Fix: Add Product and Author Object Type Validation in Product Tab Template

[mralaminahamed]

All Submissions:

• My code follow the WordPress' coding standards
• My code satisfies feature requirements
• My code is tested
• My code passes the PHPCS tests
• My code has proper inline documentation
• I've included related pull request(s) (optional)
• I've included developer documentation (optional)
• I've added proper labels to this pull request

Changes proposed in this Pull Request:

The PR adds proper type validation for product and author objects in the product tab template. Specifically:

1. Validates that $product is an instance of WC_Product
2. Validates that $author is an instance of WP_User
3. Adds early returns if validations fail
4. Removes unused $val parameter from dokan_product_seller_tab() function

Related Pull Request(s)

• N/A

Closes

• Closes https://wordpress.org/support/topic/product-retrieval-fails-resulting-in-a-bool-instead-of-a-product-object/

How to test the changes in this Pull Request:

1. Create a product with a vendor
2. View the product page and check the seller tab
3. Verify the seller information displays correctly
4. Try accessing the function with invalid product/author data to ensure proper validation

Changelog entry

fix: Add Product and Author Object Type Validation

Added proper type checking for product and author objects in the product tab template
to prevent potential errors when invalid data is passed. The changes include validation
for WC_Product and WP_User objects with appropriate early returns.

Before Changes

The code didn't validate object types before accessing them, which could potentially
cause errors if invalid data was passed.

After Changes

The code now includes proper type validation:

if ( ! $product instanceof WC_Product ) {
    return;
}

if ( ! $author instanceof WP_User ) {
    return;
}

Feature Video (optional)

N/A

PR Self Review Checklist:

• Code follows WordPress coding standards
• Clear naming conventions used
• Simple and straightforward implementation
• No code duplication
• Code is readable and self-explanatory
• No performance issues
• No complicated constructions
• No grammar errors

Summary by CodeRabbit

Summary by CodeRabbit

• New Features

  • Enhanced vendor information display in WooCommerce product tabs.
  • Added a seller tab on the product single page to show vendor details.
  • Introduced functionality to inject vendor information into cart item data.

• Bug Fixes

  • Added checks to ensure valid product and vendor instances before displaying information.

• Documentation

  • Clarified variable types for better developer understanding in vendor-related code.

[coderabbitai]

Walkthrough

The pull request introduces modifications to the includes/wc-template.php and templates/global/product-tab.php files, focusing on enhancing the handling of vendor-related information in WooCommerce. Key updates include the addition of new functions for displaying vendor information and improvements to existing functions for better type checking and early returns for invalid states. Additionally, new variable declarations for vendor information in the product tab template enhance code clarity. The changes aim to ensure robust vendor information display and maintain integration with WooCommerce functionalities.

Changes

File Path	Change Summary
includes/wc-template.php	- Added dokan_product_seller_info and dokan_seller_product_tab functions for vendor information handling. - Updated dokan_product_seller_tab function to remove parameter and added checks for $product and vendor instance.
templates/global/product-tab.php	- Added variable declarations for $author (type WP_User) and $store_info (type array) for vendor information display.

Possibly related PRs

• fix: Improve vendor coupon validation for various discount item types and empty cart scenarios #2351: Enhances handling of vendor-related functionalities, particularly in managing vendor coupons.
• Add $data parameter to dokan_update_vendor hook #2386: Adds a $data parameter to the dokan_update_vendor hook, relating to vendor data management improvements.
• Add: add product tests (product addon, rma) #2396: Introduces tests for product addons and RMA options, complementing vendor-related functionalities.
• Enhancement: product commission bulk edit #2464: Enhancements to bulk edit product commissions relate to overall vendor management improvements.

Suggested labels

QA approved, :+1: Dev Review Done, Upcoming Release

Suggested reviewers

• shohag121

🐇 In the fields where vendors roam,
A tab of info, now feels like home.
With checks in place, and types so clear,
Our WooCommerce shines, let’s give a cheer!
For every product, a seller’s tale,
In the world of commerce, we shall prevail! 🌟

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 1bafca9 and 88cf7fa.

📒 Files selected for processing (1)

• includes/wc-template.php (2 hunks)

🔇 Additional comments (2)

includes/wc-template.php (2)

3-3: LGTM: Appropriate namespace import

The Vendor class import is correctly placed and necessary for the type checking implementation.

---

59-66: LGTM: Robust type validation implementation

The type validation for both $product and $vendor objects with early returns effectively prevents potential runtime errors.

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

🧹 Outside diff range and nitpick comments (2)

templates/global/product-tab.php (1)

8-10: LGTM! Consider enhancing array documentation.

The added type hints improve code clarity and IDE support. They align well with the new type validation being implemented.

Consider documenting the expected structure of the $store_info array:

- * @var array   $store_info Vendor store data
+ * @var array{store_name?: string, address?: string} $store_info Vendor store data

includes/wc-template.php (1)

53-66: LGTM! Well-structured type validation implementation.

The changes effectively implement type validation for both product and author objects with proper early returns. This prevents potential errors when invalid data is encountered, aligning perfectly with the PR objectives.

Consider adding PHPDoc param and return type hints to improve code documentation:

/**
 * Prints seller info in product single page
 *
 * @global WC_Product $product
+ * @return void
 */

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between f6b2f86 and 1bafca9.

📒 Files selected for processing (2)

• includes/wc-template.php (1 hunks)
• templates/global/product-tab.php (1 hunks)

🔇 Additional comments (1)

templates/global/product-tab.php (1)

Line range hint 1-57: Implementation is secure and robust.

The template demonstrates good practices:

• Proper escaping of output using esc_html, esc_url, and wp_kses_post
• Null checks before accessing array keys
• Extensibility through action hooks
• Consistent usage of typed variables

Let's verify the action hooks usage across the codebase:

✅ Verification successful

Action hooks are safely implemented with proper type checking

The implementation is secure and correct:

• The dokan_product_seller_tab function properly validates both variables before passing them to the template:
  • Checks $product is instance of WC_Product
  • Verifies $author is instance of WP_User
  • Gets $store_info using validated $author->ID
• No custom implementations of these hooks were found in the codebase, suggesting they are extension points for third-party code
• The template's type hints accurately reflect the validated types from the parent function

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check for any custom implementations of the vendor tab actions
# to ensure they expect the correct parameter types

rg -A 2 "add_action.*dokan_product_seller_tab_(start|end)" --type php

Length of output: 71

---

Script:

#!/bin/bash
# Let's try a broader search to find any usage of these action hooks
rg "dokan_product_seller_tab_(start|end)" --type php -B 2 -A 2

# Also search for any files that might register these hooks
rg "do_action.*dokan_product_seller_tab" --type php -B 2 -A 2

Length of output: 1282

---

Script:

#!/bin/bash
# Let's search for any files that might contain implementations of these hooks
# by looking for functions that might be hooked to these actions
rg "function.*dokan_product_seller_tab" --type php -B 2 -A 5

# Also search for any add_action calls that might register handlers for these hooks
# using different function names
rg "add_action.*dokan_product_seller_tab" --type php -B 2 -A 2

Length of output: 490

---

Script:

#!/bin/bash
# Let's look at the complete implementation of the dokan_product_seller_tab function
# to understand how the variables are prepared before being passed to the hooks
rg -A 20 "function dokan_product_seller_tab" --type php

Length of output: 1073