Create New Item
Item Type
File
Folder
Item Name
Search file in folder and subfolders...
Are you sure want to rename?
File Manager
/
wp-content
/
test
/
wp-content
/
plugins
/
woocommerce
/
includes
/
abstracts
:
abstract-wc-settings-api.php
Advanced Search
Upload
New Item
Settings
Back
Back Up
Advanced Editor
Save
<?php /** * Abstract Settings API Class * * Admin Settings API used by Integrations, Shipping Methods, and Payment Gateways. * * @package WooCommerce\Abstracts */ defined( 'ABSPATH' ) || exit; use Automattic\WooCommerce\Internal\Utilities\HtmlSanitizer; /** * WC_Settings_API class. */ abstract class WC_Settings_API { /** * The plugin ID. Used for option names. * * @var string */ public $plugin_id = 'woocommerce_'; /** * ID of the class extending the settings API. Used in option names. * * @var string */ public $id = ''; /** * Validation errors. * * @var array of strings */ public $errors = array(); /** * Setting values. * * @var array */ public $settings = array(); /** * Form option fields. * * @var array */ public $form_fields = array(); /** * The posted settings data. When empty, $_POST data will be used. * * @var array */ protected $data = array(); /** * Get the form fields after they are initialized. * * @return array of options */ public function get_form_fields() { return apply_filters( 'woocommerce_settings_api_form_fields_' . $this->id, array_map( array( $this, 'set_defaults' ), $this->form_fields ) ); } /** * Set default required properties for each field. * * @param array $field Setting field array. * @return array */ protected function set_defaults( $field ) { if ( ! isset( $field['default'] ) ) { $field['default'] = ''; } return $field; } /** * Output the admin options table. */ public function admin_options() { echo '<table class="form-table">' . $this->generate_settings_html( $this->get_form_fields(), false ) . '</table>'; // WPCS: XSS ok. } /** * Initialise settings form fields. * * Add an array of fields to be displayed on the gateway's settings screen. * * @since 1.0.0 */ public function init_form_fields() {} /** * Return the name of the option in the WP DB. * * @since 2.6.0 * @return string */ public function get_option_key() { return $this->plugin_id . $this->id . '_settings'; } /** * Get a fields type. Defaults to "text" if not set. * * @param array $field Field key. * @return string */ public function get_field_type( $field ) { return empty( $field['type'] ) ? 'text' : $field['type']; } /** * Get a fields default value. Defaults to "" if not set. * * @param array $field Field key. * @return string */ public function get_field_default( $field ) { return empty( $field['default'] ) ? '' : $field['default']; } /** * Get a field's posted and validated value. * * @param string $key Field key. * @param array $field Field array. * @param array $post_data Posted data. * @return string */ public function get_field_value( $key, $field, $post_data = array() ) { $type = $this->get_field_type( $field ); $field_key = $this->get_field_key( $key ); $post_data = empty( $post_data ) ? $_POST : $post_data; // WPCS: CSRF ok, input var ok. $value = isset( $post_data[ $field_key ] ) ? $post_data[ $field_key ] : null; if ( isset( $field['sanitize_callback'] ) && is_callable( $field['sanitize_callback'] ) ) { return call_user_func( $field['sanitize_callback'], $value ); } // Look for a validate_FIELDID_field method for special handling. if ( is_callable( array( $this, 'validate_' . $key . '_field' ) ) ) { return $this->{'validate_' . $key . '_field'}( $key, $value ); } // Look for a validate_FIELDTYPE_field method. if ( is_callable( array( $this, 'validate_' . $type . '_field' ) ) ) { return $this->{'validate_' . $type . '_field'}( $key, $value ); } // Fallback to text. return $this->validate_text_field( $key, $value ); } /** * Sets the POSTed data. This method can be used to set specific data, instead of taking it from the $_POST array. * * @param array $data Posted data. */ public function set_post_data( $data = array() ) { $this->data = $data; } /** * Returns the POSTed data, to be used to save the settings. * * @return array */ public function get_post_data() { if ( ! empty( $this->data ) && is_array( $this->data ) ) { return $this->data; } return $_POST; // WPCS: CSRF ok, input var ok. } /** * Update a single option. * * @since 3.4.0 * @param string $key Option key. * @param mixed $value Value to set. * @return bool was anything saved? */ public function update_option( $key, $value = '' ) { if ( empty( $this->settings ) ) { $this->init_settings(); } $this->settings[ $key ] = $value; return update_option( $this->get_option_key(), apply_filters( 'woocommerce_settings_api_sanitized_fields_' . $this->id, $this->settings ), 'yes' ); } /** * Processes and saves options. * If there is an error thrown, will continue to save and validate fields, but will leave the erroring field out. * * @return bool was anything saved? */ public function process_admin_options() { $this->init_settings(); $post_data = $this->get_post_data(); foreach ( $this->get_form_fields() as $key => $field ) { if ( 'title' !== $this->get_field_type( $field ) ) { try { $this->settings[ $key ] = $this->get_field_value( $key, $field, $post_data ); if ( 'select' === $field['type'] || 'checkbox' === $field['type'] ) { /** * Notify that a non-option setting has been updated. * * @since 7.8.0 */ do_action( 'woocommerce_update_non_option_setting', array( 'id' => $key, 'type' => $field['type'], 'value' => $this->settings[ $key ], ) ); } } catch ( Exception $e ) { $this->add_error( $e->getMessage() ); } } } $option_key = $this->get_option_key(); do_action( 'woocommerce_update_option', array( 'id' => $option_key ) ); // phpcs:ignore WooCommerce.Commenting.CommentHooks.MissingHookComment return update_option( $option_key, apply_filters( 'woocommerce_settings_api_sanitized_fields_' . $this->id, $this->settings ), 'yes' ); // phpcs:ignore WooCommerce.Commenting.CommentHooks.MissingHookComment } /** * Add an error message for display in admin on save. * * @param string $error Error message. */ public function add_error( $error ) { $this->errors[] = $error; } /** * Get admin error messages. */ public function get_errors() { return $this->errors; } /** * Display admin error messages. */ public function display_errors() { if ( $this->get_errors() ) { echo '<div id="woocommerce_errors" class="error notice is-dismissible">'; foreach ( $this->get_errors() as $error ) { echo '<p>' . wp_kses_post( $error ) . '</p>'; } echo '</div>'; } } /** * Initialise Settings. * * Store all settings in a single database entry * and make sure the $settings array is either the default * or the settings stored in the database. * * @since 1.0.0 * @uses get_option(), add_option() */ public function init_settings() { $this->settings = get_option( $this->get_option_key(), null ); // If there are no settings defined, use defaults. if ( ! is_array( $this->settings ) ) { $form_fields = $this->get_form_fields(); $this->settings = array_merge( array_fill_keys( array_keys( $form_fields ), '' ), wp_list_pluck( $form_fields, 'default' ) ); } } /** * Get option from DB. * * Gets an option from the settings API, using defaults if necessary to prevent undefined notices. * * @param string $key Option key. * @param mixed $empty_value Value when empty. * @return string The value specified for the option or a default value for the option. */ public function get_option( $key, $empty_value = null ) { if ( empty( $this->settings ) ) { $this->init_settings(); } // Get option default if unset. if ( ! isset( $this->settings[ $key ] ) ) { $form_fields = $this->get_form_fields(); $this->settings[ $key ] = isset( $form_fields[ $key ] ) ? $this->get_field_default( $form_fields[ $key ] ) : ''; } if ( ! is_null( $empty_value ) && '' === $this->settings[ $key ] ) { $this->settings[ $key ] = $empty_value; } return $this->settings[ $key ]; } /** * Prefix key for settings. * * @param string $key Field key. * @return string */ public function get_field_key( $key ) { return $this->plugin_id . $this->id . '_' . $key; } /** * Generate Settings HTML. * * Generate the HTML for the fields on the "settings" screen. * * @param array $form_fields (default: array()) Array of form fields. * @param bool $echo Echo or return. * @return string the html for the settings * @since 1.0.0 * @uses method_exists() */ public function generate_settings_html( $form_fields = array(), $echo = true ) { if ( empty( $form_fields ) ) { $form_fields = $this->get_form_fields(); } $html = ''; foreach ( $form_fields as $k => $v ) { $type = $this->get_field_type( $v ); if ( method_exists( $this, 'generate_' . $type . '_html' ) ) { $html .= $this->{'generate_' . $type . '_html'}( $k, $v ); } elseif ( has_filter( 'woocommerce_generate_' . $type . '_html' ) ) { /** * Allow the generation of custom field types on the settings screen. * * The dynamic portion of the hook name refers to the slug of the custom field type. * For instance, to introduce a new field type `fancy_lazy_dropdown` you would use * the hook `woocommerce_generate_fancy_lazy_dropdown_html`. * * @since 6.5.0 * * @param string $field_html The markup of the field being generated (initiated as an empty string). * @param string $key The key of the field. * @param array $data The attributes of the field as an associative array. * @param object $wc_settings The current WC_Settings_API object. */ $html .= apply_filters( 'woocommerce_generate_' . $type . '_html', '', $k, $v, $this ); } else { $html .= $this->generate_text_html( $k, $v ); } } if ( $echo ) { echo $html; // WPCS: XSS ok. } else { return $html; } } /** * Get HTML for tooltips. * * @param array $data Data for the tooltip. * @return string */ public function get_tooltip_html( $data ) { if ( true === $data['desc_tip'] ) { $tip = $data['description']; } elseif ( ! empty( $data['desc_tip'] ) ) { $tip = $data['desc_tip']; } else { $tip = ''; } return $tip ? wc_help_tip( $tip, true ) : ''; } /** * Get HTML for descriptions. * * @param array $data Data for the description. * @return string */ public function get_description_html( $data ) { if ( true === $data['desc_tip'] ) { $description = ''; } elseif ( ! empty( $data['desc_tip'] ) ) { $description = $data['description']; } elseif ( ! empty( $data['description'] ) ) { $description = $data['description']; } else { $description = ''; } return $description ? '<p class="description">' . wp_kses_post( $description ) . '</p>' . "\n" : ''; } /** * Get custom attributes. * * @param array $data Field data. * @return string */ public function get_custom_attribute_html( $data ) { $custom_attributes = array(); if ( ! empty( $data['custom_attributes'] ) && is_array( $data['custom_attributes'] ) ) { foreach ( $data['custom_attributes'] as $attribute => $attribute_value ) { $custom_attributes[] = esc_attr( $attribute ) . '="' . esc_attr( $attribute_value ) . '"'; } } return implode( ' ', $custom_attributes ); } /** * Generate Text Input HTML. * * @param string $key Field key. * @param array $data Field data. * @since 1.0.0 * @return string */ public function generate_text_html( $key, $data ) { $field_key = $this->get_field_key( $key ); $defaults = array( 'title' => '', 'disabled' => false, 'class' => '', 'css' => '', 'placeholder' => '', 'type' => 'text', 'desc_tip' => false, 'description' => '', 'custom_attributes' => array(), ); $data = wp_parse_args( $data, $defaults ); ob_start(); ?> <tr valign="top"> <th scope="row" class="titledesc"> <label for="<?php echo esc_attr( $field_key ); ?>"><?php echo wp_kses_post( $data['title'] ); ?> <?php echo $this->get_tooltip_html( $data ); // WPCS: XSS ok. ?></label> </th> <td class="forminp"> <fieldset> <legend class="screen-reader-text"><span><?php echo wp_kses_post( $data['title'] ); ?></span></legend> <input class="input-text regular-input <?php echo esc_attr( $data['class'] ); ?>" type="<?php echo esc_attr( $data['type'] ); ?>" name="<?php echo esc_attr( $field_key ); ?>" id="<?php echo esc_attr( $field_key ); ?>" style="<?php echo esc_attr( $data['css'] ); ?>" value="<?php echo esc_attr( $this->get_option( $key ) ); ?>" placeholder="<?php echo esc_attr( $data['placeholder'] ); ?>" <?php disabled( $data['disabled'], true ); ?> <?php echo $this->get_custom_attribute_html( $data ); // WPCS: XSS ok. ?> /> <?php echo $this->get_description_html( $data ); // WPCS: XSS ok. ?> </fieldset> </td> </tr> <?php return ob_get_clean(); } /** * Generates HTML for the 'safe_text' input type (mostly used for gateway-related settings). * * @param string $key Field key. * @param array $data Field data. * @return string * * @since 7.6.0 */ public function generate_safe_text_html( $key, $data ) { $data['type'] = 'text'; return $this->generate_text_html( $key, $data ); } /** * Generate Price Input HTML. * * @param string $key Field key. * @param array $data Field data. * @since 1.0.0 * @return string */ public function generate_price_html( $key, $data ) { $field_key = $this->get_field_key( $key ); $defaults = array( 'title' => '', 'disabled' => false, 'class' => '', 'css' => '', 'placeholder' => '', 'type' => 'text', 'desc_tip' => false, 'description' => '', 'custom_attributes' => array(), ); $data = wp_parse_args( $data, $defaults ); ob_start(); ?> <tr valign="top"> <th scope="row" class="titledesc"> <label for="<?php echo esc_attr( $field_key ); ?>"><?php echo wp_kses_post( $data['title'] ); ?> <?php echo $this->get_tooltip_html( $data ); // WPCS: XSS ok. ?></label> </th> <td class="forminp"> <fieldset> <legend class="screen-reader-text"><span><?php echo wp_kses_post( $data['title'] ); ?></span></legend> <input class="wc_input_price input-text regular-input <?php echo esc_attr( $data['class'] ); ?>" type="text" name="<?php echo esc_attr( $field_key ); ?>" id="<?php echo esc_attr( $field_key ); ?>" style="<?php echo esc_attr( $data['css'] ); ?>" value="<?php echo esc_attr( wc_format_localized_price( $this->get_option( $key ) ) ); ?>" placeholder="<?php echo esc_attr( $data['placeholder'] ); ?>" <?php disabled( $data['disabled'], true ); ?> <?php echo $this->get_custom_attribute_html( $data ); // WPCS: XSS ok. ?> /> <?php echo $this->get_description_html( $data ); // WPCS: XSS ok. ?> </fieldset> </td> </tr> <?php return ob_get_clean(); } /** * Generate Decimal Input HTML. * * @param string $key Field key. * @param array $data Field data. * @since 1.0.0 * @return string */ public function generate_decimal_html( $key, $data ) { $field_key = $this->get_field_key( $key ); $defaults = array( 'title' => '', 'disabled' => false, 'class' => '', 'css' => '', 'placeholder' => '', 'type' => 'text', 'desc_tip' => false, 'description' => '', 'custom_attributes' => array(), ); $data = wp_parse_args( $data, $defaults ); ob_start(); ?> <tr valign="top"> <th scope="row" class="titledesc"> <label for="<?php echo esc_attr( $field_key ); ?>"><?php echo wp_kses_post( $data['title'] ); ?> <?php echo $this->get_tooltip_html( $data ); // WPCS: XSS ok. ?></label> </th> <td class="forminp"> <fieldset> <legend class="screen-reader-text"><span><?php echo wp_kses_post( $data['title'] ); ?></span></legend> <input class="wc_input_decimal input-text regular-input <?php echo esc_attr( $data['class'] ); ?>" type="text" name="<?php echo esc_attr( $field_key ); ?>" id="<?php echo esc_attr( $field_key ); ?>" style="<?php echo esc_attr( $data['css'] ); ?>" value="<?php echo esc_attr( wc_format_localized_decimal( $this->get_option( $key ) ) ); ?>" placeholder="<?php echo esc_attr( $data['placeholder'] ); ?>" <?php disabled( $data['disabled'], true ); ?> <?php echo $this->get_custom_attribute_html( $data ); // WPCS: XSS ok. ?> /> <?php echo $this->get_description_html( $data ); // WPCS: XSS ok. ?> </fieldset> </td> </tr> <?php return ob_get_clean(); } /** * Generate Password Input HTML. * * @param string $key Field key. * @param array $data Field data. * @since 1.0.0 * @return string */ public function generate_password_html( $key, $data ) { $data['type'] = 'password'; return $this->generate_text_html( $key, $data ); } /** * Generate Color Picker Input HTML. * * @param string $key Field key. * @param array $data Field data. * @since 1.0.0 * @return string */ public function generate_color_html( $key, $data ) { $field_key = $this->get_field_key( $key ); $defaults = array( 'title' => '', 'disabled' => false, 'class' => '', 'css' => '', 'placeholder' => '', 'desc_tip' => false, 'description' => '', 'custom_attributes' => array(), ); $data = wp_parse_args( $data, $defaults ); ob_start(); ?> <tr valign="top"> <th scope="row" class="titledesc"> <label for="<?php echo esc_attr( $field_key ); ?>"><?php echo wp_kses_post( $data['title'] ); ?> <?php echo $this->get_tooltip_html( $data ); // WPCS: XSS ok. ?></label> </th> <td class="forminp"> <fieldset> <legend class="screen-reader-text"><span><?php echo wp_kses_post( $data['title'] ); ?></span></legend> <span class="colorpickpreview" style="background:<?php echo esc_attr( $this->get_option( $key ) ); ?>;"> </span> <input class="colorpick <?php echo esc_attr( $data['class'] ); ?>" type="text" name="<?php echo esc_attr( $field_key ); ?>" id="<?php echo esc_attr( $field_key ); ?>" style="<?php echo esc_attr( $data['css'] ); ?>" value="<?php echo esc_attr( $this->get_option( $key ) ); ?>" placeholder="<?php echo esc_attr( $data['placeholder'] ); ?>" <?php disabled( $data['disabled'], true ); ?> <?php echo $this->get_custom_attribute_html( $data ); // WPCS: XSS ok. ?> /> <div id="colorPickerDiv_<?php echo esc_attr( $field_key ); ?>" class="colorpickdiv" style="z-index: 100; background: #eee; border: 1px solid #ccc; position: absolute; display: none;"></div> <?php echo $this->get_description_html( $data ); // WPCS: XSS ok. ?> </fieldset> </td> </tr> <?php return ob_get_clean(); } /** * Generate Textarea HTML. * * @param string $key Field key. * @param array $data Field data. * @since 1.0.0 * @return string */ public function generate_textarea_html( $key, $data ) { $field_key = $this->get_field_key( $key ); $defaults = array( 'title' => '', 'disabled' => false, 'class' => '', 'css' => '', 'placeholder' => '', 'type' => 'text', 'desc_tip' => false, 'description' => '', 'custom_attributes' => array(), ); $data = wp_parse_args( $data, $defaults ); ob_start(); ?> <tr valign="top"> <th scope="row" class="titledesc"> <label for="<?php echo esc_attr( $field_key ); ?>"><?php echo wp_kses_post( $data['title'] ); ?> <?php echo $this->get_tooltip_html( $data ); // WPCS: XSS ok. ?></label> </th> <td class="forminp"> <fieldset> <legend class="screen-reader-text"><span><?php echo wp_kses_post( $data['title'] ); ?></span></legend> <textarea rows="3" cols="20" class="input-text wide-input <?php echo esc_attr( $data['class'] ); ?>" type="<?php echo esc_attr( $data['type'] ); ?>" name="<?php echo esc_attr( $field_key ); ?>" id="<?php echo esc_attr( $field_key ); ?>" style="<?php echo esc_attr( $data['css'] ); ?>" placeholder="<?php echo esc_attr( $data['placeholder'] ); ?>" <?php disabled( $data['disabled'], true ); ?> <?php echo $this->get_custom_attribute_html( $data ); // WPCS: XSS ok. ?>><?php echo esc_textarea( $this->get_option( $key ) ); ?></textarea> <?php echo $this->get_description_html( $data ); // WPCS: XSS ok. ?> </fieldset> </td> </tr> <?php return ob_get_clean(); } /** * Generate Checkbox HTML. * * @param string $key Field key. * @param array $data Field data. * @since 1.0.0 * @return string */ public function generate_checkbox_html( $key, $data ) { $field_key = $this->get_field_key( $key ); $defaults = array( 'title' => '', 'label' => '', 'disabled' => false, 'class' => '', 'css' => '', 'type' => 'text', 'desc_tip' => false, 'description' => '', 'custom_attributes' => array(), ); $data = wp_parse_args( $data, $defaults ); if ( ! $data['label'] ) { $data['label'] = $data['title']; } ob_start(); ?> <tr valign="top"> <th scope="row" class="titledesc"> <label for="<?php echo esc_attr( $field_key ); ?>"><?php echo wp_kses_post( $data['title'] ); ?> <?php echo $this->get_tooltip_html( $data ); // WPCS: XSS ok. ?></label> </th> <td class="forminp"> <fieldset> <legend class="screen-reader-text"><span><?php echo wp_kses_post( $data['title'] ); ?></span></legend> <label for="<?php echo esc_attr( $field_key ); ?>"> <input <?php disabled( $data['disabled'], true ); ?> class="<?php echo esc_attr( $data['class'] ); ?>" type="checkbox" name="<?php echo esc_attr( $field_key ); ?>" id="<?php echo esc_attr( $field_key ); ?>" style="<?php echo esc_attr( $data['css'] ); ?>" value="1" <?php checked( $this->get_option( $key ), 'yes' ); ?> <?php echo $this->get_custom_attribute_html( $data ); // WPCS: XSS ok. ?> /> <?php echo wp_kses_post( $data['label'] ); ?></label><br/> <?php echo $this->get_description_html( $data ); // WPCS: XSS ok. ?> </fieldset> </td> </tr> <?php return ob_get_clean(); } /** * Generate Select HTML. * * @param string $key Field key. * @param array $data Field data. * @since 1.0.0 * @return string */ public function generate_select_html( $key, $data ) { $field_key = $this->get_field_key( $key ); $defaults = array( 'title' => '', 'disabled' => false, 'class' => '', 'css' => '', 'placeholder' => '', 'type' => 'text', 'desc_tip' => false, 'description' => '', 'custom_attributes' => array(), 'options' => array(), ); $data = wp_parse_args( $data, $defaults ); $value = $this->get_option( $key ); ob_start(); ?> <tr valign="top"> <th scope="row" class="titledesc"> <label for="<?php echo esc_attr( $field_key ); ?>"><?php echo wp_kses_post( $data['title'] ); ?> <?php echo $this->get_tooltip_html( $data ); // WPCS: XSS ok. ?></label> </th> <td class="forminp"> <fieldset> <legend class="screen-reader-text"><span><?php echo wp_kses_post( $data['title'] ); ?></span></legend> <select class="select <?php echo esc_attr( $data['class'] ); ?>" name="<?php echo esc_attr( $field_key ); ?>" id="<?php echo esc_attr( $field_key ); ?>" style="<?php echo esc_attr( $data['css'] ); ?>" <?php disabled( $data['disabled'], true ); ?> <?php echo $this->get_custom_attribute_html( $data ); // WPCS: XSS ok. ?>> <?php foreach ( (array) $data['options'] as $option_key => $option_value ) : ?> <?php if ( is_array( $option_value ) ) : ?> <optgroup label="<?php echo esc_attr( $option_key ); ?>"> <?php foreach ( $option_value as $option_key_inner => $option_value_inner ) : ?> <option value="<?php echo esc_attr( $option_key_inner ); ?>" <?php selected( (string) $option_key_inner, esc_attr( $value ) ); ?>><?php echo esc_html( $option_value_inner ); ?></option> <?php endforeach; ?> </optgroup> <?php else : ?> <option value="<?php echo esc_attr( $option_key ); ?>" <?php selected( (string) $option_key, esc_attr( $value ) ); ?>><?php echo esc_html( $option_value ); ?></option> <?php endif; ?> <?php endforeach; ?> </select> <?php echo $this->get_description_html( $data ); // WPCS: XSS ok. ?> </fieldset> </td> </tr> <?php return ob_get_clean(); } /** * Generate Multiselect HTML. * * @param string $key Field key. * @param array $data Field data. * @since 1.0.0 * @return string */ public function generate_multiselect_html( $key, $data ) { $field_key = $this->get_field_key( $key ); $defaults = array( 'title' => '', 'disabled' => false, 'class' => '', 'css' => '', 'placeholder' => '', 'type' => 'text', 'desc_tip' => false, 'description' => '', 'custom_attributes' => array(), 'select_buttons' => false, 'options' => array(), ); $data = wp_parse_args( $data, $defaults ); $value = (array) $this->get_option( $key, array() ); ob_start(); ?> <tr valign="top"> <th scope="row" class="titledesc"> <label for="<?php echo esc_attr( $field_key ); ?>"><?php echo wp_kses_post( $data['title'] ); ?> <?php echo $this->get_tooltip_html( $data ); // WPCS: XSS ok. ?></label> </th> <td class="forminp"> <fieldset> <legend class="screen-reader-text"><span><?php echo wp_kses_post( $data['title'] ); ?></span></legend> <select multiple="multiple" class="multiselect <?php echo esc_attr( $data['class'] ); ?>" name="<?php echo esc_attr( $field_key ); ?>[]" id="<?php echo esc_attr( $field_key ); ?>" style="<?php echo esc_attr( $data['css'] ); ?>" <?php disabled( $data['disabled'], true ); ?> <?php echo $this->get_custom_attribute_html( $data ); // WPCS: XSS ok. ?>> <?php foreach ( (array) $data['options'] as $option_key => $option_value ) : ?> <?php if ( is_array( $option_value ) ) : ?> <optgroup label="<?php echo esc_attr( $option_key ); ?>"> <?php foreach ( $option_value as $option_key_inner => $option_value_inner ) : ?> <option value="<?php echo esc_attr( $option_key_inner ); ?>" <?php selected( in_array( (string) $option_key_inner, $value, true ), true ); ?>><?php echo esc_html( $option_value_inner ); ?></option> <?php endforeach; ?> </optgroup> <?php else : ?> <option value="<?php echo esc_attr( $option_key ); ?>" <?php selected( in_array( (string) $option_key, $value, true ), true ); ?>><?php echo esc_html( $option_value ); ?></option> <?php endif; ?> <?php endforeach; ?> </select> <?php echo $this->get_description_html( $data ); // WPCS: XSS ok. ?> <?php if ( $data['select_buttons'] ) : ?> <br/><a class="select_all button" href="#"><?php esc_html_e( 'Select all', 'woocommerce' ); ?></a> <a class="select_none button" href="#"><?php esc_html_e( 'Select none', 'woocommerce' ); ?></a> <?php endif; ?> </fieldset> </td> </tr> <?php return ob_get_clean(); } /** * Generate Title HTML. * * @param string $key Field key. * @param array $data Field data. * @since 1.0.0 * @return string */ public function generate_title_html( $key, $data ) { $field_key = $this->get_field_key( $key ); $defaults = array( 'title' => '', 'class' => '', ); $data = wp_parse_args( $data, $defaults ); ob_start(); ?> </table> <h3 class="wc-settings-sub-title <?php echo esc_attr( $data['class'] ); ?>" id="<?php echo esc_attr( $field_key ); ?>"><?php echo wp_kses_post( $data['title'] ); ?></h3> <?php if ( ! empty( $data['description'] ) ) : ?> <p><?php echo wp_kses_post( $data['description'] ); ?></p> <?php endif; ?> <table class="form-table"> <?php return ob_get_clean(); } /** * Validate Text Field. * * Make sure the data is escaped correctly, etc. * * @param string $key Field key. * @param string $value Posted Value. * @return string */ public function validate_text_field( $key, $value ) { $value = is_null( $value ) ? '' : $value; return wp_kses_post( trim( stripslashes( $value ) ) ); } /** * Sanitize 'Safe Text' fields. * * These fields are similar to regular text fields, but a much smaller set of HTML tags are allowed. By default, * this means `<br>`, `<img>`, `<p>` and `<span>` tags. * * Note: this is a sanitization method, rather than a validation method (the name is due to some historic naming * choices). * * @param string $key Field key (currently unused). * @param string $value Posted Value. * * @return string */ public function validate_safe_text_field( string $key, ?string $value ): string { return wc_get_container()->get( HtmlSanitizer::class )->sanitize( (string) $value, HtmlSanitizer::LOW_HTML_BALANCED_TAGS_NO_LINKS ); } /** * Validate Price Field. * * Make sure the data is escaped correctly, etc. * * @param string $key Field key. * @param string $value Posted Value. * @return string */ public function validate_price_field( $key, $value ) { $value = is_null( $value ) ? '' : $value; return ( '' === $value ) ? '' : wc_format_decimal( trim( stripslashes( $value ) ) ); } /** * Validate Decimal Field. * * Make sure the data is escaped correctly, etc. * * @param string $key Field key. * @param string $value Posted Value. * @return string */ public function validate_decimal_field( $key, $value ) { $value = is_null( $value ) ? '' : $value; return ( '' === $value ) ? '' : wc_format_decimal( trim( stripslashes( $value ) ) ); } /** * Validate Password Field. No input sanitization is used to avoid corrupting passwords. * * @param string $key Field key. * @param string $value Posted Value. * @return string */ public function validate_password_field( $key, $value ) { $value = is_null( $value ) ? '' : $value; return trim( stripslashes( $value ) ); } /** * Validate Textarea Field. * * @param string $key Field key. * @param string $value Posted Value. * @return string */ public function validate_textarea_field( $key, $value ) { $value = is_null( $value ) ? '' : $value; return wp_kses( trim( stripslashes( $value ) ), array_merge( array( 'iframe' => array( 'src' => true, 'style' => true, 'id' => true, 'class' => true, ), ), wp_kses_allowed_html( 'post' ) ) ); } /** * Validate Checkbox Field. * * If not set, return "no", otherwise return "yes". * * @param string $key Field key. * @param string $value Posted Value. * @return string */ public function validate_checkbox_field( $key, $value ) { return ! is_null( $value ) ? 'yes' : 'no'; } /** * Validate Select Field. * * @param string $key Field key. * @param string $value Posted Value. * @return string */ public function validate_select_field( $key, $value ) { $value = is_null( $value ) ? '' : $value; return wc_clean( stripslashes( $value ) ); } /** * Validate Multiselect Field. * * @param string $key Field key. * @param string $value Posted Value. * @return string|array */ public function validate_multiselect_field( $key, $value ) { return is_array( $value ) ? array_map( 'wc_clean', array_map( 'stripslashes', $value ) ) : ''; } /** * Validate the data on the "Settings" form. * * @deprecated 2.6.0 No longer used. * @param array $form_fields Array of fields. */ public function validate_settings_fields( $form_fields = array() ) { wc_deprecated_function( 'validate_settings_fields', '2.6' ); } /** * Format settings if needed. * * @deprecated 2.6.0 Unused. * @param array $value Value to format. * @return array */ public function format_settings( $value ) { wc_deprecated_function( 'format_settings', '2.6' ); return $value; } }