Force WC to not html-strip rules input textarea, automatically use proper line...

Force WC to not html-strip rules input textarea, automatically use proper line count for the textarea (WC default is 3...) Work for issue #8

Force WC to not html-strip rules input textarea, automatically use proper line...
e4b6ed0c · Reinhold Kainhofer · 13eab40c · e4b6ed0c
Commit e4b6ed0c authored 8 years ago by Reinhold Kainhofer
--- a/includes/rules-shipping-method.php
+++ b/includes/rules-shipping-method.php
@@ -135,6 +135,72 @@ class Shipping_by_Rules extends WC_Shipping_Method {
 // 			$this->helper->getUpgradeNagSettings()
 		);
 	}
+	
+	/**
+	 * Validate rules Textarea Field.
+	 *
+	 * Custom validation of rules textarea is needed, as we need to preserve
+	 * all text verbatim (in particular the comparison operators < and > as well
+	 * as quotes. Do NOT try to strip html, as the rules are interpreted as 
+	 * text anyway and no malicious code can be inserted)
+	 *
+	 * @param  string $key
+	 * @param  string|null $value Posted Value
+	 * @return string
+	 */
+	public function validate_rules_field( $key, $value ) {
+		$value = is_null( $value ) ? '' : $value;
+		return trim( stripslashes( $value ) );
+	}
+	
+	/**
+	 * Generate Textarea HTML. 
+	 * Overridden from WC_Settings_API to allow for dynamic textarea heights 
+	 * (WC_Settings_API hardcodes 3 lines of text).
+	 * We resize the textarea to #lines+1, with a maximum of 25 lines
+	 *
+	 * @param  mixed $key
+	 * @param  mixed $data
+	 * @since  1.0.0
+	 * @return string
+	 */
+	public function generate_textarea_html( $key, $data ) {
+		$field_key = $this->get_field_key( $key );
+		$defaults  = array(
+			'title'             => '',
+			'disabled'          => false,
+			'class'             => '',
+			'css'               => '',
+			'placeholder'       => '',
+			'type'              => 'text',
+			'desc_tip'          => false,
+			'description'       => '',
+			'custom_attributes' => array(),
+		);
+		$value = $this->get_option( $key );
+		$linecount = min(25, substr_count($value, PHP_EOL) + 2);
+
+		$data = wp_parse_args( $data, $defaults );
+
+		ob_start();
+		?>
+		<tr valign="top">
+			<th scope="row" class="titledesc">
+				<?php echo $this->get_tooltip_html( $data ); ?>
+				<label for="<?php echo esc_attr( $field_key ); ?>"><?php echo wp_kses_post( $data['title'] ); ?></label>
+			</th>
+			<td class="forminp">
+				<fieldset>
+					<legend class="screen-reader-text"><span><?php echo wp_kses_post( $data['title'] ); ?></span></legend>
+					<textarea rows="<?php echo $linecount; ?>" cols="20" class="input-text wide-input <?php echo esc_attr( $data['class'] ); ?>" type="<?php echo esc_attr( $data['type'] ); ?>" name="<?php echo esc_attr( $field_key ); ?>" id="<?php echo esc_attr( $field_key ); ?>" style="<?php echo esc_attr( $data['css'] ); ?>" placeholder="<?php echo esc_attr( $data['placeholder'] ); ?>" <?php disabled( $data['disabled'], true ); ?> <?php echo $this->get_custom_attribute_html( $data ); ?>><?php echo esc_textarea( $value ); ?></textarea>
+					<?php echo $this->get_description_html( $data ); ?>
+				</fieldset>
+			</td>
+		</tr>
+		<?php
+
+		return ob_get_clean();
+	}

 	/**
 	* generate_rules_shipping_methods_html function.