Steve-Dee-Designs
/
woocommerce
mirror of https://github.com/woocommerce/woocommerce.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #8345 from justinshreve/product-api-download-url-8335 

[2.3] Run URLs through esc_url_raw instead of wc_clean in the Products API (#8335)
This commit is contained in:
Claudio Sanches 2015-06-10 13:24:23 -03:00
parent fa026ea49d 66ccc8a75c
commit 157a22a79c
1 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
includes/api/class-wc-api-products.php
View File

@ -1603,7 +1603,12 @@ class WC_API_Products extends WC_API_Resource {
} }
$file_name = isset( $file['name'] ) ? wc_clean( $file['name'] ) : ''; $file_name = isset( $file['name'] ) ? wc_clean( $file['name'] ) : '';
$file_url = wc_clean( $file['file'] );
if ( 0 === strpos( $file['file'], 'http' ) ) {
$file_url = esc_url_raw( $file['file'] );
} else {
$file_url = wc_clean( $file['file'] );
}
$files[ md5( $file_url ) ] = array( $files[ md5( $file_url ) ] = array(
'name' => $file_name, 'name' => $file_name,
@ -1734,7 +1739,7 @@ class WC_API_Products extends WC_API_Resource {
$attachment_id = isset( $image['id'] ) ? absint( $image['id'] ) : 0; $attachment_id = isset( $image['id'] ) ? absint( $image['id'] ) : 0;
if ( 0 === $attachment_id && isset( $image['src'] ) ) { if ( 0 === $attachment_id && isset( $image['src'] ) ) {
$upload = $this->upload_product_image( wc_clean( $image['src'] ) ); $upload = $this->upload_product_image( esc_url_raw( $image['src'] ) );
if ( is_wp_error( $upload ) ) { if ( is_wp_error( $upload ) ) {
throw new WC_API_Exception( 'woocommerce_api_cannot_upload_product_image', $upload->get_error_message(), 400 ); throw new WC_API_Exception( 'woocommerce_api_cannot_upload_product_image', $upload->get_error_message(), 400 );
@ -1748,7 +1753,7 @@ class WC_API_Products extends WC_API_Resource {
$attachment_id = isset( $image['id'] ) ? absint( $image['id'] ) : 0; $attachment_id = isset( $image['id'] ) ? absint( $image['id'] ) : 0;
if ( 0 === $attachment_id && isset( $image['src'] ) ) { if ( 0 === $attachment_id && isset( $image['src'] ) ) {
$upload = $this->upload_product_image( wc_clean( $image['src'] ) ); $upload = $this->upload_product_image( esc_url_raw( $image['src'] ) );
if ( is_wp_error( $upload ) ) { if ( is_wp_error( $upload ) ) {
throw new WC_API_Exception( 'woocommerce_api_cannot_upload_product_image', $upload->get_error_message(), 400 ); throw new WC_API_Exception( 'woocommerce_api_cannot_upload_product_image', $upload->get_error_message(), 400 );