Merge branch 'master' into update/erasure-requests

includes/admin/class-wc-admin-settings.php

@@ -606,7 +606,7 @@ class="<?php echo esc_attr( isset( $value['class'] ) ? $value['class'] : '' ); ?
 									<?php
 									if ( ! empty( $countries ) ) {
 										foreach ( $countries as $key => $val ) {
-											echo '<option value="' . esc_attr( $key ) . '"' . wc_selected( $key, $selections ) . '>' . esc_html( $val ) . '</option>';
+											echo '<option value="' . esc_attr( $key ) . '"' . wc_selected( $key, $selections ) . '>' . esc_html( $val ) . '</option>'; // WPCS: XSS ok.
 										}
 									}
 									?>
@@ -722,7 +722,8 @@ public static function save_fields( $options, $data = null ) {
 			}
 
 			// Options to update will be stored here and saved later.
-			$update_options = array();
+			$update_options   = array();
+			$autoload_options = array();
 
 			// Loop options and get values to save.
 			foreach ( $options as $option ) {
@@ -825,6 +826,8 @@ public static function save_fields( $options, $data = null ) {
 					$update_options[ $option_name ] = $value;
 				}
 
+				$autoload_options[ $option_name ] = isset( $option['autoload'] ) ? (bool) $option['autoload'] : true;
+
 				/**
 				 * Fire an action before saved.
 				 *
@@ -835,7 +838,7 @@ public static function save_fields( $options, $data = null ) {
 
 			// Save all options in our array.
 			foreach ( $update_options as $name => $value ) {
-				update_option( $name, $value );
+				update_option( $name, $value, $autoload_options[ $name ] ? 'yes' : 'no' );
 			}
 
 			return true;

includes/admin/class-wc-admin-status.php

@@ -2,13 +2,11 @@
 /**
  * Debug/Status page
  *
- * @package     WooCommerce/Admin/System Status
- * @version     2.2.0
+ * @package WooCommerce/Admin/System Status
+ * @version 2.2.0
  */
 
-if ( ! defined( 'ABSPATH' ) ) {
-	exit;
-}
+defined( 'ABSPATH' ) || exit;
 
 /**
  * WC_Admin_Status Class.
@@ -35,9 +33,9 @@ public static function status_report() {
 	public static function status_tools() {
 		$tools = self::get_tools();
 
-		if ( ! empty( $_GET['action'] ) && ! empty( $_REQUEST['_wpnonce'] ) && wp_verify_nonce( $_REQUEST['_wpnonce'], 'debug_action' ) ) {
+		if ( ! empty( $_GET['action'] ) && ! empty( $_REQUEST['_wpnonce'] ) && wp_verify_nonce( wp_unslash( $_REQUEST['_wpnonce'] ), 'debug_action' ) ) { // WPCS: input var ok, sanitization ok.
 			$tools_controller = new WC_REST_System_Status_Tools_Controller();
-			$action           = wc_clean( $_GET['action'] );
+			$action           = wc_clean( wp_unslash( $_GET['action'] ) ); // WPCS: input var ok.
 
 			if ( array_key_exists( $action, $tools ) ) {
 				$response = $tools_controller->execute_tool( $action );
@@ -55,9 +53,9 @@ public static function status_tools() {
 			}
 		}
 
-		// Display message if settings settings have been saved
-		if ( isset( $_REQUEST['settings-updated'] ) ) {
-			echo '<div class="updated inline"><p>' . __( 'Your changes have been saved.', 'woocommerce' ) . '</p></div>';
+		// Display message if settings settings have been saved.
+		if ( isset( $_REQUEST['settings-updated'] ) ) { // WPCS: input var ok.
+			echo '<div class="updated inline"><p>' . esc_html__( 'Your changes have been saved.', 'woocommerce' ) . '</p></div>';
 		}
 
 		include_once dirname( __FILE__ ) . '/views/html-admin-page-status-tools.php';
@@ -88,18 +86,17 @@ public static function status_logs() {
 	 * Show the log page contents for file log handler.
 	 */
 	public static function status_logs_file() {
-
 		$logs = self::scan_log_files();
 
-		if ( ! empty( $_REQUEST['log_file'] ) && isset( $logs[ sanitize_title( $_REQUEST['log_file'] ) ] ) ) {
-			$viewed_log = $logs[ sanitize_title( $_REQUEST['log_file'] ) ];
+		if ( ! empty( $_REQUEST['log_file'] ) && isset( $logs[ sanitize_title( wp_unslash( $_REQUEST['log_file'] ) ) ] ) ) { // WPCS: input var ok, CSRF ok.
+			$viewed_log = $logs[ sanitize_title( wp_unslash( $_REQUEST['log_file'] ) ) ]; // WPCS: input var ok, CSRF ok.
 		} elseif ( ! empty( $logs ) ) {
 			$viewed_log = current( $logs );
 		}
 
 		$handle = ! empty( $viewed_log ) ? self::get_log_file_handle( $viewed_log ) : '';
 
-		if ( ! empty( $_REQUEST['handle'] ) ) {
+		if ( ! empty( $_REQUEST['handle'] ) ) { // WPCS: input var ok, CSRF ok.
 			self::remove_log();
 		}
 
@@ -110,14 +107,11 @@ public static function status_logs_file() {
 	 * Show the log page contents for db log handler.
 	 */
 	public static function status_logs_db() {
-
-		// Flush
-		if ( ! empty( $_REQUEST['flush-logs'] ) ) {
+		if ( ! empty( $_REQUEST['flush-logs'] ) ) { // WPCS: input var ok, CSRF ok.
 			self::flush_db_logs();
 		}
 
-		// Bulk actions
-		if ( isset( $_REQUEST['action'] ) && isset( $_REQUEST['log'] ) ) {
+		if ( isset( $_REQUEST['action'] ) && isset( $_REQUEST['log'] ) ) { // WPCS: input var ok, CSRF ok.
 			self::log_table_bulk_actions();
 		}
 
@@ -131,24 +125,24 @@ public static function status_logs_db() {
 	 * Retrieve metadata from a file. Based on WP Core's get_file_data function.
 	 *
 	 * @since  2.1.1
-	 * @param  string $file Path to the file
+	 * @param  string $file Path to the file.
 	 * @return string
 	 */
 	public static function get_file_version( $file ) {
 
-		// Avoid notices if file does not exist
+		// Avoid notices if file does not exist.
 		if ( ! file_exists( $file ) ) {
 			return '';
 		}
 
 		// We don't need to write to the file, so just open for reading.
-		$fp = fopen( $file, 'r' );
+		$fp = fopen( $file, 'r' ); // @codingStandardsIgnoreLine.
 
 		// Pull only the first 8kiB of the file in.
-		$file_data = fread( $fp, 8192 );
+		$file_data = fread( $fp, 8192 ); // @codingStandardsIgnoreLine.
 
 		// PHP will close file handle, but we are good citizens.
-		fclose( $fp );
+		fclose( $fp ); // @codingStandardsIgnoreLine.
 
 		// Make sure we catch CR-only line endings.
 		$file_data = str_replace( "\r", "\n", $file_data );
@@ -164,7 +158,7 @@ public static function get_file_version( $file ) {
 	/**
 	 * Return the log file handle.
 	 *
-	 * @param string $filename
+	 * @param string $filename Filename to get the handle for.
 	 * @return string
 	 */
 	public static function get_log_file_handle( $filename ) {
@@ -174,19 +168,18 @@ public static function get_log_file_handle( $filename ) {
 	/**
 	 * Scan the template files.
 	 *
-	 * @param  string $template_path
+	 * @param  string $template_path Path to the template directory.
 	 * @return array
 	 */
 	public static function scan_template_files( $template_path ) {
-
-		$files  = @scandir( $template_path );
+		$files  = @scandir( $template_path ); // @codingStandardsIgnoreLine.
 		$result = array();
 
 		if ( ! empty( $files ) ) {
 
 			foreach ( $files as $key => $value ) {
 
-				if ( ! in_array( $value, array( '.', '..' ) ) ) {
+				if ( ! in_array( $value, array( '.', '..' ), true ) ) {
 
 					if ( is_dir( $template_path . DIRECTORY_SEPARATOR . $value ) ) {
 						$sub_files = self::scan_template_files( $template_path . DIRECTORY_SEPARATOR . $value );
@@ -208,22 +201,7 @@ public static function scan_template_files( $template_path ) {
 	 * @return array
 	 */
 	public static function scan_log_files() {
-		$files  = @scandir( WC_LOG_DIR );
-		$result = array();
-
-		if ( ! empty( $files ) ) {
-
-			foreach ( $files as $key => $value ) {
-
-				if ( ! in_array( $value, array( '.', '..' ) ) ) {
-					if ( ! is_dir( $value ) && strstr( $value, '.log' ) ) {
-						$result[ sanitize_title( $value ) ] = $value;
-					}
-				}
-			}
-		}
-
-		return $result;
+		return WC_Log_Handler_File::get_log_files();
 	}
 
 	/**
@@ -252,9 +230,10 @@ public static function get_latest_theme_version( $theme ) {
 		if ( is_object( $api ) && ! is_wp_error( $api ) ) {
 			$update_theme_version = $api->version;
 		} elseif ( strstr( $theme->{'Author URI'}, 'woothemes' ) ) { // Check WooThemes Theme Version.
-			$theme_dir = substr( strtolower( str_replace( ' ', '', $theme->Name ) ), 0, 45 );
+			$theme_dir          = substr( strtolower( str_replace( ' ', '', $theme->Name ) ), 0, 45 ); // @codingStandardsIgnoreLine.
+			$theme_version_data = get_transient( $theme_dir . '_version_data' );
 
-			if ( false === ( $theme_version_data = get_transient( $theme_dir . '_version_data' ) ) ) {
+			if ( false === $theme_version_data ) {
 				$theme_changelog = wp_safe_remote_get( 'http://dzv365zjfbd8v.cloudfront.net/changelogs/' . $theme_dir . '/changelog.txt' );
 				$cl_lines        = explode( "\n", wp_remote_retrieve_body( $theme_changelog ) );
 				if ( ! empty( $cl_lines ) ) {
@@ -288,13 +267,13 @@ public static function get_latest_theme_version( $theme ) {
 	 * Remove/delete the chosen file.
 	 */
 	public static function remove_log() {
-		if ( empty( $_REQUEST['_wpnonce'] ) || ! wp_verify_nonce( $_REQUEST['_wpnonce'], 'remove_log' ) ) {
-			wp_die( __( 'Action failed. Please refresh the page and retry.', 'woocommerce' ) );
+		if ( empty( $_REQUEST['_wpnonce'] ) || ! wp_verify_nonce( wp_unslash( $_REQUEST['_wpnonce'] ), 'remove_log' ) ) { // WPCS: input var ok, sanitization ok.
+			wp_die( esc_html__( 'Action failed. Please refresh the page and retry.', 'woocommerce' ) );
 		}
 
-		if ( ! empty( $_REQUEST['handle'] ) ) {
+		if ( ! empty( $_REQUEST['handle'] ) ) {  // WPCS: input var ok.
 			$log_handler = new WC_Log_Handler_File();
-			$log_handler->remove( $_REQUEST['handle'] );
+			$log_handler->remove( wp_unslash( $_REQUEST['handle'] ) ); // WPCS: input var ok, sanitization ok.
 		}
 
 		wp_safe_redirect( esc_url_raw( admin_url( 'admin.php?page=wc-status&tab=logs' ) ) );
@@ -307,8 +286,8 @@ public static function remove_log() {
 	 * @since 3.0.0
 	 */
 	private static function flush_db_logs() {
-		if ( empty( $_REQUEST['_wpnonce'] ) || ! wp_verify_nonce( $_REQUEST['_wpnonce'], 'woocommerce-status-logs' ) ) {
-			wp_die( __( 'Action failed. Please refresh the page and retry.', 'woocommerce' ) );
+		if ( empty( $_REQUEST['_wpnonce'] ) || ! wp_verify_nonce( $_REQUEST['_wpnonce'], 'woocommerce-status-logs' ) ) { // WPCS: input var ok, sanitization ok.
+			wp_die( esc_html__( 'Action failed. Please refresh the page and retry.', 'woocommerce' ) );
 		}
 
 		WC_Log_Handler_DB::flush();
@@ -323,13 +302,13 @@ private static function flush_db_logs() {
 	 * @since 3.0.0
 	 */
 	private static function log_table_bulk_actions() {
-		if ( empty( $_REQUEST['_wpnonce'] ) || ! wp_verify_nonce( $_REQUEST['_wpnonce'], 'woocommerce-status-logs' ) ) {
-			wp_die( __( 'Action failed. Please refresh the page and retry.', 'woocommerce' ) );
+		if ( empty( $_REQUEST['_wpnonce'] ) || ! wp_verify_nonce( $_REQUEST['_wpnonce'], 'woocommerce-status-logs' ) ) { // WPCS: input var ok, sanitization ok.
+			wp_die( esc_html__( 'Action failed. Please refresh the page and retry.', 'woocommerce' ) );
 		}
 
-		$log_ids = array_map( 'absint', (array) $_REQUEST['log'] );
+		$log_ids = array_map( 'absint', (array) isset( $_REQUEST['log'] ) ? wp_unslash( $_REQUEST['log'] ) : array() ); // WPCS: input var ok, sanitization ok.
 
-		if ( 'delete' === $_REQUEST['action'] || 'delete' === $_REQUEST['action2'] ) {
+		if ( ( isset( $_REQUEST['action'] ) && 'delete' === $_REQUEST['action'] ) || ( isset( $_REQUEST['action2'] ) && 'delete' === $_REQUEST['action2'] ) ) { // WPCS: input var ok, sanitization ok.
 			WC_Log_Handler_DB::delete( $log_ids );
 			wp_safe_redirect( esc_url_raw( admin_url( 'admin.php?page=wc-status&tab=logs' ) ) );
 			exit();

includes/admin/helper/class-wc-helper.php

@@ -1217,7 +1217,7 @@ public static function activated_plugin( $filename ) {
 		}
 
 		if ( ! $activated ) {
-			self::log( 'Could not activate a subscription upon plugin activation: ' . $$filename );
+			self::log( 'Could not activate a subscription upon plugin activation: ' . $filename );
 			return;
 		}