WooCommerce Code Reference

DependencyDetection.php

Source code

<?php
declare( strict_types = 1 );

namespace Automattic\WooCommerce\Blocks;

use Automattic\WooCommerce\Internal\Utilities\BlocksUtil;

/**
 * DependencyDetection class.
 *
 * Provides runtime detection of extensions that use Blocks related WooCommerce globals
 * (window.wc.*) without properly declaring their PHP script dependencies.
 *
 * This runs by default to warn developers about missing dependencies.
 *
 * @since 10.5.0
 * @internal
 */
final class DependencyDetection {

	/**
	 * WooCommerce blocks that use the tracked globals.
	 *
	 * Detection script only runs on pages containing these blocks.
	 *
	 * @var array<string>
	 */
	private const TRACKED_BLOCKS = array(
		'woocommerce/checkout',
		'woocommerce/cart',
		'woocommerce/mini-cart',
	);

	/**
	 * Maps window.wc.* property names to their required script handles.
	 *
	 * This is the source of truth for both PHP and JS dependency detection.
	 * Based on wcDepMap and wcHandleMap in client/blocks/bin/webpack-helpers.js.
	 *
	 * @var array<string, string>
	 */
	private const WC_GLOBAL_EXPORTS = array(
		'wcBlocksRegistry'      => 'wc-blocks-registry',
		'wcSettings'            => 'wc-settings',
		'wcBlocksData'          => 'wc-blocks-data-store',
		'data'                  => 'wc-store-data',
		'wcBlocksSharedContext' => 'wc-blocks-shared-context',
		'wcBlocksSharedHocs'    => 'wc-blocks-shared-hocs',
		'priceFormat'           => 'wc-price-format',
		'blocksCheckout'        => 'wc-blocks-checkout',
		'blocksCheckoutEvents'  => 'wc-blocks-checkout-events',
		'blocksComponents'      => 'wc-blocks-components',
		'wcTypes'               => 'wc-types',
		'sanitize'              => 'wc-sanitize',
	);

	/**
	 * Whether the proxy script was output.
	 *
	 * Used to ensure we only output the registry if the proxy was set up.
	 *
	 * @var bool
	 */
	private bool $proxy_output = false;

	/**
	 * Constructor.
	 */
	public function __construct() {
		$this->init();
	}

	/**
	 * Initialize hooks.
	 *
	 * @since 10.5.0
	 */
	public function init(): void {
		// Only run when debugging is enabled.
		if ( ! defined( 'WP_DEBUG' ) || ! WP_DEBUG ) {
			return;
		}

		// Output an early inline script to set up the Proxy before any other scripts run.
		add_action( 'wp_head', array( $this, 'output_early_proxy_setup' ), 1 );
		add_action( 'admin_head', array( $this, 'output_early_proxy_setup' ), 1 );

		// Output registry late when all scripts (including IntegrationInterface) are registered.
		add_action( 'wp_print_footer_scripts', array( $this, 'output_script_registry' ), 1 );
		add_action( 'admin_print_footer_scripts', array( $this, 'output_script_registry' ), 1 );
	}

	/**
	 * Output early inline script to set up the Proxy on window.wc.
	 *
	 * This must run before any WooCommerce scripts to intercept access.
	 * The script is loaded from a separate file for better IDE support and testing,
	 * but output inline to ensure correct timing (before any enqueued scripts).
	 *
	 * @since 10.5.0
	 */
	public function output_early_proxy_setup(): void {
		// Only run on pages that have the tracked blocks.
		if ( ! $this->page_has_tracked_blocks() ) {
			return;
		}

		// Load from the production assets directory (built by webpack and copied during release build).
		$script_path = __DIR__ . '/../../assets/client/blocks/dependency-detection.js';

		if ( ! file_exists( $script_path ) ) {
			return;
		}

		// phpcs:ignore WordPress.WP.AlternativeFunctions.file_get_contents_file_get_contents -- Local file read for inline script output.
		$script_content = file_get_contents( $script_path );

		if ( ! $script_content ) {
			return;
		}

		// Inject the global-to-handle mapping from PHP (source of truth).
		$mapping_json = \wp_json_encode( self::WC_GLOBAL_EXPORTS );
		if ( false === $mapping_json ) {
			return;
		}
		$script_content = str_replace(
			'__WC_GLOBAL_EXPORTS_PLACEHOLDER__',
			$mapping_json,
			$script_content
		);

		// Inject the WooCommerce plugin URL for script origin detection.
		// This accounts for custom plugin directories (WP_PLUGIN_DIR, WP_CONTENT_DIR).
		$wc_plugin_url  = \plugins_url( '/', WC_PLUGIN_FILE );
		$script_content = str_replace(
			'__WC_PLUGIN_URL_PLACEHOLDER__',
			'"' . esc_js( $wc_plugin_url ) . '"',
			$script_content
		);

		// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- Script content is from a trusted local file, JSON is safely encoded.
		echo '<script id="wc-dependency-detection">' . $script_content . '</script>' . "\n";

		$this->proxy_output = true;
	}

	/**
	 * Output the script registry JSON for dependency checking.
	 *
	 * This runs late (wp_print_footer_scripts) to ensure all scripts,
	 * including those registered via IntegrationInterface, are captured.
	 *
	 * @since 10.5.0
	 */
	public function output_script_registry(): void {
		// Only output registry if the proxy was set up earlier.
		// This avoids the duplicate page_has_tracked_blocks() check and ensures
		// we don't output a registry without a proxy to consume it.
		if ( ! $this->proxy_output ) {
			return;
		}

		// Build the script registry mapping URLs to handles and dependencies.
		$script_registry = $this->build_script_registry();
		$registry_json   = \wp_json_encode( $script_registry );

		if ( false === $registry_json ) {
			return;
		}

		// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- JSON is safely encoded by wp_json_encode.
		echo '<script id="wc-dependency-detection-registry">if(typeof window.wc.wcUpdateDependencyRegistry==="function"){window.wc.wcUpdateDependencyRegistry(' . $registry_json . ');}</script>' . "\n";
	}

	/**
	 * Build a registry of all enqueued scripts with their URLs and dependencies.
	 *
	 * @return array<string, array{handle: string, deps: array<string>}>
	 */
	private function build_script_registry(): array {
		$wp_scripts = wp_scripts();
		$registry   = array();

		foreach ( $wp_scripts->registered as $handle => $script ) {
			// Skip scripts without a source URL.
			if ( empty( $script->src ) ) {
				continue;
			}

			// Get the full URL.
			$src = $script->src;
			if ( ! is_string( $src ) ) {
				// Skip malformed src.
				continue;
			}
			if ( ! preg_match( '|^(https?:)?//|', $src ) ) {
				// Relative URL - make it absolute.
				$src = $wp_scripts->base_url . $src;
			}

			// Skip WooCommerce's own scripts - we don't need to check those.
			if ( $this->is_woocommerce_script( $src ) ) {
				continue;
			}

			// Skip WordPress core scripts - they won't use wc.* globals.
			if ( $this->is_wordpress_core_script( $src ) ) {
				continue;
			}

			// Normalize the URL for consistent matching.
			$src = $this->normalize_url( $src );

			$registry[ $src ] = array(
				'handle' => $handle,
				'deps'   => $this->get_all_dependencies( $script->deps ),
			);
		}

		return $registry;
	}

	/**
	 * Check if a script URL belongs to WooCommerce core.
	 *
	 * Checks if the script is loaded from the WooCommerce core plugin directory,
	 * not from third-party extensions that may use similar handle naming.
	 *
	 * @param string $url Script URL.
	 * @return bool
	 */
	private function is_woocommerce_script( string $url ): bool {
		// Get the WooCommerce plugin URL (accounts for custom plugin directories).
		$wc_plugin_url = \plugins_url( '/', WC_PLUGIN_FILE );

		// Check if the URL starts with the WooCommerce plugin URL and is in a known subdirectory.
		if ( strpos( $url, $wc_plugin_url ) !== 0 ) {
			return false;
		}

		// Get the path after the WooCommerce plugin URL.
		$relative_path = substr( $url, strlen( $wc_plugin_url ) );

		// Check if it's in one of the known WooCommerce asset directories.
		return (bool) preg_match( '#^(client|assets|build|vendor)/#', $relative_path );
	}

	/**
	 * Check if a script URL belongs to WordPress core.
	 *
	 * WordPress core scripts (wp-includes, wp-admin) won't use wc.* globals,
	 * so we can skip them to reduce registry size.
	 *
	 * @param string $url Script URL.
	 * @return bool
	 */
	private function is_wordpress_core_script( string $url ): bool {
		return (bool) preg_match( '#/(wp-includes|wp-admin)/#', $url );
	}

	/**
	 * Recursively get all dependencies including nested ones.
	 *
	 * @param array<string> $deps Direct dependencies.
	 * @return array<string> All dependencies (flattened).
	 */
	private function get_all_dependencies( array $deps ): array {
		$wp_scripts      = wp_scripts();
		$all_deps        = array();
		$deps_to_process = $deps;

		while ( ! empty( $deps_to_process ) ) {
			$handle = array_shift( $deps_to_process );

			if ( in_array( $handle, $all_deps, true ) ) {
				continue;
			}

			$all_deps[] = $handle;

			// Add nested dependencies to process.
			if ( isset( $wp_scripts->registered[ $handle ] ) ) {
				foreach ( $wp_scripts->registered[ $handle ]->deps as $nested_dep ) {
					if ( ! in_array( $nested_dep, $all_deps, true ) ) {
						$deps_to_process[] = $nested_dep;
					}
				}
			}
		}

		// Filter to only include WooCommerce handles we care about.
		$wc_handles = array_values( self::WC_GLOBAL_EXPORTS );
		return array_values(
			array_filter(
				$all_deps,
				function ( $dep ) use ( $wc_handles ) {
					return in_array( $dep, $wc_handles, true );
				}
			)
		);
	}

	/**
	 * Check if the current page contains any of the tracked blocks.
	 * Checks post content, widget areas, and template parts (header) for blocks.
	 *
	 * @return bool True if page has tracked blocks.
	 */
	private function page_has_tracked_blocks(): bool {
		// Check post content for blocks.
		foreach ( self::TRACKED_BLOCKS as $block_name ) {
			if ( \has_block( $block_name ) ) {
				return true;
			}
		}

		// Check widget areas for mini-cart (classic themes).
		$mini_cart_in_widgets = BlocksUtil::get_blocks_from_widget_area( 'woocommerce/mini-cart' );
		if ( ! empty( $mini_cart_in_widgets ) ) {
			return true;
		}

		// Check header template part for mini-cart (block themes).
		try {
			$mini_cart_in_header = BlocksUtil::get_block_from_template_part( 'woocommerce/mini-cart', 'header' );
			if ( ! empty( $mini_cart_in_header ) ) {
				return true;
			}
		} catch ( \Throwable $e ) { // phpcs:ignore Generic.CodeAnalysis.EmptyStatement.DetectedCatch
			// Template part may not exist in all themes, silently continue.
		}

		return false;
	}

	/**
	 * Normalize a URL by removing query strings and hash fragments.
	 *
	 * This helps match URLs in stack traces which don't include query strings.
	 *
	 * @param string $url URL to normalize.
	 * @return string Normalized URL without query string or hash.
	 */
	private function normalize_url( string $url ): string {
		$scheme = wp_parse_url( $url, PHP_URL_SCHEME );
		$host   = wp_parse_url( $url, PHP_URL_HOST );
		$path   = wp_parse_url( $url, PHP_URL_PATH );

		if ( $scheme && $host && $path ) {
			$port = wp_parse_url( $url, PHP_URL_PORT );
			return $scheme . '://' . $host . ( $port ? ':' . $port : '' ) . $path;
		}

		return $url;
	}
}