* @package WooCommerce\Admin
use Automattic\Jetpack\Constants;
use Automattic\WooCommerce\Admin\RemoteInboxNotifications as PromotionRuleEngine;
use Automattic\WooCommerce\Admin\RemoteSpecs\RuleProcessors\RuleEvaluator;
if ( ! defined( 'ABSPATH' ) ) {
* Fetch featured products from WCCOM's the Featured 3.0 Endpoint and cache the data for a day.
public static function fetch_featured() {
$transient_name = 'wc_addons_featured';
// Important: WCCOM Extensions API v4.0 is used.
$url = 'https://woocommerce.com/wp-json/wccom-extensions/4.0/featured';
$locale = get_user_locale();
$featured = self::get_locale_data_from_transient( $transient_name, $locale );
if ( false === $featured ) {
$raw_featured = self::fetch( $url, $fetch_options );
$featured = self::process_api_response( $raw_featured, 'featured' );
if ( ! is_wp_error( $featured ) && $featured ) {
self::set_locale_data_in_transient( $transient_name, $featured, $locale, DAY_IN_SECONDS );
* Fetch markup and other info for the preview of a product.
* @param int $product_id The ID of the product to fetch preview for.
* @return array|WP_Error Preview data or error object.
public static function fetch_product_preview( int $product_id ) {
$url = 'https://woocommerce.com/wp-json/wccom-extensions/1.0/product-previews?product_id=' . $product_id;
$raw_preview = self::fetch( $url, $fetch_options );
return self::process_api_response( $raw_preview, 'product preview', true );
* Check if the error is due to an SSL error
* @param string $error_message Error message.
* @return bool True if SSL error, false otherwise
public static function is_ssl_error( $error_message ) {
return false !== stripos( $error_message, 'cURL error 35' );
* Get sections for the addons screen
* @return array of objects
public static function get_sections() {
$locale = get_user_locale();
$addon_sections = self::get_locale_data_from_transient( 'wc_addons_sections', $locale );
if ( false === ( $addon_sections ) ) {
$parameter_string = '?' . http_build_query( array( 'locale' => get_user_locale() ) );
$raw_sections = wp_safe_remote_get(
'https://woocommerce.com/wp-json/wccom-extensions/1.0/categories' . $parameter_string,
'user-agent' => 'WooCommerce/' . WC()->version . '; ' . get_bloginfo( 'url' ),
if ( ! is_wp_error( $raw_sections ) ) {
$addon_sections = json_decode( wp_remote_retrieve_body( $raw_sections ) );
self::set_locale_data_in_transient( 'wc_addons_sections', $addon_sections, $locale, WEEK_IN_SECONDS );
return apply_filters( 'woocommerce_addons_sections', $addon_sections );
* Get section for the addons screen.
* @param string $section_id Required section ID.
public static function get_section( $section_id ) {
$sections = self::get_sections();
if ( isset( $sections[ $section_id ] ) ) {
return $sections[ $section_id ];
* Returns in-app-purchase URL params.
public static function get_in_app_purchase_url_params() {
// Get url (from path onward) for the current page,
// so WCCOM "back" link returns user to where they were.
$back_admin_path = add_query_arg( array() );
'wccom-site' => site_url(),
'wccom-back' => rawurlencode( $back_admin_path ),
'wccom-woo-version' => Constants::get_constant( 'WC_VERSION' ),
'wccom-connect-nonce' => wp_create_nonce( 'connect' ),
* Add in-app-purchase URL params to link.
* Adds various url parameters to a url to support a streamlined
* flow for obtaining and setting up WooCommerce extensons.
* @param string $url Destination URL.
public static function add_in_app_purchase_url_params( $url ) {
self::get_in_app_purchase_url_params(),
* @param string $url Destination URL.
* @param string $text Button label text.
* @param string $style Button style class.
* @param string $plugin The plugin the button is promoting.
public static function output_button( $url, $text, $style, $plugin = '' ) {
$style = __( 'Free', 'woocommerce' ) === $text ? 'addons-button-outline-purple' : $style;
$style = is_plugin_active( $plugin ) ? 'addons-button-installed' : $style;
$text = is_plugin_active( $plugin ) ? __( 'Installed', 'woocommerce' ) : $text;
$url = self::add_in_app_purchase_url_params( $url );
class="addons-button <?php echo esc_attr( $style ); ?>"
href="<?php echo esc_url( $url ); ?>">
<?php echo esc_html( $text ); ?>
* Process requests to legacy marketplace menu and redirect to correct in-app pages.
public static function handle_legacy_marketplace_redirects() {
$section = isset( $_GET['section'] ) ? sanitize_text_field( wp_unslash( $_GET['section'] ) ) : '_featured';
$search = isset( $_GET['search'] ) ? sanitize_text_field( wp_unslash( $_GET['search'] ) ) : '';
if ( 'helper' === $section ) {
$url = admin_url( 'admin.php?page=wc-admin&tab=my-subscriptions&path=%2Fextensions' );
if ( isset( $_GET['connect'] ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Recommended
wp_safe_redirect( $url );
if ( 'search' === $section || ! empty( $search ) ) {
wp_safe_redirect( admin_url( 'admin.php?page=wc-admin&term=' . $search . '&tab=search&path=%2Fextensions' ) );
$sections = self::get_sections();
$allowed_sections = array_map( fn( $section_object ) => $section_object->slug, $sections );
// Validate if the category is supported.
$section = in_array( $section, $allowed_sections, true ) ? $section : '_featured';
if ( '_featured' === $section ) {
wp_safe_redirect( admin_url( 'admin.php?page=wc-admin&path=%2Fextensions' ) );
wp_safe_redirect( admin_url( 'admin.php?page=wc-admin&tab=extensions&path=%2Fextensions&category=' . $section ) );
* We're displaying page=wc-addons and page=wc-addons§ion=helper as two separate pages.
* When we're on those pages, add body classes to distinguishe them.
* @param string $admin_body_class Unfiltered body class.
* @return string Body class with added class for Marketplace or My Subscriptions page.
public static function filter_admin_body_classes( string $admin_body_class = '' ): string {
if ( isset( $_GET['section'] ) && 'helper' === $_GET['section'] ) {
return " $admin_body_class woocommerce-page-wc-subscriptions ";
return " $admin_body_class woocommerce-page-wc-marketplace ";
* Take an action object and return the URL based on properties of the action.
* @param object $action Action object.
public static function get_action_url( $action ): string {
if ( ! isset( $action->url ) ) {
if ( isset( $action->url_is_admin_query ) && $action->url_is_admin_query ) {
return wc_admin_url( $action->url );
if ( isset( $action->url_is_admin_nonce_query ) && $action->url_is_admin_nonce_query ) {
if ( empty( $action->nonce ) ) {
admin_url( $action->url ),
* Retrieves the locale data from a transient.
* Transient value is an array of locale data in the following format:
* If the transient does not exist, does not have a value, or has expired,
* then the return value will be false.
* @param string $transient Transient name. Expected to not be SQL-escaped.
* @param string $locale Locale to retrieve.
* @return mixed Value of transient.
private static function get_locale_data_from_transient( $transient, $locale ) {
$transient_value = get_transient( $transient );
$transient_value = is_array( $transient_value ) ? $transient_value : array();
return $transient_value[ $locale ] ?? false;
* Sets the locale data in a transient.
* Transient value is an array of locale data in the following format:
* @param string $transient Transient name. Expected to not be SQL-escaped.
* Must be 172 characters or fewer in length.
* @param mixed $value Transient value. Must be serializable if non-scalar.
* Expected to not be SQL-escaped.
* @param string $locale Locale to set.
* @param int $expiration Optional. Time until expiration in seconds. Default 0 (no expiration).
* @return bool True if the value was set, false otherwise.
private static function set_locale_data_in_transient( $transient, $value, $locale, $expiration = 0 ) {
$transient_value = get_transient( $transient );
$transient_value = is_array( $transient_value ) ? $transient_value : array();
$transient_value[ $locale ] = $value;
return set_transient( $transient, $transient_value, $expiration );
* Process API response from WooCommerce.com endpoints.
* @param array|WP_Error $response The response from the API request.
* @param string $context Context for error messages (e.g. 'featured', 'product-preview').
* @param bool $associative Whether to decode the JSON as an associative array.
* @return array|WP_Error Processed API data or WP_Error on failure.
private static function process_api_response( $response, $context = 'api', $associative = false ) {
if ( is_wp_error( $response ) ) {
* Hook fired when there is a connection error with WooCommerce.com.
* @param string $error_message The error message.
do_action( 'woocommerce_page_wc_addons_connection_error', $response->get_error_message() );
$message = self::is_ssl_error( $response->get_error_message() )
'We encountered an SSL error. Please ensure your site supports TLS version 1.2 or above.',
: $response->get_error_message();
return new WP_Error( 'wc-addons-connection-error', $message );
$response_code = (int) wp_remote_retrieve_response_code( $response );
if ( 200 !== $response_code ) {
* Hook fired when there is a connection error with WooCommerce.com.
* @param int $response_code The HTTP response code.
do_action( 'woocommerce_page_wc_addons_connection_error', $response_code );
/* translators: 1: Context (e.g. 'featured', 'product-preview') 2: HTTP error code */
__( 'Our request to the %1$s API got error code %2$d.', 'woocommerce' ),
return new WP_Error( 'wc-addons-connection-error', $message );
$data = json_decode( wp_remote_retrieve_body( $response ), $associative );
if ( empty( $data ) || ! is_array( $data ) ) {
* Hook fired when there is a connection error with WooCommerce.com.
* @param string $error_message The error message.
do_action( 'woocommerce_page_wc_addons_connection_error', 'Empty or malformed response' );
/* translators: %s: Context (e.g. 'featured', 'product-preview') */
__( 'Our request to the %s API got a malformed response.', 'woocommerce' ),
return new WP_Error( 'wc-addons-connection-error', $message );
* Make wp_safe_remote_get request to WooCommerce.com endpoint.
* Optionally pass user auth token, locale or country.
* @param string $url URL to request.
* @param ?array $options Options for the request. For example, to pass auth token, locale and country,
* pass array( 'auth' => true, 'locale' => true, 'country' => true, ).
public static function fetch( $url, $options = array() ) {
if ( isset( $options['auth'] ) && $options['auth'] ) {
$auth = WC_Helper_Options::get( 'auth' );
if ( isset( $auth['access_token'] ) && ! empty( $auth['access_token'] ) ) {
$headers['Authorization'] = 'Bearer ' . $auth['access_token'];
if ( isset( $options['locale'] ) && $options['locale'] ) {
$parameters['locale'] = get_user_locale();
if ( isset( $options['country'] ) && $options['country'] ) {
$country = WC()->countries->get_base_country();
if ( ! empty( $country ) ) {
$parameters['country'] = $country;
// Check if URL already has query parameters.
$connector = strpos( $url, '?' ) !== false ? '&' : '?';
$query_string = ! empty( $parameters ) ? $connector . http_build_query( $parameters ) : '';
return wp_safe_remote_get(
'user-agent' => 'WooCommerce/' . WC()->version . '; ' . get_bloginfo( 'url' ),
It is recommended that you Edit text format, this type of Fix handles quite a lot in one request
