• Home
  • Features
  • Pricing
  • Docs
  • Announcements
  • Sign In

wp-graphql / wp-graphql-woocommerce / 28451172886

30 Jun 2026 02:16PM UTC coverage: 91.801%. Remained the same
28451172886

push

github

web-flow
fix: address WordPress.org plugin review (rename + prefixing + headers) (#1019)

* fix: address WordPress.org plugin review feedback

- Prefix the session transaction queue transient with the plugin's
  graphql_woocommerce_ namespace instead of the generic "woo_" word, to
  avoid collisions (Plugin Directory: prefix data storage).
- Declare the WooCommerce dependency via the "Requires Plugins: woocommerce"
  plugin header.
- Bump README.txt "Tested up to" to 7.0.
- Ship composer.json in the distributed plugin (drop it, and composer.lock,
  from composer archive excludes) so the build is reproducible/reviewable.

* chore: rename plugin to "GraphQL for eCommerce" for trademark compliance

The WordPress.org plugin review flagged the display name/slug for beginning
with the "WPGraphQL" trademark (and the "WooGraphQL" portmanteau of the
WooCommerce mark), which can imply official affiliation.

- Display name (plugin header + readme title) -> "GraphQL for eCommerce".
- Slug/text domain -> "graphql-for-ecommerce" (header, all i18n string
  literals, and the PHPCS WordPress.WP.I18n text_domain config).
- Update user-facing notices/errors that named the old plugin.

"WooGraphQL" remains the project's informal nickname (repo, docs, community),
just not in the WordPress.org directory's official name/slug. Internal file
names and GitHub URLs are unchanged.

* fix: keep test-only dev deps out of the committed composer.json

The committed manifest mirrors develop (lint/stan dev deps only); CI adds the
test suite deps at runtime via `composer installTestEnv`. A previous commit
captured the installTestEnv-modified composer.json, desyncing it from
composer.lock and breaking `composer install` in CI.

* chore: regenerate composer.lock (refresh dev dependencies)

Regenerate the lock from the manifest so it is in sync (fixes the CI
`composer install` failure) and refresh dependencies in the process —
firebase/php-jwt v7.0.4 -> v7.1.0 plus 11 others, with vendor-prefixed
... (continued)

1330 of 1587 new or added lines in 201 files covered. (83.81%)

1 existing line in 1 file now uncovered.

18531 of 20186 relevant lines covered (91.8%)

153.15 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

77.25
/includes/admin/class-general.php
1
<?php
2
/**
3
 * Defines WooGraphQL's general settings.
4
 *
5
 * @package WPGraphQL\WooCommerce\Admin
6
 */
7

8
namespace WPGraphQL\WooCommerce\Admin;
9

10
/**
11
 * General class
12
 */
13
class General extends Section {
14
        /**
15
         * Returns the other nonce values besides the one provided.
16
         *
17
         * @param string $excluded  Slug of nonce value to be excluded.
18
         *
19
         * @return array
20
         */
21
        public static function get_other_nonce_values( $excluded ) {
22
                $nonce_values = apply_filters(
×
23
                        'woographql_authorizing_url_nonce_values',
×
24
                        [
×
25
                                'cart_url'               => woographql_setting( 'cart_url_nonce_param', '_wc_cart' ),
×
26
                                'checkout_url'           => woographql_setting( 'checkout_url_nonce_param', '_wc_checkout' ),
×
27
                                'account_url'            => woographql_setting( 'account_url_nonce_param', '_wc_account' ),
×
28
                                'add_payment_method_url' => woographql_setting( 'add_payment_method_url_nonce_param', '_wc_payment' ),
×
29
                        ]
×
30
                );
×
31

32
                return array_values( array_diff_key( $nonce_values, [ $excluded => '' ] ) );
×
33
        }
34

35
        /**
36
         * Returns the enabled authorizing URL fields.
37
         *
38
         * @return array
39
         */
40
        public static function enabled_authorizing_url_fields_value() {
41
                return apply_filters(
305✔
42
                        'woographql_enabled_authorizing_url_fields',
305✔
43
                        [
305✔
44
                                'cart_url'               => 'cart_url',
305✔
45
                                'checkout_url'           => 'checkout_url',
305✔
46
                                'account_url'            => 'account_url',
305✔
47
                                'add_payment_method_url' => 'add_payment_method_url',
305✔
48
                        ]
305✔
49
                );
305✔
50
        }
51

52
        /**
53
         * Returns General settings fields.
54
         *
55
         * @return array
56
         */
57
        public static function get_fields() {
58
                $custom_endpoint                = apply_filters( 'woographql_authorizing_url_endpoint', null );
33✔
59
                $enabled_authorizing_url_fields = woographql_setting( 'enable_authorizing_url_fields', [] );
33✔
60
                $enabled_authorizing_url_fields = ! empty( $enabled_authorizing_url_fields ) ? array_keys( $enabled_authorizing_url_fields ) : [];
33✔
61
                $all_urls_checked               = self::enabled_authorizing_url_fields_value();
33✔
62

63
                $cart_url_hardcoded               = defined( 'CART_URL_NONCE_PARAM' ) && ! empty( constant( 'CART_URL_NONCE_PARAM' ) );
33✔
64
                $checkout_url_hardcoded           = defined( 'CHECKOUT_URL_NONCE_PARAM' ) && ! empty( constant( 'CHECKOUT_URL_NONCE_PARAM' ) );
33✔
65
                $account_url_hardcoded            = defined( 'ACCOUNT_URL_NONCE_PARAM' ) && ! empty( constant( 'ACCOUNT_URL_NONCE_PARAM' ) );
33✔
66
                $add_payment_method_url_hardcoded = defined( 'ADD_PAYMENT_METHOD_URL_NONCE_PARAM' ) && ! empty( constant( 'ADD_PAYMENT_METHOD_URL_NONCE_PARAM' ) );
33✔
67

68
                $enable_auth_urls_hardcoded = defined( 'WPGRAPHQL_WOOCOMMERCE_ENABLE_AUTH_URLS' ) && ! empty( constant( 'WPGRAPHQL_WOOCOMMERCE_ENABLE_AUTH_URLS' ) );
33✔
69

70
                return [
33✔
71
                        [
33✔
72
                                'name'     => 'disable_ql_session_handler',
33✔
73
                                'label'    => __( 'Disable QL Session Handler', 'graphql-for-ecommerce' ),
33✔
74
                                'desc'     => __( 'The QL Session Handler takes over management of WooCommerce Session Management on WPGraphQL request replacing the usage of HTTP Cookies with JSON Web Tokens.', 'graphql-for-ecommerce' )
33✔
75
                                        . ( defined( 'NO_QL_SESSION_HANDLER' ) ? __( ' This setting is disabled. The "NO_QL_SESSION_HANDLER" flag has been triggered with code', 'graphql-for-ecommerce' ) : '' ),
33✔
76
                                'type'     => 'checkbox',
33✔
77
                                'value'    => defined( 'NO_QL_SESSION_HANDLER' ) ? 'on' : woographql_setting( 'disable_ql_session_handler', 'off' ),
33✔
78
                                'disabled' => defined( 'NO_QL_SESSION_HANDLER' ),
33✔
79
                        ],
33✔
80
                        [
33✔
81
                                'name'     => 'enable_ql_session_handler_on_ajax',
33✔
82
                                'label'    => __( 'Enable QL Session Handler on WC AJAX requests.', 'graphql-for-ecommerce' ),
33✔
83
                                'desc'     => __( 'Enabling this will enable JSON Web Tokens usage on WC AJAX requests.', 'graphql-for-ecommerce' )
33✔
84
                                        . ( defined( 'NO_QL_SESSION_HANDLER' ) ? __( ' This setting is disabled. The "NO_QL_SESSION_HANDLER" flag has been triggered with code', 'graphql-for-ecommerce' ) : '' ),
33✔
85
                                'type'     => 'checkbox',
33✔
86
                                'value'    => defined( 'NO_QL_SESSION_HANDLER' ) ? 'off' : woographql_setting( 'enable_ql_session_handler_on_ajax', 'off' ),
33✔
87
                                'disabled' => defined( 'NO_QL_SESSION_HANDLER' ),
33✔
88
                        ],
33✔
89
                        [
33✔
90
                                'name'     => 'enable_ql_session_handler_on_rest',
33✔
91
                                'label'    => __( 'Enable QL Session Handler on WP REST requests.', 'graphql-for-ecommerce' ),
33✔
92
                                'desc'     => __( 'Enabling this will enable JSON Web Tokens usage on WP REST requests.', 'graphql-for-ecommerce' )
33✔
93
                                        . ( defined( 'NO_QL_SESSION_HANDLER' ) ? __( ' This setting is disabled. The "NO_QL_SESSION_HANDLER" flag has been triggered with code', 'graphql-for-ecommerce' ) : '' ),
33✔
94
                                'type'     => 'checkbox',
33✔
95
                                'value'    => defined( 'NO_QL_SESSION_HANDLER' ) ? 'off' : woographql_setting( 'enable_ql_session_handler_on_rest', 'off' ),
33✔
96
                                'disabled' => defined( 'NO_QL_SESSION_HANDLER' ),
33✔
97
                        ],
33✔
98
                        [
33✔
99
                                'name'     => 'set_session_token_type',
33✔
100
                                'label'    => __( 'Session Token Type', 'graphql-for-ecommerce' ),
33✔
101
                                'desc'     => __( 'Choose which session token type(s) to generate. "Legacy" uses GraphQL session tokens only. "Store API" uses WooCommerce Blocks Cart-Token only (requires WooCommerce 5.5.0+). "Both" generates both token types for maximum compatibility with headless implementations using WooCommerce Blocks.', 'graphql-for-ecommerce' )
33✔
102
                                        . ( defined( 'NO_QL_SESSION_HANDLER' ) ? __( ' This setting is disabled. The "NO_QL_SESSION_HANDLER" flag has been triggered with code', 'graphql-for-ecommerce' ) : '' ),
33✔
103
                                'type'     => 'select',
33✔
104
                                'options'  => [
33✔
105
                                        'legacy'    => __( 'Legacy (GraphQL Session Token only)', 'graphql-for-ecommerce' ),
33✔
106
                                        'store-api' => __( 'Store API (Cart-Token only)', 'graphql-for-ecommerce' ),
33✔
107
                                        'both'      => __( 'Both (GraphQL + Store API)', 'graphql-for-ecommerce' ),
33✔
108
                                ],
33✔
109
                                'default'  => 'legacy',
33✔
110
                                'disabled' => defined( 'NO_QL_SESSION_HANDLER' ),
33✔
111
                        ],
33✔
112
                        [
33✔
113
                                'name'     => 'session_transfer_behavior',
33✔
114
                                'label'    => __( 'Session Transfer Behavior', 'graphql-for-ecommerce' ),
33✔
115
                                'desc'     => __( 'Controls how cart data is handled when a user logs in with an existing session from another device. "Keep new" keeps the current session data (default). "Keep old" restores the previously saved session data. "Merge" combines cart items from both sessions.', 'graphql-for-ecommerce' ),
33✔
116
                                'type'     => 'select',
33✔
117
                                'options'  => [
33✔
118
                                        'keep_new_fallback_old' => __( 'Keep new, fallback to old (default)', 'graphql-for-ecommerce' ),
33✔
119
                                        'keep_new'              => __( 'Keep new (always use current session)', 'graphql-for-ecommerce' ),
33✔
120
                                        'keep_old'              => __( 'Keep old (restore previously saved session)', 'graphql-for-ecommerce' ),
33✔
121
                                ],
33✔
122
                                'default'  => 'keep_new_fallback_old',
33✔
123
                                'disabled' => defined( 'NO_QL_SESSION_HANDLER' ),
33✔
124
                        ],
33✔
125
                        [
33✔
126
                                'name'     => 'enable_transliteration',
33✔
127
                                'label'    => __( 'Transliterate non-latin characters', 'graphql-for-ecommerce' ),
33✔
128
                                'desc'     => __( 'Converts non-latin characters (Cyrillic, Chinese, Arabic, etc.) to their latin equivalents in GraphQL type and enum names. Enable this if your WooCommerce tax classes, product attributes, or taxonomies use non-latin names. Requires the PHP intl extension.', 'graphql-for-ecommerce' )
33✔
129
                                        . ( ! function_exists( 'transliterator_transliterate' ) ? __( ' <strong>Warning:</strong> The PHP intl extension is not available. This setting will have no effect.', 'graphql-for-ecommerce' ) : '' ),
33✔
130
                                'type'     => 'checkbox',
33✔
131
                                'default'  => 'off',
33✔
132
                                'disabled' => ! function_exists( 'transliterator_transliterate' ),
33✔
133
                        ],
33✔
134
                        [
33✔
135
                                'name'    => 'enable_unsupported_product_type',
33✔
136
                                'label'   => __( 'Enable Unsupported types', 'graphql-for-ecommerce' ),
33✔
137
                                'desc'    => __( 'Substitute unsupported product types with SimpleProduct', 'graphql-for-ecommerce' ),
33✔
138
                                'type'    => 'checkbox',
33✔
139
                                'default' => 'off',
33✔
140
                        ],
33✔
141
                        [
33✔
142
                                'name'              => 'enable_authorizing_url_fields',
33✔
143
                                'label'             => __( 'Enable User Session transferring URLs', 'graphql-for-ecommerce' ),
33✔
144
                                'desc'              => __( 'URL fields to add to the <strong>Customer</strong> type.', 'graphql-for-ecommerce' )
33✔
145
                                        . ( $enable_auth_urls_hardcoded ? __( ' This setting is disabled. The "WPGRAPHQL_WOOCOMMERCE_ENABLE_AUTH_URLS" flag has been triggered with code', 'graphql-for-ecommerce' ) : '' ),
33✔
146
                                'type'              => 'multicheck',
33✔
147
                                'options'           => apply_filters(
33✔
148
                                        'woographql_settings_enable_authorizing_url_options',
33✔
149
                                        [
33✔
150
                                                'cart_url'               => __( 'Cart URL. Field name: <strong>cartUrl</strong>', 'graphql-for-ecommerce' ),
33✔
151
                                                'checkout_url'           => __( 'Checkout URL. Field name: <strong>checkoutUrl</strong>', 'graphql-for-ecommerce' ),
33✔
152
                                                'account_url'            => __( 'Account URL. Field name: <strong>accountUrl</strong>', 'graphql-for-ecommerce' ),
33✔
153
                                                'add_payment_method_url' => __( 'Add Payment Method URL. Field name: <strong>addPaymentMethodUrl</strong>', 'graphql-for-ecommerce' ),
33✔
154
                                        ]
33✔
155
                                ),
33✔
156
                                'value'             => $enable_auth_urls_hardcoded ? $all_urls_checked : woographql_setting( 'enable_authorizing_url_fields', [] ),
33✔
157
                                'disabled'          => $enable_auth_urls_hardcoded,
33✔
158
                                'sanitize_callback' => static function ( $value ) {
33✔
159
                                        if ( empty( $value ) ) {
×
160
                                                return [];
×
161
                                        }
162

163
                                        return $value;
×
164
                                },
33✔
165
                        ],
33✔
166
                        [
33✔
167
                                'name'     => 'authorizing_url_endpoint',
33✔
168
                                'label'    => __( 'Endpoint for Authorizing URLs', 'graphql-for-ecommerce' ),
33✔
169
                                'desc'     => sprintf(
33✔
170
                                        /* translators: %1$s: Site URL, %2$s: WooGraphQL Auth Endpoint */
171
                                        __( 'The endpoint (path) for transferring user sessions on the site. <a target="_blank" href="%1$s/%2$s">%1$s/%2$s</a>.', 'graphql-for-ecommerce' ),
33✔
172
                                        site_url(),
33✔
173
                                        woographql_setting( 'authorizing_url_endpoint', 'transfer-session' )
33✔
174
                                ),
33✔
175
                                'type'     => 'text',
33✔
176
                                'default'  => ! empty( $custom_endpoint ) ? $custom_endpoint : 'transfer-session',
33✔
177
                                'disabled' => empty( $enabled_authorizing_url_fields ),
33✔
178
                        ],
33✔
179
                        [
33✔
180
                                'name'              => 'cart_url_nonce_param',
33✔
181
                                'label'             => __( 'Cart URL nonce name', 'graphql-for-ecommerce' ),
33✔
182
                                'desc'              => __( 'Query parameter name of the nonce included in the "cartUrl" field', 'graphql-for-ecommerce' )
33✔
183
                                        . ( $cart_url_hardcoded ? __( ' This setting is disabled. The "CART_URL_NONCE_PARAM" flag has been set with code', 'graphql-for-ecommerce' ) : '' ),
33✔
184
                                'type'              => 'text',
33✔
185
                                'value'             => $cart_url_hardcoded ? constant( 'CART_URL_NONCE_PARAM' ) : woographql_setting( 'cart_url_nonce_param', '_wc_cart' ),
33✔
186
                                'disabled'          => defined( 'CART_URL_NONCE_PARAM' ) || ! in_array( 'cart_url', $enabled_authorizing_url_fields, true ),
33✔
187
                                'sanitize_callback' => static function ( $value ) {
33✔
188
                                        $other_nonces = self::get_other_nonce_values( 'cart_url' );
×
189
                                        if ( in_array( $value, $other_nonces, true ) ) {
×
190
                                                add_settings_error(
×
191
                                                        'cart_url_nonce_param',
×
192
                                                        'unique',
×
NEW
193
                                                        __( 'The <strong>Cart URL nonce name</strong> field must be unique', 'graphql-for-ecommerce' ),
×
194
                                                        'error'
×
195
                                                );
×
196

197
                                                return '_wc_cart';
×
198
                                        }
199

200
                                        return $value;
×
201
                                },
33✔
202
                        ],
33✔
203
                        [
33✔
204
                                'name'              => 'checkout_url_nonce_param',
33✔
205
                                'label'             => __( 'Checkout URL nonce name', 'graphql-for-ecommerce' ),
33✔
206
                                'desc'              => __( 'Query parameter name of the nonce included in the "checkoutUrl" field', 'graphql-for-ecommerce' )
33✔
207
                                        . ( $checkout_url_hardcoded ? __( ' This setting is disabled. The "CHECKOUT_URL_NONCE_PARAM" flag has been set with code', 'graphql-for-ecommerce' ) : '' ),
33✔
208
                                'type'              => 'text',
33✔
209
                                'value'             => $checkout_url_hardcoded ? constant( 'CHECKOUT_URL_NONCE_PARAM' ) : woographql_setting( 'checkout_url_nonce_param', '_wc_checkout' ),
33✔
210
                                'disabled'          => defined( 'CHECKOUT_URL_NONCE_PARAM' ) || ! in_array( 'checkout_url', $enabled_authorizing_url_fields, true ),
33✔
211
                                'sanitize_callback' => static function ( $value ) {
33✔
212
                                        $other_nonces = self::get_other_nonce_values( 'checkout_url' );
×
213
                                        if ( in_array( $value, $other_nonces, true ) ) {
×
214
                                                add_settings_error(
×
215
                                                        'checkout_url_nonce_param',
×
216
                                                        'unique',
×
NEW
217
                                                        __( 'The <strong>Checkout URL nonce name</strong> field must be unique', 'graphql-for-ecommerce' ),
×
218
                                                        'error'
×
219
                                                );
×
220

221
                                                return '_wc_checkout';
×
222
                                        }
223

224
                                        return $value;
×
225
                                },
33✔
226
                        ],
33✔
227
                        [
33✔
228
                                'name'              => 'account_url_nonce_param',
33✔
229
                                'label'             => __( 'Account URL nonce name', 'graphql-for-ecommerce' ),
33✔
230
                                'desc'              => __( 'Query parameter name of the nonce included in the "accountUrl" field', 'graphql-for-ecommerce' )
33✔
231
                                        . ( $account_url_hardcoded ? __( ' This setting is disabled. The "ACCOUNT_URL_NONCE_PARAM" flag has been set with code', 'graphql-for-ecommerce' ) : '' ),
33✔
232
                                'type'              => 'text',
33✔
233
                                'value'             => $account_url_hardcoded ? constant( 'ACCOUNT_URL_NONCE_PARAM' ) : woographql_setting( 'account_url_nonce_param', '_wc_account' ),
33✔
234
                                'disabled'          => defined( 'ACCOUNT_URL_NONCE_PARAM' ) || ! in_array( 'account_url', $enabled_authorizing_url_fields, true ),
33✔
235
                                'sanitize_callback' => static function ( $value ) {
33✔
236
                                        $other_nonces = self::get_other_nonce_values( 'account_url' );
×
237
                                        if ( in_array( $value, $other_nonces, true ) ) {
×
238
                                                add_settings_error(
×
239
                                                        'account_url_nonce_param',
×
240
                                                        'unique',
×
NEW
241
                                                        __( 'The <strong>Account URL nonce name</strong> field must be unique', 'graphql-for-ecommerce' ),
×
242
                                                        'error'
×
243
                                                );
×
244

245
                                                return '_wc_account';
×
246
                                        }
247

248
                                        return $value;
×
249
                                },
33✔
250
                        ],
33✔
251
                        [
33✔
252
                                'name'              => 'add_payment_method_url_nonce_param',
33✔
253
                                'label'             => __( 'Add Payment Method URL nonce name', 'graphql-for-ecommerce' ),
33✔
254
                                'desc'              => __( 'Query parameter name of the nonce included in the "addPaymentMethodUrl" field', 'graphql-for-ecommerce' )
33✔
255
                                        . ( $add_payment_method_url_hardcoded ? __( ' This setting is disabled. The "ADD_PAYMENT_METHOD_URL_NONCE_PARAM" flag has been set with code', 'graphql-for-ecommerce' ) : '' ),
33✔
256
                                'type'              => 'text',
33✔
257
                                'value'             => $add_payment_method_url_hardcoded ? constant( 'ADD_PAYMENT_METHOD_URL_NONCE_PARAM' ) : woographql_setting( 'add_payment_method_url_nonce_param', '_wc_payment' ),
33✔
258
                                'disabled'          => defined( 'ADD_PAYMENT_METHOD_URL_NONCE_PARAM' ) || ! in_array( 'add_payment_method_url', $enabled_authorizing_url_fields, true ),
33✔
259
                                'sanitize_callback' => static function ( $value ) {
33✔
260
                                        $other_nonces = self::get_other_nonce_values( 'add_payment_method_url' );
×
261
                                        if ( in_array( $value, $other_nonces, true ) ) {
×
262
                                                add_settings_error(
×
263
                                                        'add_payment_method_url_nonce_param',
×
264
                                                        'unique',
×
NEW
265
                                                        __( 'The <strong>Add Payment Method URL nonce name</strong> field must be unique', 'graphql-for-ecommerce' ),
×
266
                                                        'error'
×
267
                                                );
×
268

269
                                                return '_wc_payment';
×
270
                                        }
271

272
                                        return $value;
×
273
                                },
33✔
274
                        ],
33✔
275
                        [
33✔
276
                                'name'    => 'enable_pre_auth_download_urls',
33✔
277
                                'label'   => __( 'Enable pre-authenticated download URLs', 'graphql-for-ecommerce' ),
33✔
278
                                'desc'    => __( 'Adds a "preAuthDownloadUrl" field to downloadable items that generates a tokenized URL allowing downloads without cookie-based authentication. Useful for headless frontends where users cannot be redirected through the session transfer endpoint.', 'graphql-for-ecommerce' ),
33✔
279
                                'type'    => 'checkbox',
33✔
280
                                'default' => 'off',
33✔
281
                        ],
33✔
282
                        [
33✔
283
                                'name'    => 'download_url_nonce_param',
33✔
284
                                'label'   => __( 'Download URL nonce name', 'graphql-for-ecommerce' ),
33✔
285
                                'desc'    => __( 'Query parameter name of the nonce included in the "downloadUrl" field on downloadable items.', 'graphql-for-ecommerce' ),
33✔
286
                                'type'    => 'text',
33✔
287
                                'default' => '_wc_download',
33✔
288
                        ],
33✔
289
                ];
33✔
290
        }
291
}
STATUS · Troubleshooting · Open an Issue · Sales · Support · CAREERS · ENTERPRISE · START FREE · SCHEDULE DEMO
ANNOUNCEMENTS · TWITTER · TOS & SLA · Supported CI Services · What's a CI service? · Automated Testing

© 2026 Coveralls, Inc