['type'] ) {
									case 'select':
										woocommerce_wp_select( $field );
										break;
									default:
										woocommerce_wp_text_input( $field );
										break;
								}
							}
							?>
							<p class="form-field form-field-wide">
								<label><?php esc_html_e( 'Payment method:', 'woocommerce' ); ?></label>
								<select name="_payment_method" id="_payment_method" class="first">
									<option value=""><?php esc_html_e( 'N/A', 'woocommerce' ); ?></option>
									<?php
									$found_method = false;

									foreach ( $payment_gateways as $gateway ) {
										if ( 'yes' === $gateway->enabled ) {
											echo '<option value="' . esc_attr( $gateway->id ) . '" ' . selected( $payment_method, $gateway->id, false ) . '>' . esc_html( $gateway->get_title() ) . '</option>';
											if ( $payment_method == $gateway->id ) {
												$found_method = true;
											}
										}
									}

									if ( ! $found_method && ! empty( $payment_method ) ) {
										echo '<option value="' . esc_attr( $payment_method ) . '" selected="selected">' . __( 'Other', 'woocommerce' ) . '</option>';
									} else {
										echo '<option value="other">' . __( 'Other', 'woocommerce' ) . '</option>';
									}
									?>
								</select>
							</p>
							<?php

							woocommerce_wp_text_input(
								array(
									'id'    => '_transaction_id',
									'label' => __( 'Transaction ID', 'woocommerce' ),
									'value' => $order->get_transaction_id( 'edit' ),
								)
							);
							?>

						</div>
						<?php do_action( 'woocommerce_admin_order_data_after_billing_address', $order ); ?>
					</div>
					<div class="order_data_column">
						<h3>
							<?php esc_html_e( 'Shipping', 'woocommerce' ); ?>
							<a href="#" class="edit_address"><?php esc_html_e( 'Edit', 'woocommerce' ); ?></a>
							<span>
								<a href="#" class="load_customer_shipping" style="display:none;"><?php esc_html_e( 'Load shipping address', 'woocommerce' ); ?></a>
								<a href="#" class="billing-same-as-shipping" style="display:none;"><?php esc_html_e( 'Copy billing address', 'woocommerce' ); ?></a>
							</span>
						</h3>
						<div class="address">
							<?php

							// Display values.
							if ( $order->get_formatted_shipping_address() ) {
								echo '<p>' . wp_kses( $order->get_formatted_shipping_address(), array( 'br' => array() ) ) . '</p>';
							} else {
								echo '<p class="none_set"><strong>' . __( 'Address:', 'woocommerce' ) . '</strong> ' . __( 'No shipping address set.', 'woocommerce' ) . '</p>';
							}

							if ( ! empty( self::$shipping_fields ) ) {
								foreach ( self::$shipping_fields as $key => $field ) {
									if ( isset( $field['show'] ) && false === $field['show'] ) {
										continue;
									}

									$field_name = 'shipping_' . $key;

									if ( is_callable( array( $order, 'get_' . $field_name ) ) ) {
										$field_value = $order->{"get_$field_name"}( 'edit' );
									} else {
										$field_value = $order->get_meta( '_' . $field_name );
									}

									if ( $field_value ) {
										echo '<p><strong>' . esc_html( $field['label'] ) . ':</strong> ' . wp_kses_post( $field_value ) . '</p>';
									}
								}
							}

							if ( apply_filters( 'woocommerce_enable_order_notes_field', 'yes' == get_option( 'woocommerce_enable_order_comments', 'yes' ) ) && $post->post_excerpt ) {
								echo '<p class="order_note"><strong>' . __( 'Customer provided note:', 'woocommerce' ) . '</strong> ' . nl2br( esc_html( $post->post_excerpt ) ) . '</p>';
							}
							?>
						</div>
						<div class="edit_address">
							<?php

							// Display form.
							if ( ! empty( self::$shipping_fields ) ) {
								foreach ( self::$shipping_fields as $key => $field ) {
									if ( ! isset( $field['type'] ) ) {
										$field['type'] = 'text';
									}
									if ( ! isset( $field['id'] ) ) {
										$field['id'] = '_shipping_' . $key;
									}

									$field_name = 'shipping_' . $key;

									if ( is_callable( array( $order, 'get_' . $field_name ) ) ) {
										$field['value'] = $order->{"get_$field_name"}( 'edit' );
									} else {
										$field['value'] = $order->get_meta( '_' . $field_name );
									}

									switch ( $field['type'] ) {
										case 'select':
											woocommerce_wp_select( $field );
											break;
										default:
											woocommerce_wp_text_input( $field );
											break;
									}
								}
							}

							if ( apply_filters( 'woocommerce_enable_order_notes_field', 'yes' == get_option( 'woocommerce_enable_order_comments', 'yes' ) ) ) :
								?>
								<p class="form-field form-field-wide">
									<label for="excerpt"><?php _e( 'Customer provided note', 'woocommerce' ); ?>:</label>
									<textarea rows="1" cols="40" name="excerpt" tabindex="6" id="excerpt" placeholder="<?php esc_attr_e( 'Customer notes about the order', 'woocommerce' ); ?>"><?php echo wp_kses_post( $post->post_excerpt ); ?></textarea>
								</p>
							<?php endif; ?>
						</div>

						<?php do_action( 'woocommerce_admin_order_data_after_shipping_address', $order ); ?>
					</div>
				</div>
				<div class="clear"></div>
			</div>
		</div>
		<?php
	}

	/**
	 * Save meta box data.
	 *
	 * @param int $order_id Order ID.
	 */
	public static function save( $order_id ) {
		self::init_address_fields();

		// Ensure gateways are loaded in case they need to insert data into the emails.
		WC()->payment_gateways();
		WC()->shipping();

		// Get order object.
		$order = wc_get_order( $order_id );
		$props = array();

		// Create order key.
		if ( ! $order->get_order_key() ) {
			$props['order_key'] = wc_generate_order_key();
		}

		// Update customer.
		$customer_id = isset( $_POST['customer_user'] ) ? absint( $_POST['customer_user'] ) : 0;
		if ( $customer_id !== $order->get_customer_id() ) {
			$props['customer_id'] = $customer_id;
		}

		// Update billing fields.
		if ( ! empty( self::$billing_fields ) ) {
			foreach ( self::$billing_fields as $key => $field ) {
				if ( ! isset( $field['id'] ) ) {
					$field['id'] = '_billing_' . $key;
				}

				if ( ! isset( $_POST[ $field['id'] ] ) ) {
					continue;
				}

				if ( is_callable( array( $order, 'set_billing_' . $key ) ) ) {
					$props[ 'billing_' . $key ] = wc_clean( wp_unslash( $_POST[ $field['id'] ] ) );
				} else {
					$order->update_meta_data( $field['id'], wc_clean( wp_unslash( $_POST[ $field['id'] ] ) ) );

				}
			}
		}

		// Update shipping fields.
		if ( ! empty( self::$shipping_fields ) ) {
			foreach ( self::$shipping_fields as $key => $field ) {
				if ( ! isset( $field['id'] ) ) {
					$field['id'] = '_shipping_' . $key;
				}

				if ( ! isset( $_POST[ $field['id'] ] ) ) {
					continue;
				}

				if ( is_callable( array( $order, 'set_shipping_' . $key ) ) ) {
					$props[ 'shipping_' . $key ] = wc_clean( wp_unslash( $_POST[ $field['id'] ] ) );
				} else {
					$order->update_meta_data( $field['id'], wc_clean( wp_unslash( $_POST[ $field['id'] ] ) ) );

				}
			}
		}

		if ( isset( $_POST['_transaction_id'] ) ) {
			$props['transaction_id'] = wc_clean( wp_unslash( $_POST['_transaction_id'] ) );
		}

		// Payment method handling.
		if ( $order->get_payment_method() !== wp_unslash( $_POST['_payment_method'] ) ) {
			$methods              = WC()->payment_gateways->payment_gateways();
			$payment_method       = wc_clean( wp_unslash( $_POST['_payment_method'] ) );
			$payment_method_title = $payment_method;

			if ( isset( $methods ) && isset( $methods[ $payment_method ] ) ) {
				$payment_method_title = $methods[ $payment_method ]->get_title();
			}

			$props['payment_method']       = $payment_method;
			$props['payment_method_title'] = $payment_method_title;
		}

		// Update date.
		if ( empty( $_POST['order_date'] ) ) {
			$date = current_time( 'timestamp', true );
		} else {
			$date = gmdate( 'Y-m-d H:i:s', strtotime( $_POST['order_date'] . ' ' . (int) $_POST['order_date_hour'] . ':' . (int) $_POST['order_date_minute'] . ':' . (int) $_POST['order_date_second'] ) );
		}

		$props['date_created'] = $date;

		// Set created via prop if new post.
		if ( isset( $_POST['original_post_status'] ) && $_POST['original_post_status'] === 'auto-draft' ) {
			$props['created_via'] = 'admin';
		}

		// Save order data.
		$order->set_props( $props );
		$order->set_status( wc_clean( wp_unslash( $_POST['order_status'] ) ), '', true );
		$order->save();
	}
}


1		<?php
2		/**
3		* Order Data
4		*
5		* Functions for displaying the order data meta box.
6		*
7		* @author WooThemes
8		* @category Admin
9		* @package WooCommerce/Admin/Meta Boxes
10		* @version 2.2.0
11		*/
12
13		if ( ! defined( 'ABSPATH' ) ) {
14		exit; // Exit if accessed directly
15		}
16
17		/**
18		* WC_Meta_Box_Order_Data Class.
19		*/
20		class WC_Meta_Box_Order_Data {
21
22		/**
23		* Billing fields.
24		*
25		* @var array
26		*/
27		protected static $billing_fields = array();
28
29		/**
30		* Shipping fields.
31		*
32		* @var array
33		*/
34		protected static $shipping_fields = array();
35
36		/**
37		* Init billing and shipping fields we display + save.
38		*/
39		public static function init_address_fields() {
40
41		self::$billing_fields = apply_filters(
42		'woocommerce_admin_billing_fields', array(
43		'first_name' => array(
44		'label' => __( 'First name', 'woocommerce' ),
45		'show' => false,
46		),
47		'last_name' => array(
48		'label' => __( 'Last name', 'woocommerce' ),
49		'show' => false,
50		),
51		'company' => array(
52		'label' => __( 'Company', 'woocommerce' ),
53		'show' => false,
54		),
55		'address_1' => array(
56		'label' => __( 'Address line 1', 'woocommerce' ),
57		'show' => false,
58		),
59		'address_2' => array(
60		'label' => __( 'Address line 2', 'woocommerce' ),
61		'show' => false,
62		),
63		'city' => array(
64		'label' => __( 'City', 'woocommerce' ),
65		'show' => false,
66		),
67		'postcode' => array(
68		'label' => __( 'Postcode / ZIP', 'woocommerce' ),
69		'show' => false,
70		),
71		'country' => array(
72		'label' => __( 'Country', 'woocommerce' ),
73		'show' => false,
74		'class' => 'js_field-country select short',
75		'type' => 'select',
76		'options' => array( '' => __( 'Select a country…', 'woocommerce' ) ) + WC()->countries->get_allowed_countries(),
77		),
78		'state' => array(
79		'label' => __( 'State / County', 'woocommerce' ),
80		'class' => 'js_field-state select short',
81		'show' => false,
82		),
83		'email' => array(
84		'label' => __( 'Email address', 'woocommerce' ),
85		),
86		'phone' => array(
87		'label' => __( 'Phone', 'woocommerce' ),
88		),
89		)
90		);
91
92		self::$shipping_fields = apply_filters(
93		'woocommerce_admin_shipping_fields', array(
94		'first_name' => array(
95		'label' => __( 'First name', 'woocommerce' ),
96		'show' => false,
97		),
98		'last_name' => array(
99		'label' => __( 'Last name', 'woocommerce' ),
100		'show' => false,
101		),
102		'company' => array(
103		'label' => __( 'Company', 'woocommerce' ),
104		'show' => false,
105		),
106		'address_1' => array(
107		'label' => __( 'Address line 1', 'woocommerce' ),
108		'show' => false,
109		),
110		'address_2' => array(
111		'label' => __( 'Address line 2', 'woocommerce' ),
112		'show' => false,
113		),
114		'city' => array(
115		'label' => __( 'City', 'woocommerce' ),
116		'show' => false,
117		),
118		'postcode' => array(
119		'label' => __( 'Postcode / ZIP', 'woocommerce' ),
120		'show' => false,
121		),
122		'country' => array(
123		'label' => __( 'Country', 'woocommerce' ),
124		'show' => false,
125		'type' => 'select',
126		'class' => 'js_field-country select short',
127		'options' => array( '' => __( 'Select a country…', 'woocommerce' ) ) + WC()->countries->get_shipping_countries(),
128		),
129		'state' => array(
130		'label' => __( 'State / County', 'woocommerce' ),
131		'class' => 'js_field-state select short',
132		'show' => false,
133		),
134		)
135		);
136		}
137
138		/**
139		* Output the metabox.
140		*
141		* @param WP_Post $post
142		*/
143		public static function output( $post ) {
144		global $theorder;
145
146		if ( ! is_object( $theorder ) ) {
147		$theorder = wc_get_order( $post->ID );
148		}
149
150		$order = $theorder;
151
152		self::init_address_fields();
153
154		if ( WC()->payment_gateways() ) {
155		$payment_gateways = WC()->payment_gateways->payment_gateways();
156		} else {
157		$payment_gateways = array();
158		}
159
160		$payment_method = $order->get_payment_method();
161
162		$order_type_object = get_post_type_object( $post->post_type );
163		wp_nonce_field( 'woocommerce_save_data', 'woocommerce_meta_nonce' );
164		?>
165		<style type="text/css">
166		#post-body-content, #titlediv { display:none }
167		</style>
168		<div class="panel-wrap woocommerce">
169		<input name="post_title" type="hidden" value="<?php echo empty( $post->post_title ) ? __( 'Order', 'woocommerce' ) : esc_attr( $post->post_title ); ?>" />
170		<input name="post_status" type="hidden" value="<?php echo esc_attr( $post->post_status ); ?>" />
171		<div id="order_data" class="panel woocommerce-order-data">
172		<h2 class="woocommerce-order-data__heading">
173		<?php
174
175		/* translators: 1: order type 2: order number */
176		printf(
177		esc_html__( '%1$s #%2$s details', 'woocommerce' ),
178		esc_html( $order_type_object->labels->singular_name ),
179		esc_html( $order->get_order_number() )
180		);
181
182		?>
183		</h2>
184		<p class="woocommerce-order-data__meta order_number">
185		<?php
186
187		$meta_list = array();
188
189		if ( $payment_method && 'other' !== $payment_method ) {
190		/* translators: %s: payment method */
191		$payment_method_string = sprintf(
192		__( 'Payment via %s', 'woocommerce' ),
193		esc_html( isset( $payment_gateways[ $payment_method ] ) ? $payment_gateways[ $payment_method ]->get_title() : $payment_method )
194		);
195
196	View Code Duplication	if ( $transaction_id = $order->get_transaction_id() ) {
197		if ( isset( $payment_gateways[ $payment_method ] ) && ( $url = $payment_gateways[ $payment_method ]->get_transaction_url( $order ) ) ) {
198		$payment_method_string .= ' (<a href="' . esc_url( $url ) . '" target="_blank">' . esc_html( $transaction_id ) . '</a>)';
199		} else {
200		$payment_method_string .= ' (' . esc_html( $transaction_id ) . ')';
201		}
202		}
203
204		$meta_list[] = $payment_method_string;
205		}
206
207		if ( $order->get_date_paid() ) {
208		/* translators: 1: date 2: time */
209		$meta_list[] = sprintf(
210		__( 'Paid on %1$s @ %2$s', 'woocommerce' ),
211		wc_format_datetime( $order->get_date_paid() ),
212		wc_format_datetime( $order->get_date_paid(), get_option( 'time_format' ) )
213		);
214		}
215
216		if ( $ip_address = $order->get_customer_ip_address() ) {
217		/* translators: %s: IP address */
218		$meta_list[] = sprintf(
219		__( 'Customer IP: %s', 'woocommerce' ),
220		'<span class="woocommerce-Order-customerIP">' . esc_html( $ip_address ) . '</span>'
221		);
222		}
223
224		echo wp_kses_post( implode( '. ', $meta_list ) );
225
226		?>
227		</p>
228		<div class="order_data_column_container">
229		<div class="order_data_column">
230		<h3><?php esc_html_e( 'General', 'woocommerce' ); ?></h3>
231
232		<p class="form-field form-field-wide">
233		<label for="order_date"><?php _e( 'Date created:', 'woocommerce' ); ?></label>
234		<input type="text" class="date-picker" name="order_date" maxlength="10" value="<?php echo esc_attr( date_i18n( 'Y-m-d', strtotime( $post->post_date ) ) ); ?>" pattern="<?php echo esc_attr( apply_filters( 'woocommerce_date_input_html_pattern', '[0-9]{4}-(0[1-9]\|1[012])-(0[1-9]\|1[0-9]\|2[0-9]\|3[01])' ) ); ?>" />@
235		&lrm;
236		<input type="number" class="hour" placeholder="<?php esc_attr_e( 'h', 'woocommerce' ); ?>" name="order_date_hour" min="0" max="23" step="1" value="<?php echo esc_attr( date_i18n( 'H', strtotime( $post->post_date ) ) ); ?>" pattern="([01]?[0-9]{1}\|2[0-3]{1})" />:
237		<input type="number" class="minute" placeholder="<?php esc_attr_e( 'm', 'woocommerce' ); ?>" name="order_date_minute" min="0" max="59" step="1" value="<?php echo esc_attr( date_i18n( 'i', strtotime( $post->post_date ) ) ); ?>" pattern="[0-5]{1}[0-9]{1}" />
238		<input type="hidden" name="order_date_second" value="<?php echo esc_attr( date_i18n( 's', strtotime( $post->post_date ) ) ); ?>" />
239		</p>
240
241		<p class="form-field form-field-wide wc-order-status">
242		<label for="order_status">
243		<?php
244		_e( 'Status:', 'woocommerce' );
245		if ( $order->needs_payment() ) {
246		printf(
247		'<a href="%s">%s</a>',
248		esc_url( $order->get_checkout_payment_url() ),
249		__( 'Customer payment page →', 'woocommerce' )
250		);
251		}
252		?>
253		</label>
254		<select id="order_status" name="order_status" class="wc-enhanced-select">
255		<?php
256		$statuses = wc_get_order_statuses();
257		foreach ( $statuses as $status => $status_name ) {
258		echo '<option value="' . esc_attr( $status ) . '" ' . selected( $status, 'wc-' . $order->get_status( 'edit' ), false ) . '>' . esc_html( $status_name ) . '</option>';
259		}
260		?>
261		</select>
262		</p>
263
264		<p class="form-field form-field-wide wc-customer-user">
265		<!--email_off--> <!-- Disable CloudFlare email obfuscation -->
266		<label for="customer_user">
267		<?php
268		_e( 'Customer:', 'woocommerce' );
269		if ( $order->get_user_id( 'edit' ) ) {
270		$args = array(
271		'post_status' => 'all',
272		'post_type' => 'shop_order',
273		'_customer_user' => $order->get_user_id( 'edit' ),
274		);
275		printf(
276		'<a href="%s">%s</a>',
277		esc_url( add_query_arg( $args, admin_url( 'edit.php' ) ) ),
278		' ' . __( 'View other orders →', 'woocommerce' )
279		);
280		printf(
281		'<a href="%s">%s</a>',
282		esc_url( add_query_arg( 'user_id', $order->get_user_id( 'edit' ), admin_url( 'user-edit.php' ) ) ),
283		' ' . __( 'Profile →', 'woocommerce' )
284		);
285		}
286		?>
287		</label>
288		<?php
289		$user_string = '';
290		$user_id = '';
291		if ( $order->get_user_id() ) {
292		$user_id = absint( $order->get_user_id() );
293		$user = get_user_by( 'id', $user_id );
294		/* translators: 1: user display name 2: user ID 3: user email */
295		$user_string = sprintf(
296		esc_html__( '%1$s (#%2$s – %3$s)', 'woocommerce' ),
297		$user->display_name,
298		absint( $user->ID ),
299		$user->user_email
300		);
301		}
302		?>
303		<select class="wc-customer-search" id="customer_user" name="customer_user" data-placeholder="<?php esc_attr_e( 'Guest', 'woocommerce' ); ?>" data-allow_clear="true">
304		<option value="<?php echo esc_attr( $user_id ); ?>" selected="selected"><?php echo htmlspecialchars( wp_kses_post( $user_string ) ); // htmlspecialchars to prevent XSS when rendered by selectWoo. ?></option>
305		</select>
306		<!--/email_off-->
307		</p>
308		<?php do_action( 'woocommerce_admin_order_data_after_order_details', $order ); ?>
309		</div>
310		<div class="order_data_column">
311		<h3>
312		<?php esc_html_e( 'Billing', 'woocommerce' ); ?>
313		<a href="#" class="edit_address"><?php esc_html_e( 'Edit', 'woocommerce' ); ?></a>
314		<span>
315		<a href="#" class="load_customer_billing" style="display:none;"><?php esc_html_e( 'Load billing address', 'woocommerce' ); ?></a>
316		</span>
317		</h3>
318		<div class="address">
319		<?php
320
321		// Display values.
322	View Code Duplication	if ( $order->get_formatted_billing_address() ) {
323		echo '<p>' . wp_kses( $order->get_formatted_billing_address(), array( 'br' => array() ) ) . '</p>';
324		} else {
325		echo '<p class="none_set"><strong>' . __( 'Address:', 'woocommerce' ) . '</strong> ' . __( 'No billing address set.', 'woocommerce' ) . '</p>';
326		}
327
328		foreach ( self::$billing_fields as $key => $field ) {
329		if ( isset( $field['show'] ) && false === $field['show'] ) {
330		continue;
331		}
332
333		$field_name = 'billing_' . $key;
334
335		if ( isset( $field['value'] ) ) {
336		$field_value = $field['value'];
337		} elseif ( is_callable( array( $order, 'get_' . $field_name ) ) ) {
338		$field_value = $order->{"get_$field_name"}( 'edit' );
339		} else {
340		$field_value = $order->get_meta( '_' . $field_name );
341		}
342
343		if ( 'billing_phone' === $field_name ) {
344		$field_value = wc_make_phone_clickable( $field_value );
345		} else {
346		$field_value = make_clickable( esc_html( $field_value ) );
347		}
348
349	View Code Duplication	if ( $field_value ) {
350		echo '<p><strong>' . esc_html( $field['label'] ) . ':</strong> ' . wp_kses_post( $field_value ) . '</p>';
351		}
352		}
353		?>
354		</div>
355
356		<div class="edit_address">
357		<?php
358
359		// Display form.
360	View Code Duplication	foreach ( self::$billing_fields as $key => $field ) {
361		if ( ! isset( $field['type'] ) ) {
362		$field['type'] = 'text';
363		}
364		if ( ! isset( $field['id'] ) ) {
365		$field['id'] = '_billing_' . $key;
366		}
367
368		$field_name = 'billing_' . $key;
369
370		if ( ! isset( $field['value'] ) ) {
371		if ( is_callable( array( $order, 'get_' . $field_name ) ) ) {
372		$field['value'] = $order->{"get_$field_name"}( 'edit' );
373		} else {
374		$field['value'] = $order->get_meta( '_' . $field_name );
375		}
376		}
377
378		switch ( $field['type'] ) {
379		case 'select':
380		woocommerce_wp_select( $field );
381		break;
382		default:
383		woocommerce_wp_text_input( $field );
384		break;
385		}
386		}
387		?>
388		<p class="form-field form-field-wide">
389		<label><?php esc_html_e( 'Payment method:', 'woocommerce' ); ?></label>
390		<select name="_payment_method" id="_payment_method" class="first">
391		<option value=""><?php esc_html_e( 'N/A', 'woocommerce' ); ?></option>
392		<?php
393		$found_method = false;
394
395		foreach ( $payment_gateways as $gateway ) {
396		if ( 'yes' === $gateway->enabled ) {
397		echo '<option value="' . esc_attr( $gateway->id ) . '" ' . selected( $payment_method, $gateway->id, false ) . '>' . esc_html( $gateway->get_title() ) . '</option>';
398		if ( $payment_method == $gateway->id ) {
399		$found_method = true;
400		}
401		}
402		}
403
404	View Code Duplication	if ( ! $found_method && ! empty( $payment_method ) ) {
405		echo '<option value="' . esc_attr( $payment_method ) . '" selected="selected">' . __( 'Other', 'woocommerce' ) . '</option>';
406		} else {
407		echo '<option value="other">' . __( 'Other', 'woocommerce' ) . '</option>';
408		}
409		?>
410		</select>
411		</p>
412		<?php
413
414		woocommerce_wp_text_input(
415		array(
416		'id' => '_transaction_id',
417		'label' => __( 'Transaction ID', 'woocommerce' ),
418		'value' => $order->get_transaction_id( 'edit' ),
419		)
420		);
421		?>
422
423		</div>
424		<?php do_action( 'woocommerce_admin_order_data_after_billing_address', $order ); ?>
425		</div>
426		<div class="order_data_column">
427		<h3>
428		<?php esc_html_e( 'Shipping', 'woocommerce' ); ?>
429		<a href="#" class="edit_address"><?php esc_html_e( 'Edit', 'woocommerce' ); ?></a>
430		<span>
431		<a href="#" class="load_customer_shipping" style="display:none;"><?php esc_html_e( 'Load shipping address', 'woocommerce' ); ?></a>
432		<a href="#" class="billing-same-as-shipping" style="display:none;"><?php esc_html_e( 'Copy billing address', 'woocommerce' ); ?></a>
433		</span>
434		</h3>
435		<div class="address">
436		<?php
437
438		// Display values.
439	View Code Duplication	if ( $order->get_formatted_shipping_address() ) {
440		echo '<p>' . wp_kses( $order->get_formatted_shipping_address(), array( 'br' => array() ) ) . '</p>';
441		} else {
442		echo '<p class="none_set"><strong>' . __( 'Address:', 'woocommerce' ) . '</strong> ' . __( 'No shipping address set.', 'woocommerce' ) . '</p>';
443		}
444
445		if ( ! empty( self::$shipping_fields ) ) {
446		foreach ( self::$shipping_fields as $key => $field ) {
447		if ( isset( $field['show'] ) && false === $field['show'] ) {
448		continue;
449		}
450
451		$field_name = 'shipping_' . $key;
452
453		if ( is_callable( array( $order, 'get_' . $field_name ) ) ) {
454		$field_value = $order->{"get_$field_name"}( 'edit' );
455		} else {
456		$field_value = $order->get_meta( '_' . $field_name );
457		}
458
459	View Code Duplication	if ( $field_value ) {
460		echo '<p><strong>' . esc_html( $field['label'] ) . ':</strong> ' . wp_kses_post( $field_value ) . '</p>';
461		}
462		}
463		}
464
465		if ( apply_filters( 'woocommerce_enable_order_notes_field', 'yes' == get_option( 'woocommerce_enable_order_comments', 'yes' ) ) && $post->post_excerpt ) {
466		echo '<p class="order_note"><strong>' . __( 'Customer provided note:', 'woocommerce' ) . '</strong> ' . nl2br( esc_html( $post->post_excerpt ) ) . '</p>';
467		}
468		?>
469		</div>
470		<div class="edit_address">
471		<?php
472
473		// Display form.
474		if ( ! empty( self::$shipping_fields ) ) {
475	View Code Duplication	foreach ( self::$shipping_fields as $key => $field ) {
476		if ( ! isset( $field['type'] ) ) {
477		$field['type'] = 'text';
478		}
479		if ( ! isset( $field['id'] ) ) {
480		$field['id'] = '_shipping_' . $key;
481		}
482
483		$field_name = 'shipping_' . $key;
484
485		if ( is_callable( array( $order, 'get_' . $field_name ) ) ) {
486		$field['value'] = $order->{"get_$field_name"}( 'edit' );
487		} else {
488		$field['value'] = $order->get_meta( '_' . $field_name );
489		}
490
491		switch ( $field['type'] ) {
492		case 'select':
493		woocommerce_wp_select( $field );
494		break;
495		default:
496		woocommerce_wp_text_input( $field );
497		break;
498		}
499		}
500		}
501
502		if ( apply_filters( 'woocommerce_enable_order_notes_field', 'yes' == get_option( 'woocommerce_enable_order_comments', 'yes' ) ) ) :
503		?>
504		<p class="form-field form-field-wide">
505		<label for="excerpt"><?php _e( 'Customer provided note', 'woocommerce' ); ?>:</label>
506		<textarea rows="1" cols="40" name="excerpt" tabindex="6" id="excerpt" placeholder="<?php esc_attr_e( 'Customer notes about the order', 'woocommerce' ); ?>"><?php echo wp_kses_post( $post->post_excerpt ); ?></textarea>
507		</p>
508		<?php endif; ?>
509		</div>
510
511		<?php do_action( 'woocommerce_admin_order_data_after_shipping_address', $order ); ?>
512		</div>
513		</div>
514		<div class="clear"></div>
515		</div>
516		</div>
517		<?php
518		}
519
520		/**
521		* Save meta box data.
522		*
523		* @param int $order_id Order ID.
524		*/
525		public static function save( $order_id ) {
526		self::init_address_fields();
527
528		// Ensure gateways are loaded in case they need to insert data into the emails.
529		WC()->payment_gateways();
530		WC()->shipping();
531
532		// Get order object.
533		$order = wc_get_order( $order_id );
534		$props = array();
535
536		// Create order key.
537		if ( ! $order->get_order_key() ) {
538		$props['order_key'] = wc_generate_order_key();
539		}
540
541		// Update customer.
542		$customer_id = isset( $_POST['customer_user'] ) ? absint( $_POST['customer_user'] ) : 0;
543		if ( $customer_id !== $order->get_customer_id() ) {
544		$props['customer_id'] = $customer_id;
545		}
546
547		// Update billing fields.
548	View Code Duplication	if ( ! empty( self::$billing_fields ) ) {
549		foreach ( self::$billing_fields as $key => $field ) {
550		if ( ! isset( $field['id'] ) ) {
551		$field['id'] = '_billing_' . $key;
552		}
553
554		if ( ! isset( $_POST[ $field['id'] ] ) ) {
555		continue;
556		}
557
558		if ( is_callable( array( $order, 'set_billing_' . $key ) ) ) {
559		$props[ 'billing_' . $key ] = wc_clean( wp_unslash( $_POST[ $field['id'] ] ) );
560		} else {
561		$order->update_meta_data( $field['id'], wc_clean( wp_unslash( $_POST[ $field['id'] ] ) ) );
		0 ignored issues – show introduced 2017-07-20 21:40 UTC by Report Bug Copy Issue Report Show Similar Issues like this Detected usage of a non-sanitized input variable: $_POST Loading history...
562		}
563		}
564		}
565
566		// Update shipping fields.
567	View Code Duplication	if ( ! empty( self::$shipping_fields ) ) {
568		foreach ( self::$shipping_fields as $key => $field ) {
569		if ( ! isset( $field['id'] ) ) {
570		$field['id'] = '_shipping_' . $key;
571		}
572
573		if ( ! isset( $_POST[ $field['id'] ] ) ) {
574		continue;
575		}
576
577		if ( is_callable( array( $order, 'set_shipping_' . $key ) ) ) {
578		$props[ 'shipping_' . $key ] = wc_clean( wp_unslash( $_POST[ $field['id'] ] ) );
579		} else {
580		$order->update_meta_data( $field['id'], wc_clean( wp_unslash( $_POST[ $field['id'] ] ) ) );
		0 ignored issues – show introduced 2017-07-20 21:40 UTC by Report Bug Copy Issue Report Show Similar Issues like this Detected usage of a non-sanitized input variable: $_POST Loading history...
581		}
582		}
583		}
584
585		if ( isset( $_POST['_transaction_id'] ) ) {
586		$props['transaction_id'] = wc_clean( wp_unslash( $_POST['_transaction_id'] ) );
587		}
588
589		// Payment method handling.
590		if ( $order->get_payment_method() !== wp_unslash( $_POST['_payment_method'] ) ) {
591		$methods = WC()->payment_gateways->payment_gateways();
592		$payment_method = wc_clean( wp_unslash( $_POST['_payment_method'] ) );
593		$payment_method_title = $payment_method;
594
595		if ( isset( $methods ) && isset( $methods[ $payment_method ] ) ) {
596		$payment_method_title = $methods[ $payment_method ]->get_title();
597		}
598
599		$props['payment_method'] = $payment_method;
600		$props['payment_method_title'] = $payment_method_title;
601		}
602
603		// Update date.
604		if ( empty( $_POST['order_date'] ) ) {
605		$date = current_time( 'timestamp', true );
606		} else {
607		$date = gmdate( 'Y-m-d H:i:s', strtotime( $_POST['order_date'] . ' ' . (int) $_POST['order_date_hour'] . ':' . (int) $_POST['order_date_minute'] . ':' . (int) $_POST['order_date_second'] ) );
608		}
609
610		$props['date_created'] = $date;
611
612		// Set created via prop if new post.
613		if ( isset( $_POST['original_post_status'] ) && $_POST['original_post_status'] === 'auto-draft' ) {
614		$props['created_via'] = 'admin';
615		}
616
617		// Save order data.
618		$order->set_props( $props );
619		$order->set_status( wc_clean( wp_unslash( $_POST['order_status'] ) ), '', true );
620		$order->save();
621		}
622		}
623

woocommerce / woocommerce

Push — master ( 15aa29...17da96 )

admin/meta-boxes/class-wc-meta-box-order-data.php (2 issues)

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like