Develop WooCommerce

The official WooCommerce development blog

How we’re tackling GDPR in WooCommerce core — April 10, 2018

How we’re tackling GDPR in WooCommerce core

Stronger rules on data protection from May 2018 mean citizens have more control over their data.

GDPR is coming, and we’re working hard to get new tools in WooCommerce core to help store owners comply. If you’re not familiar with GDPR yet, Hannah wrote a great introduction to GDPR on the main WooCommerce blog which you can read to get caught up.

It’s important to note that this new law doesn’t just apply to stores in the EU – this applies globally to stores that sell products to EU residents.

We’re currently building new tools into our upcoming 3.4 release to help store owners deal with GDPR requests and surface things such as privacy policies on the checkout. Some of the tools are built already, or are in progress, notably:

  • Improvements to the checkout in https://github.com/woocommerce/woocommerce/pull/19637, which include:
    • Better formatting for inline descriptions should someone which to include just in time privacy text next to fields, and some simple tools to toggle non-critical fields off to avoid unnecessary data collection.
    • Custom terms and conditions text, and control over the checkbox + label itself.
    • In progress personal data export and bulk order anonymize in https://github.com/woocommerce/woocommerce/pull/19330.
  • We’ve cleared up wording around the tracker in the Wizard to ensure it’s compliant.
38418983-7101a9fc-3996-11e8-8977-147251ce9574.png
Improved terms and conditions display on checkout

Open GDPR issues can be tracked here. One thing not yet completed is personal data export, which is arguably the most important thing we need to assist store owners with. To solve this, we’re working to bring these tools to WordPress core. Read on for the details.

The road to WordPress core compliance

Rather than create something proprietary, or specific to WooCommerce, our team is focussing on WordPress core contributions so that all users and plugins can benefit from a single, unified system in WordPress itself. We feel this is the most effective use of everybody’s time.

To that end, we’ve started on several new screens and functions for WP core which (if approved) will facilitate user requests and create export files of personal data.

Here are a few of the tickets we’re actively contributing to:

Way for users (and guests) to request personal data and/or removal

Managing requests, for example requests for personal data, needs some kind of UI or system to track who did the request, the status of the request, and the date of the request. GDPR requires that requests are responded to within 30 days.

To help with this, we’re creating a requests system within WordPress to deal with this.

43481-april-9.png
What the requests UI may look like

The UI shown above has been submitted as a patch in #43481. The basic flow in the v1 is as follows:

  1. User makes request via contact form or some other method of contact.
  2. Admin adds the request via the WordPress dashboard.
  3. User verifies the request.
  4. Admin triggers a response to the request e.g. by sending the data they requested.
  5. Request is either kept for tracking purposes, or removed.

To ensure the user is really who they say they are (remember emails can be spoofed!) we created a mechanism whereby WordPress will send a confirmation email to the user with a link they can click to confirm any action. This is similar to the “change password” flow in WordPress, but more general. This has been submitted via #43443.

s31c4pdznjnmauozSpark%20-%20Inbox%202018-03-05%2017-32-34.png (746×507) 2018-03-05 18-14-40.png

Requests can be tracked and can have the following statuses:

  • Pending
  • Confirmed
  • Failed
  • Completed

Thats it! If merged, we’ll move on to the ‘next steps’ column which will include buttons and links to send export files and so on to the requester.

The personal data export system

The next part to this is the actual export file generation. This will export all personal data tied to a specific email address in a human readable format.

How this works technically is:

  • A WordPress endpoint is hit, and a filter is ran to gather a list of data exporters from various plugins and core itself.
  • Each data exporter is called and the exporter from each plugin returns personal data based on a given email address.
  • Exporters support pagination, and each call is done in a separate request to prevent timeouts.
  • All of the data is appended to an export file. This is then served to the admin.

The main trac ticket for this is #43438. This fires the actions and filters for plugins to use. This prototype works with our in progress implementation in WooCommerce here.

Another related ticket is #43440 which puts WordPress comment data into the export.

Finally, #43551 improves how the export is served to the admin; as a HTML file within a zip file which is portable and human readable!

43551.2.png
A sample export file

What else is being worked on in WordPress core?

Some other tools being made inside WordPress include:

If you’re keen on contributing, all GDPR issues in WordPress itself are tagged in trac here.

There are also lots of discussions taking place in WordPress Slack in the #gdpr-compliance room. Join us!

WooCommerce 3.3.4 fix release notes — March 20, 2018

WooCommerce 3.3.4 fix release notes

WooCommerce 3.3.4 is now available. ~30 commits made it into this release and the full changelog is below.

* Fix - Fixed undefined index after running setup wizard two times on fresh install.
* Fix - wc_get_loop_class; force columns to be a minimum of 1.
* Fix - Added loading spinner to WC panels in menu admin. 
* Fix - Use relative scheme for AJAX endpoint to avoid errors when using a mix of HTTP and HTTPS.
* Fix - Fix SelectWoo templateSelection property.
* Fix - Layered nav support on unsupported theme archives.
* Fix - Prevent full refresh when editing store notice in the customizer.
* Fix - Only append tax label in email content if taxes are enabled.
* Fix - More reliable Jetpack detection.
* Fix - Check if product has weight before calculate weight total in cart.
* Fix - Correctly handle default ordering on the search page.
* Fix - Fix default product category handling in installer.
* Fix - Properly check slugs when updating attributes.
* Fix - Use gallery thumbnail size for variation image switcher.
* Fix - Clear subcategory cache when updating product categories.
* Fix - Round fractional cents when out of base.
* Fix - Inherit 'is variation' from existing attribute during csv import.
* Fix - Set is_shortcode loop prop when outputting subcategories.
* Fix - Reload gateways after updating the order.
* Tweak - Use wc_get_default_products_per_row as the default for product shortcodes.
* Tweak - Add post_excerpt to product search.
* Tweak - Update the description of the user tracking notice in the onboarding wizard.
* Tweak - Add extra data in order mobile view (status and date).
* Tweak - Add profile link to order screen.

 

Download the latest release of WooCommerce here or venture over to Dashboard → Updates to update your plugins from WordPress.

As usual, if you spot any other issues in WooCommerce core please log them in detail on Github, and to disclose a security issue to our team, please submit a report via HackerOne here. Comments on this post are closed.

WooCommerce 3.3.3 fix release notes — February 21, 2018

WooCommerce 3.3.3 fix release notes

WooCommerce 3.3.3 is now available. ~9 commits made it into this release.

This fixes some issues with comma based currency settings, and the variation image switcher for variable products. The full changelog is below.

* Fix - Fixed is_numeric check which was affecting order subtotals/totals when using comma decimal separator.
* Fix - Add missing direct script access checks to loop templates.
* Fix - Added wp-post-image class to main image so variation images are swapped correctly.
* Fix - API - Adjusted schema for products shipping_class_id to integer.
* Fix - Made init tooltips event more specific to avoid conflict with Product Invoices extension.

Download the latest release of WooCommerce here or venture over to Dashboard → Updates to update your plugins from WordPress.

As usual, if you spot any other issues in WooCommerce core please log them in detail on Github, and to disclose a security issue to our team, please submit a report via HackerOne here. Comments on this post are closed.

WooCommerce 3.3.2 fix release notes — February 20, 2018

WooCommerce 3.3.2 fix release notes

WooCommerce 3.3.2 is now available. ~85 commits made it into this release. The full changelog is below.

* Fix - Fixed admin product SKU searching and searching non-published products.
* Fix - PHP7.1 notice when image height is empty.
* Fix - Prevent repeated update_option calls on page load due to php type juggling.
* Fix - Only do unsupported template rendering in the loop to prevent conflicts with other shortcodes on the shop page.
* Fix - Don't prepend regular shortcodes with categories.
* Fix - If using get_catalog_ordering_args. remove the args when finished.
* Fix - Remove "Type" column on attributes table by default unless custom types are defined.
* Fix - Use verbose page rules when shop is in the URL, including shop base with category, to prevent 404s.
* Fix - Set woocommerce_hide_invisible_variations to true so disabled variation attributes are hidden on product pages.
* Fix - Help tip for webhook status.
* Fix - Shipping zone documentation help link was printing wrong.
* Fix - Stop background processing images when disabled via the filter.
* Fix - Only search when a search term is provided. Ignore empty strings.
* Fix - Fix check for external resources.
* Fix - Show full date for future orders.
* Fix - Prevent JS error is 'orders' row is disabled on order screen.
* Fix - Fix save of tax settings when no changes have been made.
* Fix - Add nonce to logout link on my account page so you do not need to confirm the action.
* Fix - API - Set status after order is created/updated so triggered emails are current.
* Fix - API - Fix single webhook endpoint.
* Tweak - Added help text for background image processing.
* Tweak - Added notice when background image processing is running, with cancel button.
* Tweak - Run background image processing less often by tracking changes.
* Tweak - Added system status tool to run background image processing manually.
* Tweak - If using Jetpack Photon, use that instead of background image processing.
* Tweak - Gallery thumbnail image size to handle small, square cropped images.
* Tweak - Helper function (and template version bump for image templates) to render gallery images.
* Tweak - Add help text for the default category to explain usage.
* Tweak - Allow changing the default product category.
* Tweak - Tweak mobile view of order preview to improve layout in non-english.
* Tweak - If selecting text, don't link to order on row click.
* Localization - Remove isle of man state.

Download the latest release of WooCommerce here or venture over to Dashboard → Updates to update your plugins from WordPress.

As usual, if you spot any other issues in WooCommerce core please log them in detail on Github, and to disclose a security issue to our team, please submit a report via HackerOne here. Comments on this post are closed.

WooCommerce 3.3.1 fix release notes — February 6, 2018

WooCommerce 3.3.1 fix release notes

WooCommerce 3.3.1 is now available. This release fixes conflicts with a handful of themes running template files from 3.2.x that were thus incompatible with the 3.3.0 update.

You may have seen that 3.3.0 was removed from WordPress.org soon after release; this was to give the team time to look deeper into the conflicts being reported and avoid more users running into the same issues.

The issue affected themes with template overrides from 3.2.x that hadn’t been made compatible with 3.3. In general, we recommend that themes use hooks instead of template overrides. Themes such as Storefront (which does not use template overrides) were compatible at launch.

To resolve these issues, we selected a set of the most common themes running on WooCommerce stores and then tested for compatibility with the 3.3.1 release. In addition, some theme authors have tested and released updates to ensure compatibility as well.

Want to read about current best practices around templates and overrides? Read this wiki post.

This has been a learning experience for us, and has highlighted problems in the extensibility of the template system, and a disconnect between our team and theme authors operating on external marketplaces. We hope to find solutions to these problems in the near future.

We’re hopeful the majority of the problems are now resolved and we can push ahead. ~90 commits made it into this release. The full changelog is below.

* Fix - Added `woocommerce_output_product_categories` to replace `woocommerce_product_subcategories` function to prevent outdated theme template files from outputting categories on the shop and category pages in err.
* Fix - Prevented columns from being set to anything lower than 1.
* Fix - Added extra error checking in Webhooks API to prevent notices when deleting Webhooks.
* Fix - Prevented list table classes being loaded multiple times. This also fixes compatibility with Smart Coupons extension.
* Fix - Removed stray debug string from order email template and fixed some typos.
* Fix - Set up the loop when calling wc_get_loop_prop. Fixes compatibility with some themes.
* Fix - Remove multiple application of filter 'woocommerce_order_item_product'.
* Fix - Protect against theme support being defined too late. Fixes some issues with custom themes defining WooCommerce support incorrectly.
* Fix - Add fallback for themes that just get the pagination template.
* Fix - Made the on-the-fly image regen also regenerate missing sizes.
* Fix - Fixed missing user_id in webhook migration script.
* Fix - Allow uncategorized category to be sorted like the others.
* Fix - If theme support changes, we may need to flush permalinks since some are changed based on this flag.
* Fix - Fire hooks for pagination etc only when pagination is enabled.
* Fix - Default HTML in end wrapper template.
* Fix - Prevent regular pagination showing on archives for unsupported themes.
* Fix - Fix shop when shown as homepage in unsupported themes.
* Fix - Fix SKU mapping for placeholders during CSV import.
* Fix - Use CRUD search helper in admin products table so partial SKU search works.
* Fix - Fix bulk sale/regular price percentage handling.
* Fix - More specificity on smallscreen style override for columns.
* Tweak - Add notice for moved store notice setting.
* Tweak - Allow removing coupons on editable orders only.
* Tweak - Extended the background processing library to avoid changing methods in the library.
* Tweak - Do not show row settings if something is managing the number of products per page.
* Tweak - Allow devs to add 'no-link' class to elements to prevent order view link being triggered on row click.
* Tweak - Made woocommerce_resize_images filter more useful by calling it later.
* Tweak - Revert default columns back to 4 so it's consistent with 3.2.

Download the latest release of WooCommerce here or venture over to Dashboard → Updates to update your plugins from WordPress.

As usual, if you spot any other issues in WooCommerce core please log them in detail on Github, and to disclose a security issue to our team, please submit a report via HackerOne here.