<?php

[0] Fix | Delete

/**

[1] Fix | Delete

* BlockedSessionNotice class file.

[2] Fix | Delete

*/

[3] Fix | Delete

[4] Fix | Delete

declare( strict_types=1 );

[5] Fix | Delete

[6] Fix | Delete

namespace Automattic\WooCommerce\Internal\FraudProtection;

[7] Fix | Delete

[8] Fix | Delete

use Automattic\WooCommerce\Internal\RegisterHooksInterface;

[9] Fix | Delete

[10] Fix | Delete

defined( 'ABSPATH' ) || exit;

[11] Fix | Delete

[12] Fix | Delete

/**

[13] Fix | Delete

* Handles blocked session messaging for fraud protection.

[14] Fix | Delete

*

[15] Fix | Delete

* This class provides:

[16] Fix | Delete

* - Hook into shortcode checkout to display blocked notice

[17] Fix | Delete

* - Message generation for both HTML (shortcode) and plaintext (Store API) contexts

[18] Fix | Delete

*

[19] Fix | Delete

* Note: Store API (block checkout) and payment gateway filtering are handled

[20] Fix | Delete

* directly in WC Core classes (Checkout.php and WC_Payment_Gateways).

[21] Fix | Delete

*

[22] Fix | Delete

* @since 10.5.0

[23] Fix | Delete

* @internal This class is part of the internal API and is subject to change without notice.

[24] Fix | Delete

*/

[25] Fix | Delete

class BlockedSessionNotice implements RegisterHooksInterface {

[26] Fix | Delete

[27] Fix | Delete

/**

[28] Fix | Delete

* Session clearance manager instance.

[29] Fix | Delete

*

[30] Fix | Delete

* @var SessionClearanceManager

[31] Fix | Delete

*/

[32] Fix | Delete

private SessionClearanceManager $session_manager;

[33] Fix | Delete

[34] Fix | Delete

/**

[35] Fix | Delete

* Initialize with dependencies.

[36] Fix | Delete

*

[37] Fix | Delete

* @internal

[38] Fix | Delete

*

[39] Fix | Delete

* @param SessionClearanceManager $session_manager The session clearance manager instance.

[40] Fix | Delete

*/

[41] Fix | Delete

final public function init( SessionClearanceManager $session_manager ): void {

[42] Fix | Delete

$this->session_manager = $session_manager;

[43] Fix | Delete

}

[44] Fix | Delete

[45] Fix | Delete

/**

[46] Fix | Delete

* Register hooks for displaying blocked notice.

[47] Fix | Delete

*

[48] Fix | Delete

* This method should only be called when fraud protection is enabled.

[49] Fix | Delete

*

[50] Fix | Delete

* @return void

[51] Fix | Delete

*/

[52] Fix | Delete

public function register(): void {

[53] Fix | Delete

// Shop, cart, and checkout pages (both blocks and shortcode) - add notice via wc_add_notice on wp hook.

[54] Fix | Delete

add_action( 'wp', array( $this, 'maybe_add_blocked_purchase_notice' ), 10, 0 );

[55] Fix | Delete

[56] Fix | Delete

add_action( 'before_woocommerce_add_payment_method', array( $this, 'maybe_display_generic_blocked_notice' ), 1, 0 );

[57] Fix | Delete

}

[58] Fix | Delete

[59] Fix | Delete

/**

[60] Fix | Delete

* Add blocked purchase notice on shop, cart, and checkout pages (both blocks and shortcode),

[61] Fix | Delete

* if the session is blocked. Skips duplicate notices.

[62] Fix | Delete

*

[63] Fix | Delete

* Uses wc_add_notice() to add an error notice that will be rendered by:

[64] Fix | Delete

* - StoreNoticesContainer component for blocks

[65] Fix | Delete

* - wc_print_notices() for shortcodes

[66] Fix | Delete

*

[67] Fix | Delete

* @internal

[68] Fix | Delete

*

[69] Fix | Delete

* @return void

[70] Fix | Delete

*/

[71] Fix | Delete

public function maybe_add_blocked_purchase_notice(): void {

[72] Fix | Delete

if ( ! $this->session_manager->is_session_blocked() ) {

[73] Fix | Delete

return;

[74] Fix | Delete

}

[75] Fix | Delete

[76] Fix | Delete

if ( ! is_checkout() && ! is_cart() && ! is_shop() && ! is_product_taxonomy() ) {

[77] Fix | Delete

return;

[78] Fix | Delete

}

[79] Fix | Delete

[80] Fix | Delete

$message = $this->get_message_html( 'purchase' );

[81] Fix | Delete

[82] Fix | Delete

if ( wc_has_notice( $message, 'error' ) ) {

[83] Fix | Delete

return;

[84] Fix | Delete

}

[85] Fix | Delete

[86] Fix | Delete

wc_add_notice( $message, 'error' );

[87] Fix | Delete

}

[88] Fix | Delete

[89] Fix | Delete

/**

[90] Fix | Delete

* Display blocked notice for non-cart/checkout pages, if the session is blocked.

[91] Fix | Delete

*

[92] Fix | Delete

* Shows a generic message explaining that the request cannot be

[93] Fix | Delete

* processed online and provides contact information for support.

[94] Fix | Delete

*

[95] Fix | Delete

* @internal

[96] Fix | Delete

*

[97] Fix | Delete

* @return void

[98] Fix | Delete

*/

[99] Fix | Delete

public function maybe_display_generic_blocked_notice(): void {

[100] Fix | Delete

if ( ! $this->session_manager->is_session_blocked() ) {

[101] Fix | Delete

return;

[102] Fix | Delete

}

[103] Fix | Delete

[104] Fix | Delete

wc_print_notice( $this->get_message_html(), 'error' );

[105] Fix | Delete

}

[106] Fix | Delete

[107] Fix | Delete

/**

[108] Fix | Delete

* Get the blocked session message as HTML.

[109] Fix | Delete

*

[110] Fix | Delete

* Includes a mailto link for the support email.

[111] Fix | Delete

*

[112] Fix | Delete

* @param string $context Message context: 'purchase' for purchase-specific message, 'generic' for general use.

[113] Fix | Delete

* @return string HTML message with mailto link.

[114] Fix | Delete

*/

[115] Fix | Delete

public function get_message_html( string $context = 'generic' ): string {

[116] Fix | Delete

$email = WC()->mailer()->get_from_address();

[117] Fix | Delete

[118] Fix | Delete

if ( 'purchase' === $context ) {

[119] Fix | Delete

return sprintf(

[120] Fix | Delete

/* translators: %1$s: mailto link, %2$s: email address */

[121] Fix | Delete

__( 'We are unable to process this request online. Please <a href="%1$s">contact support (%2$s)</a> to complete your purchase.', 'woocommerce' ),

[122] Fix | Delete

esc_url( 'mailto:' . $email ),

[123] Fix | Delete

esc_html( $email )

[124] Fix | Delete

);

[125] Fix | Delete

}

[126] Fix | Delete

[127] Fix | Delete

return sprintf(

[128] Fix | Delete

/* translators: %1$s: mailto link, %2$s: email address */

[129] Fix | Delete

__( 'We are unable to process this request online. Please <a href="%1$s">contact support (%2$s)</a> for assistance.', 'woocommerce' ),

[130] Fix | Delete

esc_url( 'mailto:' . $email ),

[131] Fix | Delete

esc_html( $email )

[132] Fix | Delete

);

[133] Fix | Delete

}

[134] Fix | Delete

[135] Fix | Delete

/**

[136] Fix | Delete

* Get the blocked session message as plaintext.

[137] Fix | Delete

*

[138] Fix | Delete

* Used by Store API responses where HTML is not supported.

[139] Fix | Delete

*

[140] Fix | Delete

* @param string $context Message context: 'purchase' for purchase-specific message, 'generic' for general use.

[141] Fix | Delete

* @return string Plaintext message with email address.

[142] Fix | Delete

*/

[143] Fix | Delete

public function get_message_plaintext( string $context = 'generic' ): string {

[144] Fix | Delete

$email = WC()->mailer()->get_from_address();

[145] Fix | Delete

[146] Fix | Delete

if ( 'purchase' === $context ) {

[147] Fix | Delete

return sprintf(

[148] Fix | Delete

/* translators: %s: support email address */

[149] Fix | Delete

__( 'We are unable to process this request online. Please contact support (%s) to complete your purchase.', 'woocommerce' ),

[150] Fix | Delete

$email

[151] Fix | Delete

);

[152] Fix | Delete

}

[153] Fix | Delete

[154] Fix | Delete

return sprintf(

[155] Fix | Delete

/* translators: %s: support email address */

[156] Fix | Delete

__( 'We are unable to process this request online. Please contact support (%s) for assistance.', 'woocommerce' ),

[157] Fix | Delete

$email

[158] Fix | Delete

);

[159] Fix | Delete

}

[160] Fix | Delete

}

[161] Fix | Delete

[162] Fix | Delete