Commit b74367df318 for woocommerce
commit b74367df3188d542343953c614738d28984b20f4
Author: SH Sajal Chowdhury <72102985+shsajalchowdhury@users.noreply.github.com>
Date: Fri May 1 23:23:38 2026 +0600
Fix: Validate product_query before accessing query_vars (#64360)
* Fix: Validate product_query before accessing query_vars
Add null checks in WC_Query::get_main_meta_query() and
WC_Query::get_main_search_query_sql() before accessing
self::$product_query->query_vars. These are public static methods
that can be called when $product_query is not set, causing errors.
get_main_meta_query returns empty array when not set.
get_main_search_query_sql returns empty string when not set.
Fixes #37183
* Add changelog entry
* fix: correct null guard for product_query in WC_Query helpers
* fix: declare WC_Query product_query property as nullable
* fix: scope phpstan suppression to isset guards instead of property type
* chore: annotate phpstan-ignore directives with reference to PR comment
* chore: refresh PHPStan baseline after merging trunk
* style: use line comment for phpstan-ignore directives
* style: end phpstan-ignore directives with punctuation per phpcs rule
---------
Co-authored-by: Brandon Kraft <public@brandonkraft.com>
diff --git a/plugins/woocommerce/changelog/pr-64360 b/plugins/woocommerce/changelog/pr-64360
new file mode 100644
index 00000000000..a7721fba64f
--- /dev/null
+++ b/plugins/woocommerce/changelog/pr-64360
@@ -0,0 +1,4 @@
+Significance: patch
+Type: fix
+
+Validate product_query before using in WC_Product_Data_Store_CPT.
diff --git a/plugins/woocommerce/includes/class-wc-query.php b/plugins/woocommerce/includes/class-wc-query.php
index b522f5fbec4..edb899ca8b5 100644
--- a/plugins/woocommerce/includes/class-wc-query.php
+++ b/plugins/woocommerce/includes/class-wc-query.php
@@ -981,6 +981,11 @@ class WC_Query {
* @return array
*/
public static function get_main_meta_query() {
+ // PHPStan infers $product_query as non-nullable from other call sites. See https://github.com/woocommerce/woocommerce/pull/64360#issuecomment-4360066970.
+ // @phpstan-ignore-next-line isset.property See above.
+ if ( ! isset( self::$product_query ) ) {
+ return array();
+ }
$args = self::$product_query->query_vars;
$meta_query = isset( $args['meta_query'] ) ? $args['meta_query'] : array();
@@ -993,6 +998,11 @@ class WC_Query {
public static function get_main_search_query_sql() {
global $wpdb;
+ // PHPStan infers $product_query as non-nullable from other call sites. See https://github.com/woocommerce/woocommerce/pull/64360#issuecomment-4360066970.
+ // @phpstan-ignore-next-line isset.property See above.
+ if ( ! isset( self::$product_query ) ) {
+ return '';
+ }
$args = self::$product_query->query_vars;
$search_terms = isset( $args['search_terms'] ) ? $args['search_terms'] : array();
$sql = array();