From 0304778f18abbd867f63bc0cba589afe78b860bb Mon Sep 17 00:00:00 2001 From: Kathy Darling Date: Wed, 15 Oct 2014 09:11:41 +0200 Subject: [PATCH 01/22] add variation class method is_all_defined() which tests if all the attributes are set --- includes/class-wc-product-variation.php | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/includes/class-wc-product-variation.php b/includes/class-wc-product-variation.php index 00bc751ddf0..b1843ed3528 100644 --- a/includes/class-wc-product-variation.php +++ b/includes/class-wc-product-variation.php @@ -276,6 +276,27 @@ class WC_Product_Variation extends WC_Product { return $this->variation_data; } + /** + * Check if all variation attributes are defined + * + * @return boolean + */ + public function is_all_defined() { + + $defined = true; + + // undefined attributes have null strings as array values + foreach( $this->get_variation_attributes() as $att ){ + if( ! $att ){ + $defined = false; + break; + } + } + + return $defined; + + } + /** * Get variation price HTML. Prices are not inherited from parents. * From 3d4a534e6aa61a9d64b14ef857c90ef95a073fa5 Mon Sep 17 00:00:00 2001 From: Kathy Darling Date: Fri, 17 Oct 2014 17:24:04 +0200 Subject: [PATCH 02/22] rename method to has_all_attributes_set --- includes/class-wc-product-variation.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/includes/class-wc-product-variation.php b/includes/class-wc-product-variation.php index b1843ed3528..e4c49799074 100644 --- a/includes/class-wc-product-variation.php +++ b/includes/class-wc-product-variation.php @@ -277,23 +277,23 @@ class WC_Product_Variation extends WC_Product { } /** - * Check if all variation attributes are defined + * Check if all variation's attributes are set * * @return boolean */ - public function is_all_defined() { + public function has_all_attributes_set() { - $defined = true; + $set = true; // undefined attributes have null strings as array values foreach( $this->get_variation_attributes() as $att ){ if( ! $att ){ - $defined = false; + $set = false; break; } } - return $defined; + return $set; } From 1fdff91114ee7d8e40e45eccaf89755607a15e02 Mon Sep 17 00:00:00 2001 From: Gerhard Date: Mon, 20 Oct 2014 09:35:54 +0200 Subject: [PATCH 03/22] Make edit account details nonce unique to customer. --- includes/class-wc-form-handler.php | 2 +- templates/myaccount/form-edit-account.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/includes/class-wc-form-handler.php b/includes/class-wc-form-handler.php index b6a98d3ebab..2a70a5c5dda 100644 --- a/includes/class-wc-form-handler.php +++ b/includes/class-wc-form-handler.php @@ -147,7 +147,7 @@ class WC_Form_Handler { return; } - wp_verify_nonce( $_POST['_wpnonce'], 'woocommerce-save_account_details' ); + wp_verify_nonce( $_POST['_wpnonce'], 'woocommerce-save_account_details_' . (int) get_current_user_id() ); $update = true; $errors = new WP_Error(); diff --git a/templates/myaccount/form-edit-account.php b/templates/myaccount/form-edit-account.php index ff3dab0d05b..825ef9c842e 100644 --- a/templates/myaccount/form-edit-account.php +++ b/templates/myaccount/form-edit-account.php @@ -57,6 +57,6 @@ if ( ! defined( 'ABSPATH' ) ) {

- + \ No newline at end of file From 3b1ccbc23b53752d2eba1bd8913d261b29d3975a Mon Sep 17 00:00:00 2001 From: Gerhard Date: Mon, 20 Oct 2014 09:41:28 +0200 Subject: [PATCH 04/22] Added var to wrong funciton :| --- templates/myaccount/form-edit-account.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/myaccount/form-edit-account.php b/templates/myaccount/form-edit-account.php index 825ef9c842e..48ffc9fb094 100644 --- a/templates/myaccount/form-edit-account.php +++ b/templates/myaccount/form-edit-account.php @@ -52,11 +52,11 @@ if ( ! defined( 'ABSPATH' ) ) {

- +

- + \ No newline at end of file From 22cffec564376c86e26bbf4ca1676fe237e06a14 Mon Sep 17 00:00:00 2001 From: Gerhard Date: Tue, 21 Oct 2014 08:30:30 +0200 Subject: [PATCH 05/22] Revert nonce fieldname to original. --- templates/myaccount/form-edit-account.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/myaccount/form-edit-account.php b/templates/myaccount/form-edit-account.php index 48ffc9fb094..ff3dab0d05b 100644 --- a/templates/myaccount/form-edit-account.php +++ b/templates/myaccount/form-edit-account.php @@ -52,7 +52,7 @@ if ( ! defined( 'ABSPATH' ) ) {

- +

From 1fd61e6d756e3bfae2f947b9a91b2617cc531407 Mon Sep 17 00:00:00 2001 From: Gerhard Date: Tue, 21 Oct 2014 08:31:48 +0200 Subject: [PATCH 06/22] Use wp_verify_nonce correctly in save_account_details. --- includes/class-wc-form-handler.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/includes/class-wc-form-handler.php b/includes/class-wc-form-handler.php index 2a70a5c5dda..df5ab351937 100644 --- a/includes/class-wc-form-handler.php +++ b/includes/class-wc-form-handler.php @@ -147,7 +147,9 @@ class WC_Form_Handler { return; } - wp_verify_nonce( $_POST['_wpnonce'], 'woocommerce-save_account_details_' . (int) get_current_user_id() ); + if ( ! wp_verify_nonce( $_POST['_wpnonce'], 'save_account_details' ) ) { + return; + } $update = true; $errors = new WP_Error(); From 1bc74317dfbf633cf5c5fac026212019df1a0948 Mon Sep 17 00:00:00 2001 From: Gerhard Date: Tue, 21 Oct 2014 08:33:48 +0200 Subject: [PATCH 07/22] Use wp_verify_nonce correctly in process_login --- includes/class-wc-form-handler.php | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/includes/class-wc-form-handler.php b/includes/class-wc-form-handler.php index df5ab351937..da9bdc736c2 100644 --- a/includes/class-wc-form-handler.php +++ b/includes/class-wc-form-handler.php @@ -729,9 +729,7 @@ class WC_Form_Handler { * Process the login form. */ public static function process_login() { - if ( ! empty( $_POST['login'] ) && ! empty( $_POST['_wpnonce'] ) ) { - - wp_verify_nonce( $_POST['_wpnonce'], 'woocommerce-login' ); + if ( ! empty( $_POST['login'] ) && ! empty( $_POST['_wpnonce'] ) && wp_verify_nonce( $_POST['_wpnonce'], 'woocommerce-login' ) ) { try { $creds = array(); From f2e65f085740e6b0c6830dd30cdf0fa47d91a796 Mon Sep 17 00:00:00 2001 From: Gerhard Date: Tue, 21 Oct 2014 08:39:16 +0200 Subject: [PATCH 08/22] Propper verify_nonce use on reset password functionality. --- includes/class-wc-form-handler.php | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/includes/class-wc-form-handler.php b/includes/class-wc-form-handler.php index da9bdc736c2..f09c01266e1 100644 --- a/includes/class-wc-form-handler.php +++ b/includes/class-wc-form-handler.php @@ -803,14 +803,13 @@ class WC_Form_Handler { } // process lost password form - if ( isset( $_POST['user_login'] ) && isset( $_POST['_wpnonce'] ) ) { - wp_verify_nonce( $_POST['_wpnonce'], 'woocommerce-lost_password' ); + if ( isset( $_POST['user_login'] ) && isset( $_POST['_wpnonce'] ) && wp_verify_nonce( $_POST['_wpnonce'], 'lost_password' ) ) { WC_Shortcode_My_Account::retrieve_password(); } // process reset password form - if ( isset( $_POST['password_1'] ) && isset( $_POST['password_2'] ) && isset( $_POST['reset_key'] ) && isset( $_POST['reset_login'] ) && isset( $_POST['_wpnonce'] ) ) { + if ( isset( $_POST['password_1'] ) && isset( $_POST['password_2'] ) && isset( $_POST['reset_key'] ) && isset( $_POST['reset_login'] ) && isset( $_POST['_wpnonce'] ) && wp_verify_nonce( $_POST['_wpnonce'], 'reset_password' ) ) { // verify reset key again $user = WC_Shortcode_My_Account::check_password_reset_key( $_POST['reset_key'], $_POST['reset_login'] ); @@ -821,8 +820,6 @@ class WC_Form_Handler { $args['key'] = wc_clean( $_POST['reset_key'] ); $args['login'] = wc_clean( $_POST['reset_login'] ); - wp_verify_nonce( $_POST['_wpnonce'], 'woocommerce-reset_password' ); - if ( empty( $_POST['password_1'] ) || empty( $_POST['password_2'] ) ) { wc_add_notice( __( 'Please enter your password.', 'woocommerce' ), 'error' ); $args['form'] = 'reset_password'; From 9f438edfa0d137e3a9d94c0d6e1eb935915e9c19 Mon Sep 17 00:00:00 2001 From: Gerhard Date: Tue, 21 Oct 2014 08:41:52 +0200 Subject: [PATCH 09/22] Correctly use verify nonce on register --- includes/class-wc-form-handler.php | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/includes/class-wc-form-handler.php b/includes/class-wc-form-handler.php index f09c01266e1..dcef7702189 100644 --- a/includes/class-wc-form-handler.php +++ b/includes/class-wc-form-handler.php @@ -856,9 +856,7 @@ class WC_Form_Handler { * Process the registration form. */ public static function process_registration() { - if ( ! empty( $_POST['register'] ) ) { - - wp_verify_nonce( $_POST['register'], 'woocommerce-register' ); + if ( ! empty( $_POST['register'] ) && wp_verify_nonce( $_POST['register'], 'register' ) ) { if ( 'no' === get_option( 'woocommerce_registration_generate_username' ) ) { $_username = $_POST['username']; From 1c46b7324a38f207e5760446cd9f352ac9d47fa8 Mon Sep 17 00:00:00 2001 From: Gerhard Date: Tue, 21 Oct 2014 08:50:23 +0200 Subject: [PATCH 10/22] Register nonce used same name as register form button. --- includes/class-wc-form-handler.php | 5 ++++- templates/myaccount/form-login.php | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/includes/class-wc-form-handler.php b/includes/class-wc-form-handler.php index dcef7702189..8077d0c2331 100644 --- a/includes/class-wc-form-handler.php +++ b/includes/class-wc-form-handler.php @@ -856,7 +856,10 @@ class WC_Form_Handler { * Process the registration form. */ public static function process_registration() { - if ( ! empty( $_POST['register'] ) && wp_verify_nonce( $_POST['register'], 'register' ) ) { + print_r( $_POST ); + //die( 'Before' ); + if ( ! empty( $_POST['register'] ) && wp_verify_nonce( $_POST['_wpnonce'], 'woocommerce-register' ) ) { + die( 'Passed' ); if ( 'no' === get_option( 'woocommerce_registration_generate_username' ) ) { $_username = $_POST['username']; diff --git a/templates/myaccount/form-login.php b/templates/myaccount/form-login.php index 384ff131eba..137b0ee3f8c 100644 --- a/templates/myaccount/form-login.php +++ b/templates/myaccount/form-login.php @@ -98,7 +98,7 @@ if ( ! defined( 'ABSPATH' ) ) {

- +

From 9b7fd195a71dfeae8445dabc45912064e1125ff8 Mon Sep 17 00:00:00 2001 From: Gerhard Date: Tue, 21 Oct 2014 08:51:00 +0200 Subject: [PATCH 11/22] remove debug info. --- includes/class-wc-form-handler.php | 2 -- 1 file changed, 2 deletions(-) diff --git a/includes/class-wc-form-handler.php b/includes/class-wc-form-handler.php index 8077d0c2331..2685c4732c2 100644 --- a/includes/class-wc-form-handler.php +++ b/includes/class-wc-form-handler.php @@ -856,8 +856,6 @@ class WC_Form_Handler { * Process the registration form. */ public static function process_registration() { - print_r( $_POST ); - //die( 'Before' ); if ( ! empty( $_POST['register'] ) && wp_verify_nonce( $_POST['_wpnonce'], 'woocommerce-register' ) ) { die( 'Passed' ); From 36ae6b8876301739003042369eb0df1983eafb22 Mon Sep 17 00:00:00 2001 From: Gerhard Date: Tue, 21 Oct 2014 08:51:35 +0200 Subject: [PATCH 12/22] remove more debug info. --- includes/class-wc-form-handler.php | 1 - 1 file changed, 1 deletion(-) diff --git a/includes/class-wc-form-handler.php b/includes/class-wc-form-handler.php index 2685c4732c2..1896014ef60 100644 --- a/includes/class-wc-form-handler.php +++ b/includes/class-wc-form-handler.php @@ -857,7 +857,6 @@ class WC_Form_Handler { */ public static function process_registration() { if ( ! empty( $_POST['register'] ) && wp_verify_nonce( $_POST['_wpnonce'], 'woocommerce-register' ) ) { - die( 'Passed' ); if ( 'no' === get_option( 'woocommerce_registration_generate_username' ) ) { $_username = $_POST['username']; From 817e23a807be231fd6e872b5a2678376e91364c8 Mon Sep 17 00:00:00 2001 From: Gerhard Date: Tue, 21 Oct 2014 08:52:19 +0200 Subject: [PATCH 13/22] Propper verfiy nonce use on edit address. --- includes/class-wc-form-handler.php | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/includes/class-wc-form-handler.php b/includes/class-wc-form-handler.php index 1896014ef60..75696562522 100644 --- a/includes/class-wc-form-handler.php +++ b/includes/class-wc-form-handler.php @@ -44,12 +44,10 @@ class WC_Form_Handler { return; } - if ( empty( $_POST[ 'action' ] ) || ( 'edit_address' !== $_POST[ 'action' ] ) || empty( $_POST['_wpnonce'] ) ) { + if ( empty( $_POST[ 'action' ] ) || ( 'edit_address' !== $_POST[ 'action' ] ) || empty( $_POST['_wpnonce'] ) && wp_verify_nonce( $_POST['_wpnonce'], 'woocommerce-edit_address' ) ) { return; } - wp_verify_nonce( $_POST['_wpnonce'], 'woocommerce-edit_address' ); - $user_id = get_current_user_id(); if ( $user_id <= 0 ) { From a08b501ebc5a7f15387bc70c172361ba69e494a3 Mon Sep 17 00:00:00 2001 From: Gerhard Date: Tue, 21 Oct 2014 08:53:54 +0200 Subject: [PATCH 14/22] Propper verify nonce use on edit account. --- includes/class-wc-form-handler.php | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/includes/class-wc-form-handler.php b/includes/class-wc-form-handler.php index 75696562522..84645026cb6 100644 --- a/includes/class-wc-form-handler.php +++ b/includes/class-wc-form-handler.php @@ -141,11 +141,7 @@ class WC_Form_Handler { return; } - if ( empty( $_POST[ 'action' ] ) || ( 'save_account_details' !== $_POST[ 'action' ] ) || empty( $_POST['_wpnonce'] ) ) { - return; - } - - if ( ! wp_verify_nonce( $_POST['_wpnonce'], 'save_account_details' ) ) { + if ( empty( $_POST[ 'action' ] ) || ( 'save_account_details' !== $_POST[ 'action' ] ) || empty( $_POST['_wpnonce'] ) && wp_verify_nonce( $_POST['_wpnonce'], 'save_account_details' ) ) { return; } From 9645519f0ff8a94b9c87d4799c4ed90ba4b09a0e Mon Sep 17 00:00:00 2001 From: Gerhard Date: Tue, 21 Oct 2014 09:03:17 +0200 Subject: [PATCH 15/22] Bump template version for nonce name change. --- templates/myaccount/form-login.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/myaccount/form-login.php b/templates/myaccount/form-login.php index 137b0ee3f8c..3706f163f45 100644 --- a/templates/myaccount/form-login.php +++ b/templates/myaccount/form-login.php @@ -4,7 +4,7 @@ * * @author WooThemes * @package WooCommerce/Templates - * @version 2.1.0 + * @version 2.2.6 */ if ( ! defined( 'ABSPATH' ) ) { From b9a89e45899859855775f06adce72f61f80f1be2 Mon Sep 17 00:00:00 2001 From: Nicola Mustone Date: Tue, 21 Oct 2014 09:43:57 +0200 Subject: [PATCH 16/22] Fixed indentation and added wp_unslash --- .../gateways/bacs/class-wc-gateway-bacs.php | 298 +++++++++--------- 1 file changed, 149 insertions(+), 149 deletions(-) diff --git a/includes/gateways/bacs/class-wc-gateway-bacs.php b/includes/gateways/bacs/class-wc-gateway-bacs.php index 319b3ddf636..3922a74f70a 100644 --- a/includes/gateways/bacs/class-wc-gateway-bacs.php +++ b/includes/gateways/bacs/class-wc-gateway-bacs.php @@ -9,18 +9,18 @@ if ( ! defined( 'ABSPATH' ) ) { * * Provides a Bank Transfer Payment Gateway. Based on code by Mike Pepper. * - * @class WC_Gateway_BACS - * @extends WC_Payment_Gateway - * @version 2.1.0 - * @package WooCommerce/Classes/Payment - * @author WooThemes + * @class WC_Gateway_BACS + * @extends WC_Payment_Gateway + * @version 2.1.0 + * @package WooCommerce/Classes/Payment + * @author WooThemes */ class WC_Gateway_BACS extends WC_Payment_Gateway { - /** - * Constructor for the gateway. - */ - public function __construct() { + /** + * Constructor for the gateway. + */ + public function __construct() { $this->id = 'bacs'; $this->icon = apply_filters('woocommerce_bacs_icon', ''); $this->has_fields = false; @@ -31,7 +31,7 @@ class WC_Gateway_BACS extends WC_Payment_Gateway { $this->init_form_fields(); $this->init_settings(); - // Define user set variables + // Define user set variables $this->title = $this->get_option( 'title' ); $this->description = $this->get_option( 'description' ); $this->instructions = $this->get_option( 'instructions', $this->description ); @@ -53,17 +53,17 @@ class WC_Gateway_BACS extends WC_Payment_Gateway { // Actions add_action( 'woocommerce_update_options_payment_gateways_' . $this->id, array( $this, 'process_admin_options' ) ); add_action( 'woocommerce_update_options_payment_gateways_' . $this->id, array( $this, 'save_account_details' ) ); - add_action( 'woocommerce_thankyou_bacs', array( $this, 'thankyou_page' ) ); + add_action( 'woocommerce_thankyou_bacs', array( $this, 'thankyou_page' ) ); - // Customer Emails - add_action( 'woocommerce_email_before_order_table', array( $this, 'email_instructions' ), 10, 3 ); - } + // Customer Emails + add_action( 'woocommerce_email_before_order_table', array( $this, 'email_instructions' ), 10, 3 ); + } - /** - * Initialise Gateway Settings Form Fields - */ - public function init_form_fields() { - $this->form_fields = array( + /** + * Initialise Gateway Settings Form Fields + */ + public function init_form_fields() { + $this->form_fields = array( 'enabled' => array( 'title' => __( 'Enable/Disable', 'woocommerce' ), 'type' => 'checkbox', @@ -95,88 +95,88 @@ class WC_Gateway_BACS extends WC_Payment_Gateway { 'type' => 'account_details' ), ); - } + } - /** - * generate_account_details_html function. - */ - public function generate_account_details_html() { - ob_start(); - ?> - - : - - - - - - - - - - - - - - - account_details ) { - foreach ( $this->account_details as $account ) { - $i++; + /** + * generate_account_details_html function. + */ + public function generate_account_details_html() { + ob_start(); + ?> + + + - - + + $account_names[ $i ], + $accounts[] = array( + 'account_name' => $account_names[ $i ], 'account_number' => $account_numbers[ $i ], 'bank_name' => $bank_names[ $i ], 'sort_code' => $sort_codes[ $i ], 'iban' => $ibans[ $i ], 'bic' => $bics[ $i ] - ); - } - } + ); + } + } - update_option( 'woocommerce_bacs_accounts', $accounts ); - } + update_option( 'woocommerce_bacs_accounts', $accounts ); + } - /** - * Output for the order received page. - */ - public function thankyou_page( $order_id ) { + /** + * Output for the order received page. + */ + public function thankyou_page( $order_id ) { if ( $this->instructions ) { - echo wpautop( wptexturize( wp_kses_post( $this->instructions ) ) ); - } - $this->bank_details( $order_id ); - } + echo wpautop( wptexturize( wp_kses_post( $this->instructions ) ) ); + } + $this->bank_details( $order_id ); + } - /** - * Add content to the WC emails. - * - * @access public - * @param WC_Order $order - * @param bool $sent_to_admin - * @param bool $plain_text - * @return void - */ - public function email_instructions( $order, $sent_to_admin, $plain_text = false ) { - if ( ! $sent_to_admin && 'bacs' === $order->payment_method && $order->has_status( 'on-hold' ) ) { + /** + * Add content to the WC emails. + * + * @access public + * @param WC_Order $order + * @param bool $sent_to_admin + * @param bool $plain_text + * @return void + */ + public function email_instructions( $order, $sent_to_admin, $plain_text = false ) { + if ( ! $sent_to_admin && 'bacs' === $order->payment_method && $order->has_status( 'on-hold' ) ) { if ( $this->instructions ) { echo wpautop( wptexturize( $this->instructions ) ) . PHP_EOL; } $this->bank_details( $order->id ); } - } + } - /** - * Get bank details and place into a list format - */ - private function bank_details( $order_id = '' ) { - if ( empty( $this->account_details ) ) { - return; - } + /** + * Get bank details and place into a list format + */ + private function bank_details( $order_id = '' ) { + if ( empty( $this->account_details ) ) { + return; + } - echo '

' . __( 'Our Bank Details', 'woocommerce' ) . '

' . PHP_EOL; + echo '

' . __( 'Our Bank Details', 'woocommerce' ) . '

' . PHP_EOL; - $bacs_accounts = apply_filters( 'woocommerce_bacs_accounts', $this->account_details ); + $bacs_accounts = apply_filters( 'woocommerce_bacs_accounts', $this->account_details ); - if ( ! empty( $bacs_accounts ) ) { - foreach ( $bacs_accounts as $bacs_account ) { - $bacs_account = (object) $bacs_account; + if ( ! empty( $bacs_accounts ) ) { + foreach ( $bacs_accounts as $bacs_account ) { + $bacs_account = (object) $bacs_account; if ( $bacs_account->account_name || $bacs_account->bank_name ) { - echo '

' . implode( ' - ', array_filter( array( $bacs_account->account_name, $bacs_account->bank_name ) ) ) . '

' . PHP_EOL; + echo '

' . wp_unslash( implode( ' - ', array_filter( array( $bacs_account->account_name, $bacs_account->bank_name ) ) ) ) . '

' . PHP_EOL; } - echo '
    ' . PHP_EOL; + echo '
      ' . PHP_EOL; - // BACS account fields shown on the thanks page and in emails + // BACS account fields shown on the thanks page and in emails $account_fields = apply_filters( 'woocommerce_bacs_account_fields', array( 'account_number'=> array( 'label' => __( 'Account Number', 'woocommerce' ), 'value' => $bacs_account->account_number ), - 'sort_code' => array( + 'sort_code' => array( 'label' => __( 'Sort Code', 'woocommerce' ), 'value' => $bacs_account->sort_code ), - 'iban' => array( + 'iban' => array( 'label' => __( 'IBAN', 'woocommerce' ), 'value' => $bacs_account->iban ), - 'bic' => array( + 'bic' => array( 'label' => __( 'BIC', 'woocommerce' ), 'value' => $bacs_account->bic ) ), $order_id ); - foreach ( $account_fields as $field_key => $field ) { - if ( ! empty( $field['value'] ) ) { - echo '
    • ' . esc_attr( $field['label'] ) . ': ' . wptexturize( $field['value'] ) . '
      • ' . PHP_EOL; - } + foreach ( $account_fields as $field_key => $field ) { + if ( ! empty( $field['value'] ) ) { + echo '
    • ' . esc_attr( $field['label'] ) . ': ' . wptexturize( $field['value'] ) . '
      • ' . PHP_EOL; + } } - echo '
    '; - } - } - } + echo '
'; + } + } + } - /** - * Process the payment and return the result - * - * @param int $order_id - * @return array - */ - public function process_payment( $order_id ) { + /** + * Process the payment and return the result + * + * @param int $order_id + * @return array + */ + public function process_payment( $order_id ) { $order = wc_get_order( $order_id ); @@ -306,8 +306,8 @@ class WC_Gateway_BACS extends WC_Payment_Gateway { // Return thankyou redirect return array( - 'result' => 'success', - 'redirect' => $this->get_return_url( $order ) + 'result' => 'success', + 'redirect' => $this->get_return_url( $order ) ); - } + } } From 5c1ad63876572472a8858982279a8e55449555ec Mon Sep 17 00:00:00 2001 From: Gerhard Date: Tue, 21 Oct 2014 09:44:53 +0200 Subject: [PATCH 17/22] Propper verify nonce use on checkout --- includes/class-wc-checkout.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/includes/class-wc-checkout.php b/includes/class-wc-checkout.php index 9112cc245c6..0b737a4cb7a 100644 --- a/includes/class-wc-checkout.php +++ b/includes/class-wc-checkout.php @@ -330,7 +330,9 @@ class WC_Checkout { * @return void */ public function process_checkout() { - wp_verify_nonce( $_POST['_wpnonce'], 'woocommerce-process_checkout' ); + if ( ! wp_verify_nonce( $_POST['_wpnonce'], 'woocommerce-process_checkout' ) ) { + return; + } if ( ! defined( 'WOOCOMMERCE_CHECKOUT' ) ) define( 'WOOCOMMERCE_CHECKOUT', true ); From afc0ddf6e7b4c6cae27232d779ba6f18b13f711c Mon Sep 17 00:00:00 2001 From: Gerhard Date: Tue, 21 Oct 2014 09:46:14 +0200 Subject: [PATCH 18/22] Propper verify nonce use on order tracking page. --- includes/shortcodes/class-wc-shortcode-order-tracking.php | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/includes/shortcodes/class-wc-shortcode-order-tracking.php b/includes/shortcodes/class-wc-shortcode-order-tracking.php index 17a17a6e343..36b80893576 100644 --- a/includes/shortcodes/class-wc-shortcode-order-tracking.php +++ b/includes/shortcodes/class-wc-shortcode-order-tracking.php @@ -42,9 +42,7 @@ class WC_Shortcode_Order_Tracking { global $post; - if ( ! empty( $_REQUEST['orderid'] ) ) { - - wp_verify_nonce( $_POST['_wpnonce'], 'woocommerce-order_tracking' ); + if ( ! empty( $_REQUEST['orderid'] ) && isset( $_POST['_wpnonce'] ) && wp_verify_nonce( $_POST['_wpnonce'], 'woocommerce-order_tracking' ) ) { $order_id = empty( $_REQUEST['orderid'] ) ? 0 : esc_attr( $_REQUEST['orderid'] ); $order_email = empty( $_REQUEST['order_email'] ) ? '' : esc_attr( $_REQUEST['order_email']) ; From 1320f7421b6fdb9070537a7c41408633a1c64d85 Mon Sep 17 00:00:00 2001 From: Kathy Darling Date: Tue, 21 Oct 2014 11:52:07 +0200 Subject: [PATCH 19/22] add filter for woocommerce_email_actions --- woocommerce.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/woocommerce.php b/woocommerce.php index 83b6a989bb7..74c4b73b27c 100644 --- a/woocommerce.php +++ b/woocommerce.php @@ -385,7 +385,7 @@ final class WooCommerce { } // Email Actions - $email_actions = array( + $email_actions = apply_filters( 'woocommerce_email_actions', array( 'woocommerce_low_stock', 'woocommerce_no_stock', 'woocommerce_product_on_backorder', @@ -398,7 +398,7 @@ final class WooCommerce { 'woocommerce_order_status_completed', 'woocommerce_new_customer_note', 'woocommerce_created_customer' - ); + ) ); foreach ( $email_actions as $action ) { add_action( $action, array( $this, 'send_transactional_email' ), 10, 10 ); From 981883d7a464763386216fd190abda6e5b6f0182 Mon Sep 17 00:00:00 2001 From: Rhys Date: Tue, 21 Oct 2014 11:54:34 +0100 Subject: [PATCH 20/22] Added DocBlock to woocommerce_after_shop_loop_item documenting the hooked functions added to it. --- templates/content-product.php | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/templates/content-product.php b/templates/content-product.php index 1b366e827a1..1248ba3e5d1 100644 --- a/templates/content-product.php +++ b/templates/content-product.php @@ -67,6 +67,15 @@ if ( 0 == $woocommerce_loop['loop'] % $woocommerce_loop['columns'] ) - + From 045046492f910ba0813753d11f6296d09fb9915c Mon Sep 17 00:00:00 2001 From: Gerhard Date: Tue, 21 Oct 2014 13:24:01 +0200 Subject: [PATCH 21/22] Fix nonce check on edit address. --- includes/class-wc-form-handler.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/includes/class-wc-form-handler.php b/includes/class-wc-form-handler.php index 84645026cb6..1c6f108006d 100644 --- a/includes/class-wc-form-handler.php +++ b/includes/class-wc-form-handler.php @@ -44,7 +44,11 @@ class WC_Form_Handler { return; } - if ( empty( $_POST[ 'action' ] ) || ( 'edit_address' !== $_POST[ 'action' ] ) || empty( $_POST['_wpnonce'] ) && wp_verify_nonce( $_POST['_wpnonce'], 'woocommerce-edit_address' ) ) { + if ( empty( $_POST[ 'action' ] ) || ( 'edit_address' !== $_POST[ 'action' ] ) || empty( $_POST['_wpnonce'] ) ) { + return; + } + + if ( ! wp_verify_nonce( $_POST['_wpnonce'], 'woocommerce-edit_address' ) ) { return; } From 42820ea88dbb324438d2ad6cd61a3b56c7c4df6f Mon Sep 17 00:00:00 2001 From: claudiosmweb Date: Tue, 21 Oct 2014 10:51:16 -0200 Subject: [PATCH 22/22] introduced the wc_strtolower() function, closes #6575 --- includes/wc-formatting-functions.php | 12 ++++++++++++ includes/wc-order-functions.php | 2 +- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/includes/wc-formatting-functions.php b/includes/wc-formatting-functions.php index de339b8634f..bb0f93bf07e 100644 --- a/includes/wc-formatting-functions.php +++ b/includes/wc-formatting-functions.php @@ -589,3 +589,15 @@ function wc_format_phone_number( $tel ) { $tel = str_replace( '.', '-', $tel ); return $tel; } + +/** + * Make a string lowercase. + * Try to use mb_strtolower() when available. + * + * @since 2.3 + * @param string $string + * @return string + */ +function wc_strtolower( $string ) { + return function_exists( 'mb_strtolower' ) ? mb_strtolower( $string ) : strtolower( $string ); +} diff --git a/includes/wc-order-functions.php b/includes/wc-order-functions.php index d0d8207e3d6..f0472d7dc88 100644 --- a/includes/wc-order-functions.php +++ b/includes/wc-order-functions.php @@ -56,7 +56,7 @@ function wc_get_order_status_name( $status ) { $status = 'wc-' === substr( $status, 0, 3 ) ? substr( $status, 3 ) : $status; $status = isset( $statuses[ 'wc-' . $status ] ) ? $statuses[ 'wc-' . $status ] : $status; - return function_exists( 'mb_strtolower' ) ? mb_strtolower( $status ) : strtolower( $status ); + return wc_strtolower( $status ); } /**
 
: + + + + + + + + + + + + + + account_details ) { + foreach ( $this->account_details as $account ) { + $i++; - echo ' - - - - - - - - '; - } - } - ?> - - - - - - -
 
- -