From 2eb3d555026cad9191d76b918808d917a7d0349d Mon Sep 17 00:00:00 2001 From: Mike Cotton Date: Wed, 8 Jan 2025 15:00:41 -0600 Subject: [PATCH 01/10] add cookie name filter --- src/Tickets/Commerce/Cart.php | 32 ++++++++++++++++++++++++++------ 1 file changed, 26 insertions(+), 6 deletions(-) diff --git a/src/Tickets/Commerce/Cart.php b/src/Tickets/Commerce/Cart.php index 56684b3082..05b88abcff 100644 --- a/src/Tickets/Commerce/Cart.php +++ b/src/Tickets/Commerce/Cart.php @@ -231,10 +231,10 @@ public function get_cart_hash( $generate = false ) { $cart_hash = $this->get_repository()->get_hash(); if ( - ! empty( $_COOKIE[ static::$cart_hash_cookie_name ] ) - && strlen( $_COOKIE[ static::$cart_hash_cookie_name ] ) === $cart_hash_length + ! empty( $_COOKIE[ static::get_cart_hash_cookie_name() ] ) + && strlen( $_COOKIE[ static::get_cart_hash_cookie_name() ] ) === $cart_hash_length ) { - $cart_hash = $_COOKIE[ static::$cart_hash_cookie_name ]; + $cart_hash = $_COOKIE[ static::get_cart_hash_cookie_name() ]; $cart_hash_transient = get_transient( static::get_transient_name( $cart_hash ) ); @@ -288,7 +288,7 @@ public function clear_cart() { $this->set_cart_hash_cookie( null ); $this->get_repository()->clear(); - unset( $_COOKIE[ static::$cart_hash_cookie_name ] ); + unset( $_COOKIE[ static::get_cart_hash_cookie_name() ] ); return delete_transient( static::get_current_cart_transient() ); } @@ -321,11 +321,11 @@ public function set_cart_hash_cookie( $value = '' ) { $expire = 1; } - $is_cookie_set = setcookie( static::$cart_hash_cookie_name, $value ?? '', $expire, COOKIEPATH ?: '/', COOKIE_DOMAIN, is_ssl(), true ); + $is_cookie_set = setcookie( static::get_cart_hash_cookie_name(), $value ?? '', $expire, COOKIEPATH ?: '/', COOKIE_DOMAIN, is_ssl(), true ); if ( $is_cookie_set ) { // Overwrite local variable, so we can use it right away. - $_COOKIE[ static::$cart_hash_cookie_name ] = $value; + $_COOKIE[ static::get_cart_hash_cookie_name() ] = $value; } return $is_cookie_set; @@ -655,4 +655,24 @@ public function get_cart_total() { public function get_cart_subtotal(): float { return $this->get_repository()->get_cart_subtotal(); } + + /** + * Get cart has cookie name. + * + * @since TBD + * + * @return string + */ + public static function get_cart_hash_cookie_name(): string { + /** + * Filters the cart hash cookie name. + * + * @since TBD + * + * @param string $cart_hash_cookie_name The cart hash cookie name. + * + * @return string + */ + return apply_filters( 'tec_tickets_commerce_cart_hash_cookie_name', static::$cart_hash_cookie_name ); + } } From 040b5753d3a63815117397bcf0e405780cad05a5 Mon Sep 17 00:00:00 2001 From: Mike Cotton Date: Wed, 8 Jan 2025 15:01:03 -0600 Subject: [PATCH 02/10] cookie name filter test --- .../TEC/Tickets/Commerce/CartTest.php | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/tests/commerce_integration/TEC/Tickets/Commerce/CartTest.php b/tests/commerce_integration/TEC/Tickets/Commerce/CartTest.php index d276c0c561..5402adc3ab 100644 --- a/tests/commerce_integration/TEC/Tickets/Commerce/CartTest.php +++ b/tests/commerce_integration/TEC/Tickets/Commerce/CartTest.php @@ -173,4 +173,23 @@ public function test_cart_total_is_valid() { $assertion_msg = 'Cart->get_total() should return 0 when the cart contains only free tickets.'; $this->assertEquals( 0, $cart->get_cart_total(), $assertion_msg ); } + + /** + * @test + * + * @covers \TEC\Tickets\Commerce\Cart::get_cart_hash_cookie_name + */ + public function test_cart_hash_cookie_name() { + $original_cookie_name = Cart::get_cart_hash_cookie_name(); + $this->assertEquals( Cart::$cart_hash_cookie_name, $original_cookie_name ); + + add_filter( 'tribe_tickets_commerce_cart_hash_cookie_name', function() { + return 'different_cookie_name'; + } ); + + $different_cookie_name = Cart::get_cart_hash_cookie_name(); + $this->assertEquals( 'different_cookie_name', $different_cookie_name ); + + $this->assertNotEquals( $original_cookie_name, $different_cookie_name ); + } } From cdb8670ce2f2dba4eeea52c9713a2d51e686cae8 Mon Sep 17 00:00:00 2001 From: Mike Cotton Date: Thu, 9 Jan 2025 10:04:03 -0600 Subject: [PATCH 03/10] sanitize cookie name --- src/Tickets/Commerce/Cart.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/Tickets/Commerce/Cart.php b/src/Tickets/Commerce/Cart.php index 05b88abcff..d25f3df14b 100644 --- a/src/Tickets/Commerce/Cart.php +++ b/src/Tickets/Commerce/Cart.php @@ -673,6 +673,8 @@ public static function get_cart_hash_cookie_name(): string { * * @return string */ - return apply_filters( 'tec_tickets_commerce_cart_hash_cookie_name', static::$cart_hash_cookie_name ); + $filtered_cookie_name = apply_filters( 'tec_tickets_commerce_cart_hash_cookie_name', static::$cart_hash_cookie_name ); + + return sanitize_title( $filtered_cookie_name ); } } From e1026466c767005cf469a107711b45ba5a0f0cff Mon Sep 17 00:00:00 2001 From: Mike Cotton Date: Thu, 9 Jan 2025 11:57:13 -0600 Subject: [PATCH 04/10] fix filter name --- tests/commerce_integration/TEC/Tickets/Commerce/CartTest.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/commerce_integration/TEC/Tickets/Commerce/CartTest.php b/tests/commerce_integration/TEC/Tickets/Commerce/CartTest.php index 5402adc3ab..305fe9766c 100644 --- a/tests/commerce_integration/TEC/Tickets/Commerce/CartTest.php +++ b/tests/commerce_integration/TEC/Tickets/Commerce/CartTest.php @@ -183,7 +183,7 @@ public function test_cart_hash_cookie_name() { $original_cookie_name = Cart::get_cart_hash_cookie_name(); $this->assertEquals( Cart::$cart_hash_cookie_name, $original_cookie_name ); - add_filter( 'tribe_tickets_commerce_cart_hash_cookie_name', function() { + add_filter( 'tec_tickets_commerce_cart_hash_cookie_name', function() { return 'different_cookie_name'; } ); From 234ffe84b3853472e58d3e2b315d41019922a67b Mon Sep 17 00:00:00 2001 From: Mike Cotton Date: Thu, 9 Jan 2025 11:57:47 -0600 Subject: [PATCH 05/10] escape cookie --- src/Tickets/Commerce/Cart.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/Tickets/Commerce/Cart.php b/src/Tickets/Commerce/Cart.php index d25f3df14b..ed7ac05ff3 100644 --- a/src/Tickets/Commerce/Cart.php +++ b/src/Tickets/Commerce/Cart.php @@ -232,9 +232,9 @@ public function get_cart_hash( $generate = false ) { if ( ! empty( $_COOKIE[ static::get_cart_hash_cookie_name() ] ) - && strlen( $_COOKIE[ static::get_cart_hash_cookie_name() ] ) === $cart_hash_length + && strlen( esc_html( $_COOKIE[ static::get_cart_hash_cookie_name() ] ) ) === $cart_hash_length ) { - $cart_hash = $_COOKIE[ static::get_cart_hash_cookie_name() ]; + $cart_hash = esc_html( $_COOKIE[ static::get_cart_hash_cookie_name() ] ); $cart_hash_transient = get_transient( static::get_transient_name( $cart_hash ) ); From 8867b63573749c6151b1264ed200e89201470adb Mon Sep 17 00:00:00 2001 From: Mike Cotton Date: Thu, 9 Jan 2025 12:12:03 -0600 Subject: [PATCH 06/10] sanitize not escape --- src/Tickets/Commerce/Cart.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/Tickets/Commerce/Cart.php b/src/Tickets/Commerce/Cart.php index ed7ac05ff3..8b102f2185 100644 --- a/src/Tickets/Commerce/Cart.php +++ b/src/Tickets/Commerce/Cart.php @@ -1,4 +1,5 @@ Date: Thu, 9 Jan 2025 12:23:01 -0600 Subject: [PATCH 07/10] rework cookie read and fix typo --- src/Tickets/Commerce/Cart.php | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/src/Tickets/Commerce/Cart.php b/src/Tickets/Commerce/Cart.php index 8b102f2185..26179490a0 100644 --- a/src/Tickets/Commerce/Cart.php +++ b/src/Tickets/Commerce/Cart.php @@ -231,11 +231,12 @@ public function get_cart_hash( $generate = false ) { $cart_hash = $this->get_repository()->get_hash(); + $hash_from_cookie = sanitize_key( $_COOKIE[ static::get_cart_hash_cookie_name() ] ) ?? ''; + if ( - ! empty( $_COOKIE[ static::get_cart_hash_cookie_name() ] ) - && strlen( sanitize_key( $_COOKIE[ static::get_cart_hash_cookie_name() ] ) ) === $cart_hash_length + strlen( $hash_from_cookie ) === $cart_hash_length ) { - $cart_hash = sanitize_key( $_COOKIE[ static::get_cart_hash_cookie_name() ] ); + $cart_hash = $hash_from_cookie; $cart_hash_transient = get_transient( static::get_transient_name( $cart_hash ) ); @@ -299,7 +300,7 @@ public function clear_cart() { * * @since 5.1.9 * - * @parem string $value Value used for the cookie or empty to purge the cookie. + * @param string $value Value used for the cookie or empty to purge the cookie. * * @return boolean */ From 82680476897905c60577d81b63a72d90c5934792 Mon Sep 17 00:00:00 2001 From: Mike Cotton Date: Thu, 9 Jan 2025 12:29:53 -0600 Subject: [PATCH 08/10] fix sanitization --- src/Tickets/Commerce/Cart.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Tickets/Commerce/Cart.php b/src/Tickets/Commerce/Cart.php index 26179490a0..0ca77efe16 100644 --- a/src/Tickets/Commerce/Cart.php +++ b/src/Tickets/Commerce/Cart.php @@ -231,7 +231,7 @@ public function get_cart_hash( $generate = false ) { $cart_hash = $this->get_repository()->get_hash(); - $hash_from_cookie = sanitize_key( $_COOKIE[ static::get_cart_hash_cookie_name() ] ) ?? ''; + $hash_from_cookie = sanitize_key( $_COOKIE[ static::get_cart_hash_cookie_name() ] ?? '' ); if ( strlen( $hash_from_cookie ) === $cart_hash_length From f7ce25c3069eabf8ad010b2eaad766fee295f541 Mon Sep 17 00:00:00 2001 From: Mike Cotton Date: Thu, 9 Jan 2025 13:19:18 -0600 Subject: [PATCH 09/10] use different sanitization method --- src/Tickets/Commerce/Cart.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Tickets/Commerce/Cart.php b/src/Tickets/Commerce/Cart.php index 0ca77efe16..9e14c674e4 100644 --- a/src/Tickets/Commerce/Cart.php +++ b/src/Tickets/Commerce/Cart.php @@ -231,7 +231,7 @@ public function get_cart_hash( $generate = false ) { $cart_hash = $this->get_repository()->get_hash(); - $hash_from_cookie = sanitize_key( $_COOKIE[ static::get_cart_hash_cookie_name() ] ?? '' ); + $hash_from_cookie = sanitize_text_field( $_COOKIE[ static::get_cart_hash_cookie_name() ] ?? '' ); if ( strlen( $hash_from_cookie ) === $cart_hash_length From 2b37b1cfed5044da0029e7bce218954807419096 Mon Sep 17 00:00:00 2001 From: Mike Cotton Date: Thu, 9 Jan 2025 13:20:59 -0600 Subject: [PATCH 10/10] changelog --- .../tweak-ET-2269-enable-way-to-customize-cart-cookie-name | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 changelog/tweak-ET-2269-enable-way-to-customize-cart-cookie-name diff --git a/changelog/tweak-ET-2269-enable-way-to-customize-cart-cookie-name b/changelog/tweak-ET-2269-enable-way-to-customize-cart-cookie-name new file mode 100644 index 0000000000..41f628f368 --- /dev/null +++ b/changelog/tweak-ET-2269-enable-way-to-customize-cart-cookie-name @@ -0,0 +1,4 @@ +Significance: minor +Type: tweak + +Add filter to customize the cart hash cookie name for Tickets Commerce. [ET-2269]