Guard remove_cart_item() against null cart and missing ppom_cart_key (WC 10.5)#562
Closed
Copilot wants to merge 38 commits intodevelopmentfrom
Closed
Guard remove_cart_item() against null cart and missing ppom_cart_key (WC 10.5)#562Copilot wants to merge 38 commits intodevelopmentfrom
Copilot wants to merge 38 commits intodevelopmentfrom
Conversation
added 30 commits
March 25, 2026 14:16
4 tasks
…(WC 10.5) Agent-Logs-Url: https://github.com/Codeinwp/woocommerce-product-addon/sessions/a74f7eb9-5da9-4cf2-a06a-16b7b99b59c9 Co-authored-by: Soare-Robert-Daniel <17597852+Soare-Robert-Daniel@users.noreply.github.com>
…-cart assertion for missing-key test Agent-Logs-Url: https://github.com/Codeinwp/woocommerce-product-addon/sessions/a74f7eb9-5da9-4cf2-a06a-16b7b99b59c9 Co-authored-by: Soare-Robert-Daniel <17597852+Soare-Robert-Daniel@users.noreply.github.com>
Copilot
AI
changed the title
[WIP] Fix remove_cart_item function for null cart and missing ppom_cart_key
Guard remove_cart_item() against null cart and missing ppom_cart_key (WC 10.5)
Apr 6, 2026
Contributor
|
@codex[agent] can you merge the latest changes from |
4 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
On WooCommerce 10.5+,
WC()->cartcan benullduring REST/blocks-initiated add-to-cart requests, causing a fatal error.ppom_cart_keywas also passed toremove_cart_item()unsanitized and without an existence check.Changes
inc/woocommerce.php— guardremove_cart_item()with a null-cart and empty-key check; sanitize the key:woocommerce-product-addon.phpWC tested up toheader:8.0→10.5cart_checkout_blocksincompatibility so WooCommerce falls back to the classic shortcode cart when PPOM is active:tests/unit/test-cart-and-options.php— two new PHPUnit tests:testAddCartItemDataDoesNotFatalWhenCartIsNull: setsWC()->cart = nullwith appom_cart_keyposted; asserts no fatal and cart data is still populatedtestAddCartItemDataSkipsRemoveWhenCartKeyAbsent: uses a spy-cart object to assertremove_cart_item()is never invoked whenppom_cart_keyis absentWarning
Firewall rules blocked me from connecting to one or more addresses (expand for details)
I tried to connect to the following addresses, but was blocked by firewall rules:
https://api.github.com/repos/123inkt/php-codesniffer-baseline/zipball/00d7cd414cc0fc12e88ee3321d92fe3d2313a9e7/usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/jMjf6c /usr/bin/composer install --no-interaction(http block)https://api.github.com/repos/Automattic/VIP-Coding-Standards/zipball/2b1d206d81b74ed999023cffd924f862ff2753c8/usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/jMjf6c /usr/bin/composer install --no-interaction(http block)https://api.github.com/repos/Codeinwp/themeisle-sdk/zipball/bb2a8414b0418b18c68c9ff1df3d7fb10467928d/usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/jMjf6c /usr/bin/composer install --no-interaction(http block)https://api.github.com/repos/PHPCSStandards/PHPCSExtra/zipball/b598aa890815b8df16363271b659d73280129101/usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/jMjf6c /usr/bin/composer install --no-interaction(http block)https://api.github.com/repos/PHPCSStandards/PHPCSUtils/zipball/c216317e96c8b3f5932808f9b0f1f7a14e3bbf55/usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/jMjf6c /usr/bin/composer install --no-interaction(http block)https://api.github.com/repos/PHPCSStandards/PHP_CodeSniffer/zipball/0ca86845ce43291e8f5692c7356fccf3bcf02bf4/usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/jMjf6c /usr/bin/composer install --no-interaction(http block)https://api.github.com/repos/PHPCSStandards/composer-installer/zipball/845eb62303d2ca9b289ef216356568ccc075ffd1/usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/jMjf6c /usr/bin/composer install --no-interaction(http block)https://api.github.com/repos/PHPCompatibility/PHPCompatibility/zipball/e0f0e5a3dc819a4a0f8d679a0f2453d941976e18/usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/jMjf6c /usr/bin/composer install --no-interaction(http block)https://api.github.com/repos/PHPCompatibility/PHPCompatibilityParagonie/zipball/7a979711c87d8202b52f56c56bd719d09d8ed7f5/usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/jMjf6c /usr/bin/composer install --no-interaction(http block)https://api.github.com/repos/PHPCompatibility/PHPCompatibilityWP/zipball/bd53f24e7528422ac51d64dc8d53e8d4c4a877b3/usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/jMjf6c /usr/bin/composer install --no-interaction(http block)https://api.github.com/repos/WordPress/WordPress-Coding-Standards/zipball/7795ec6fa05663d716a549d0b44e47ffc8b0d4a6/usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/jMjf6c /usr/bin/composer install --no-interaction(http block)https://api.github.com/repos/Yoast/PHPUnit-Polyfills/zipball/4a088f125c970d6d6ea52c927f96fe39b330d0f1/usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/jMjf6c /usr/bin/composer install --no-interaction(http block)https://api.github.com/repos/damian-elenbaas/elementor-stubs/zipball/fef2a9b04a59ccac73d11cce3756bbd82e8bcfe7/usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/jMjf6c /usr/bin/composer install --no-interaction(http block)https://api.github.com/repos/doctrine/instantiator/zipball/0a0fa9780f5d4e507415a065172d26a98d02047b/usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/jMjf6c /usr/bin/composer install --no-interaction(http block)https://api.github.com/repos/myclabs/DeepCopy/zipball/3a6b9a42cd8f8771bd4295d13e1423fa7f3d942c/usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/jMjf6c /usr/bin/composer install --no-interaction(http block)https://api.github.com/repos/phar-io/manifest/zipball/54750ef60c58e43759730615a392c31c80e23176/usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/jMjf6c /usr/bin/composer install --no-interaction(http block)https://api.github.com/repos/phar-io/version/zipball/4f7fd7836c6f332bb2933569e566a0d6c4cbed74/usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/jMjf6c /usr/bin/composer install --no-interaction(http block)https://api.github.com/repos/php-stubs/woocommerce-stubs/zipball/ef96143054f60a2f0b2cfe8351f5d78448729e98/usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/jMjf6c /usr/bin/composer install --no-interaction(http block)https://api.github.com/repos/php-stubs/wordpress-stubs/zipball/f12220f303e0d7c0844c0e5e957b0c3cee48d2f7/usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/jMjf6c /usr/bin/composer install --no-interaction(http block)https://api.github.com/repos/phpstan/phpstan/zipball/d01bebe3edfd4d49b9666ee5b8271ddca561042f/usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/jMjf6c /usr/bin/composer install --no-interaction(http block)https://api.github.com/repos/sebastianbergmann/code-unit-reverse-lookup/zipball/92a1a52e86d34cde6caa54f1b5ffa9fda18e5d54/usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/jMjf6c /usr/bin/composer install --no-interaction(http block)https://api.github.com/repos/sebastianbergmann/comparator/zipball/1dc7ceb4a24aede938c7af2a9ed1de09609ca770/usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/jMjf6c /usr/bin/composer install --no-interaction(http block)https://api.github.com/repos/sebastianbergmann/diff/zipball/98ff311ca519c3aa73ccd3de053bdb377171d7b6/usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/jMjf6c /usr/bin/composer install --no-interaction(http block)https://api.github.com/repos/sebastianbergmann/environment/zipball/56932f6049a0482853056ffd617c91ffcc754205/usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/jMjf6c /usr/bin/composer install --no-interaction(http block)https://api.github.com/repos/sebastianbergmann/exporter/zipball/1939bc8fd1d39adcfa88c5b35335910869214c56/usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/jMjf6c /usr/bin/composer install --no-interaction(http block)https://api.github.com/repos/sebastianbergmann/global-state/zipball/91c7c47047a971f02de57ed6f040087ef110c5d9/usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/jMjf6c /usr/bin/composer install --no-interaction(http block)https://api.github.com/repos/sebastianbergmann/object-enumerator/zipball/ac5b293dba925751b808e02923399fb44ff0d541/usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/jMjf6c /usr/bin/composer install --no-interaction(http block)https://api.github.com/repos/sebastianbergmann/object-reflector/zipball/1d439c229e61f244ff1f211e5c99737f90c67def/usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/jMjf6c /usr/bin/composer install --no-interaction(http block)https://api.github.com/repos/sebastianbergmann/php-code-coverage/zipball/40a4ed114a4aea5afd6df8d0f0c9cd3033097f66/usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/jMjf6c /usr/bin/composer install --no-interaction(http block)https://api.github.com/repos/sebastianbergmann/php-file-iterator/zipball/69deeb8664f611f156a924154985fbd4911eb36b/usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/jMjf6c /usr/bin/composer install --no-interaction(http block)https://api.github.com/repos/sebastianbergmann/php-text-template/zipball/31f8b717e51d9a2afca6c9f046f5d69fc27c8686/usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/jMjf6c /usr/bin/composer install --no-interaction(http block)https://api.github.com/repos/sebastianbergmann/php-timer/zipball/a691211e94ff39a34811abd521c31bd5b305b0bb/usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/jMjf6c /usr/bin/composer install --no-interaction(http block)https://api.github.com/repos/sebastianbergmann/php-token-stream/zipball/9c1da83261628cb24b6a6df371b6e312b3954768/usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/jMjf6c /usr/bin/composer install --no-interaction(http block)https://api.github.com/repos/sebastianbergmann/phpunit/zipball/172ba97bcf97ae6ef86ca256adf77aece8a143fe/usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/jMjf6c /usr/bin/composer install --no-interaction(http block)https://api.github.com/repos/sebastianbergmann/recursion-context/zipball/9bfd3c6f1f08c026f542032dfb42813544f7d64c/usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/jMjf6c /usr/bin/composer install --no-interaction(http block)https://api.github.com/repos/sebastianbergmann/resource-operations/zipball/72a7f7674d053d548003b16ff5a106e7e0e06eee/usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/jMjf6c /usr/bin/composer install --no-interaction(http block)https://api.github.com/repos/sebastianbergmann/type/zipball/18f071c3a29892b037d35e6b20ddf3ea39b42874/usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/jMjf6c /usr/bin/composer install --no-interaction(http block)https://api.github.com/repos/sebastianbergmann/version/zipball/99732be0ddb3361e16ad77b68ba41efc8e979019/usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/jMjf6c /usr/bin/composer install --no-interaction(http block)https://api.github.com/repos/sirbrillig/phpcs-variable-analysis/zipball/a15e970b8a0bf64cfa5e86d941f5e6b08855f369/usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/jMjf6c /usr/bin/composer install --no-interaction(http block)https://api.github.com/repos/szepeviktor/phpstan-wordpress/zipball/aa722f037b2d034828cd6c55ebe9e5c74961927e/usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/jMjf6c /usr/bin/composer install --no-interaction(http block)https://api.github.com/repos/theseer/tokenizer/zipball/737eda637ed5e28c3413cb1ebe8bb52cbf1ca7a2/usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/jMjf6c /usr/bin/composer install --no-interaction(http block)If you need me to access, download, or install something from one of these locations, you can either: