Develop WooCommerce

The official WooCommerce development blog

WooCommerce 3.4 Beta is here! — April 18, 2018

WooCommerce 3.4 Beta is here!

Today we’re pleased to announce that WooCommerce 3.4 is available for beta testing!

You can download it directly here or WooCommerce prerelease versions are also now available at WordPress.org.

Release highlights

3.4 is the second minor release this year. Being a minor release, all new functionality should exist in a backwards-compatible manner. Updating from any version since 3.0 should be hassle free!

Here is what to look out for in the update.

GDPR compliance

Enforcement of the EU General Data Protection Regulation (GDPR) begins shortly after the release of WooCommerce 3.4. We have added tools and features to help store owners become GDPR-compliant and deal with GDPR requests from customers.

Some of these features include:

  • Ability to add privacy policy text to checkout and account pages
  • Integration with the exporter coming in WordPress core (soon)
  • Tools to clean up (trash) and anonymize old orders which don’t need processing.
  • Tools to remove fields some optional fields from the checkout.

You can read more about how we’re tackling GDPR in WooCommerce core here, or read the readme for the full list.

GeoLite2 integration

WooCommerce uses the MaxMind GeoLite database for geolocation during checkout to automatically select the customer’s correct country. The GeoLite database has been discontinued by MaxMind, and GeoLite2 is the replacement. This release adds support for and integrates WooCommerce with GeoLite2 to ensure geolocation will continue working correctly for the forseeable future. The whole process is automatic and no further action is needed on the store owner’s part to keep geolocation working correctly.

The library that integrates with GeoLite2 requires a minimum PHP version of 5.4. As a necessary step WooCommerce will not support geolocation using GeoLite2 on PHP versions less than 5.4.

On sites running those PHP versions geolocation will be done through the REST API. The API-based geolocation is a slower method, and it is recommended you update your PHP version if you are running a version less than 5.4.

If you need help upgrading your PHP version, here is our handy guide.

Beginning this release, the recommended PHP version for WooCommerce is 7.2.

 

Multisite dashboard widget

WooCommerce 3.4 introduces a new dashboard widget for multisite installs. This widget shows processing and on hold orders the user has access to from across the multisite network. This lets store owners and managers easily see orders that need action without having to manually go and check each site.

This should be a big time-saver for anyone that runs multiple WooCommerce stores using multisite!

Everything else . . .

Other features include:

  • Wildcard email support for coupon restrictions. Using the wildcard character you can set up coupons restricted to groups of similar email addresses (.edu email accounts, corporate email accounts from a certain business, etc.).
  • Users can now set their display name on the My Account page.
  • Improvements to the admin product search, including stopword support and the ability to search for multiple products in the same query.

On top of the new features, there are a variety of minor tweaks, new hooks, and fixes. We won’t go into detail here, but you can see the full list of changes in the readme if you’re interested!

Template file changes

  • auth/form-login.php – Named nonces and used nbsp; to separate the * in required fields to prevent awkward line breaks.
  • cart/cart.php – Named nonces and added filter around backorder notification text.
  • cart/shipping-calculator.php – Named nonces.
  • checkout/form-coupon.php – Use no-js class to to hide forms/content that require JavaScript.
  • checkout/form-login.php – Use no-js class to to hide forms/content that require JavaScript.
  • checkout/form-pay.php – Named nonces.
  • checkout/payment.php – Named nonces.
  • checkout/terms.php – Make sure terms page exists and isn’t trashed. Used nbsp; to separate the * in required fields to prevent awkward line breaks.
  • emails/plain/email-customer-details.php – Fixed converting letters with accents to uppercase.
  • emails/plain/email-downloads.php – Make woocommerce_email_downloads_column_ hook format aware.
  • emails/plain/email-addresses.php – Fixed converting letters with accents to uppercase.
  • emails/plain/customer-reset-password.php – Removed user login from reset password link.
  • emails/plain/email-order-details.php – Fixed converting letters with accents to uppercase.
  • emails/customer-reset-password.php – Removed user login from reset password link.
  • emails/email-downloads.php – Make woocommerce_email_downloads_column_ hook format aware.
  • global/form-login.php – Used nbsp; to separate the * in required fields to prevent awkward line breaks.
  • global/quantity-input.php – Escape and strip tags to prevent broken HTML.
  • myaccount/form-add-payment-method.php – Named nonces.
  • myaccount/form-edit-account.php – Added autocomplete attributes. Used nbsp; to separate the * in required fields to prevent awkward line breaks.
  • myaccount/form-edit-address.php – Named nonces.
  • myaccount/form-login.php – Added class and autocomplete attributes to form. Used nbsp; to separate the * in required fields to prevent awkward line breaks.
  • myaccount/form-lost-password.php – Named nonces and added autocomplete attributes.
  • myaccount/form-reset-password.php – Named nonces and added autocomplete attributes. Used nbsp; to separate the * in required fields to prevent awkward line breaks.
  • order/form-tracking.php – Named nonces.
  • single-product/add-to-cart/grouped.php – Added woocommerce_add_to_cart_form_action filter and class to form.
  • single-product/add-to-cart/simple.php – Added woocommerce_add_to_cart_form_action filter.
  • single-product/add-to-cart/variable.php – Added woocommerce_add_to_cart_form_action filter and fixed variation URL bug when using special characters.
  • single-product/review-meta.php – Add escaping to publish date to prevent broken HTML.
  • templates/archive-product.php – Use woocommerce_product_loop instead of have_posts.

Deprecated functions and methods

  • WC_Geo_IP has been deprecated since the legacy GeoLite database has been deprecated. See the begining of this article for more info.
  • WC_Widget_Product_Tag_Cloud::_get_current_taxonomy has been deprecated for WC_Widget_Product_Tag_Cloud::get_current_taxonomy.
  • WC_Widget_Product_Tag_Cloud::_topic_count_text has been deprecated for WC_Widget_Product_Tag_Cloud::topic_count_text.

Release schedule and testing

We’re hoping to keep WooCommerce 3.4 in beta for the next 5 weeks. If you’re a developer please check extensions and themes are compatible to be safe.

Release Candidate 1 should be tagged on May 9th and will remain in RC for a further 2 weeks until May 23rd which is our target launch date.

If you’d like to help us test, you can download the release from Github. We posted a nice little write-up on beta testing here which should get you started. Please read that and jump right in!

If you’d like to help translate 3.4, you’ll find it on the development branch on translate.wordpress.org.

Thanks to all of our testers and contributors!

WooCommerce 3.3.5 fix release notes — April 10, 2018

WooCommerce 3.3.5 fix release notes

WooCommerce 3.3.5 is now available. ~32 commits made it into this release and the full changelog is below.

* Fix - Shop page notice should not appear when edting the "Hello World!" page.
* Fix - Inconsistent order item refund sign.
* Fix - Change `wc_get_price_excluding_tax` to not round the return value so calculations in admin are not pre-rounded.
* Fix - Use minimum price instead of maximum price when ordering variable products from low to high on term archives.
* Fix - `order` and `orderby` on shop page when using rewrite rules.
* Fix - Ajax loading spinner when using twentyseventeen theme.
* Fix - Out of Stock products change stock to On Backorder when imported to update existing products.
* Fix - Visibility dropdown not responding in quick edit when stock management is disabled.
* Fix - Featured paramenter in products endpoint on REST API.
* Fix - Linebreaks in order item meta.
* Fix - Product rating count when updated by admin.
* Tweak - Define array before attempting to append to it.
* Tweak - Change WC WP-CLI commands default per_page value to 100.
* Tweak - Ensure background process class returns `data` as an array.
* Tweak - Increase orders table checkbox column size on small devices.
* Tweak - Better support for infinite scroll in Jetpack.

 

Download the latest release of WooCommerce here or venture over to Dashboard → Updates to update your plugins from WordPress.

As usual, if you spot any other issues in WooCommerce core please log them in detail on Github, and to disclose a security issue to our team, please submit a report via HackerOne here. Comments on this post are closed.

How we’re tackling GDPR in WooCommerce core —

How we’re tackling GDPR in WooCommerce core

Stronger rules on data protection from May 2018 mean citizens have more control over their data.

GDPR is coming, and we’re working hard to get new tools in WooCommerce core to help store owners comply. If you’re not familiar with GDPR yet, Hannah wrote a great introduction to GDPR on the main WooCommerce blog which you can read to get caught up.

It’s important to note that this new law doesn’t just apply to stores in the EU – this applies globally to stores that sell products to EU residents.

We’re currently building new tools into our upcoming 3.4 release to help store owners deal with GDPR requests and surface things such as privacy policies on the checkout. Some of the tools are built already, or are in progress, notably:

  • Improvements to the checkout in https://github.com/woocommerce/woocommerce/pull/19637, which include:
    • Better formatting for inline descriptions should someone which to include just in time privacy text next to fields, and some simple tools to toggle non-critical fields off to avoid unnecessary data collection.
    • Custom terms and conditions text, and control over the checkbox + label itself.
    • In progress personal data export and bulk order anonymize in https://github.com/woocommerce/woocommerce/pull/19330.
  • We’ve cleared up wording around the tracker in the Wizard to ensure it’s compliant.
38418983-7101a9fc-3996-11e8-8977-147251ce9574.png
Improved terms and conditions display on checkout

Open GDPR issues can be tracked here. One thing not yet completed is personal data export, which is arguably the most important thing we need to assist store owners with. To solve this, we’re working to bring these tools to WordPress core. Read on for the details.

The road to WordPress core compliance

Rather than create something proprietary, or specific to WooCommerce, our team is focussing on WordPress core contributions so that all users and plugins can benefit from a single, unified system in WordPress itself. We feel this is the most effective use of everybody’s time.

To that end, we’ve started on several new screens and functions for WP core which (if approved) will facilitate user requests and create export files of personal data.

Here are a few of the tickets we’re actively contributing to:

Way for users (and guests) to request personal data and/or removal

Managing requests, for example requests for personal data, needs some kind of UI or system to track who did the request, the status of the request, and the date of the request. GDPR requires that requests are responded to within 30 days.

To help with this, we’re creating a requests system within WordPress to deal with this.

43481-april-9.png
What the requests UI may look like

The UI shown above has been submitted as a patch in #43481. The basic flow in the v1 is as follows:

  1. User makes request via contact form or some other method of contact.
  2. Admin adds the request via the WordPress dashboard.
  3. User verifies the request.
  4. Admin triggers a response to the request e.g. by sending the data they requested.
  5. Request is either kept for tracking purposes, or removed.

To ensure the user is really who they say they are (remember emails can be spoofed!) we created a mechanism whereby WordPress will send a confirmation email to the user with a link they can click to confirm any action. This is similar to the “change password” flow in WordPress, but more general. This has been submitted via #43443.

s31c4pdznjnmauozSpark%20-%20Inbox%202018-03-05%2017-32-34.png (746×507) 2018-03-05 18-14-40.png

Requests can be tracked and can have the following statuses:

  • Pending
  • Confirmed
  • Failed
  • Completed

Thats it! If merged, we’ll move on to the ‘next steps’ column which will include buttons and links to send export files and so on to the requester.

The personal data export system

The next part to this is the actual export file generation. This will export all personal data tied to a specific email address in a human readable format.

How this works technically is:

  • A WordPress endpoint is hit, and a filter is ran to gather a list of data exporters from various plugins and core itself.
  • Each data exporter is called and the exporter from each plugin returns personal data based on a given email address.
  • Exporters support pagination, and each call is done in a separate request to prevent timeouts.
  • All of the data is appended to an export file. This is then served to the admin.

The main trac ticket for this is #43438. This fires the actions and filters for plugins to use. This prototype works with our in progress implementation in WooCommerce here.

Another related ticket is #43440 which puts WordPress comment data into the export.

Finally, #43551 improves how the export is served to the admin; as a HTML file within a zip file which is portable and human readable!

43551.2.png
A sample export file

What else is being worked on in WordPress core?

Some other tools being made inside WordPress include:

If you’re keen on contributing, all GDPR issues in WordPress itself are tagged in trac here.

There are also lots of discussions taking place in WordPress Slack in the #gdpr-compliance room. Join us!

April 17th: Dev chat #21 — April 3, 2018

April 17th: Dev chat #21

The next chat will be on April 17th at 16:00 UTC in the #core channel of the WooCommerce Community Slack. If you don’t already have access to the group, you can request an invite at the bottom of the WooCommerce developers page.

Here is the agenda for the chat:

If you have anything to propose for the agenda or related to the above, please leave a comment below.

See you there!

WooCommerce 3.3.4 fix release notes — March 20, 2018

WooCommerce 3.3.4 fix release notes

WooCommerce 3.3.4 is now available. ~30 commits made it into this release and the full changelog is below.

* Fix - Fixed undefined index after running setup wizard two times on fresh install.
* Fix - wc_get_loop_class; force columns to be a minimum of 1.
* Fix - Added loading spinner to WC panels in menu admin. 
* Fix - Use relative scheme for AJAX endpoint to avoid errors when using a mix of HTTP and HTTPS.
* Fix - Fix SelectWoo templateSelection property.
* Fix - Layered nav support on unsupported theme archives.
* Fix - Prevent full refresh when editing store notice in the customizer.
* Fix - Only append tax label in email content if taxes are enabled.
* Fix - More reliable Jetpack detection.
* Fix - Check if product has weight before calculate weight total in cart.
* Fix - Correctly handle default ordering on the search page.
* Fix - Fix default product category handling in installer.
* Fix - Properly check slugs when updating attributes.
* Fix - Use gallery thumbnail size for variation image switcher.
* Fix - Clear subcategory cache when updating product categories.
* Fix - Round fractional cents when out of base.
* Fix - Inherit 'is variation' from existing attribute during csv import.
* Fix - Set is_shortcode loop prop when outputting subcategories.
* Fix - Reload gateways after updating the order.
* Tweak - Use wc_get_default_products_per_row as the default for product shortcodes.
* Tweak - Add post_excerpt to product search.
* Tweak - Update the description of the user tracking notice in the onboarding wizard.
* Tweak - Add extra data in order mobile view (status and date).
* Tweak - Add profile link to order screen.

 

Download the latest release of WooCommerce here or venture over to Dashboard → Updates to update your plugins from WordPress.

As usual, if you spot any other issues in WooCommerce core please log them in detail on Github, and to disclose a security issue to our team, please submit a report via HackerOne here. Comments on this post are closed.