id, array_map( array( $this, 'set_defaults' ), $this->form_fields ) ); } /** * Set default required properties for each field. * * @param array $field Setting field array. * @return array */ protected function set_defaults( $field ) { if ( ! isset( $field['default'] ) ) { $field['default'] = ''; } return $field; } /** * Output the admin options table. */ public function admin_options() { echo '' . $this->generate_settings_html( $this->get_form_fields(), false ) . '
'; // WPCS: XSS ok. } /** * Initialise settings form fields. * * Add an array of fields to be displayed on the gateway's settings screen. * * @since 1.0.0 */ public function init_form_fields() {} /** * Return the name of the option in the WP DB. * * @since 2.6.0 * @return string */ public function get_option_key() { return $this->plugin_id . $this->id . '_settings'; } /** * Get a fields type. Defaults to "text" if not set. * * @param array $field Field key. * @return string */ public function get_field_type( $field ) { return empty( $field['type'] ) ? 'text' : $field['type']; } /** * Get a fields default value. Defaults to "" if not set. * * @param array $field Field key. * @return string */ public function get_field_default( $field ) { return empty( $field['default'] ) ? '' : $field['default']; } /** * Get a field's posted and validated value. * * @param string $key Field key. * @param array $field Field array. * @param array $post_data Posted data. * @return string */ public function get_field_value( $key, $field, $post_data = array() ) { $type = $this->get_field_type( $field ); $field_key = $this->get_field_key( $key ); $post_data = empty( $post_data ) ? $_POST : $post_data; // WPCS: CSRF ok, input var ok. $value = isset( $post_data[ $field_key ] ) ? $post_data[ $field_key ] : null; if ( isset( $field['sanitize_callback'] ) && is_callable( $field['sanitize_callback'] ) ) { return call_user_func( $field['sanitize_callback'], $value ); } // Look for a validate_FIELDID_field method for special handling. if ( is_callable( array( $this, 'validate_' . $key . '_field' ) ) ) { return $this->{'validate_' . $key . '_field'}( $key, $value ); } // Look for a validate_FIELDTYPE_field method. if ( is_callable( array( $this, 'validate_' . $type . '_field' ) ) ) { return $this->{'validate_' . $type . '_field'}( $key, $value ); } // Fallback to text. return $this->validate_text_field( $key, $value ); } /** * Sets the POSTed data. This method can be used to set specific data, instead of taking it from the $_POST array. * * @param array $data Posted data. */ public function set_post_data( $data = array() ) { $this->data = $data; } /** * Returns the POSTed data, to be used to save the settings. * * @return array */ public function get_post_data() { if ( ! empty( $this->data ) && is_array( $this->data ) ) { return $this->data; } return $_POST; // WPCS: CSRF ok, input var ok. } /** * Update a single option. * * @since 3.4.0 * @param string $key Option key. * @param mixed $value Value to set. * @return bool was anything saved? */ public function update_option( $key, $value = '' ) { if ( empty( $this->settings ) ) { $this->init_settings(); } $this->settings[ $key ] = $value; return update_option( $this->get_option_key(), apply_filters( 'woocommerce_settings_api_sanitized_fields_' . $this->id, $this->settings ), 'yes' ); } /** * Processes and saves options. * If there is an error thrown, will continue to save and validate fields, but will leave the erroring field out. * * @return bool was anything saved? */ public function process_admin_options() { $this->init_settings(); $post_data = $this->get_post_data(); foreach ( $this->get_form_fields() as $key => $field ) { if ( 'title' !== $this->get_field_type( $field ) ) { try { $this->settings[ $key ] = $this->get_field_value( $key, $field, $post_data ); if ( 'select' === $field['type'] || 'checkbox' === $field['type'] ) { /** * Notify that a non-option setting has been updated. * * @since 7.8.0 */ do_action( 'woocommerce_update_non_option_setting', array( 'id' => $key, 'type' => $field['type'], 'value' => $this->settings[ $key ], ) ); } } catch ( Exception $e ) { $this->add_error( $e->getMessage() ); } } } $option_key = $this->get_option_key(); do_action( 'woocommerce_update_option', array( 'id' => $option_key ) ); // phpcs:ignore WooCommerce.Commenting.CommentHooks.MissingHookComment return update_option( $option_key, apply_filters( 'woocommerce_settings_api_sanitized_fields_' . $this->id, $this->settings ), 'yes' ); // phpcs:ignore WooCommerce.Commenting.CommentHooks.MissingHookComment } /** * Add an error message for display in admin on save. * * @param string $error Error message. */ public function add_error( $error ) { $this->errors[] = $error; } /** * Get admin error messages. */ public function get_errors() { return $this->errors; } /** * Display admin error messages. */ public function display_errors() { if ( $this->get_errors() ) { echo '
'; foreach ( $this->get_errors() as $error ) { echo '

' . wp_kses_post( $error ) . '

'; } echo '
'; } } /** * Initialise Settings. * * Store all settings in a single database entry * and make sure the $settings array is either the default * or the settings stored in the database. * * @since 1.0.0 * @uses get_option(), add_option() */ public function init_settings() { $this->settings = get_option( $this->get_option_key(), null ); // If there are no settings defined, use defaults. if ( ! is_array( $this->settings ) ) { $form_fields = $this->get_form_fields(); $this->settings = array_merge( array_fill_keys( array_keys( $form_fields ), '' ), wp_list_pluck( $form_fields, 'default' ) ); } } /** * Get option from DB. * * Gets an option from the settings API, using defaults if necessary to prevent undefined notices. * * @param string $key Option key. * @param mixed $empty_value Value when empty. * @return string The value specified for the option or a default value for the option. */ public function get_option( $key, $empty_value = null ) { if ( empty( $this->settings ) ) { $this->init_settings(); } // Get option default if unset. if ( ! isset( $this->settings[ $key ] ) ) { $form_fields = $this->get_form_fields(); $this->settings[ $key ] = isset( $form_fields[ $key ] ) ? $this->get_field_default( $form_fields[ $key ] ) : ''; } if ( ! is_null( $empty_value ) && '' === $this->settings[ $key ] ) { $this->settings[ $key ] = $empty_value; } return $this->settings[ $key ]; } /** * Prefix key for settings. * * @param string $key Field key. * @return string */ public function get_field_key( $key ) { return $this->plugin_id . $this->id . '_' . $key; } /** * Generate Settings HTML. * * Generate the HTML for the fields on the "settings" screen. * * @param array $form_fields (default: array()) Array of form fields. * @param bool $echo Echo or return. * @return string the html for the settings * @since 1.0.0 * @uses method_exists() */ public function generate_settings_html( $form_fields = array(), $echo = true ) { if ( empty( $form_fields ) ) { $form_fields = $this->get_form_fields(); } $html = ''; foreach ( $form_fields as $k => $v ) { $type = $this->get_field_type( $v ); if ( method_exists( $this, 'generate_' . $type . '_html' ) ) { $html .= $this->{'generate_' . $type . '_html'}( $k, $v ); } elseif ( has_filter( 'woocommerce_generate_' . $type . '_html' ) ) { /** * Allow the generation of custom field types on the settings screen. * * The dynamic portion of the hook name refers to the slug of the custom field type. * For instance, to introduce a new field type `fancy_lazy_dropdown` you would use * the hook `woocommerce_generate_fancy_lazy_dropdown_html`. * * @since 6.5.0 * * @param string $field_html The markup of the field being generated (initiated as an empty string). * @param string $key The key of the field. * @param array $data The attributes of the field as an associative array. * @param object $wc_settings The current WC_Settings_API object. */ $html .= apply_filters( 'woocommerce_generate_' . $type . '_html', '', $k, $v, $this ); } else { $html .= $this->generate_text_html( $k, $v ); } } if ( $echo ) { echo $html; // WPCS: XSS ok. } else { return $html; } } /** * Get HTML for tooltips. * * @param array $data Data for the tooltip. * @return string */ public function get_tooltip_html( $data ) { if ( true === $data['desc_tip'] ) { $tip = $data['description']; } elseif ( ! empty( $data['desc_tip'] ) ) { $tip = $data['desc_tip']; } else { $tip = ''; } return $tip ? wc_help_tip( $tip, true ) : ''; } /** * Get HTML for descriptions. * * @param array $data Data for the description. * @return string */ public function get_description_html( $data ) { if ( true === $data['desc_tip'] ) { $description = ''; } elseif ( ! empty( $data['desc_tip'] ) ) { $description = $data['description']; } elseif ( ! empty( $data['description'] ) ) { $description = $data['description']; } else { $description = ''; } return $description ? '

' . wp_kses_post( $description ) . '

' . "\n" : ''; } /** * Get custom attributes. * * @param array $data Field data. * @return string */ public function get_custom_attribute_html( $data ) { $custom_attributes = array(); if ( ! empty( $data['custom_attributes'] ) && is_array( $data['custom_attributes'] ) ) { foreach ( $data['custom_attributes'] as $attribute => $attribute_value ) { $custom_attributes[] = esc_attr( $attribute ) . '="' . esc_attr( $attribute_value ) . '"'; } } return implode( ' ', $custom_attributes ); } /** * Generate Text Input HTML. * * @param string $key Field key. * @param array $data Field data. * @since 1.0.0 * @return string */ public function generate_text_html( $key, $data ) { $field_key = $this->get_field_key( $key ); $defaults = array( 'title' => '', 'disabled' => false, 'class' => '', 'css' => '', 'placeholder' => '', 'type' => 'text', 'desc_tip' => false, 'description' => '', 'custom_attributes' => array(), ); $data = wp_parse_args( $data, $defaults ); ob_start(); ?>
get_custom_attribute_html( $data ); // WPCS: XSS ok. ?> /> get_description_html( $data ); // WPCS: XSS ok. ?>
generate_text_html( $key, $data ); } /** * Generate Price Input HTML. * * @param string $key Field key. * @param array $data Field data. * @since 1.0.0 * @return string */ public function generate_price_html( $key, $data ) { $field_key = $this->get_field_key( $key ); $defaults = array( 'title' => '', 'disabled' => false, 'class' => '', 'css' => '', 'placeholder' => '', 'type' => 'text', 'desc_tip' => false, 'description' => '', 'custom_attributes' => array(), ); $data = wp_parse_args( $data, $defaults ); ob_start(); ?>
get_custom_attribute_html( $data ); // WPCS: XSS ok. ?> /> get_description_html( $data ); // WPCS: XSS ok. ?>
get_field_key( $key ); $defaults = array( 'title' => '', 'disabled' => false, 'class' => '', 'css' => '', 'placeholder' => '', 'type' => 'text', 'desc_tip' => false, 'description' => '', 'custom_attributes' => array(), ); $data = wp_parse_args( $data, $defaults ); ob_start(); ?>
get_custom_attribute_html( $data ); // WPCS: XSS ok. ?> /> get_description_html( $data ); // WPCS: XSS ok. ?>
generate_text_html( $key, $data ); } /** * Generate Color Picker Input HTML. * * @param string $key Field key. * @param array $data Field data. * @since 1.0.0 * @return string */ public function generate_color_html( $key, $data ) { $field_key = $this->get_field_key( $key ); $defaults = array( 'title' => '', 'disabled' => false, 'class' => '', 'css' => '', 'placeholder' => '', 'desc_tip' => false, 'description' => '', 'custom_attributes' => array(), ); $data = wp_parse_args( $data, $defaults ); ob_start(); ?>
  get_custom_attribute_html( $data ); // WPCS: XSS ok. ?> /> get_description_html( $data ); // WPCS: XSS ok. ?>
get_field_key( $key ); $defaults = array( 'title' => '', 'disabled' => false, 'class' => '', 'css' => '', 'placeholder' => '', 'type' => 'text', 'desc_tip' => false, 'description' => '', 'custom_attributes' => array(), ); $data = wp_parse_args( $data, $defaults ); ob_start(); ?>
get_description_html( $data ); // WPCS: XSS ok. ?>
get_field_key( $key ); $defaults = array( 'title' => '', 'label' => '', 'disabled' => false, 'class' => '', 'css' => '', 'type' => 'text', 'desc_tip' => false, 'description' => '', 'custom_attributes' => array(), ); $data = wp_parse_args( $data, $defaults ); if ( ! $data['label'] ) { $data['label'] = $data['title']; } ob_start(); ?>

get_description_html( $data ); // WPCS: XSS ok. ?>
get_field_key( $key ); $defaults = array( 'title' => '', 'disabled' => false, 'class' => '', 'css' => '', 'placeholder' => '', 'type' => 'text', 'desc_tip' => false, 'description' => '', 'custom_attributes' => array(), 'options' => array(), ); $data = wp_parse_args( $data, $defaults ); $value = $this->get_option( $key ); ob_start(); ?>
get_description_html( $data ); // WPCS: XSS ok. ?>
get_field_key( $key ); $defaults = array( 'title' => '', 'disabled' => false, 'class' => '', 'css' => '', 'placeholder' => '', 'type' => 'text', 'desc_tip' => false, 'description' => '', 'custom_attributes' => array(), 'select_buttons' => false, 'options' => array(), ); $data = wp_parse_args( $data, $defaults ); $value = (array) $this->get_option( $key, array() ); ob_start(); ?>
get_description_html( $data ); // WPCS: XSS ok. ?>
get_field_key( $key ); $defaults = array( 'title' => '', 'class' => '', ); $data = wp_parse_args( $data, $defaults ); ob_start(); ?>

`, ``, `

` and `` tags. * * Note: this is a sanitization method, rather than a validation method (the name is due to some historic naming * choices). * * @param string $key Field key (currently unused). * @param string $value Posted Value. * * @return string */ public function validate_safe_text_field( string $key, ?string $value ): string { return wc_get_container()->get( HtmlSanitizer::class )->sanitize( (string) $value, HtmlSanitizer::LOW_HTML_BALANCED_TAGS_NO_LINKS ); } /** * Validate Price Field. * * Make sure the data is escaped correctly, etc. * * @param string $key Field key. * @param string $value Posted Value. * @return string */ public function validate_price_field( $key, $value ) { $value = is_null( $value ) ? '' : $value; return ( '' === $value ) ? '' : wc_format_decimal( trim( stripslashes( $value ) ) ); } /** * Validate Decimal Field. * * Make sure the data is escaped correctly, etc. * * @param string $key Field key. * @param string $value Posted Value. * @return string */ public function validate_decimal_field( $key, $value ) { $value = is_null( $value ) ? '' : $value; return ( '' === $value ) ? '' : wc_format_decimal( trim( stripslashes( $value ) ) ); } /** * Validate Password Field. No input sanitization is used to avoid corrupting passwords. * * @param string $key Field key. * @param string $value Posted Value. * @return string */ public function validate_password_field( $key, $value ) { $value = is_null( $value ) ? '' : $value; return trim( stripslashes( $value ) ); } /** * Validate Textarea Field. * * @param string $key Field key. * @param string $value Posted Value. * @return string */ public function validate_textarea_field( $key, $value ) { $value = is_null( $value ) ? '' : $value; return wp_kses( trim( stripslashes( $value ) ), array_merge( array( 'iframe' => array( 'src' => true, 'style' => true, 'id' => true, 'class' => true, ), ), wp_kses_allowed_html( 'post' ) ) ); } /** * Validate Checkbox Field. * * If not set, return "no", otherwise return "yes". * * @param string $key Field key. * @param string $value Posted Value. * @return string */ public function validate_checkbox_field( $key, $value ) { return ! is_null( $value ) ? 'yes' : 'no'; } /** * Validate Select Field. * * @param string $key Field key. * @param string $value Posted Value. * @return string */ public function validate_select_field( $key, $value ) { $value = is_null( $value ) ? '' : $value; return wc_clean( stripslashes( $value ) ); } /** * Validate Multiselect Field. * * @param string $key Field key. * @param string $value Posted Value. * @return string|array */ public function validate_multiselect_field( $key, $value ) { return is_array( $value ) ? array_map( 'wc_clean', array_map( 'stripslashes', $value ) ) : ''; } /** * Validate the data on the "Settings" form. * * @deprecated 2.6.0 No longer used. * @param array $form_fields Array of fields. */ public function validate_settings_fields( $form_fields = array() ) { wc_deprecated_function( 'validate_settings_fields', '2.6' ); } /** * Format settings if needed. * * @deprecated 2.6.0 Unused. * @param array $value Value to format. * @return array */ public function format_settings( $value ) { wc_deprecated_function( 'format_settings', '2.6' ); return $value; } }