/includes/class-wc-ajax.php

  1. <?php 
  2.  
  3. if ( ! defined( 'ABSPATH' ) ) { 
  4. exit; 
  5.  
  6. /** 
  7. * WooCommerce WC_AJAX. 
  8. * 
  9. * AJAX Event Handler. 
  10. * 
  11. * @class WC_AJAX 
  12. * @package WooCommerce/Classes 
  13. * @category Class 
  14. * @author WooThemes 
  15. */ 
  16. class WC_AJAX { 
  17.  
  18. /** 
  19. * Hook in ajax handlers. 
  20. */ 
  21. public static function init() { 
  22. add_action( 'init', array( __CLASS__, 'define_ajax' ), 0 ); 
  23. add_action( 'template_redirect', array( __CLASS__, 'do_wc_ajax' ), 0 ); 
  24. self::add_ajax_events(); 
  25.  
  26. /** 
  27. * Get WC Ajax Endpoint. 
  28. * 
  29. * @param string $request Optional 
  30. * @return string 
  31. */ 
  32. public static function get_endpoint( $request = '' ) { 
  33. return esc_url_raw( apply_filters( 'woocommerce_ajax_get_endpoint', add_query_arg( 'wc-ajax', $request, remove_query_arg( array( 'remove_item', 'add-to-cart', 'added-to-cart' ) ) ), $request ) ); 
  34.  
  35. /** 
  36. * Set WC AJAX constant and headers. 
  37. */ 
  38. public static function define_ajax() { 
  39. if ( ! empty( $_GET['wc-ajax'] ) ) { 
  40. wc_maybe_define_constant( 'DOING_AJAX', true ); 
  41. wc_maybe_define_constant( 'WC_DOING_AJAX', true ); 
  42. if ( ! WP_DEBUG || ( WP_DEBUG && ! WP_DEBUG_DISPLAY ) ) { 
  43. @ini_set( 'display_errors', 0 ); // Turn off display_errors during AJAX events to prevent malformed JSON 
  44. $GLOBALS['wpdb']->hide_errors(); 
  45.  
  46. /** 
  47. * Send headers for WC Ajax Requests. 
  48. * 
  49. * @since 2.5.0 
  50. */ 
  51. private static function wc_ajax_headers() { 
  52. send_origin_headers(); 
  53. @header( 'Content-Type: text/html; charset=' . get_option( 'blog_charset' ) ); 
  54. @header( 'X-Robots-Tag: noindex' ); 
  55. send_nosniff_header(); 
  56. nocache_headers(); 
  57. status_header( 200 ); 
  58.  
  59. /** 
  60. * Check for WC Ajax request and fire action. 
  61. */ 
  62. public static function do_wc_ajax() { 
  63. global $wp_query; 
  64.  
  65. if ( ! empty( $_GET['wc-ajax'] ) ) { 
  66. $wp_query->set( 'wc-ajax', sanitize_text_field( $_GET['wc-ajax'] ) ); 
  67.  
  68. if ( $action = $wp_query->get( 'wc-ajax' ) ) { 
  69. self::wc_ajax_headers(); 
  70. do_action( 'wc_ajax_' . sanitize_text_field( $action ) ); 
  71. wp_die(); 
  72.  
  73. /** 
  74. * Hook in methods - uses WordPress ajax handlers (admin-ajax). 
  75. */ 
  76. public static function add_ajax_events() { 
  77. // woocommerce_EVENT => nopriv 
  78. $ajax_events = array( 
  79. 'get_refreshed_fragments' => true,  
  80. 'apply_coupon' => true,  
  81. 'remove_coupon' => true,  
  82. 'update_shipping_method' => true,  
  83. 'get_cart_totals' => true,  
  84. 'update_order_review' => true,  
  85. 'add_to_cart' => true,  
  86. 'checkout' => true,  
  87. 'get_variation' => true,  
  88. 'get_customer_location' => true,  
  89. 'feature_product' => false,  
  90. 'mark_order_status' => false,  
  91. 'add_attribute' => false,  
  92. 'add_new_attribute' => false,  
  93. 'remove_variation' => false,  
  94. 'remove_variations' => false,  
  95. 'save_attributes' => false,  
  96. 'add_variation' => false,  
  97. 'link_all_variations' => false,  
  98. 'revoke_access_to_download' => false,  
  99. 'grant_access_to_download' => false,  
  100. 'get_customer_details' => false,  
  101. 'add_order_item' => false,  
  102. 'add_order_fee' => false,  
  103. 'add_order_shipping' => false,  
  104. 'add_order_tax' => false,  
  105. 'remove_order_item' => false,  
  106. 'remove_order_tax' => false,  
  107. 'reduce_order_item_stock' => false,  
  108. 'increase_order_item_stock' => false,  
  109. 'add_order_item_meta' => false,  
  110. 'remove_order_item_meta' => false,  
  111. 'calc_line_taxes' => false,  
  112. 'save_order_items' => false,  
  113. 'load_order_items' => false,  
  114. 'add_order_note' => false,  
  115. 'delete_order_note' => false,  
  116. 'json_search_products' => false,  
  117. 'json_search_products_and_variations' => false,  
  118. 'json_search_downloadable_products_and_variations' => false,  
  119. 'json_search_customers' => false,  
  120. 'term_ordering' => false,  
  121. 'product_ordering' => false,  
  122. 'refund_line_items' => false,  
  123. 'delete_refund' => false,  
  124. 'rated' => false,  
  125. 'update_api_key' => false,  
  126. 'load_variations' => false,  
  127. 'save_variations' => false,  
  128. 'bulk_edit_variations' => false,  
  129. 'tax_rates_save_changes' => false,  
  130. 'shipping_zones_save_changes' => false,  
  131. 'shipping_zone_add_method' => false,  
  132. 'shipping_zone_methods_save_changes' => false,  
  133. 'shipping_zone_methods_save_settings' => false,  
  134. 'shipping_classes_save_changes' => false,  
  135. ); 
  136.  
  137. foreach ( $ajax_events as $ajax_event => $nopriv ) { 
  138. add_action( 'wp_ajax_woocommerce_' . $ajax_event, array( __CLASS__, $ajax_event ) ); 
  139.  
  140. if ( $nopriv ) { 
  141. add_action( 'wp_ajax_nopriv_woocommerce_' . $ajax_event, array( __CLASS__, $ajax_event ) ); 
  142.  
  143. // WC AJAX can be used for frontend ajax requests. 
  144. add_action( 'wc_ajax_' . $ajax_event, array( __CLASS__, $ajax_event ) ); 
  145.  
  146. /** 
  147. * Get a refreshed cart fragment, including the mini cart HTML. 
  148. */ 
  149. public static function get_refreshed_fragments() { 
  150. ob_start(); 
  151.  
  152. woocommerce_mini_cart(); 
  153.  
  154. $mini_cart = ob_get_clean(); 
  155.  
  156. $data = array( 
  157. 'fragments' => apply_filters( 'woocommerce_add_to_cart_fragments', array( 
  158. 'div.widget_shopping_cart_content' => '<div class="widget_shopping_cart_content">' . $mini_cart . '</div>',  
  159. ),  
  160. 'cart_hash' => apply_filters( 'woocommerce_add_to_cart_hash', WC()->cart->get_cart_for_session() ? md5( json_encode( WC()->cart->get_cart_for_session() ) ) : '', WC()->cart->get_cart_for_session() ),  
  161. ); 
  162.  
  163. wp_send_json( $data ); 
  164.  
  165. /** 
  166. * AJAX apply coupon on checkout page. 
  167. */ 
  168. public static function apply_coupon() { 
  169.  
  170. check_ajax_referer( 'apply-coupon', 'security' ); 
  171.  
  172. if ( ! empty( $_POST['coupon_code'] ) ) { 
  173. WC()->cart->add_discount( sanitize_text_field( $_POST['coupon_code'] ) ); 
  174. } else { 
  175. wc_add_notice( WC_Coupon::get_generic_coupon_error( WC_Coupon::E_WC_COUPON_PLEASE_ENTER ), 'error' ); 
  176.  
  177. wc_print_notices(); 
  178. wp_die(); 
  179.  
  180. /** 
  181. * AJAX remove coupon on cart and checkout page. 
  182. */ 
  183. public static function remove_coupon() { 
  184. check_ajax_referer( 'remove-coupon', 'security' ); 
  185.  
  186. $coupon = isset( $_POST['coupon'] ) ? wc_clean( $_POST['coupon'] ) : false; 
  187.  
  188. if ( empty( $coupon ) ) { 
  189. wc_add_notice( __( 'Sorry there was a problem removing this coupon.', 'woocommerce' ), 'error' ); 
  190. } else { 
  191. WC()->cart->remove_coupon( $coupon ); 
  192. wc_add_notice( __( 'Coupon has been removed.', 'woocommerce' ) ); 
  193.  
  194. wc_print_notices(); 
  195. wp_die(); 
  196.  
  197. /** 
  198. * AJAX update shipping method on cart page. 
  199. */ 
  200. public static function update_shipping_method() { 
  201. check_ajax_referer( 'update-shipping-method', 'security' ); 
  202.  
  203. wc_maybe_define_constant( 'WOOCOMMERCE_CART', true ); 
  204.  
  205. $chosen_shipping_methods = WC()->session->get( 'chosen_shipping_methods' ); 
  206.  
  207. if ( isset( $_POST['shipping_method'] ) && is_array( $_POST['shipping_method'] ) ) { 
  208. foreach ( $_POST['shipping_method'] as $i => $value ) { 
  209. $chosen_shipping_methods[ $i ] = wc_clean( $value ); 
  210.  
  211. WC()->session->set( 'chosen_shipping_methods', $chosen_shipping_methods ); 
  212.  
  213. self::get_cart_totals(); 
  214.  
  215. /** 
  216. * AJAX receive updated cart_totals div. 
  217. */ 
  218. public static function get_cart_totals() { 
  219. wc_maybe_define_constant( 'WOOCOMMERCE_CART', true ); 
  220. WC()->cart->calculate_totals(); 
  221. woocommerce_cart_totals(); 
  222. wp_die(); 
  223.  
  224. /** 
  225. * Session has expired. 
  226. */ 
  227. private static function update_order_review_expired() { 
  228. wp_send_json( array( 
  229. 'fragments' => apply_filters( 'woocommerce_update_order_review_fragments', array( 
  230. 'form.woocommerce-checkout' => '<div class="woocommerce-error">' . __( 'Sorry, your session has expired.', 'woocommerce' ) . ' <a href="' . esc_url( wc_get_page_permalink( 'shop' ) ) . '" class="wc-backward">' . __( 'Return to shop', 'woocommerce' ) . '</a></div>',  
  231. ) ),  
  232. ) ); 
  233.  
  234. /** 
  235. * AJAX update order review on checkout. 
  236. */ 
  237. public static function update_order_review() { 
  238. check_ajax_referer( 'update-order-review', 'security' ); 
  239.  
  240. wc_maybe_define_constant( 'WOOCOMMERCE_CHECKOUT', true ); 
  241.  
  242. if ( WC()->cart->is_empty() ) { 
  243. self::update_order_review_expired(); 
  244.  
  245. do_action( 'woocommerce_checkout_update_order_review', $_POST['post_data'] ); 
  246.  
  247. $chosen_shipping_methods = WC()->session->get( 'chosen_shipping_methods' ); 
  248.  
  249. if ( isset( $_POST['shipping_method'] ) && is_array( $_POST['shipping_method'] ) ) { 
  250. foreach ( $_POST['shipping_method'] as $i => $value ) { 
  251. $chosen_shipping_methods[ $i ] = wc_clean( $value ); 
  252.  
  253. WC()->session->set( 'chosen_shipping_methods', $chosen_shipping_methods ); 
  254. WC()->session->set( 'chosen_payment_method', empty( $_POST['payment_method'] ) ? '' : $_POST['payment_method'] ); 
  255. WC()->customer->set_props( array( 
  256. 'billing_country' => isset( $_POST['country'] ) ? $_POST['country'] : null,  
  257. 'billing_state' => isset( $_POST['state'] ) ? $_POST['state'] : null,  
  258. 'billing_postcode' => isset( $_POST['postcode'] ) ? $_POST['postcode'] : null,  
  259. 'billing_city' => isset( $_POST['city'] ) ? $_POST['city'] : null,  
  260. 'billing_address_1' => isset( $_POST['address'] ) ? $_POST['address'] : null,  
  261. 'billing_address_2' => isset( $_POST['address_2'] ) ? $_POST['address_2'] : null,  
  262. ) ); 
  263.  
  264. if ( wc_ship_to_billing_address_only() ) { 
  265. WC()->customer->set_props( array( 
  266. 'shipping_country' => isset( $_POST['country'] ) ? $_POST['country'] : null,  
  267. 'shipping_state' => isset( $_POST['state'] ) ? $_POST['state'] : null,  
  268. 'shipping_postcode' => isset( $_POST['postcode'] ) ? $_POST['postcode'] : null,  
  269. 'shipping_city' => isset( $_POST['city'] ) ? $_POST['city'] : null,  
  270. 'shipping_address_1' => isset( $_POST['address'] ) ? $_POST['address'] : null,  
  271. 'shipping_address_2' => isset( $_POST['address_2'] ) ? $_POST['address_2'] : null,  
  272. ) ); 
  273. if ( ! empty( $_POST['country'] ) ) { 
  274. WC()->customer->set_calculated_shipping( true ); 
  275. } else { 
  276. WC()->customer->set_props( array( 
  277. 'shipping_country' => isset( $_POST['s_country'] ) ? $_POST['s_country'] : null,  
  278. 'shipping_state' => isset( $_POST['s_state'] ) ? $_POST['s_state'] : null,  
  279. 'shipping_postcode' => isset( $_POST['s_postcode'] ) ? $_POST['s_postcode'] : null,  
  280. 'shipping_city' => isset( $_POST['s_city'] ) ? $_POST['s_city'] : null,  
  281. 'shipping_address_1' => isset( $_POST['s_address'] ) ? $_POST['s_address'] : null,  
  282. 'shipping_address_2' => isset( $_POST['s_address_2'] ) ? $_POST['s_address_2'] : null,  
  283. ) ); 
  284. if ( ! empty( $_POST['s_country'] ) ) { 
  285. WC()->customer->set_calculated_shipping( true ); 
  286.  
  287. WC()->customer->save(); 
  288. WC()->cart->calculate_totals(); 
  289.  
  290. // Get order review fragment 
  291. ob_start(); 
  292. woocommerce_order_review(); 
  293. $woocommerce_order_review = ob_get_clean(); 
  294.  
  295. // Get checkout payment fragment 
  296. ob_start(); 
  297. woocommerce_checkout_payment(); 
  298. $woocommerce_checkout_payment = ob_get_clean(); 
  299.  
  300. // Get messages if reload checkout is not true 
  301. $messages = ''; 
  302. if ( ! isset( WC()->session->reload_checkout ) ) { 
  303. ob_start(); 
  304. wc_print_notices(); 
  305. $messages = ob_get_clean(); 
  306.  
  307. unset( WC()->session->refresh_totals, WC()->session->reload_checkout ); 
  308.  
  309. wp_send_json( array( 
  310. 'result' => empty( $messages ) ? 'success' : 'failure',  
  311. 'messages' => $messages,  
  312. 'reload' => isset( WC()->session->reload_checkout ) ? 'true' : 'false',  
  313. 'fragments' => apply_filters( 'woocommerce_update_order_review_fragments', array( 
  314. '.woocommerce-checkout-review-order-table' => $woocommerce_order_review,  
  315. '.woocommerce-checkout-payment' => $woocommerce_checkout_payment,  
  316. ) ),  
  317. ) ); 
  318.  
  319. /** 
  320. * AJAX add to cart. 
  321. */ 
  322. public static function add_to_cart() { 
  323. ob_start(); 
  324.  
  325. $product_id = apply_filters( 'woocommerce_add_to_cart_product_id', absint( $_POST['product_id'] ) ); 
  326. $quantity = empty( $_POST['quantity'] ) ? 1 : wc_stock_amount( $_POST['quantity'] ); 
  327. $passed_validation = apply_filters( 'woocommerce_add_to_cart_validation', true, $product_id, $quantity ); 
  328. $product_status = get_post_status( $product_id ); 
  329.  
  330. if ( $passed_validation && false !== WC()->cart->add_to_cart( $product_id, $quantity ) && 'publish' === $product_status ) { 
  331.  
  332. do_action( 'woocommerce_ajax_added_to_cart', $product_id ); 
  333.  
  334. if ( get_option( 'woocommerce_cart_redirect_after_add' ) == 'yes' ) { 
  335. wc_add_to_cart_message( array( $product_id => $quantity ), true ); 
  336.  
  337. // Return fragments 
  338. self::get_refreshed_fragments(); 
  339.  
  340. } else { 
  341.  
  342. // If there was an error adding to the cart, redirect to the product page to show any errors 
  343. $data = array( 
  344. 'error' => true,  
  345. 'product_url' => apply_filters( 'woocommerce_cart_redirect_after_error', get_permalink( $product_id ), $product_id ),  
  346. ); 
  347.  
  348. wp_send_json( $data ); 
  349.  
  350. /** 
  351. * Process ajax checkout form. 
  352. */ 
  353. public static function checkout() { 
  354. wc_maybe_define_constant( 'WOOCOMMERCE_CHECKOUT', true ); 
  355. WC()->checkout()->process_checkout(); 
  356. wp_die( 0 ); 
  357.  
  358. /** 
  359. * Get a matching variation based on posted attributes. 
  360. */ 
  361. public static function get_variation() { 
  362. ob_start(); 
  363.  
  364. if ( empty( $_POST['product_id'] ) || ! ( $variable_product = wc_get_product( absint( $_POST['product_id'] ) ) ) ) { 
  365. wp_die(); 
  366.  
  367. $data_store = WC_Data_Store::load( 'product' ); 
  368. $variation_id = $data_store->find_matching_product_variation( $variable_product, wp_unslash( $_POST ) ); 
  369. $variation = $variation_id ? $variable_product->get_available_variation( $variation_id ) : false; 
  370. wp_send_json( $variation ); 
  371.  
  372. /** 
  373. * Locate user via AJAX. 
  374. */ 
  375. public static function get_customer_location() { 
  376. $location_hash = WC_Cache_Helper::geolocation_ajax_get_location_hash(); 
  377. wp_send_json_success( array( 'hash' => $location_hash ) ); 
  378.  
  379. /** 
  380. * Toggle Featured status of a product from admin. 
  381. */ 
  382. public static function feature_product() { 
  383. if ( current_user_can( 'edit_products' ) && check_admin_referer( 'woocommerce-feature-product' ) ) { 
  384. $product = wc_get_product( absint( $_GET['product_id'] ) ); 
  385.  
  386. if ( $product ) { 
  387. $product->set_featured( ! $product->get_featured() ); 
  388. $product->save(); 
  389.  
  390. wp_safe_redirect( wp_get_referer() ? remove_query_arg( array( 'trashed', 'untrashed', 'deleted', 'ids' ), wp_get_referer() ) : admin_url( 'edit.php?post_type=product' ) ); 
  391. exit; 
  392.  
  393. /** 
  394. * Mark an order with a status. 
  395. */ 
  396. public static function mark_order_status() { 
  397. if ( current_user_can( 'edit_shop_orders' ) && check_admin_referer( 'woocommerce-mark-order-status' ) ) { 
  398. $status = sanitize_text_field( $_GET['status'] ); 
  399. $order = wc_get_order( absint( $_GET['order_id'] ) ); 
  400.  
  401. if ( wc_is_order_status( 'wc-' . $status ) && $order ) { 
  402. $order->update_status( $status, '', true ); 
  403. do_action( 'woocommerce_order_edit_status', $order->get_id(), $status ); 
  404.  
  405. wp_safe_redirect( wp_get_referer() ? wp_get_referer() : admin_url( 'edit.php?post_type=shop_order' ) ); 
  406. exit; 
  407.  
  408. /** 
  409. * Add an attribute row. 
  410. */ 
  411. public static function add_attribute() { 
  412. ob_start(); 
  413.  
  414. check_ajax_referer( 'add-attribute', 'security' ); 
  415.  
  416. if ( ! current_user_can( 'edit_products' ) ) { 
  417. wp_die( -1 ); 
  418.  
  419. $i = absint( $_POST['i'] ); 
  420. $metabox_class = array(); 
  421. $attribute = new WC_Product_Attribute(); 
  422.  
  423. $attribute->set_id( wc_attribute_taxonomy_id_by_name( sanitize_text_field( $_POST['taxonomy'] ) ) ); 
  424. $attribute->set_name( sanitize_text_field( $_POST['taxonomy'] ) ); 
  425. $attribute->set_visible( apply_filters( 'woocommerce_attribute_default_visibility', 1 ) ); 
  426. $attribute->set_variation( apply_filters( 'woocommerce_attribute_default_is_variation', 0 ) ); 
  427.  
  428. if ( $attribute->is_taxonomy() ) { 
  429. $metabox_class[] = 'taxonomy'; 
  430. $metabox_class[] = $attribute->get_name(); 
  431.  
  432. include( 'admin/meta-boxes/views/html-product-attribute.php' ); 
  433. wp_die(); 
  434.  
  435. /** 
  436. * Add a new attribute via ajax function. 
  437. */ 
  438. public static function add_new_attribute() { 
  439. check_ajax_referer( 'add-attribute', 'security' ); 
  440.  
  441. if ( current_user_can( 'manage_product_terms' ) ) { 
  442. $taxonomy = esc_attr( $_POST['taxonomy'] ); 
  443. $term = wc_clean( $_POST['term'] ); 
  444.  
  445. if ( taxonomy_exists( $taxonomy ) ) { 
  446.  
  447. $result = wp_insert_term( $term, $taxonomy ); 
  448.  
  449. if ( is_wp_error( $result ) ) { 
  450. wp_send_json( array( 
  451. 'error' => $result->get_error_message(),  
  452. ) ); 
  453. } else { 
  454. $term = get_term_by( 'id', $result['term_id'], $taxonomy ); 
  455. wp_send_json( array( 
  456. 'term_id' => $term->term_id,  
  457. 'name' => $term->name,  
  458. 'slug' => $term->slug,  
  459. ) ); 
  460. wp_die( -1 ); 
  461.  
  462. /** 
  463. * Delete variations via ajax function. 
  464. */ 
  465. public static function remove_variations() { 
  466. check_ajax_referer( 'delete-variations', 'security' ); 
  467.  
  468. if ( current_user_can( 'edit_products' ) ) { 
  469. $variation_ids = (array) $_POST['variation_ids']; 
  470.  
  471. foreach ( $variation_ids as $variation_id ) { 
  472. if ( 'product_variation' === get_post_type( $variation_id ) ) { 
  473. $variation = wc_get_product( $variation_id ); 
  474. $variation->delete( true ); 
  475.  
  476. wp_die( -1 ); 
  477.  
  478. /** 
  479. * Save attributes via ajax. 
  480. */ 
  481. public static function save_attributes() { 
  482. check_ajax_referer( 'save-attributes', 'security' ); 
  483.  
  484. if ( ! current_user_can( 'edit_products' ) ) { 
  485. wp_die( -1 ); 
  486.  
  487. parse_str( $_POST['data'], $data ); 
  488.  
  489. $attributes = WC_Meta_Box_Product_Data::prepare_attributes( $data ); 
  490. $product_id = absint( $_POST['post_id'] ); 
  491. $product_type = ! empty( $_POST['product_type'] ) ? wc_clean( $_POST['product_type'] ) : 'simple'; 
  492. $classname = WC_Product_Factory::get_product_classname( $product_id, $product_type ); 
  493. $product = new $classname( $product_id ); 
  494.  
  495. $product->set_attributes( $attributes ); 
  496. $product->save(); 
  497. wp_die(); 
  498.  
  499. /** 
  500. * Add variation via ajax function. 
  501. */ 
  502. public static function add_variation() { 
  503.  
  504. check_ajax_referer( 'add-variation', 'security' ); 
  505.  
  506. if ( ! current_user_can( 'edit_products' ) ) { 
  507. wp_die( -1 ); 
  508.  
  509. global $post; // Set $post global so its available, like within the admin screens 
  510.  
  511. $product_id = intval( $_POST['post_id'] ); 
  512. $post = get_post( $product_id ); 
  513. $loop = intval( $_POST['loop'] ); 
  514. $product_object = wc_get_product( $product_id ); 
  515. $variation_object = new WC_Product_Variation(); 
  516. $variation_object->set_parent_id( $product_id ); 
  517. $variation_id = $variation_object->save(); 
  518. $variation = get_post( $variation_id ); 
  519. $variation_data = array_merge( array_map( 'maybe_unserialize', get_post_custom( $variation_id ) ), wc_get_product_variation_attributes( $variation_id ) ); // kept for BW compat. 
  520. include( 'admin/meta-boxes/views/html-variation-admin.php' ); 
  521. wp_die(); 
  522.  
  523. /** 
  524. * Link all variations via ajax function. 
  525. */ 
  526. public static function link_all_variations() { 
  527. check_ajax_referer( 'link-variations', 'security' ); 
  528.  
  529. if ( ! current_user_can( 'edit_products' ) ) { 
  530. wp_die( -1 ); 
  531.  
  532. wc_maybe_define_constant( 'WC_MAX_LINKED_VARIATIONS', 49 ); 
  533. wc_set_time_limit( 0 ); 
  534.  
  535. $post_id = intval( $_POST['post_id'] ); 
  536.  
  537. if ( ! $post_id ) { 
  538. wp_die(); 
  539.  
  540. $variations = array(); 
  541. $product = wc_get_product( $post_id ); 
  542. $attributes = wc_list_pluck( array_filter( $product->get_attributes(), 'wc_attributes_array_filter_variation' ), 'get_slugs' ); 
  543.  
  544. if ( ! empty( $attributes ) ) { 
  545. // Get existing variations so we don't create duplicates. 
  546. $existing_variations = array_map( 'wc_get_product', $product->get_children() ); 
  547. $existing_attributes = array(); 
  548.  
  549. foreach ( $existing_variations as $existing_variation ) { 
  550. $existing_attributes[] = $existing_variation->get_attributes(); 
  551.  
  552. $added = 0; 
  553. $possible_attributes = wc_array_cartesian( $attributes ); 
  554.  
  555. foreach ( $possible_attributes as $possible_attribute ) { 
  556. if ( in_array( $possible_attribute, $existing_attributes ) ) { 
  557. continue; 
  558. $variation = new WC_Product_Variation(); 
  559. $variation->set_parent_id( $post_id ); 
  560. $variation->set_attributes( $possible_attribute ); 
  561.  
  562. do_action( 'product_variation_linked', $variation->save() ); 
  563.  
  564. if ( ( $added ++ ) > WC_MAX_LINKED_VARIATIONS ) { 
  565. break; 
  566.  
  567. echo $added; 
  568.  
  569. $data_store = $product->get_data_store(); 
  570. $data_store->sort_all_product_variations( $product->get_id() ); 
  571. wp_die(); 
  572.  
  573. /** 
  574. * Delete download permissions via ajax function. 
  575. */ 
  576. public static function revoke_access_to_download() { 
  577. check_ajax_referer( 'revoke-access', 'security' ); 
  578.  
  579. if ( ! current_user_can( 'edit_shop_orders' ) ) { 
  580. wp_die( -1 ); 
  581. $download_id = $_POST['download_id']; 
  582. $product_id = intval( $_POST['product_id'] ); 
  583. $order_id = intval( $_POST['order_id'] ); 
  584. $permission_id = absint( $_POST['permission_id'] ); 
  585. $data_store = WC_Data_Store::load( 'customer-download' ); 
  586. $data_store->delete_by_id( $permission_id ); 
  587.  
  588. do_action( 'woocommerce_ajax_revoke_access_to_product_download', $download_id, $product_id, $order_id, $permission_id ); 
  589.  
  590. wp_die(); 
  591.  
  592. /** 
  593. * Grant download permissions via ajax function. 
  594. */ 
  595. public static function grant_access_to_download() { 
  596.  
  597. check_ajax_referer( 'grant-access', 'security' ); 
  598.  
  599. if ( ! current_user_can( 'edit_shop_orders' ) ) { 
  600. wp_die( -1 ); 
  601.  
  602. global $wpdb; 
  603.  
  604. $wpdb->hide_errors(); 
  605.  
  606. $order_id = intval( $_POST['order_id'] ); 
  607. $product_ids = $_POST['product_ids']; 
  608. $loop = intval( $_POST['loop'] ); 
  609. $file_counter = 0; 
  610. $order = wc_get_order( $order_id ); 
  611.  
  612. if ( ! is_array( $product_ids ) ) { 
  613. $product_ids = array( $product_ids ); 
  614.  
  615. foreach ( $product_ids as $product_id ) { 
  616. $product = wc_get_product( $product_id ); 
  617. $files = $product->get_downloads(); 
  618.  
  619. if ( ! $order->get_billing_email() ) { 
  620. wp_die(); 
  621.  
  622. if ( ! empty( $files ) ) { 
  623. foreach ( $files as $download_id => $file ) { 
  624. if ( $inserted_id = wc_downloadable_file_permission( $download_id, $product_id, $order ) ) { 
  625. $download = new WC_Customer_Download( $inserted_id ); 
  626. $loop ++; 
  627. $file_counter ++; 
  628.  
  629. if ( $file->get_name() ) { 
  630. $file_count = $file->get_name(); 
  631. } else { 
  632. $file_count = sprintf( __( 'File %d', 'woocommerce' ), $file_counter ); 
  633. include( 'admin/meta-boxes/views/html-order-download-permission.php' ); 
  634. wp_die(); 
  635.  
  636. /** 
  637. * Get customer details via ajax. 
  638. */ 
  639. public static function get_customer_details() { 
  640. check_ajax_referer( 'get-customer-details', 'security' ); 
  641.  
  642. if ( ! current_user_can( 'edit_shop_orders' ) ) { 
  643. wp_die( -1 ); 
  644.  
  645. $user_id = absint( $_POST['user_id'] ); 
  646. $customer = new WC_Customer( $user_id ); 
  647.  
  648. if ( has_filter( 'woocommerce_found_customer_details' ) ) { 
  649. wc_deprecated_function( 'The woocommerce_found_customer_details filter', '3.0', 'woocommerce_ajax_get_customer_details' ); 
  650.  
  651. $data = $customer->get_data(); 
  652. $data['date_created'] = $data['date_created'] ? $data['date_created']->getTimestamp() : null; 
  653. $data['date_modified'] = $data['date_modified'] ? $data['date_modified']->getTimestamp() : null; 
  654.  
  655. $customer_data = apply_filters( 'woocommerce_ajax_get_customer_details', $data, $customer, $user_id ); 
  656. wp_send_json( $customer_data ); 
  657.  
  658. /** 
  659. * Add order item via ajax. 
  660. */ 
  661. public static function add_order_item() { 
  662. check_ajax_referer( 'order-item', 'security' ); 
  663.  
  664. if ( ! current_user_can( 'edit_shop_orders' ) ) { 
  665. wp_die( -1 ); 
  666.  
  667. try { 
  668. $order_id = absint( $_POST['order_id'] ); 
  669. $order = wc_get_order( $order_id ); 
  670. $items_to_add = wp_parse_id_list( is_array( $_POST['item_to_add'] ) ? $_POST['item_to_add'] : array( $_POST['item_to_add'] ) ); 
  671.  
  672. if ( ! $order ) { 
  673. throw new Exception( __( 'Invalid order', 'woocommerce' ) ); 
  674.  
  675. ob_start(); 
  676.  
  677. foreach ( $items_to_add as $item_to_add ) { 
  678. if ( ! in_array( get_post_type( $item_to_add ), array( 'product', 'product_variation' ) ) ) { 
  679. continue; 
  680. $item_id = $order->add_product( wc_get_product( $item_to_add ) ); 
  681. $item = apply_filters( 'woocommerce_ajax_order_item', $order->get_item( $item_id ), $item_id ); 
  682. $order_taxes = $order->get_taxes(); 
  683. $class = 'new_row'; 
  684.  
  685. do_action( 'woocommerce_ajax_add_order_item_meta', $item_id, $item ); 
  686. include( 'admin/meta-boxes/views/html-order-item.php' ); 
  687.  
  688. wp_send_json_success( array( 
  689. 'html' => ob_get_clean(),  
  690. ) ); 
  691. } catch ( Exception $e ) { 
  692. wp_send_json_error( array( 'error' => $e->getMessage() ) ); 
  693.  
  694. /** 
  695. * Add order fee via ajax. 
  696. */ 
  697. public static function add_order_fee() { 
  698. check_ajax_referer( 'order-item', 'security' ); 
  699.  
  700. if ( ! current_user_can( 'edit_shop_orders' ) ) { 
  701. wp_die( -1 ); 
  702.  
  703. try { 
  704. $order_id = absint( $_POST['order_id'] ); 
  705. $order = wc_get_order( $order_id ); 
  706. $order_taxes = $order->get_taxes(); 
  707. $item = new WC_Order_Item_Fee(); 
  708. $item->set_order_id( $order_id ); 
  709. $item_id = $item->save(); 
  710.  
  711. ob_start(); 
  712. include( 'admin/meta-boxes/views/html-order-fee.php' ); 
  713.  
  714. wp_send_json_success( array( 
  715. 'html' => ob_get_clean(),  
  716. ) ); 
  717. } catch ( Exception $e ) { 
  718. wp_send_json_error( array( 'error' => $e->getMessage() ) ); 
  719.  
  720. /** 
  721. * Add order shipping cost via ajax. 
  722. */ 
  723. public static function add_order_shipping() { 
  724. check_ajax_referer( 'order-item', 'security' ); 
  725.  
  726. if ( ! current_user_can( 'edit_shop_orders' ) ) { 
  727. wp_die( -1 ); 
  728.  
  729. try { 
  730. $order_id = absint( $_POST['order_id'] ); 
  731. $order = wc_get_order( $order_id ); 
  732. $order_taxes = $order->get_taxes(); 
  733. $shipping_methods = WC()->shipping() ? WC()->shipping->load_shipping_methods() : array(); 
  734.  
  735. // Add new shipping 
  736. $item = new WC_Order_Item_Shipping(); 
  737. $item->set_shipping_rate( new WC_Shipping_Rate() ); 
  738. $item->set_order_id( $order_id ); 
  739. $item_id = $item->save(); 
  740.  
  741. ob_start(); 
  742. include( 'admin/meta-boxes/views/html-order-shipping.php' ); 
  743.  
  744. wp_send_json_success( array( 
  745. 'html' => ob_get_clean(),  
  746. ) ); 
  747. } catch ( Exception $e ) { 
  748. wp_send_json_error( array( 'error' => $e->getMessage() ) ); 
  749.  
  750. /** 
  751. * Add order tax column via ajax. 
  752. */ 
  753. public static function add_order_tax() { 
  754. check_ajax_referer( 'order-item', 'security' ); 
  755.  
  756. if ( ! current_user_can( 'edit_shop_orders' ) ) { 
  757. wp_die( -1 ); 
  758.  
  759. try { 
  760. $order_id = absint( $_POST['order_id'] ); 
  761. $rate_id = absint( $_POST['rate_id'] ); 
  762. $order = wc_get_order( $order_id ); 
  763. $data = get_post_meta( $order_id ); 
  764.  
  765. // Add new tax 
  766. $item = new WC_Order_Item_Tax(); 
  767. $item->set_rate( $rate_id ); 
  768. $item->set_order_id( $order_id ); 
  769. $item->save(); 
  770.  
  771. ob_start(); 
  772. include( 'admin/meta-boxes/views/html-order-items.php' ); 
  773.  
  774. wp_send_json_success( array( 
  775. 'html' => ob_get_clean(),  
  776. ) ); 
  777. } catch ( Exception $e ) { 
  778. wp_send_json_error( array( 'error' => $e->getMessage() ) ); 
  779.  
  780. /** 
  781. * Remove an order item. 
  782. */ 
  783. public static function remove_order_item() { 
  784. check_ajax_referer( 'order-item', 'security' ); 
  785.  
  786. if ( ! current_user_can( 'edit_shop_orders' ) ) { 
  787. wp_die( -1 ); 
  788.  
  789. $order_item_ids = $_POST['order_item_ids']; 
  790.  
  791. if ( ! is_array( $order_item_ids ) && is_numeric( $order_item_ids ) ) { 
  792. $order_item_ids = array( $order_item_ids ); 
  793.  
  794. if ( sizeof( $order_item_ids ) > 0 ) { 
  795. foreach ( $order_item_ids as $id ) { 
  796. wc_delete_order_item( absint( $id ) ); 
  797. wp_die(); 
  798.  
  799. /** 
  800. * Remove an order tax. 
  801. */ 
  802. public static function remove_order_tax() { 
  803. check_ajax_referer( 'order-item', 'security' ); 
  804.  
  805. if ( ! current_user_can( 'edit_shop_orders' ) ) { 
  806. wp_die( -1 ); 
  807.  
  808. $order_id = absint( $_POST['order_id'] ); 
  809. $rate_id = absint( $_POST['rate_id'] ); 
  810.  
  811. wc_delete_order_item( $rate_id ); 
  812.  
  813. // Return HTML items 
  814. $order = wc_get_order( $order_id ); 
  815. include( 'admin/meta-boxes/views/html-order-items.php' ); 
  816. wp_die(); 
  817.  
  818. /** 
  819. * Reduce order item stock. 
  820. */ 
  821. public static function reduce_order_item_stock() { 
  822. check_ajax_referer( 'order-item', 'security' ); 
  823. if ( ! current_user_can( 'edit_shop_orders' ) ) { 
  824. wp_die( -1 ); 
  825. $order_id = absint( $_POST['order_id'] ); 
  826. $order_item_ids = isset( $_POST['order_item_ids'] ) ? $_POST['order_item_ids'] : array(); 
  827. $order_item_qty = isset( $_POST['order_item_qty'] ) ? $_POST['order_item_qty'] : array(); 
  828. $order = wc_get_order( $order_id ); 
  829. $order_items = $order->get_items(); 
  830. $return = array(); 
  831. if ( $order && ! empty( $order_items ) && sizeof( $order_item_ids ) > 0 ) { 
  832. foreach ( $order_items as $item_id => $order_item ) { 
  833. // Only reduce checked items 
  834. if ( ! in_array( $item_id, $order_item_ids ) ) { 
  835. continue; 
  836. $_product = $order_item->get_product(); 
  837. if ( $_product && $_product->exists() && $_product->managing_stock() && isset( $order_item_qty[ $item_id ] ) && $order_item_qty[ $item_id ] > 0 ) { 
  838. $stock_change = apply_filters( 'woocommerce_reduce_order_stock_quantity', $order_item_qty[ $item_id ], $item_id ); 
  839. $new_stock = wc_update_product_stock( $_product, $stock_change, 'decrease' ); 
  840. $item_name = $_product->get_sku() ? $_product->get_sku() : $_product->get_id(); 
  841. $note = sprintf( __( 'Item %1$s stock reduced from %2$s to %3$s.', 'woocommerce' ), $item_name, $new_stock + $stock_change, $new_stock ); 
  842. $return[] = $note; 
  843. $order->add_order_note( $note ); 
  844. do_action( 'woocommerce_reduce_order_stock', $order ); 
  845. if ( empty( $return ) ) { 
  846. $return[] = __( 'No products had their stock reduced - they may not have stock management enabled.', 'woocommerce' ); 
  847. echo wp_kses_post( implode( ', ', $return ) ); 
  848. wp_die(); 
  849.  
  850. /** 
  851. * Increase order item stock. 
  852. */ 
  853. public static function increase_order_item_stock() { 
  854. check_ajax_referer( 'order-item', 'security' ); 
  855. if ( ! current_user_can( 'edit_shop_orders' ) ) { 
  856. wp_die( -1 ); 
  857. $order_id = absint( $_POST['order_id'] ); 
  858. $order_item_ids = isset( $_POST['order_item_ids'] ) ? $_POST['order_item_ids'] : array(); 
  859. $order_item_qty = isset( $_POST['order_item_qty'] ) ? $_POST['order_item_qty'] : array(); 
  860. $order = wc_get_order( $order_id ); 
  861. $order_items = $order->get_items(); 
  862. $return = array(); 
  863. if ( $order && ! empty( $order_items ) && sizeof( $order_item_ids ) > 0 ) { 
  864. foreach ( $order_items as $item_id => $order_item ) { 
  865. // Only reduce checked items 
  866. if ( ! in_array( $item_id, $order_item_ids ) ) { 
  867. continue; 
  868. $_product = $order_item->get_product(); 
  869. if ( $_product && $_product->exists() && $_product->managing_stock() && isset( $order_item_qty[ $item_id ] ) && $order_item_qty[ $item_id ] > 0 ) { 
  870. $old_stock = $_product->get_stock_quantity(); 
  871. $stock_change = apply_filters( 'woocommerce_restore_order_stock_quantity', $order_item_qty[ $item_id ], $item_id ); 
  872. $new_quantity = wc_update_product_stock( $_product, $stock_change, 'increase' ); 
  873. $item_name = $_product->get_sku() ? $_product->get_sku() : $_product->get_id(); 
  874. $note = sprintf( __( 'Item %1$s stock increased from %2$s to %3$s.', 'woocommerce' ), $item_name, $old_stock, $new_quantity ); 
  875. $return[] = $note; 
  876. $order->add_order_note( $note ); 
  877. do_action( 'woocommerce_restore_order_stock', $order ); 
  878. if ( empty( $return ) ) { 
  879. $return[] = __( 'No products had their stock increased - they may not have stock management enabled.', 'woocommerce' ); 
  880. echo wp_kses_post( implode( ', ', $return ) ); 
  881. wp_die(); 
  882.  
  883. /** 
  884. * Calc line tax. 
  885. */ 
  886. public static function calc_line_taxes() { 
  887. check_ajax_referer( 'calc-totals', 'security' ); 
  888.  
  889. if ( ! current_user_can( 'edit_shop_orders' ) ) { 
  890. wp_die( -1 ); 
  891.  
  892. $order_id = absint( $_POST['order_id'] ); 
  893. $calculate_tax_args = array( 
  894. 'country' => strtoupper( wc_clean( $_POST['country'] ) ),  
  895. 'state' => strtoupper( wc_clean( $_POST['state'] ) ),  
  896. 'postcode' => strtoupper( wc_clean( $_POST['postcode'] ) ),  
  897. 'city' => strtoupper( wc_clean( $_POST['city'] ) ),  
  898. ); 
  899.  
  900. // Parse the jQuery serialized items 
  901. $items = array(); 
  902. parse_str( $_POST['items'], $items ); 
  903.  
  904. // Save order items first 
  905. wc_save_order_items( $order_id, $items ); 
  906.  
  907. // Grab the order and recalc taxes 
  908. $order = wc_get_order( $order_id ); 
  909. $order->calculate_taxes( $calculate_tax_args ); 
  910. $order->calculate_totals( false ); 
  911. include( 'admin/meta-boxes/views/html-order-items.php' ); 
  912. wp_die(); 
  913.  
  914. /** 
  915. * Save order items via ajax. 
  916. */ 
  917. public static function save_order_items() { 
  918. check_ajax_referer( 'order-item', 'security' ); 
  919.  
  920. if ( ! current_user_can( 'edit_shop_orders' ) ) { 
  921. wp_die( -1 ); 
  922.  
  923. if ( isset( $_POST['order_id'], $_POST['items'] ) ) { 
  924. $order_id = absint( $_POST['order_id'] ); 
  925.  
  926. // Parse the jQuery serialized items 
  927. $items = array(); 
  928. parse_str( $_POST['items'], $items ); 
  929.  
  930. // Save order items 
  931. wc_save_order_items( $order_id, $items ); 
  932.  
  933. // Return HTML items 
  934. $order = wc_get_order( $order_id ); 
  935. include( 'admin/meta-boxes/views/html-order-items.php' ); 
  936. wp_die(); 
  937.  
  938. /** 
  939. * Load order items via ajax. 
  940. */ 
  941. public static function load_order_items() { 
  942. check_ajax_referer( 'order-item', 'security' ); 
  943.  
  944. if ( ! current_user_can( 'edit_shop_orders' ) ) { 
  945. wp_die( -1 ); 
  946.  
  947. // Return HTML items 
  948. $order_id = absint( $_POST['order_id'] ); 
  949. $order = wc_get_order( $order_id ); 
  950. include( 'admin/meta-boxes/views/html-order-items.php' ); 
  951. wp_die(); 
  952.  
  953. /** 
  954. * Add order note via ajax. 
  955. */ 
  956. public static function add_order_note() { 
  957. check_ajax_referer( 'add-order-note', 'security' ); 
  958.  
  959. if ( ! current_user_can( 'edit_shop_orders' ) ) { 
  960. wp_die( -1 ); 
  961.  
  962. $post_id = absint( $_POST['post_id'] ); 
  963. $note = wp_kses_post( trim( stripslashes( $_POST['note'] ) ) ); 
  964. $note_type = $_POST['note_type']; 
  965.  
  966. $is_customer_note = ( 'customer' === $note_type ) ? 1 : 0; 
  967.  
  968. if ( $post_id > 0 ) { 
  969. $order = wc_get_order( $post_id ); 
  970. $comment_id = $order->add_order_note( $note, $is_customer_note, true ); 
  971.  
  972. echo '<li rel="' . esc_attr( $comment_id ) . '" class="note '; 
  973. if ( $is_customer_note ) { 
  974. echo 'customer-note'; 
  975. echo '"><div class="note_content">'; 
  976. echo wpautop( wptexturize( $note ) ); 
  977. echo '</div><p class="meta"><a href="#" class="delete_note">' . __( 'Delete note', 'woocommerce' ) . '</a></p>'; 
  978. echo '</li>'; 
  979. wp_die(); 
  980.  
  981. /** 
  982. * Delete order note via ajax. 
  983. */ 
  984. public static function delete_order_note() { 
  985. check_ajax_referer( 'delete-order-note', 'security' ); 
  986.  
  987. if ( ! current_user_can( 'edit_shop_orders' ) ) { 
  988. wp_die( -1 ); 
  989.  
  990. $note_id = (int) $_POST['note_id']; 
  991.  
  992. if ( $note_id > 0 ) { 
  993. wp_delete_comment( $note_id ); 
  994. wp_die(); 
  995.  
  996. /** 
  997. * Search for products and echo json. 
  998. * 
  999. * @param string $term (default: '') 
  1000. * @param bool $include_variations in search or not 
  1001. */ 
  1002. public static function json_search_products( $term = '', $include_variations = false ) { 
  1003. check_ajax_referer( 'search-products', 'security' ); 
  1004.  
  1005. $term = wc_clean( empty( $term ) ? stripslashes( $_GET['term'] ) : $term ); 
  1006.  
  1007. if ( empty( $term ) ) { 
  1008. wp_die(); 
  1009.  
  1010. $data_store = WC_Data_Store::load( 'product' ); 
  1011. $ids = $data_store->search_products( $term, '', (bool) $include_variations ); 
  1012.  
  1013. if ( ! empty( $_GET['exclude'] ) ) { 
  1014. $ids = array_diff( $ids, (array) $_GET['exclude'] ); 
  1015.  
  1016. if ( ! empty( $_GET['include'] ) ) { 
  1017. $ids = array_intersect( $ids, (array) $_GET['include'] ); 
  1018.  
  1019. if ( ! empty( $_GET['limit'] ) ) { 
  1020. $ids = array_slice( $ids, 0, absint( $_GET['limit'] ) ); 
  1021.  
  1022. $product_objects = array_filter( array_map( 'wc_get_product', $ids ), 'wc_products_array_filter_editable' ); 
  1023. $products = array(); 
  1024.  
  1025. foreach ( $product_objects as $product_object ) { 
  1026. $products[ $product_object->get_id() ] = rawurldecode( $product_object->get_formatted_name() ); 
  1027.  
  1028. wp_send_json( apply_filters( 'woocommerce_json_search_found_products', $products ) ); 
  1029.  
  1030. /** 
  1031. * Search for product variations and return json. 
  1032. * 
  1033. * @see WC_AJAX::json_search_products() 
  1034. */ 
  1035. public static function json_search_products_and_variations() { 
  1036. self::json_search_products( '', true ); 
  1037.  
  1038. /** 
  1039. * Search for downloadable product variations and return json. 
  1040. * 
  1041. * @see WC_AJAX::json_search_products() 
  1042. */ 
  1043. public static function json_search_downloadable_products_and_variations() { 
  1044. check_ajax_referer( 'search-products', 'security' ); 
  1045.  
  1046. $term = (string) wc_clean( stripslashes( $_GET['term'] ) ); 
  1047. $data_store = WC_Data_Store::load( 'product' ); 
  1048. $ids = $data_store->search_products( $term, 'downloadable', true ); 
  1049.  
  1050. if ( ! empty( $_GET['exclude'] ) ) { 
  1051. $ids = array_diff( $ids, (array) $_GET['exclude'] ); 
  1052.  
  1053. if ( ! empty( $_GET['include'] ) ) { 
  1054. $ids = array_intersect( $ids, (array) $_GET['include'] ); 
  1055.  
  1056. if ( ! empty( $_GET['limit'] ) ) { 
  1057. $ids = array_slice( $ids, 0, absint( $_GET['limit'] ) ); 
  1058.  
  1059. $product_objects = array_filter( array_map( 'wc_get_product', $ids ), 'wc_products_array_filter_editable' ); 
  1060. $products = array(); 
  1061.  
  1062. foreach ( $product_objects as $product_object ) { 
  1063. $products[ $product_object->get_id() ] = rawurldecode( $product_object->get_formatted_name() ); 
  1064.  
  1065. wp_send_json( $products ); 
  1066.  
  1067. /** 
  1068. * Search for customers and return json. 
  1069. */ 
  1070. public static function json_search_customers() { 
  1071. ob_start(); 
  1072.  
  1073. check_ajax_referer( 'search-customers', 'security' ); 
  1074.  
  1075. if ( ! current_user_can( 'edit_shop_orders' ) ) { 
  1076. wp_die( -1 ); 
  1077.  
  1078. $term = wc_clean( stripslashes( $_GET['term'] ) ); 
  1079. $exclude = array(); 
  1080.  
  1081. if ( empty( $term ) ) { 
  1082. wp_die(); 
  1083.  
  1084. // Stop if it is not numeric and smaller than 3 characters. 
  1085. if ( ! is_numeric( $term ) && 2 >= strlen( $term ) ) { 
  1086. wp_die(); 
  1087.  
  1088. // Search by ID. 
  1089. if ( is_numeric( $term ) ) { 
  1090. $customer = new WC_Customer( intval( $term ) ); 
  1091.  
  1092. // Customer does not exists. 
  1093. if ( 0 === $customer->get_id() ) { 
  1094. wp_die(); 
  1095.  
  1096. $ids = array( $customer->get_id() ); 
  1097. } else { 
  1098. $data_store = WC_Data_Store::load( 'customer' ); 
  1099. $ids = $data_store->search_customers( $term ); 
  1100.  
  1101. $found_customers = array(); 
  1102.  
  1103. if ( ! empty( $_GET['exclude'] ) ) { 
  1104. $ids = array_diff( $ids, (array) $_GET['exclude'] ); 
  1105.  
  1106. foreach ( $ids as $id ) { 
  1107. $customer = new WC_Customer( $id ); 
  1108. /** translators: 1: user display name 2: user ID 3: user email */ 
  1109. $found_customers[ $id ] = sprintf( 
  1110. esc_html__( '%1$s (#%2$s – %3$s)', 'woocommerce' ),  
  1111. $customer->get_first_name() . ' ' . $customer->get_last_name(),  
  1112. $customer->get_id(),  
  1113. $customer->get_email() 
  1114. ); 
  1115.  
  1116. wp_send_json( apply_filters( 'woocommerce_json_search_found_customers', $found_customers ) ); 
  1117.  
  1118. /** 
  1119. * Ajax request handling for categories ordering. 
  1120. */ 
  1121. public static function term_ordering() { 
  1122.  
  1123. // check permissions again and make sure we have what we need 
  1124. if ( ! current_user_can( 'edit_products' ) || empty( $_POST['id'] ) ) { 
  1125. wp_die( -1 ); 
  1126.  
  1127. $id = (int) $_POST['id']; 
  1128. $next_id = isset( $_POST['nextid'] ) && (int) $_POST['nextid'] ? (int) $_POST['nextid'] : null; 
  1129. $taxonomy = isset( $_POST['thetaxonomy'] ) ? esc_attr( $_POST['thetaxonomy'] ) : null; 
  1130. $term = get_term_by( 'id', $id, $taxonomy ); 
  1131.  
  1132. if ( ! $id || ! $term || ! $taxonomy ) { 
  1133. wp_die( 0 ); 
  1134.  
  1135. wc_reorder_terms( $term, $next_id, $taxonomy ); 
  1136.  
  1137. $children = get_terms( $taxonomy, "child_of=$id&menu_order=ASC&hide_empty=0" ); 
  1138.  
  1139. if ( $term && sizeof( $children ) ) { 
  1140. echo 'children'; 
  1141. wp_die(); 
  1142.  
  1143. /** 
  1144. * Ajax request handling for product ordering. 
  1145. * 
  1146. * Based on Simple Page Ordering by 10up (https://wordpress.org/plugins/simple-page-ordering/). 
  1147. */ 
  1148. public static function product_ordering() { 
  1149. global $wpdb; 
  1150.  
  1151. if ( ! current_user_can( 'edit_products' ) || empty( $_POST['id'] ) ) { 
  1152. wp_die( -1 ); 
  1153.  
  1154. $sorting_id = absint( $_POST['id'] ); 
  1155. $previd = absint( isset( $_POST['previd'] ) ? $_POST['previd'] : 0 ); 
  1156. $nextid = absint( isset( $_POST['nextid'] ) ? $_POST['nextid'] : 0 ); 
  1157. $menu_orders = wp_list_pluck( $wpdb->get_results( "SELECT ID, menu_order FROM {$wpdb->posts} WHERE post_type = 'product' ORDER BY menu_order ASC, post_title ASC" ), 'menu_order', 'ID' ); 
  1158. $index = 0; 
  1159.  
  1160. foreach ( $menu_orders as $id => $menu_order ) { 
  1161. $id = absint( $id ); 
  1162.  
  1163. if ( $sorting_id === $id ) { 
  1164. continue; 
  1165. if ( $nextid === $id ) { 
  1166. $index ++; 
  1167. $index ++; 
  1168. $menu_orders[ $id ] = $index; 
  1169. $wpdb->update( $wpdb->posts, array( 'menu_order' => $index ), array( 'ID' => $id ) ); 
  1170.  
  1171. if ( isset( $menu_orders[ $previd ] ) ) { 
  1172. $menu_orders[ $sorting_id ] = $menu_orders[ $previd ] + 1; 
  1173. } elseif ( isset( $menu_orders[ $nextid ] ) ) { 
  1174. $menu_orders[ $sorting_id ] = $menu_orders[ $nextid ] - 1; 
  1175. } else { 
  1176. $menu_orders[ $sorting_id ] = 0; 
  1177.  
  1178. $wpdb->update( $wpdb->posts, array( 'menu_order' => $menu_orders[ $sorting_id ] ), array( 'ID' => $sorting_id ) ); 
  1179.  
  1180. do_action( 'woocommerce_after_product_ordering' ); 
  1181. wp_send_json( $menu_orders ); 
  1182.  
  1183. /** 
  1184. * Handle a refund via the edit order screen. 
  1185. */ 
  1186. public static function refund_line_items() { 
  1187. ob_start(); 
  1188.  
  1189. check_ajax_referer( 'order-item', 'security' ); 
  1190.  
  1191. if ( ! current_user_can( 'edit_shop_orders' ) ) { 
  1192. wp_die( -1 ); 
  1193.  
  1194. $order_id = absint( $_POST['order_id'] ); 
  1195. $refund_amount = wc_format_decimal( sanitize_text_field( $_POST['refund_amount'] ), wc_get_price_decimals() ); 
  1196. $refund_reason = sanitize_text_field( $_POST['refund_reason'] ); 
  1197. $line_item_qtys = json_decode( sanitize_text_field( stripslashes( $_POST['line_item_qtys'] ) ), true ); 
  1198. $line_item_totals = json_decode( sanitize_text_field( stripslashes( $_POST['line_item_totals'] ) ), true ); 
  1199. $line_item_tax_totals = json_decode( sanitize_text_field( stripslashes( $_POST['line_item_tax_totals'] ) ), true ); 
  1200. $api_refund = 'true' === $_POST['api_refund']; 
  1201. $restock_refunded_items = 'true' === $_POST['restock_refunded_items']; 
  1202. $refund = false; 
  1203. $response_data = array(); 
  1204.  
  1205. try { 
  1206. $order = wc_get_order( $order_id ); 
  1207. $order_items = $order->get_items(); 
  1208. $max_refund = wc_format_decimal( $order->get_total() - $order->get_total_refunded(), wc_get_price_decimals() ); 
  1209.  
  1210. if ( ! $refund_amount || $max_refund < $refund_amount || 0 > $refund_amount ) { 
  1211. throw new exception( __( 'Invalid refund amount', 'woocommerce' ) ); 
  1212.  
  1213. // Prepare line items which we are refunding 
  1214. $line_items = array(); 
  1215. $item_ids = array_unique( array_merge( array_keys( $line_item_qtys, $line_item_totals ) ) ); 
  1216.  
  1217. foreach ( $item_ids as $item_id ) { 
  1218. $line_items[ $item_id ] = array( 'qty' => 0, 'refund_total' => 0, 'refund_tax' => array() ); 
  1219. foreach ( $line_item_qtys as $item_id => $qty ) { 
  1220. $line_items[ $item_id ]['qty'] = max( $qty, 0 ); 
  1221. foreach ( $line_item_totals as $item_id => $total ) { 
  1222. $line_items[ $item_id ]['refund_total'] = wc_format_decimal( $total ); 
  1223. foreach ( $line_item_tax_totals as $item_id => $tax_totals ) { 
  1224. $line_items[ $item_id ]['refund_tax'] = array_filter( array_map( 'wc_format_decimal', $tax_totals ) ); 
  1225.  
  1226. // Create the refund object. 
  1227. $refund = wc_create_refund( array( 
  1228. 'amount' => $refund_amount,  
  1229. 'reason' => $refund_reason,  
  1230. 'order_id' => $order_id,  
  1231. 'line_items' => $line_items,  
  1232. 'refund_payment' => $api_refund,  
  1233. 'restock_items' => $restock_refunded_items,  
  1234. ) ); 
  1235.  
  1236. if ( is_wp_error( $refund ) ) { 
  1237. throw new Exception( $refund->get_error_message() ); 
  1238.  
  1239. if ( did_action( 'woocommerce_order_fully_refunded' ) ) { 
  1240. $response_data['status'] = 'fully_refunded'; 
  1241.  
  1242. wp_send_json_success( $response_data ); 
  1243.  
  1244. } catch ( Exception $e ) { 
  1245. if ( $refund && is_a( $refund, 'WC_Order_Refund' ) ) { 
  1246. wp_delete_post( $refund->get_id(), true ); 
  1247. wp_send_json_error( array( 'error' => $e->getMessage() ) ); 
  1248.  
  1249. /** 
  1250. * Delete a refund. 
  1251. */ 
  1252. public static function delete_refund() { 
  1253. check_ajax_referer( 'order-item', 'security' ); 
  1254.  
  1255. if ( ! current_user_can( 'edit_shop_orders' ) ) { 
  1256. wp_die( -1 ); 
  1257.  
  1258. $refund_ids = array_map( 'absint', is_array( $_POST['refund_id'] ) ? $_POST['refund_id'] : array( $_POST['refund_id'] ) ); 
  1259. foreach ( $refund_ids as $refund_id ) { 
  1260. if ( $refund_id && 'shop_order_refund' === get_post_type( $refund_id ) ) { 
  1261. $refund = wc_get_order( $refund_id ); 
  1262. $order_id = $refund->get_parent_id(); 
  1263. $refund->delete( true ); 
  1264. do_action( 'woocommerce_refund_deleted', $refund_id, $order_id ); 
  1265. wp_die(); 
  1266.  
  1267. /** 
  1268. * Triggered when clicking the rating footer. 
  1269. */ 
  1270. public static function rated() { 
  1271. if ( ! current_user_can( 'manage_woocommerce' ) ) { 
  1272. wp_die( -1 ); 
  1273. update_option( 'woocommerce_admin_footer_text_rated', 1 ); 
  1274. wp_die(); 
  1275.  
  1276. /** 
  1277. * Create/Update API key. 
  1278. */ 
  1279. public static function update_api_key() { 
  1280. ob_start(); 
  1281.  
  1282. global $wpdb; 
  1283.  
  1284. check_ajax_referer( 'update-api-key', 'security' ); 
  1285.  
  1286. if ( ! current_user_can( 'manage_woocommerce' ) ) { 
  1287. wp_die( -1 ); 
  1288.  
  1289. try { 
  1290. if ( empty( $_POST['description'] ) ) { 
  1291. throw new Exception( __( 'Description is missing.', 'woocommerce' ) ); 
  1292. if ( empty( $_POST['user'] ) ) { 
  1293. throw new Exception( __( 'User is missing.', 'woocommerce' ) ); 
  1294. if ( empty( $_POST['permissions'] ) ) { 
  1295. throw new Exception( __( 'Permissions is missing.', 'woocommerce' ) ); 
  1296.  
  1297. $key_id = absint( $_POST['key_id'] ); 
  1298. $description = sanitize_text_field( wp_unslash( $_POST['description'] ) ); 
  1299. $permissions = ( in_array( $_POST['permissions'], array( 'read', 'write', 'read_write' ) ) ) ? sanitize_text_field( $_POST['permissions'] ) : 'read'; 
  1300. $user_id = absint( $_POST['user'] ); 
  1301.  
  1302. if ( 0 < $key_id ) { 
  1303. $data = array( 
  1304. 'user_id' => $user_id,  
  1305. 'description' => $description,  
  1306. 'permissions' => $permissions,  
  1307. ); 
  1308.  
  1309. $wpdb->update( 
  1310. $wpdb->prefix . 'woocommerce_api_keys',  
  1311. $data,  
  1312. array( 'key_id' => $key_id ),  
  1313. array( 
  1314. '%d',  
  1315. '%s',  
  1316. '%s',  
  1317. ),  
  1318. array( '%d' ) 
  1319. ); 
  1320.  
  1321. $data['consumer_key'] = ''; 
  1322. $data['consumer_secret'] = ''; 
  1323. $data['message'] = __( 'API Key updated successfully.', 'woocommerce' ); 
  1324. } else { 
  1325. $consumer_key = 'ck_' . wc_rand_hash(); 
  1326. $consumer_secret = 'cs_' . wc_rand_hash(); 
  1327.  
  1328. $data = array( 
  1329. 'user_id' => $user_id,  
  1330. 'description' => $description,  
  1331. 'permissions' => $permissions,  
  1332. 'consumer_key' => wc_api_hash( $consumer_key ),  
  1333. 'consumer_secret' => $consumer_secret,  
  1334. 'truncated_key' => substr( $consumer_key, -7 ),  
  1335. ); 
  1336.  
  1337. $wpdb->insert( 
  1338. $wpdb->prefix . 'woocommerce_api_keys',  
  1339. $data,  
  1340. array( 
  1341. '%d',  
  1342. '%s',  
  1343. '%s',  
  1344. '%s',  
  1345. '%s',  
  1346. '%s',  
  1347. ); 
  1348.  
  1349. $key_id = $wpdb->insert_id; 
  1350. $data['consumer_key'] = $consumer_key; 
  1351. $data['consumer_secret'] = $consumer_secret; 
  1352. $data['message'] = __( 'API Key generated successfully. Make sure to copy your new API keys now. You won\'t be able to see it again!', 'woocommerce' ); 
  1353. $data['revoke_url'] = '<a style="color: #a00; text-decoration: none;" href="' . esc_url( wp_nonce_url( add_query_arg( array( 'revoke-key' => $key_id ), admin_url( 'admin.php?page=wc-settings&tab=api§ion=keys' ) ), 'revoke' ) ) . '">' . __( 'Revoke key', 'woocommerce' ) . '</a>'; 
  1354.  
  1355. wp_send_json_success( $data ); 
  1356. } catch ( Exception $e ) { 
  1357. wp_send_json_error( array( 'message' => $e->getMessage() ) ); 
  1358.  
  1359. /** 
  1360. * Load variations via AJAX. 
  1361. */ 
  1362. public static function load_variations() { 
  1363. ob_start(); 
  1364.  
  1365. check_ajax_referer( 'load-variations', 'security' ); 
  1366.  
  1367. if ( ! current_user_can( 'edit_products' ) || empty( $_POST['product_id'] ) ) { 
  1368. wp_die( -1 ); 
  1369.  
  1370. // Set $post global so its available, like within the admin screens 
  1371. global $post; 
  1372.  
  1373. $loop = 0; 
  1374. $product_id = absint( $_POST['product_id'] ); 
  1375. $post = get_post( $product_id ); 
  1376. $product_object = wc_get_product( $product_id ); 
  1377. $per_page = ! empty( $_POST['per_page'] ) ? absint( $_POST['per_page'] ) : 10; 
  1378. $page = ! empty( $_POST['page'] ) ? absint( $_POST['page'] ) : 1; 
  1379. $variations = wc_get_products( array( 
  1380. 'status' => array( 'private', 'publish' ),  
  1381. 'type' => 'variation',  
  1382. 'parent' => $product_id,  
  1383. 'limit' => $per_page,  
  1384. 'page' => $page,  
  1385. 'orderby' => array( 
  1386. 'menu_order' => 'ASC',  
  1387. 'ID' => 'DESC',  
  1388. ),  
  1389. 'return' => 'objects',  
  1390. ) ); 
  1391.  
  1392. if ( $variations ) { 
  1393. foreach ( $variations as $variation_object ) { 
  1394. $variation_id = $variation_object->get_id(); 
  1395. $variation = get_post( $variation_id ); 
  1396. $variation_data = array_merge( array_map( 'maybe_unserialize', get_post_custom( $variation_id ) ), wc_get_product_variation_attributes( $variation_id ) ); // kept for BW compat. 
  1397. include( 'admin/meta-boxes/views/html-variation-admin.php' ); 
  1398. $loop++; 
  1399. wp_die(); 
  1400.  
  1401. /** 
  1402. * Save variations via AJAX. 
  1403. */ 
  1404. public static function save_variations() { 
  1405. ob_start(); 
  1406.  
  1407. check_ajax_referer( 'save-variations', 'security' ); 
  1408.  
  1409. // Check permissions again and make sure we have what we need 
  1410. if ( ! current_user_can( 'edit_products' ) || empty( $_POST ) || empty( $_POST['product_id'] ) ) { 
  1411. wp_die( -1 ); 
  1412.  
  1413. $product_id = absint( $_POST['product_id'] ); 
  1414. WC_Admin_Meta_Boxes::$meta_box_errors = array(); 
  1415. WC_Meta_Box_Product_Data::save_variations( $product_id, get_post( $product_id ) ); 
  1416.  
  1417. do_action( 'woocommerce_ajax_save_product_variations', $product_id ); 
  1418.  
  1419. if ( $errors = WC_Admin_Meta_Boxes::$meta_box_errors ) { 
  1420. echo '<div class="error notice is-dismissible">'; 
  1421.  
  1422. foreach ( $errors as $error ) { 
  1423. echo '<p>' . wp_kses_post( $error ) . '</p>'; 
  1424.  
  1425. echo '<button type="button" class="notice-dismiss"><span class="screen-reader-text">' . __( 'Dismiss this notice.', 'woocommerce' ) . '</span></button>'; 
  1426. echo '</div>'; 
  1427.  
  1428. delete_option( 'woocommerce_meta_box_errors' ); 
  1429.  
  1430. wp_die(); 
  1431.  
  1432. /** 
  1433. * Bulk action - Toggle Enabled. 
  1434. * @access private 
  1435. * @used-by bulk_edit_variations 
  1436. * @param array $variations 
  1437. * @param array $data 
  1438. */ 
  1439. private static function variation_bulk_action_toggle_enabled( $variations, $data ) { 
  1440. foreach ( $variations as $variation_id ) { 
  1441. $variation = wc_get_product( $variation_id ); 
  1442. $variation->set_status( 'private' === $variation->get_status( 'edit' ) ? 'publish' : 'private' ); 
  1443. $variation->save(); 
  1444.  
  1445. /** 
  1446. * Bulk action - Toggle Downloadable Checkbox. 
  1447. * @access private 
  1448. * @used-by bulk_edit_variations 
  1449. * @param array $variations 
  1450. * @param array $data 
  1451. */ 
  1452. private static function variation_bulk_action_toggle_downloadable( $variations, $data ) { 
  1453. self::variation_bulk_toggle( $variations, 'downloadable' ); 
  1454.  
  1455. /** 
  1456. * Bulk action - Toggle Virtual Checkbox. 
  1457. * @access private 
  1458. * @used-by bulk_edit_variations 
  1459. * @param array $variations 
  1460. * @param array $data 
  1461. */ 
  1462. private static function variation_bulk_action_toggle_virtual( $variations, $data ) { 
  1463. self::variation_bulk_toggle( $variations, 'virtual' ); 
  1464.  
  1465. /** 
  1466. * Bulk action - Toggle Manage Stock Checkbox. 
  1467. * @access private 
  1468. * @used-by bulk_edit_variations 
  1469. * @param array $variations 
  1470. * @param array $data 
  1471. */ 
  1472. private static function variation_bulk_action_toggle_manage_stock( $variations, $data ) { 
  1473. self::variation_bulk_toggle( $variations, 'manage_stock' ); 
  1474.  
  1475. /** 
  1476. * Bulk action - Set Regular Prices. 
  1477. * @access private 
  1478. * @used-by bulk_edit_variations 
  1479. * @param array $variations 
  1480. * @param array $data 
  1481. */ 
  1482. private static function variation_bulk_action_variable_regular_price( $variations, $data ) { 
  1483. self::variation_bulk_set( $variations, 'regular_price', $data['value'] ); 
  1484.  
  1485. /** 
  1486. * Bulk action - Set Sale Prices. 
  1487. * @access private 
  1488. * @used-by bulk_edit_variations 
  1489. * @param array $variations 
  1490. * @param array $data 
  1491. */ 
  1492. private static function variation_bulk_action_variable_sale_price( $variations, $data ) { 
  1493. self::variation_bulk_set( $variations, 'sale_price', $data['value'] ); 
  1494.  
  1495. /** 
  1496. * Bulk action - Set Stock. 
  1497. * @access private 
  1498. * @used-by bulk_edit_variations 
  1499. * @param array $variations 
  1500. * @param array $data 
  1501. */ 
  1502. private static function variation_bulk_action_variable_stock( $variations, $data ) { 
  1503. if ( ! isset( $data['value'] ) ) { 
  1504. return; 
  1505.  
  1506. $quantity = wc_stock_amount( wc_clean( $data['value'] ) ); 
  1507.  
  1508. foreach ( $variations as $variation_id ) { 
  1509. $variation = wc_get_product( $variation_id ); 
  1510. if ( $variation->managing_stock() ) { 
  1511. $variation->set_stock_quantity( $quantity ); 
  1512. } else { 
  1513. $variation->set_stock_quantity( null ); 
  1514. $variation->save(); 
  1515.  
  1516. /** 
  1517. * Bulk action - Set Weight. 
  1518. * @access private 
  1519. * @used-by bulk_edit_variations 
  1520. * @param array $variations 
  1521. * @param array $data 
  1522. */ 
  1523. private static function variation_bulk_action_variable_weight( $variations, $data ) { 
  1524. self::variation_bulk_set( $variations, 'weight', $data['value'] ); 
  1525.  
  1526. /** 
  1527. * Bulk action - Set Length. 
  1528. * @access private 
  1529. * @used-by bulk_edit_variations 
  1530. * @param array $variations 
  1531. * @param array $data 
  1532. */ 
  1533. private static function variation_bulk_action_variable_length( $variations, $data ) { 
  1534. self::variation_bulk_set( $variations, 'length', $data['value'] ); 
  1535.  
  1536. /** 
  1537. * Bulk action - Set Width. 
  1538. * @access private 
  1539. * @used-by bulk_edit_variations 
  1540. * @param array $variations 
  1541. * @param array $data 
  1542. */ 
  1543. private static function variation_bulk_action_variable_width( $variations, $data ) { 
  1544. self::variation_bulk_set( $variations, 'width', $data['value'] ); 
  1545.  
  1546. /** 
  1547. * Bulk action - Set Height. 
  1548. * @access private 
  1549. * @used-by bulk_edit_variations 
  1550. * @param array $variations 
  1551. * @param array $data 
  1552. */ 
  1553. private static function variation_bulk_action_variable_height( $variations, $data ) { 
  1554. self::variation_bulk_set( $variations, 'height', $data['value'] ); 
  1555.  
  1556. /** 
  1557. * Bulk action - Set Download Limit. 
  1558. * @access private 
  1559. * @used-by bulk_edit_variations 
  1560. * @param array $variations 
  1561. * @param array $data 
  1562. */ 
  1563. private static function variation_bulk_action_variable_download_limit( $variations, $data ) { 
  1564. self::variation_bulk_set( $variations, 'download_limit', $data['value'] ); 
  1565.  
  1566. /** 
  1567. * Bulk action - Set Download Expiry. 
  1568. * @access private 
  1569. * @used-by bulk_edit_variations 
  1570. * @param array $variations 
  1571. * @param array $data 
  1572. */ 
  1573. private static function variation_bulk_action_variable_download_expiry( $variations, $data ) { 
  1574. self::variation_bulk_set( $variations, 'download_expiry', $data['value'] ); 
  1575.  
  1576. /** 
  1577. * Bulk action - Delete all. 
  1578. * @access private 
  1579. * @used-by bulk_edit_variations 
  1580. * @param array $variations 
  1581. * @param array $data 
  1582. */ 
  1583. private static function variation_bulk_action_delete_all( $variations, $data ) { 
  1584. if ( isset( $data['allowed'] ) && 'true' === $data['allowed'] ) { 
  1585. foreach ( $variations as $variation_id ) { 
  1586. $variation = wc_get_product( $variation_id ); 
  1587. $variation->delete( true ); 
  1588.  
  1589. /** 
  1590. * Bulk action - Sale Schedule. 
  1591. * @access private 
  1592. * @used-by bulk_edit_variations 
  1593. * @param array $variations 
  1594. * @param array $data 
  1595. */ 
  1596. private static function variation_bulk_action_variable_sale_schedule( $variations, $data ) { 
  1597. if ( ! isset( $data['date_from'] ) && ! isset( $data['date_to'] ) ) { 
  1598. return; 
  1599.  
  1600. foreach ( $variations as $variation_id ) { 
  1601. $variation = wc_get_product( $variation_id ); 
  1602.  
  1603. if ( 'false' !== $data['date_from'] ) { 
  1604. $variation->set_date_on_sale_from( wc_clean( $data['date_from'] ) ); 
  1605.  
  1606. if ( 'false' !== $data['date_to'] ) { 
  1607. $variation->set_date_on_sale_to( wc_clean( $data['date_to'] ) ); 
  1608.  
  1609. $variation->save(); 
  1610.  
  1611. /** 
  1612. * Bulk action - Increase Regular Prices. 
  1613. * @access private 
  1614. * @used-by bulk_edit_variations 
  1615. * @param array $variations 
  1616. * @param array $data 
  1617. */ 
  1618. private static function variation_bulk_action_variable_regular_price_increase( $variations, $data ) { 
  1619. self::variation_bulk_adjust_price( $variations, 'regular_price', '+', wc_clean( $data['value'] ) ); 
  1620.  
  1621. /** 
  1622. * Bulk action - Decrease Regular Prices. 
  1623. * @access private 
  1624. * @used-by bulk_edit_variations 
  1625. * @param array $variations 
  1626. * @param array $data 
  1627. */ 
  1628. private static function variation_bulk_action_variable_regular_price_decrease( $variations, $data ) { 
  1629. self::variation_bulk_adjust_price( $variations, 'regular_price', '-', wc_clean( $data['value'] ) ); 
  1630.  
  1631. /** 
  1632. * Bulk action - Increase Sale Prices. 
  1633. * @access private 
  1634. * @used-by bulk_edit_variations 
  1635. * @param array $variations 
  1636. * @param array $data 
  1637. */ 
  1638. private static function variation_bulk_action_variable_sale_price_increase( $variations, $data ) { 
  1639. self::variation_bulk_adjust_price( $variations, 'sale_price', '+', wc_clean( $data['value'] ) ); 
  1640.  
  1641. /** 
  1642. * Bulk action - Decrease Sale Prices. 
  1643. * @access private 
  1644. * @used-by bulk_edit_variations 
  1645. * @param array $variations 
  1646. * @param array $data 
  1647. */ 
  1648. private static function variation_bulk_action_variable_sale_price_decrease( $variations, $data ) { 
  1649. self::variation_bulk_adjust_price( $variations, 'sale_price', '-', wc_clean( $data['value'] ) ); 
  1650.  
  1651. /** 
  1652. * Bulk action - Set Price. 
  1653. * @access private 
  1654. * @used-by bulk_edit_variations 
  1655. * @param array $variations 
  1656. * @param string $operator + or - 
  1657. * @param string $field price being adjusted _regular_price or _sale_price 
  1658. * @param string $value Price or Percent 
  1659. */ 
  1660. private static function variation_bulk_adjust_price( $variations, $field, $operator, $value ) { 
  1661. foreach ( $variations as $variation_id ) { 
  1662. $variation = wc_get_product( $variation_id ); 
  1663. $field_value = $variation->{"get_$field"}( 'edit' ); 
  1664.  
  1665. if ( '%' === substr( $value, -1 ) ) { 
  1666. $percent = wc_format_decimal( substr( $value, 0, -1 ) ); 
  1667. $field_value += ( ( $field_value / 100 ) * $percent ) * "{$operator}1"; 
  1668. } else { 
  1669. $field_value += $value * "{$operator}1"; 
  1670.  
  1671. $variation->{"set_$field"}( $field_value ); 
  1672. $variation->save(); 
  1673.  
  1674. /** 
  1675. * Bulk set convenience function. 
  1676. * @access private 
  1677. * @param array $variations 
  1678. * @param string $field 
  1679. * @param string $value 
  1680. */ 
  1681. private static function variation_bulk_set( $variations, $field, $value ) { 
  1682. foreach ( $variations as $variation_id ) { 
  1683. $variation = wc_get_product( $variation_id ); 
  1684. $variation->{ "set_$field" }( wc_clean( $value ) ); 
  1685. $variation->save(); 
  1686.  
  1687. /** 
  1688. * Bulk toggle convenience function. 
  1689. * @access private 
  1690. * @param array $variations 
  1691. * @param string $field 
  1692. */ 
  1693. private static function variation_bulk_toggle( $variations, $field ) { 
  1694. foreach ( $variations as $variation_id ) { 
  1695. $variation = wc_get_product( $variation_id ); 
  1696. $prev_value = $variation->{ "get_$field" }( 'edit' ); 
  1697. $variation->{ "set_$field" }( ! $prev_value ); 
  1698. $variation->save(); 
  1699.  
  1700. /** 
  1701. * Bulk edit variations via AJAX. 
  1702. * @uses WC_AJAX::variation_bulk_set() 
  1703. * @uses WC_AJAX::variation_bulk_adjust_price() 
  1704. * @uses WC_AJAX::variation_bulk_action_variable_sale_price_decrease() 
  1705. * @uses WC_AJAX::variation_bulk_action_variable_sale_price_increase() 
  1706. * @uses WC_AJAX::variation_bulk_action_variable_regular_price_decrease() 
  1707. * @uses WC_AJAX::variation_bulk_action_variable_regular_price_increase() 
  1708. * @uses WC_AJAX::variation_bulk_action_variable_sale_schedule() 
  1709. * @uses WC_AJAX::variation_bulk_action_delete_all() 
  1710. * @uses WC_AJAX::variation_bulk_action_variable_download_expiry() 
  1711. * @uses WC_AJAX::variation_bulk_action_variable_download_limit() 
  1712. * @uses WC_AJAX::variation_bulk_action_variable_height() 
  1713. * @uses WC_AJAX::variation_bulk_action_variable_width() 
  1714. * @uses WC_AJAX::variation_bulk_action_variable_length() 
  1715. * @uses WC_AJAX::variation_bulk_action_variable_weight() 
  1716. * @uses WC_AJAX::variation_bulk_action_variable_stock() 
  1717. * @uses WC_AJAX::variation_bulk_action_variable_sale_price() 
  1718. * @uses WC_AJAX::variation_bulk_action_variable_regular_price() 
  1719. * @uses WC_AJAX::variation_bulk_action_toggle_manage_stock() 
  1720. * @uses WC_AJAX::variation_bulk_action_toggle_virtual() 
  1721. * @uses WC_AJAX::variation_bulk_action_toggle_downloadable() 
  1722. * @uses WC_AJAX::variation_bulk_action_toggle_enabled 
  1723. */ 
  1724. public static function bulk_edit_variations() { 
  1725. ob_start(); 
  1726.  
  1727. check_ajax_referer( 'bulk-edit-variations', 'security' ); 
  1728.  
  1729. // Check permissions again and make sure we have what we need 
  1730. if ( ! current_user_can( 'edit_products' ) || empty( $_POST['product_id'] ) || empty( $_POST['bulk_action'] ) ) { 
  1731. wp_die( -1 ); 
  1732.  
  1733. $product_id = absint( $_POST['product_id'] ); 
  1734. $bulk_action = wc_clean( $_POST['bulk_action'] ); 
  1735. $data = ! empty( $_POST['data'] ) ? array_map( 'wc_clean', $_POST['data'] ) : array(); 
  1736. $variations = array(); 
  1737.  
  1738. if ( apply_filters( 'woocommerce_bulk_edit_variations_need_children', true ) ) { 
  1739. $variations = get_posts( array( 
  1740. 'post_parent' => $product_id,  
  1741. 'posts_per_page' => -1,  
  1742. 'post_type' => 'product_variation',  
  1743. 'fields' => 'ids',  
  1744. 'post_status' => array( 'publish', 'private' ),  
  1745. ) ); 
  1746.  
  1747. if ( method_exists( __CLASS__, "variation_bulk_action_$bulk_action" ) ) { 
  1748. call_user_func( array( __CLASS__, "variation_bulk_action_$bulk_action" ), $variations, $data ); 
  1749. } else { 
  1750. do_action( 'woocommerce_bulk_edit_variations_default', $bulk_action, $data, $product_id, $variations ); 
  1751.  
  1752. do_action( 'woocommerce_bulk_edit_variations', $bulk_action, $data, $product_id, $variations ); 
  1753. WC_Product_Variable::sync( $product_id ); 
  1754. wc_delete_product_transients( $product_id ); 
  1755. wp_die(); 
  1756.  
  1757. /** 
  1758. * Handle submissions from assets/js/settings-views-html-settings-tax.js Backbone model. 
  1759. */ 
  1760. public static function tax_rates_save_changes() { 
  1761. if ( ! isset( $_POST['wc_tax_nonce'], $_POST['changes'] ) ) { 
  1762. wp_send_json_error( 'missing_fields' ); 
  1763. exit; 
  1764.  
  1765. $current_class = ! empty( $_POST['current_class'] ) ? $_POST['current_class'] : ''; // This is sanitized seven lines later. 
  1766.  
  1767. if ( ! wp_verify_nonce( $_POST['wc_tax_nonce'], 'wc_tax_nonce-class:' . $current_class ) ) { 
  1768. wp_send_json_error( 'bad_nonce' ); 
  1769. exit; 
  1770.  
  1771. $current_class = WC_Tax::format_tax_rate_class( $current_class ); 
  1772.  
  1773. // Check User Caps 
  1774. if ( ! current_user_can( 'manage_woocommerce' ) ) { 
  1775. wp_send_json_error( 'missing_capabilities' ); 
  1776. exit; 
  1777.  
  1778. $changes = $_POST['changes']; 
  1779. foreach ( $changes as $tax_rate_id => $data ) { 
  1780. if ( isset( $data['deleted'] ) ) { 
  1781. if ( isset( $data['newRow'] ) ) { 
  1782. // So the user added and deleted a new row. 
  1783. // That's fine, it's not in the database anyways. NEXT! 
  1784. continue; 
  1785. WC_Tax::_delete_tax_rate( $tax_rate_id ); 
  1786.  
  1787. $tax_rate = array_intersect_key( $data, array( 
  1788. 'tax_rate_country' => 1,  
  1789. 'tax_rate_state' => 1,  
  1790. 'tax_rate' => 1,  
  1791. 'tax_rate_name' => 1,  
  1792. 'tax_rate_priority' => 1,  
  1793. 'tax_rate_compound' => 1,  
  1794. 'tax_rate_shipping' => 1,  
  1795. 'tax_rate_order' => 1,  
  1796. ) ); 
  1797.  
  1798. if ( isset( $data['newRow'] ) ) { 
  1799. // Hurrah, shiny and new! 
  1800. $tax_rate['tax_rate_class'] = $current_class; 
  1801. $tax_rate_id = WC_Tax::_insert_tax_rate( $tax_rate ); 
  1802. } else { 
  1803. // Updating an existing rate ... 
  1804. if ( ! empty( $tax_rate ) ) { 
  1805. WC_Tax::_update_tax_rate( $tax_rate_id, $tax_rate ); 
  1806.  
  1807. if ( isset( $data['postcode'] ) ) { 
  1808. $postcode = array_map( 'wc_clean', $data['postcode'] ); 
  1809. $postcode = array_map( 'wc_normalize_postcode', $postcode ); 
  1810. WC_Tax::_update_tax_rate_postcodes( $tax_rate_id, $postcode ); 
  1811. if ( isset( $data['city'] ) ) { 
  1812. WC_Tax::_update_tax_rate_cities( $tax_rate_id, array_map( 'wc_clean', $data['city'] ) ); 
  1813.  
  1814. wp_send_json_success( array( 
  1815. 'rates' => WC_Tax::get_rates_for_tax_class( $current_class ),  
  1816. ) ); 
  1817.  
  1818. /** 
  1819. * Handle submissions from assets/js/wc-shipping-zones.js Backbone model. 
  1820. */ 
  1821. public static function shipping_zones_save_changes() { 
  1822. if ( ! isset( $_POST['wc_shipping_zones_nonce'], $_POST['changes'] ) ) { 
  1823. wp_send_json_error( 'missing_fields' ); 
  1824. exit; 
  1825.  
  1826. if ( ! wp_verify_nonce( $_POST['wc_shipping_zones_nonce'], 'wc_shipping_zones_nonce' ) ) { 
  1827. wp_send_json_error( 'bad_nonce' ); 
  1828. exit; 
  1829.  
  1830. // Check User Caps 
  1831. if ( ! current_user_can( 'manage_woocommerce' ) ) { 
  1832. wp_send_json_error( 'missing_capabilities' ); 
  1833. exit; 
  1834.  
  1835. $changes = $_POST['changes']; 
  1836. foreach ( $changes as $zone_id => $data ) { 
  1837. if ( isset( $data['deleted'] ) ) { 
  1838. if ( isset( $data['newRow'] ) ) { 
  1839. // So the user added and deleted a new row. 
  1840. // That's fine, it's not in the database anyways. NEXT! 
  1841. continue; 
  1842. WC_Shipping_Zones::delete_zone( $zone_id ); 
  1843. continue; 
  1844.  
  1845. $zone_data = array_intersect_key( $data, array( 
  1846. 'zone_id' => 1,  
  1847. 'zone_order' => 1,  
  1848. ) ); 
  1849.  
  1850. if ( isset( $zone_data['zone_id'] ) ) { 
  1851. $zone = new WC_Shipping_Zone( $zone_data['zone_id'] ); 
  1852.  
  1853. if ( isset( $zone_data['zone_order'] ) ) { 
  1854. $zone->set_zone_order( $zone_data['zone_order'] ); 
  1855.  
  1856. $zone->save(); 
  1857.  
  1858. wp_send_json_success( array( 
  1859. 'zones' => WC_Shipping_Zones::get_zones(),  
  1860. ) ); 
  1861.  
  1862. /** 
  1863. * Handle submissions from assets/js/wc-shipping-zone-methods.js Backbone model. 
  1864. */ 
  1865. public static function shipping_zone_add_method() { 
  1866. if ( ! isset( $_POST['wc_shipping_zones_nonce'], $_POST['zone_id'], $_POST['method_id'] ) ) { 
  1867. wp_send_json_error( 'missing_fields' ); 
  1868. exit; 
  1869.  
  1870. if ( ! wp_verify_nonce( $_POST['wc_shipping_zones_nonce'], 'wc_shipping_zones_nonce' ) ) { 
  1871. wp_send_json_error( 'bad_nonce' ); 
  1872. exit; 
  1873.  
  1874. // Check User Caps 
  1875. if ( ! current_user_can( 'manage_woocommerce' ) ) { 
  1876. wp_send_json_error( 'missing_capabilities' ); 
  1877. exit; 
  1878.  
  1879. $zone_id = wc_clean( $_POST['zone_id'] ); 
  1880. $zone = new WC_Shipping_Zone( $zone_id ); 
  1881. $instance_id = $zone->add_shipping_method( wc_clean( $_POST['method_id'] ) ); 
  1882.  
  1883. wp_send_json_success( array( 
  1884. 'instance_id' => $instance_id,  
  1885. 'zone_id' => $zone->get_id(),  
  1886. 'zone_name' => $zone->get_zone_name(),  
  1887. 'methods' => $zone->get_shipping_methods(),  
  1888. ) ); 
  1889.  
  1890. /** 
  1891. * Handle submissions from assets/js/wc-shipping-zone-methods.js Backbone model. 
  1892. */ 
  1893. public static function shipping_zone_methods_save_changes() { 
  1894. if ( ! isset( $_POST['wc_shipping_zones_nonce'], $_POST['zone_id'], $_POST['changes'] ) ) { 
  1895. wp_send_json_error( 'missing_fields' ); 
  1896. exit; 
  1897.  
  1898. if ( ! wp_verify_nonce( $_POST['wc_shipping_zones_nonce'], 'wc_shipping_zones_nonce' ) ) { 
  1899. wp_send_json_error( 'bad_nonce' ); 
  1900. exit; 
  1901.  
  1902. if ( ! current_user_can( 'manage_woocommerce' ) ) { 
  1903. wp_send_json_error( 'missing_capabilities' ); 
  1904. exit; 
  1905.  
  1906. global $wpdb; 
  1907.  
  1908. $zone_id = wc_clean( $_POST['zone_id'] ); 
  1909. $zone = new WC_Shipping_Zone( $zone_id ); 
  1910. $changes = $_POST['changes']; 
  1911.  
  1912. if ( isset( $changes['zone_name'] ) ) { 
  1913. $zone->set_zone_name( wc_clean( $changes['zone_name'] ) ); 
  1914.  
  1915. if ( isset( $changes['zone_locations'] ) ) { 
  1916. $zone->clear_locations( array( 'state', 'country', 'continent' ) ); 
  1917. $locations = array_filter( array_map( 'wc_clean', (array) $changes['zone_locations'] ) ); 
  1918. foreach ( $locations as $location ) { 
  1919. // Each posted location will be in the format type:code 
  1920. $location_parts = explode( ':', $location ); 
  1921. switch ( $location_parts[0] ) { 
  1922. case 'state' : 
  1923. $zone->add_location( $location_parts[1] . ':' . $location_parts[2], 'state' ); 
  1924. break; 
  1925. case 'country' : 
  1926. $zone->add_location( $location_parts[1], 'country' ); 
  1927. break; 
  1928. case 'continent' : 
  1929. $zone->add_location( $location_parts[1], 'continent' ); 
  1930. break; 
  1931.  
  1932. if ( isset( $changes['zone_postcodes'] ) ) { 
  1933. $zone->clear_locations( 'postcode' ); 
  1934. $postcodes = array_filter( array_map( 'strtoupper', array_map( 'wc_clean', explode( "\n", $changes['zone_postcodes'] ) ) ) ); 
  1935. foreach ( $postcodes as $postcode ) { 
  1936. $zone->add_location( $postcode, 'postcode' ); 
  1937.  
  1938. if ( isset( $changes['methods'] ) ) { 
  1939. foreach ( $changes['methods'] as $instance_id => $data ) { 
  1940. $method_id = $wpdb->get_var( $wpdb->prepare( "SELECT method_id FROM {$wpdb->prefix}woocommerce_shipping_zone_methods WHERE instance_id = %d", $instance_id ) ); 
  1941.  
  1942. if ( isset( $data['deleted'] ) ) { 
  1943. $shipping_method = WC_Shipping_Zones::get_shipping_method( $instance_id ); 
  1944. $option_key = $shipping_method->get_instance_option_key(); 
  1945. if ( $wpdb->delete( "{$wpdb->prefix}woocommerce_shipping_zone_methods", array( 'instance_id' => $instance_id ) ) ) { 
  1946. delete_option( $option_key ); 
  1947. do_action( 'woocommerce_shipping_zone_method_deleted', $instance_id, $method_id, $zone_id ); 
  1948. continue; 
  1949.  
  1950. $method_data = array_intersect_key( $data, array( 
  1951. 'method_order' => 1,  
  1952. 'enabled' => 1,  
  1953. ) ); 
  1954.  
  1955. if ( isset( $method_data['method_order'] ) ) { 
  1956. $wpdb->update( "{$wpdb->prefix}woocommerce_shipping_zone_methods", array( 'method_order' => absint( $method_data['method_order'] ) ), array( 'instance_id' => absint( $instance_id ) ) ); 
  1957.  
  1958. if ( isset( $method_data['enabled'] ) ) { 
  1959. $is_enabled = absint( 'yes' === $method_data['enabled'] ); 
  1960. if ( $wpdb->update( "{$wpdb->prefix}woocommerce_shipping_zone_methods", array( 'is_enabled' => $is_enabled ), array( 'instance_id' => absint( $instance_id ) ) ) ) { 
  1961. do_action( 'woocommerce_shipping_zone_method_status_toggled', $instance_id, $method_id, $zone_id, $is_enabled ); 
  1962.  
  1963. $zone->save(); 
  1964.  
  1965. wp_send_json_success( array( 
  1966. 'zone_id' => $zone->get_id(),  
  1967. 'zone_name' => $zone->get_zone_name(),  
  1968. 'methods' => $zone->get_shipping_methods(),  
  1969. ) ); 
  1970.  
  1971. /** 
  1972. * Save method settings 
  1973. */ 
  1974. public static function shipping_zone_methods_save_settings() { 
  1975. if ( ! isset( $_POST['wc_shipping_zones_nonce'], $_POST['instance_id'], $_POST['data'] ) ) { 
  1976. wp_send_json_error( 'missing_fields' ); 
  1977. exit; 
  1978.  
  1979. if ( ! wp_verify_nonce( $_POST['wc_shipping_zones_nonce'], 'wc_shipping_zones_nonce' ) ) { 
  1980. wp_send_json_error( 'bad_nonce' ); 
  1981. exit; 
  1982.  
  1983. if ( ! current_user_can( 'manage_woocommerce' ) ) { 
  1984. wp_send_json_error( 'missing_capabilities' ); 
  1985. exit; 
  1986.  
  1987. $instance_id = absint( $_POST['instance_id'] ); 
  1988. $zone = WC_Shipping_Zones::get_zone_by( 'instance_id', $instance_id ); 
  1989. $shipping_method = WC_Shipping_Zones::get_shipping_method( $instance_id ); 
  1990. $shipping_method->set_post_data( $_POST['data'] ); 
  1991. $shipping_method->process_admin_options(); 
  1992.  
  1993. wp_send_json_success( array( 
  1994. 'zone_id' => $zone->get_id(),  
  1995. 'zone_name' => $zone->get_zone_name(),  
  1996. 'methods' => $zone->get_shipping_methods(),  
  1997. 'errors' => $shipping_method->get_errors(),  
  1998. ) ); 
  1999.  
  2000. /** 
  2001. * Handle submissions from assets/js/wc-shipping-classes.js Backbone model. 
  2002. */ 
  2003. public static function shipping_classes_save_changes() { 
  2004. if ( ! isset( $_POST['wc_shipping_classes_nonce'], $_POST['changes'] ) ) { 
  2005. wp_send_json_error( 'missing_fields' ); 
  2006. exit; 
  2007.  
  2008. if ( ! wp_verify_nonce( $_POST['wc_shipping_classes_nonce'], 'wc_shipping_classes_nonce' ) ) { 
  2009. wp_send_json_error( 'bad_nonce' ); 
  2010. exit; 
  2011.  
  2012. if ( ! current_user_can( 'manage_woocommerce' ) ) { 
  2013. wp_send_json_error( 'missing_capabilities' ); 
  2014. exit; 
  2015.  
  2016. $changes = $_POST['changes']; 
  2017.  
  2018. foreach ( $changes as $term_id => $data ) { 
  2019. $term_id = absint( $term_id ); 
  2020.  
  2021. if ( isset( $data['deleted'] ) ) { 
  2022. if ( isset( $data['newRow'] ) ) { 
  2023. // So the user added and deleted a new row. 
  2024. // That's fine, it's not in the database anyways. NEXT! 
  2025. continue; 
  2026. wp_delete_term( $term_id, 'product_shipping_class' ); 
  2027. continue; 
  2028.  
  2029. $update_args = array(); 
  2030.  
  2031. if ( isset( $data['name'] ) ) { 
  2032. $update_args['name'] = wc_clean( $data['name'] ); 
  2033.  
  2034. if ( isset( $data['slug'] ) ) { 
  2035. $update_args['slug'] = wc_clean( $data['slug'] ); 
  2036.  
  2037. if ( isset( $data['description'] ) ) { 
  2038. $update_args['description'] = wc_clean( $data['description'] ); 
  2039.  
  2040. if ( isset( $data['newRow'] ) ) { 
  2041. $update_args = array_filter( $update_args ); 
  2042. if ( empty( $update_args['name'] ) ) { 
  2043. continue; 
  2044. $term_id = wp_insert_term( $update_args['name'], 'product_shipping_class', $update_args ); 
  2045. } else { 
  2046. wp_update_term( $term_id, 'product_shipping_class', $update_args ); 
  2047.  
  2048. do_action( 'woocommerce_shipping_classes_save_class', $term_id, $data ); 
  2049.  
  2050. $wc_shipping = WC_Shipping::instance(); 
  2051.  
  2052. wp_send_json_success( array( 
  2053. 'shipping_classes' => $wc_shipping->get_shipping_classes(),  
  2054. ) ); 
  2055.  
  2056. WC_AJAX::init(); 
.