diff --git a/includes/class-wc-checkout.php b/includes/class-wc-checkout.php index 331d94b9a14..1c1c6206beb 100644 --- a/includes/class-wc-checkout.php +++ b/includes/class-wc-checkout.php @@ -330,7 +330,9 @@ class WC_Checkout { * @return void */ public function process_checkout() { - wp_verify_nonce( $_POST['_wpnonce'], 'woocommerce-process_checkout' ); + if ( ! wp_verify_nonce( $_POST['_wpnonce'], 'woocommerce-process_checkout' ) ) { + return; + } if ( ! defined( 'WOOCOMMERCE_CHECKOUT' ) ) define( 'WOOCOMMERCE_CHECKOUT', true ); diff --git a/includes/class-wc-form-handler.php b/includes/class-wc-form-handler.php index 6cf793f61be..3173af843f7 100644 --- a/includes/class-wc-form-handler.php +++ b/includes/class-wc-form-handler.php @@ -48,7 +48,9 @@ class WC_Form_Handler { return; } - wp_verify_nonce( $_POST['_wpnonce'], 'woocommerce-edit_address' ); + if ( ! wp_verify_nonce( $_POST['_wpnonce'], 'woocommerce-edit_address' ) ) { + return; + } $user_id = get_current_user_id(); @@ -143,12 +145,10 @@ class WC_Form_Handler { return; } - if ( empty( $_POST[ 'action' ] ) || ( 'save_account_details' !== $_POST[ 'action' ] ) || empty( $_POST['_wpnonce'] ) ) { + if ( empty( $_POST[ 'action' ] ) || ( 'save_account_details' !== $_POST[ 'action' ] ) || empty( $_POST['_wpnonce'] ) && wp_verify_nonce( $_POST['_wpnonce'], 'save_account_details' ) ) { return; } - wp_verify_nonce( $_POST['_wpnonce'], 'woocommerce-save_account_details' ); - $update = true; $errors = new WP_Error(); $user = new stdClass(); @@ -733,9 +733,7 @@ class WC_Form_Handler { * Process the login form. */ public static function process_login() { - if ( ! empty( $_POST['login'] ) && ! empty( $_POST['_wpnonce'] ) ) { - - wp_verify_nonce( $_POST['_wpnonce'], 'woocommerce-login' ); + if ( ! empty( $_POST['login'] ) && ! empty( $_POST['_wpnonce'] ) && wp_verify_nonce( $_POST['_wpnonce'], 'woocommerce-login' ) ) { try { $creds = array(); @@ -809,14 +807,13 @@ class WC_Form_Handler { } // process lost password form - if ( isset( $_POST['user_login'] ) && isset( $_POST['_wpnonce'] ) ) { - wp_verify_nonce( $_POST['_wpnonce'], 'woocommerce-lost_password' ); + if ( isset( $_POST['user_login'] ) && isset( $_POST['_wpnonce'] ) && wp_verify_nonce( $_POST['_wpnonce'], 'lost_password' ) ) { WC_Shortcode_My_Account::retrieve_password(); } // process reset password form - if ( isset( $_POST['password_1'] ) && isset( $_POST['password_2'] ) && isset( $_POST['reset_key'] ) && isset( $_POST['reset_login'] ) && isset( $_POST['_wpnonce'] ) ) { + if ( isset( $_POST['password_1'] ) && isset( $_POST['password_2'] ) && isset( $_POST['reset_key'] ) && isset( $_POST['reset_login'] ) && isset( $_POST['_wpnonce'] ) && wp_verify_nonce( $_POST['_wpnonce'], 'reset_password' ) ) { // verify reset key again $user = WC_Shortcode_My_Account::check_password_reset_key( $_POST['reset_key'], $_POST['reset_login'] ); @@ -827,8 +824,6 @@ class WC_Form_Handler { $args['key'] = wc_clean( $_POST['reset_key'] ); $args['login'] = wc_clean( $_POST['reset_login'] ); - wp_verify_nonce( $_POST['_wpnonce'], 'woocommerce-reset_password' ); - if ( empty( $_POST['password_1'] ) || empty( $_POST['password_2'] ) ) { wc_add_notice( __( 'Please enter your password.', 'woocommerce' ), 'error' ); $args['form'] = 'reset_password'; @@ -865,9 +860,7 @@ class WC_Form_Handler { * Process the registration form. */ public static function process_registration() { - if ( ! empty( $_POST['register'] ) ) { - - wp_verify_nonce( $_POST['register'], 'woocommerce-register' ); + if ( ! empty( $_POST['register'] ) && wp_verify_nonce( $_POST['_wpnonce'], 'woocommerce-register' ) ) { if ( 'no' === get_option( 'woocommerce_registration_generate_username' ) ) { $_username = $_POST['username']; diff --git a/includes/class-wc-product-variation.php b/includes/class-wc-product-variation.php index 00bc751ddf0..e4c49799074 100644 --- a/includes/class-wc-product-variation.php +++ b/includes/class-wc-product-variation.php @@ -276,6 +276,27 @@ class WC_Product_Variation extends WC_Product { return $this->variation_data; } + /** + * Check if all variation's attributes are set + * + * @return boolean + */ + public function has_all_attributes_set() { + + $set = true; + + // undefined attributes have null strings as array values + foreach( $this->get_variation_attributes() as $att ){ + if( ! $att ){ + $set = false; + break; + } + } + + return $set; + + } + /** * Get variation price HTML. Prices are not inherited from parents. * diff --git a/includes/gateways/bacs/class-wc-gateway-bacs.php b/includes/gateways/bacs/class-wc-gateway-bacs.php index 319b3ddf636..3922a74f70a 100644 --- a/includes/gateways/bacs/class-wc-gateway-bacs.php +++ b/includes/gateways/bacs/class-wc-gateway-bacs.php @@ -9,18 +9,18 @@ if ( ! defined( 'ABSPATH' ) ) { * * Provides a Bank Transfer Payment Gateway. Based on code by Mike Pepper. * - * @class WC_Gateway_BACS - * @extends WC_Payment_Gateway - * @version 2.1.0 - * @package WooCommerce/Classes/Payment - * @author WooThemes + * @class WC_Gateway_BACS + * @extends WC_Payment_Gateway + * @version 2.1.0 + * @package WooCommerce/Classes/Payment + * @author WooThemes */ class WC_Gateway_BACS extends WC_Payment_Gateway { - /** - * Constructor for the gateway. - */ - public function __construct() { + /** + * Constructor for the gateway. + */ + public function __construct() { $this->id = 'bacs'; $this->icon = apply_filters('woocommerce_bacs_icon', ''); $this->has_fields = false; @@ -31,7 +31,7 @@ class WC_Gateway_BACS extends WC_Payment_Gateway { $this->init_form_fields(); $this->init_settings(); - // Define user set variables + // Define user set variables $this->title = $this->get_option( 'title' ); $this->description = $this->get_option( 'description' ); $this->instructions = $this->get_option( 'instructions', $this->description ); @@ -53,17 +53,17 @@ class WC_Gateway_BACS extends WC_Payment_Gateway { // Actions add_action( 'woocommerce_update_options_payment_gateways_' . $this->id, array( $this, 'process_admin_options' ) ); add_action( 'woocommerce_update_options_payment_gateways_' . $this->id, array( $this, 'save_account_details' ) ); - add_action( 'woocommerce_thankyou_bacs', array( $this, 'thankyou_page' ) ); + add_action( 'woocommerce_thankyou_bacs', array( $this, 'thankyou_page' ) ); - // Customer Emails - add_action( 'woocommerce_email_before_order_table', array( $this, 'email_instructions' ), 10, 3 ); - } + // Customer Emails + add_action( 'woocommerce_email_before_order_table', array( $this, 'email_instructions' ), 10, 3 ); + } - /** - * Initialise Gateway Settings Form Fields - */ - public function init_form_fields() { - $this->form_fields = array( + /** + * Initialise Gateway Settings Form Fields + */ + public function init_form_fields() { + $this->form_fields = array( 'enabled' => array( 'title' => __( 'Enable/Disable', 'woocommerce' ), 'type' => 'checkbox', @@ -95,88 +95,88 @@ class WC_Gateway_BACS extends WC_Payment_Gateway { 'type' => 'account_details' ), ); - } + } - /** - * generate_account_details_html function. - */ - public function generate_account_details_html() { - ob_start(); - ?> - - : - - - - - - - - - - - - - - - account_details ) { - foreach ( $this->account_details as $account ) { - $i++; + /** + * generate_account_details_html function. + */ + public function generate_account_details_html() { + ob_start(); + ?> + + + - - + + $account_names[ $i ], + $accounts[] = array( + 'account_name' => $account_names[ $i ], 'account_number' => $account_numbers[ $i ], 'bank_name' => $bank_names[ $i ], 'sort_code' => $sort_codes[ $i ], 'iban' => $ibans[ $i ], 'bic' => $bics[ $i ] - ); - } - } + ); + } + } - update_option( 'woocommerce_bacs_accounts', $accounts ); - } + update_option( 'woocommerce_bacs_accounts', $accounts ); + } - /** - * Output for the order received page. - */ - public function thankyou_page( $order_id ) { + /** + * Output for the order received page. + */ + public function thankyou_page( $order_id ) { if ( $this->instructions ) { - echo wpautop( wptexturize( wp_kses_post( $this->instructions ) ) ); - } - $this->bank_details( $order_id ); - } + echo wpautop( wptexturize( wp_kses_post( $this->instructions ) ) ); + } + $this->bank_details( $order_id ); + } - /** - * Add content to the WC emails. - * - * @access public - * @param WC_Order $order - * @param bool $sent_to_admin - * @param bool $plain_text - * @return void - */ - public function email_instructions( $order, $sent_to_admin, $plain_text = false ) { - if ( ! $sent_to_admin && 'bacs' === $order->payment_method && $order->has_status( 'on-hold' ) ) { + /** + * Add content to the WC emails. + * + * @access public + * @param WC_Order $order + * @param bool $sent_to_admin + * @param bool $plain_text + * @return void + */ + public function email_instructions( $order, $sent_to_admin, $plain_text = false ) { + if ( ! $sent_to_admin && 'bacs' === $order->payment_method && $order->has_status( 'on-hold' ) ) { if ( $this->instructions ) { echo wpautop( wptexturize( $this->instructions ) ) . PHP_EOL; } $this->bank_details( $order->id ); } - } + } - /** - * Get bank details and place into a list format - */ - private function bank_details( $order_id = '' ) { - if ( empty( $this->account_details ) ) { - return; - } + /** + * Get bank details and place into a list format + */ + private function bank_details( $order_id = '' ) { + if ( empty( $this->account_details ) ) { + return; + } - echo '

' . __( 'Our Bank Details', 'woocommerce' ) . '

' . PHP_EOL; + echo '

' . __( 'Our Bank Details', 'woocommerce' ) . '

' . PHP_EOL; - $bacs_accounts = apply_filters( 'woocommerce_bacs_accounts', $this->account_details ); + $bacs_accounts = apply_filters( 'woocommerce_bacs_accounts', $this->account_details ); - if ( ! empty( $bacs_accounts ) ) { - foreach ( $bacs_accounts as $bacs_account ) { - $bacs_account = (object) $bacs_account; + if ( ! empty( $bacs_accounts ) ) { + foreach ( $bacs_accounts as $bacs_account ) { + $bacs_account = (object) $bacs_account; if ( $bacs_account->account_name || $bacs_account->bank_name ) { - echo '

' . implode( ' - ', array_filter( array( $bacs_account->account_name, $bacs_account->bank_name ) ) ) . '

' . PHP_EOL; + echo '

' . wp_unslash( implode( ' - ', array_filter( array( $bacs_account->account_name, $bacs_account->bank_name ) ) ) ) . '

' . PHP_EOL; } - echo ''; + } + } + } - /** - * Process the payment and return the result - * - * @param int $order_id - * @return array - */ - public function process_payment( $order_id ) { + /** + * Process the payment and return the result + * + * @param int $order_id + * @return array + */ + public function process_payment( $order_id ) { $order = wc_get_order( $order_id ); @@ -306,8 +306,8 @@ class WC_Gateway_BACS extends WC_Payment_Gateway { // Return thankyou redirect return array( - 'result' => 'success', - 'redirect' => $this->get_return_url( $order ) + 'result' => 'success', + 'redirect' => $this->get_return_url( $order ) ); - } + } } diff --git a/includes/shortcodes/class-wc-shortcode-order-tracking.php b/includes/shortcodes/class-wc-shortcode-order-tracking.php index 6ac14cbe555..52397dd5d95 100644 --- a/includes/shortcodes/class-wc-shortcode-order-tracking.php +++ b/includes/shortcodes/class-wc-shortcode-order-tracking.php @@ -41,9 +41,7 @@ class WC_Shortcode_Order_Tracking { global $post; - if ( ! empty( $_REQUEST['orderid'] ) ) { - - wp_verify_nonce( $_POST['_wpnonce'], 'woocommerce-order_tracking' ); + if ( ! empty( $_REQUEST['orderid'] ) && isset( $_POST['_wpnonce'] ) && wp_verify_nonce( $_POST['_wpnonce'], 'woocommerce-order_tracking' ) ) { $order_id = empty( $_REQUEST['orderid'] ) ? 0 : esc_attr( $_REQUEST['orderid'] ); $order_email = empty( $_REQUEST['order_email'] ) ? '' : esc_attr( $_REQUEST['order_email']) ; diff --git a/includes/wc-formatting-functions.php b/includes/wc-formatting-functions.php index de339b8634f..bb0f93bf07e 100644 --- a/includes/wc-formatting-functions.php +++ b/includes/wc-formatting-functions.php @@ -589,3 +589,15 @@ function wc_format_phone_number( $tel ) { $tel = str_replace( '.', '-', $tel ); return $tel; } + +/** + * Make a string lowercase. + * Try to use mb_strtolower() when available. + * + * @since 2.3 + * @param string $string + * @return string + */ +function wc_strtolower( $string ) { + return function_exists( 'mb_strtolower' ) ? mb_strtolower( $string ) : strtolower( $string ); +} diff --git a/includes/wc-order-functions.php b/includes/wc-order-functions.php index d0d8207e3d6..f0472d7dc88 100644 --- a/includes/wc-order-functions.php +++ b/includes/wc-order-functions.php @@ -56,7 +56,7 @@ function wc_get_order_status_name( $status ) { $status = 'wc-' === substr( $status, 0, 3 ) ? substr( $status, 3 ) : $status; $status = isset( $statuses[ 'wc-' . $status ] ) ? $statuses[ 'wc-' . $status ] : $status; - return function_exists( 'mb_strtolower' ) ? mb_strtolower( $status ) : strtolower( $status ); + return wc_strtolower( $status ); } /** diff --git a/templates/content-product.php b/templates/content-product.php index 1b366e827a1..1248ba3e5d1 100644 --- a/templates/content-product.php +++ b/templates/content-product.php @@ -67,6 +67,15 @@ if ( 0 == $woocommerce_loop['loop'] % $woocommerce_loop['columns'] ) - + diff --git a/templates/myaccount/form-login.php b/templates/myaccount/form-login.php index e7e0399cc26..b25d90e48ae 100644 --- a/templates/myaccount/form-login.php +++ b/templates/myaccount/form-login.php @@ -4,7 +4,7 @@ * * @author WooThemes * @package WooCommerce/Templates - * @version 2.1.0 + * @version 2.2.6 */ if ( ! defined( 'ABSPATH' ) ) { @@ -99,7 +99,7 @@ if ( ! defined( 'ABSPATH' ) ) {

- +

diff --git a/woocommerce.php b/woocommerce.php index 83b6a989bb7..74c4b73b27c 100644 --- a/woocommerce.php +++ b/woocommerce.php @@ -385,7 +385,7 @@ final class WooCommerce { } // Email Actions - $email_actions = array( + $email_actions = apply_filters( 'woocommerce_email_actions', array( 'woocommerce_low_stock', 'woocommerce_no_stock', 'woocommerce_product_on_backorder', @@ -398,7 +398,7 @@ final class WooCommerce { 'woocommerce_order_status_completed', 'woocommerce_new_customer_note', 'woocommerce_created_customer' - ); + ) ); foreach ( $email_actions as $action ) { add_action( $action, array( $this, 'send_transactional_email' ), 10, 10 );
 
: + + + + + + + + + + + + + + account_details ) { + foreach ( $this->account_details as $account ) { + $i++; - echo ' - - - - - - - - '; - } - } - ?> - - - - - - -
 
- -