From 3300193c93a2f0ecdc6bd5abae6377ed2327e3ed Mon Sep 17 00:00:00 2001 From: David Stone Date: Tue, 9 Jun 2026 06:57:50 -0600 Subject: [PATCH] wip: address checkout review feedback --- inc/ui/class-checkout-element.php | 29 +++++++++++++++++++- tests/WP_Ultimo/UI/Checkout_Element_Test.php | 2 ++ 2 files changed, 30 insertions(+), 1 deletion(-) diff --git a/inc/ui/class-checkout-element.php b/inc/ui/class-checkout-element.php index af5f8a47..78e09888 100644 --- a/inc/ui/class-checkout-element.php +++ b/inc/ui/class-checkout-element.php @@ -534,9 +534,14 @@ protected function send_checkout_nocache_headers($atts) { $headers = apply_filters('wu_checkout_nocache_headers', $headers, $atts, $this); foreach ($headers as $name => $value) { + $name = trim(str_replace(["\r", "\n"], '', (string) $name)); $value = str_replace(["\r", "\n"], '', (string) $value); - header(sprintf('%s: %s', sanitize_key($name), $value), true); + if ('' === $name || ! preg_match('/^[A-Za-z0-9-]+$/', $name)) { + continue; + } + + header(sprintf('%s: %s', $name, $value), true); } } @@ -848,6 +853,26 @@ function loadCheckout() { request.send(parts.join('&')); } + function cleanupFallbackLoad() { + document.removeEventListener('DOMContentLoaded', fallbackLoad); + window.removeEventListener('scroll', fallbackLoad); + window.removeEventListener('resize', fallbackLoad); + } + + function fallbackLoad() { + cleanupFallbackLoad(); + loadCheckout(); + } + + function scheduleFallbackLoad() { + if ('loading' === document.readyState) { + document.addEventListener('DOMContentLoaded', fallbackLoad); + } else { + window.addEventListener('scroll', fallbackLoad); + window.addEventListener('resize', fallbackLoad); + } + } + if (button) { button.addEventListener('click', function(event) { event.preventDefault(); @@ -870,6 +895,8 @@ function loadCheckout() { loadCheckout(); } }).observe(root); + } else if ('viewport' === trigger) { + scheduleFallbackLoad(); } })(); diff --git a/tests/WP_Ultimo/UI/Checkout_Element_Test.php b/tests/WP_Ultimo/UI/Checkout_Element_Test.php index 4bcad296..324250ee 100644 --- a/tests/WP_Ultimo/UI/Checkout_Element_Test.php +++ b/tests/WP_Ultimo/UI/Checkout_Element_Test.php @@ -85,6 +85,8 @@ public function test_deferred_output_renders_placeholder_without_nocache_action( * Test live checkout output path contains explicit no-cache safeguards. */ public function test_source_contains_live_checkout_cache_safeguards(): void { + // Source-token assertions intentionally guard cache-safety hooks/headers that + // are otherwise hard to observe reliably in PHPUnit. // phpcs:ignore WordPress.WP.AlternativeFunctions.file_get_contents_file_get_contents $source = file_get_contents(dirname(__DIR__, 3) . '/inc/ui/class-checkout-element.php');