Steve-Dee-Designs
/
woocommerce
mirror of https://github.com/woocommerce/woocommerce.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[3.2.3] XSS #1575

This commit is contained in:
Mike Jolley 2012-10-16 15:46:21 +01:00
parent 80fc5fc086
commit 15eb48242a
23 changed files with 736 additions and 687 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
admin/includes/duplicate_product.php
View File

@ -86,7 +86,7 @@ function woocommerce_create_duplicate_from_product( $post, $parent = 0, $post_st
} else {
$post_parent = $post->post_parent;
$post_status = $post_status ? $post_status : 'draft';
$suffix = ' ' . __("(Copy)", 'woocommerce');
$suffix = ' ' . __( '(Copy)', 'woocommerce' );
}
$new_post_type = $post->post_type;

42
admin/post-types/product.php
View File

@ -28,8 +28,8 @@ function woocommerce_duplicate_product_link_row($actions, $post) {
if ( $post->post_type != 'product' )
return $actions;
$actions['duplicate'] = '<a href="' . wp_nonce_url( admin_url( 'admin.php?action=duplicate_product&amp;post=' . $post->ID ), 'woocommerce-duplicate-product_' . $post->ID ) . '" title="' . __("Make a duplicate from this product", 'woocommerce')
. '" rel="permalink">' . __("Duplicate", 'woocommerce') . '</a>';
$actions['duplicate'] = '<a href="' . wp_nonce_url( admin_url( 'admin.php?action=duplicate_product&amp;post=' . $post->ID ), 'woocommerce-duplicate-product_' . $post->ID ) . '" title="' . __( 'Make a duplicate from this product', 'woocommerce' )
. '" rel="permalink">' . __( 'Duplicate', 'woocommerce' ) . '</a>';
return $actions;
}
@ -47,20 +47,20 @@ add_filter( 'page_row_actions', 'woocommerce_duplicate_product_link_row',10,2 );
function woocommerce_duplicate_product_post_button() {
global $post;
if (function_exists('duplicate_post_plugin_activation')) return;
if ( function_exists( 'duplicate_post_plugin_activation' ) ) return;
if (!current_user_can('manage_woocommerce')) return;
if ( ! current_user_can( 'manage_woocommerce' ) ) return;
if( !is_object( $post ) ) return;
if ( ! is_object( $post ) ) return;
if ($post->post_type!='product') return;
if ( $post->post_type != 'product' ) return;
if ( isset( $_GET['post'] ) ) :
$notifyUrl = wp_nonce_url( admin_url( "admin.php?action=duplicate_product&post=" . $_GET['post'] ), 'woocommerce-duplicate-product_' . $_GET['post'] );
if ( isset( $_GET['post'] ) ) {
$notifyUrl = wp_nonce_url( admin_url( "admin.php?action=duplicate_product&post=" . absint( $_GET['post'] ) ), 'woocommerce-duplicate-product_' . $_GET['post'] );
?>
<div id="duplicate-action"><a class="submitduplicate duplication" href="<?php echo esc_url( $notifyUrl ); ?>"><?php _e( 'Copy to a new draft', 'woocommerce' ); ?></a></div>
<?php
endif;
}
}
add_action( 'post_submitbox_start', 'woocommerce_duplicate_product_post_button' );
@ -79,23 +79,23 @@ function woocommerce_edit_product_columns($columns){
$columns = array();
$columns["cb"] = "<input type=\"checkbox\" />";
$columns["thumb"] = __("Image", 'woocommerce');
$columns["thumb"] = __( 'Image', 'woocommerce' );
$columns["name"] = __("Name", 'woocommerce');
$columns["name"] = __( 'Name', 'woocommerce' );
if (get_option('woocommerce_enable_sku', true) == 'yes')
$columns["sku"] = __("SKU", 'woocommerce');
$columns["sku"] = __( 'SKU', 'woocommerce' );
if (get_option('woocommerce_manage_stock')=='yes')
$columns["is_in_stock"] = __("Stock", 'woocommerce');
$columns["is_in_stock"] = __( 'Stock', 'woocommerce' );
$columns["price"] = __("Price", 'woocommerce');
$columns["price"] = __( 'Price', 'woocommerce' );
$columns["product_cat"] = __("Categories", 'woocommerce');
$columns["product_tag"] = __("Tags", 'woocommerce');
$columns["featured"] = '<img src="' . $woocommerce->plugin_url() . '/assets/images/featured.png" alt="' . __("Featured", 'woocommerce') . '" class="tips" data-tip="' . __("Featured", 'woocommerce') . '" width="12" height="12" />';
$columns["product_type"] = '<img src="' . $woocommerce->plugin_url() . '/assets/images/product_type_head.png" alt="' . __("Type", 'woocommerce') . '" class="tips" data-tip="' . __("Type", 'woocommerce') . '" width="14" height="12" />';
$columns["date"] = __("Date", 'woocommerce');
$columns["product_cat"] = __( 'Categories', 'woocommerce' );
$columns["product_tag"] = __( 'Tags', 'woocommerce' );
$columns["featured"] = '<img src="' . $woocommerce->plugin_url() . '/assets/images/featured.png" alt="' . __( 'Featured', 'woocommerce' ) . '" class="tips" data-tip="' . __( 'Featured', 'woocommerce' ) . '" width="12" height="12" />';
$columns["product_type"] = '<img src="' . $woocommerce->plugin_url() . '/assets/images/product_type_head.png" alt="' . __( 'Type', 'woocommerce' ) . '" class="tips" data-tip="' . __( 'Type', 'woocommerce' ) . '" width="14" height="12" />';
$columns["date"] = __( 'Date', 'woocommerce' );
return $columns;
}
@ -513,13 +513,13 @@ function woocommerce_admin_product_search_label($query) {
$sku = get_query_var( 'sku' );
if($sku) {
$post_type = get_post_type_object($wp->query_vars['post_type']);
return sprintf(__("[%s with SKU of %s]", 'woocommerce'), $post_type->labels->singular_name, $sku);
return sprintf(__( '[%s with SKU of %s]', 'woocommerce' ), $post_type->labels->singular_name, $sku);
}
$p = get_query_var( 'p' );
if ($p) {
$post_type = get_post_type_object($wp->query_vars['post_type']);
return sprintf(__("[%s with ID of %d]", 'woocommerce'), $post_type->labels->singular_name, $p);
return sprintf(__( '[%s with ID of %d]', 'woocommerce' ), $post_type->labels->singular_name, $p);
}
return $query;

49
admin/post-types/shop_coupon.php
View File

@ -22,18 +22,18 @@ function woocommerce_edit_coupon_columns($columns){
$columns = array();
$columns["cb"] = "<input type=\"checkbox\" />";
$columns["title"] = __("Code", 'woocommerce');
$columns["type"] = __("Coupon type", 'woocommerce');
$columns["amount"] = __("Coupon amount", 'woocommerce');
$columns["description"] = __("Description", 'woocommerce');
$columns["products"] = __("Product IDs", 'woocommerce');
$columns["usage"] = __("Usage / Limit", 'woocommerce');
$columns["expiry_date"] = __("Expiry date", 'woocommerce');
$columns["title"] = __( 'Code', 'woocommerce' );
$columns["type"] = __( 'Coupon type', 'woocommerce' );
$columns["amount"] = __( 'Coupon amount', 'woocommerce' );
$columns["description"] = __( 'Description', 'woocommerce' );
$columns["products"] = __( 'Product IDs', 'woocommerce' );
$columns["usage"] = __( 'Usage / Limit', 'woocommerce' );
$columns["expiry_date"] = __( 'Expiry date', 'woocommerce' );
return $columns;
}
add_filter('manage_edit-shop_coupon_columns', 'woocommerce_edit_coupon_columns');
add_filter( 'manage_edit-shop_coupon_columns', 'woocommerce_edit_coupon_columns' );
/**
@ -43,29 +43,35 @@ add_filter('manage_edit-shop_coupon_columns', 'woocommerce_edit_coupon_columns')
* @param mixed $column
* @return void
*/
function woocommerce_custom_coupon_columns($column) {
function woocommerce_custom_coupon_columns( $column ) {
global $post, $woocommerce;
switch ($column) {
switch ( $column ) {
case "type" :
echo $woocommerce->get_coupon_discount_type( get_post_meta( $post->ID, 'discount_type', true ) );
echo esc_html( $woocommerce->get_coupon_discount_type( get_post_meta( $post->ID, 'discount_type', true ) ) );
break;
case "amount" :
echo get_post_meta( $post->ID, 'coupon_amount', true );
echo esc_html( get_post_meta( $post->ID, 'coupon_amount', true ) );
break;
case "products" :
$product_ids = get_post_meta($post->ID, 'product_ids', true) ? explode(',', get_post_meta($post->ID, 'product_ids', true)) : array();
if ( sizeof( $product_ids ) > 0 ) echo implode( ', ', $product_ids ); else echo '&ndash;';
$product_ids = get_post_meta( $post->ID, 'product_ids', true );
$product_ids = $product_ids ? array_map( 'absint', explode( ',', $product_ids ) ) : array();
if ( sizeof( $product_ids ) > 0 )
echo esc_html( implode( ', ', $product_ids ) );
else
echo '&ndash;';
break;
case "usage_limit" :
$usage_limit = get_post_meta($post->ID, 'usage_limit', true);
$usage_limit = get_post_meta( $post->ID, 'usage_limit', true );
if ( $usage_limit ) echo $usage_limit; else echo '&ndash;';
if ( $usage_limit )
echo esc_html( $usage_limit );
else
echo '&ndash;';
break;
case "usage" :
$usage_count = absint( get_post_meta( $post->ID, 'usage_count', true ) );
$usage_limit = get_post_meta($post->ID, 'usage_limit', true);
$usage_limit = esc_html( get_post_meta($post->ID, 'usage_limit', true) );
if ( $usage_limit )
printf( __( '%s / %s', 'woocommerce' ), $usage_count, $usage_limit );
@ -75,10 +81,13 @@ function woocommerce_custom_coupon_columns($column) {
case "expiry_date" :
$expiry_date = get_post_meta($post->ID, 'expiry_date', true);
if ( $expiry_date ) echo date_i18n( 'F j, Y', strtotime( $expiry_date ) ); else echo '&ndash;';
if ( $expiry_date )
echo esc_html( date_i18n( 'F j, Y', strtotime( $expiry_date ) ) );
else
echo '&ndash;';
break;
case "description" :
echo $post->post_excerpt;
echo wp_kses_post( $post->post_excerpt );
break;
}
}

195
admin/post-types/shop_order.php
View File

@ -19,12 +19,12 @@ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
function woocommerce_disable_autosave_for_orders(){
global $post;
if($post && get_post_type($post->ID) === 'shop_order'){
wp_dequeue_script('autosave');
if ( $post && get_post_type( $post->ID ) === 'shop_order' ) {
wp_dequeue_script( 'autosave' );
}
}
add_action('admin_print_scripts', 'woocommerce_disable_autosave_for_orders');
add_action( 'admin_print_scripts', 'woocommerce_disable_autosave_for_orders' );
/**
@ -39,16 +39,16 @@ function woocommerce_edit_order_columns($columns){
$columns = array();
$columns["cb"] = "<input type=\"checkbox\" />";
$columns["order_status"] = __("Status", 'woocommerce');
$columns["order_title"] = __("Order", 'woocommerce');
$columns["billing_address"] = __("Billing", 'woocommerce');
$columns["shipping_address"] = __("Shipping", 'woocommerce');
$columns["total_cost"] = __("Order Total", 'woocommerce');
$columns["order_comments"] = '<img alt="' . esc_attr__( 'Order Notes', 'woocommerce' ) . '" src="' . $woocommerce->plugin_url() . '/assets/images/order-notes_head.png" class="tips" data-tip="' . __("Order Notes", 'woocommerce') . '" width="12" height="12" />';
$columns["note"] = '<img src="' . $woocommerce->plugin_url() . '/assets/images/note_head.png" alt="' . __("Customer Notes", 'woocommerce') . '" class="tips" data-tip="' . __("Customer Notes", 'woocommerce') . '" width="12" height="12" />';
$columns["order_date"] = __("Date", 'woocommerce');
$columns["order_actions"] = __("Actions", 'woocommerce');
$columns["cb"] = "<input type=\"checkbox\" />";
$columns["order_status"] = __( 'Status', 'woocommerce' );
$columns["order_title"] = __( 'Order', 'woocommerce' );
$columns["billing_address"] = __( 'Billing', 'woocommerce' );
$columns["shipping_address"] = __( 'Shipping', 'woocommerce' );
$columns["total_cost"] = __( 'Order Total', 'woocommerce' );
$columns["order_comments"] = '<img alt="' . esc_attr__( 'Order Notes', 'woocommerce' ) . '" src="' . $woocommerce->plugin_url() . '/assets/images/order-notes_head.png" class="tips" data-tip="' . __( 'Order Notes', 'woocommerce' ) . '" width="12" height="12" />';
$columns["note"] = '<img src="' . $woocommerce->plugin_url() . '/assets/images/note_head.png" alt="' . __( 'Customer Notes', 'woocommerce' ) . '" class="tips" data-tip="' . __( 'Customer Notes', 'woocommerce' ) . '" width="12" height="12" />';
$columns["order_date"] = __( 'Date', 'woocommerce' );
$columns["order_actions"] = __( 'Actions', 'woocommerce' );
return $columns;
}
@ -68,84 +68,79 @@ function woocommerce_custom_order_columns( $column ) {
global $post, $woocommerce;
$order = new WC_Order( $post->ID );
switch ($column) {
switch ( $column ) {
case "order_status" :
printf( '<mark class="%s">%s</mark>', sanitize_title($order->status), __($order->status, 'woocommerce') );
printf( '<mark class="%s">%s</mark>', sanitize_title( $order->status ), esc_html__( $order->status, 'woocommerce' ) );
break;
case "order_title" :
if ($order->user_id) $user_info = get_userdata($order->user_id);
if ( $order->user_id )
$user_info = get_userdata( $order->user_id );
if (isset($user_info) && $user_info) :
if ( ! empty( $user_info ) ) {
$user = '<a href="user-edit.php?user_id=' . esc_attr( $user_info->ID ) . '">';
$user = '<a href="user-edit.php?user_id=' . absint( $user_info->ID ) . '">';
if ($user_info->first_name || $user_info->last_name) $user .= $user_info->first_name.' '.$user_info->last_name;
else $user .= esc_html( $user_info->display_name );
if ( $user_info->first_name || $user_info->last_name )
$user .= esc_html( $user_info->first_name . ' ' . $user_info->last_name );
else
$user .= esc_html( $user_info->display_name );
$user .= '</a>';
else :
} else {
$user = __( 'Guest', 'woocommerce' );
endif;
}
echo '<a href="'.admin_url('post.php?post='.$post->ID.'&action=edit').'"><strong>'.sprintf( __( 'Order %s', 'woocommerce' ), $order->get_order_number() ).'</strong></a> ' . __( 'made by', 'woocommerce' ) . ' ' . $user;
echo '<a href="' . admin_url( 'post.php?post=' . absint( $post->ID ) . '&action=edit' ) . '"><strong>' . sprintf( __( 'Order %s', 'woocommerce' ), esc_attr( $order->get_order_number() ) ) . '</strong></a> ' . __( 'made by', 'woocommerce' ) . ' ' . $user;
if ($order->billing_email) :
echo '<small class="meta">'.__( 'Email:', 'woocommerce' ) . ' ' . '<a href="' . esc_url( 'mailto:'.$order->billing_email ).'">'.esc_html( $order->billing_email ).'</a></small>';
endif;
if ($order->billing_phone) :
echo '<small class="meta">'.__( 'Tel:', 'woocommerce' ) . ' ' . esc_html( $order->billing_phone ) . '</small>';
endif;
if ( $order->billing_email )
echo '<small class="meta">' . __( 'Email:', 'woocommerce' ) . ' ' . '<a href="' . esc_url( 'mailto:' . $order->billing_email ) . '">' . esc_html( $order->billing_email ) . '</a></small>';
if ( $order->billing_phone )
echo '<small class="meta">' . __( 'Tel:', 'woocommerce' ) . ' ' . esc_html( $order->billing_phone ) . '</small>';
break;
case "billing_address" :
if ($order->get_formatted_billing_address()) :
echo '<a target="_blank" href="' . esc_url( 'http://maps.google.com/maps?&q='.urlencode( $order->get_billing_address() ).'&z=16' ) . '">'. preg_replace('#<br\s*/?>#i', ', ', $order->get_formatted_billing_address()) .'</a>';
else :
if ( $order->get_formatted_billing_address() )
echo '<a target="_blank" href="' . esc_url( 'http://maps.google.com/maps?&q=' . urlencode( $order->get_billing_address() ) . '&z=16' ) . '">' . esc_html( preg_replace( '#<br\s*/?>#i', ', ', $order->get_formatted_billing_address() ) ) .'</a>';
else
echo '&ndash;';
endif;
if ($order->payment_method_title) :
if ( $order->payment_method_title )
echo '<small class="meta">' . __( 'Via', 'woocommerce' ) . ' ' . esc_html( $order->payment_method_title ) . '</small>';
endif;
break;
case "shipping_address" :
if ($order->get_formatted_shipping_address()) :
echo '<a target="_blank" href="' . esc_url( 'http://maps.google.com/maps?&q='.urlencode( $order->get_shipping_address() ).'&z=16' ) .'">'. preg_replace('#<br\s*/?>#i', ', ', $order->get_formatted_shipping_address()) .'</a>';
else :
if ( $order->get_formatted_shipping_address() )
echo '<a target="_blank" href="' . esc_url( 'http://maps.google.com/maps?&q=' . urlencode( $order->get_shipping_address() ) . '&z=16' ) . '">'. esc_html( preg_replace('#<br\s*/?>#i', ', ', $order->get_formatted_shipping_address() ) ) .'</a>';
else
echo '&ndash;';
endif;
if ($order->shipping_method_title) :
if ( $order->shipping_method_title )
echo '<small class="meta">' . __( 'Via', 'woocommerce' ) . ' ' . esc_html( $order->shipping_method_title ) . '</small>';
endif;
break;
case "total_cost" :
echo $order->get_formatted_order_total();
echo esc_html( strip_tags( $order->get_formatted_order_total() ) );
break;
case "order_date" :
if ( '0000-00-00 00:00:00' == $post->post_date ) :
if ( '0000-00-00 00:00:00' == $post->post_date ) {
$t_time = $h_time = __( 'Unpublished', 'woocommerce' );
else :
} else {
$t_time = get_the_time( __( 'Y/m/d g:i:s A', 'woocommerce' ), $post );
$gmt_time = strtotime($post->post_date_gmt);
$gmt_time = strtotime( $post->post_date_gmt );
$time_diff = current_time('timestamp', 1) - $gmt_time;
if ( $time_diff > 0 && $time_diff < 24*60*60 )
$h_time = sprintf( __( '%s ago', 'woocommerce' ), human_time_diff( $gmt_time, current_time('timestamp', 1) ) );
else
$h_time = get_the_time( __( 'Y/m/d', 'woocommerce' ), $post );
endif;
}
echo '<abbr title="' . $t_time . '">' . apply_filters( 'post_date_column_time', $h_time, $post ) . '</abbr>';
echo '<abbr title="' . esc_attr( $t_time ) . '">' . esc_html( apply_filters( 'post_date_column_time', $h_time, $post ) ) . '</abbr>';
break;
case "order_actions" :
@ -180,7 +175,7 @@ function woocommerce_custom_order_columns( $column ) {
foreach ( $actions as $action ) {
$image = ( isset( $action['image_url'] ) ) ? $action['image_url'] : $woocommerce->plugin_url() . '/assets/images/icons/' . $action['action'] . '.png';
printf( '<a class="button tips" href="%s" data-tip="%s"><img src="%s" alt="%s" width="14" /></a>', $action['url'], $action['name'], $image, $action['name'] );
printf( '<a class="button tips" href="%s" data-tip="%s"><img src="%s" alt="%s" width="14" /></a>', esc_url( $action['url'] ), esc_attr( $action['name'] ), esc_attr( $image ), esc_attr( $action['name'] ) );
}
do_action( 'woocommerce_admin_order_actions_end', $order );
@ -190,22 +185,22 @@ function woocommerce_custom_order_columns( $column ) {
break;
case "note" :
if ($order->customer_note)
echo '<img src="'.$woocommerce->plugin_url().'/assets/images/note.png" alt="yes" class="tips" data-tip="'. __( 'Yes', 'woocommerce' ) .'" width="14" height="14" />';
if ( $order->customer_note )
echo '<img src="'.$woocommerce->plugin_url().'/assets/images/note.png" alt="yes" class="tips" data-tip="' . __( 'Yes', 'woocommerce' ) . '" width="14" height="14" />';
else
echo '<img src="'.$woocommerce->plugin_url().'/assets/images/note-off.png" alt="no" class="tips" data-tip="'. __( 'No', 'woocommerce' ) .'" width="14" height="14" />';
echo '<img src="'.$woocommerce->plugin_url().'/assets/images/note-off.png" alt="no" class="tips" data-tip="' . __( 'No', 'woocommerce' ) . '" width="14" height="14" />';
break;
case "order_comments" :
echo '<div class="post-com-count-wrapper">
<a href="'. admin_url('post.php?post='.$post->ID.'&action=edit') .'" class="post-com-count"><span class="comment-count">'. $post->comment_count .'</span></a>
<a href="'. esc_url( admin_url('post.php?post=' . $post->ID . '&action=edit') ) .'" class="post-com-count"><span class="comment-count">'. $post->comment_count .'</span></a>
</div>';
break;
}
}
add_action('manage_shop_order_posts_custom_column', 'woocommerce_custom_order_columns', 2);
add_action( 'manage_shop_order_posts_custom_column', 'woocommerce_custom_order_columns', 2 );
/**
@ -217,19 +212,19 @@ add_action('manage_shop_order_posts_custom_column', 'woocommerce_custom_order_co
*/
function woocommerce_custom_order_views( $views ) {
unset($views['publish']);
unset( $views['publish'] );
if (isset($views['trash'])) :
if ( isset( $views['trash'] ) ) {
$trash = $views['trash'];
unset($views['draft']);
unset($views['trash']);
unset( $views['draft'] );
unset( $views['trash'] );
$views['trash'] = $trash;
endif;
}
return $views;
}
add_filter('views_edit-shop_order', 'woocommerce_custom_order_views');
add_filter( 'views_edit-shop_order', 'woocommerce_custom_order_views' );
/**
@ -240,10 +235,10 @@ add_filter('views_edit-shop_order', 'woocommerce_custom_order_views');
* @return array
*/
function woocommerce_remove_row_actions( $actions ) {
if( get_post_type() === 'shop_order' ) :
if( get_post_type() === 'shop_order' ) {
unset( $actions['view'] );
unset( $actions['inline hide-if-no-js'] );
endif;
}
return $actions;
}
@ -288,12 +283,12 @@ function woocommerce_restrict_manage_orders() {
$terms = get_terms('shop_order_status');
foreach ( $terms as $term ) {
echo '<option value="' . $term->slug . '"';
echo '<option value="' . esc_attr( $term->slug ) . '"';
if ( isset( $wp_query->query['shop_order_status'] ) )
selected( $term->slug, $wp_query->query['shop_order_status'] );
echo '>' . __( $term->name, 'woocommerce' ) . ' (' . $term->count . ')</option>';
echo '>' . esc_html__( $term->name, 'woocommerce' ) . ' (' . absint( $term->count ) . ')</option>';
}
?>
</select>
@ -306,9 +301,9 @@ function woocommerce_restrict_manage_orders() {
<?php
if ( ! empty( $_GET['_customer_user'] ) ) {
$user = get_user_by( 'id', absint( $_GET['_customer_user'] ) );
echo '<option value="' . $user->ID . '" ';
echo '<option value="' . absint( $user->ID ) . '" ';
selected( 1, 1 );
echo '>' . $user->display_name . ' (#' . $user->ID . ' &ndash; ' . $user->user_email . ')</option>';
echo '>' . esc_html( $user->display_name ) . ' (#' . absint( $user->ID ) . ' &ndash; ' . esc_html( $user->user_email ) . ')</option>';
}
?>
</select>
@ -342,7 +337,7 @@ function woocommerce_restrict_manage_orders() {
" );
}
add_action('restrict_manage_posts', 'woocommerce_restrict_manage_orders' );
add_action( 'restrict_manage_posts', 'woocommerce_restrict_manage_orders' );
/**
@ -354,12 +349,12 @@ add_action('restrict_manage_posts', 'woocommerce_restrict_manage_orders' );
*/
function woocommerce_orders_by_customer_query( $vars ) {
global $typenow, $wp_query;
if ($typenow=='shop_order' && isset( $_GET['_customer_user'] ) && $_GET['_customer_user']>0) :
if ( $typenow == 'shop_order' && isset( $_GET['_customer_user'] ) && $_GET['_customer_user'] > 0 ) {
$vars['meta_key'] = '_customer_user';
$vars['meta_value'] = (int) $_GET['_customer_user'];
endif;
}
return $vars;
}
@ -377,17 +372,17 @@ add_filter( 'request', 'woocommerce_orders_by_customer_query' );
* @param mixed $columns
* @return array
*/
function woocommerce_custom_shop_order_sort($columns) {
function woocommerce_custom_shop_order_sort( $columns ) {
$custom = array(
'order_title' => 'ID',
'order_total' => 'order_total',
'order_date' => 'date'
);
unset($columns['comments']);
return wp_parse_args($custom, $columns);
unset( $columns['comments'] );
return wp_parse_args( $custom, $columns );
}
add_filter("manage_edit-shop_order_sortable_columns", 'woocommerce_custom_shop_order_sort');
add_filter( "manage_edit-shop_order_sortable_columns", 'woocommerce_custom_shop_order_sort' );
/**
@ -399,17 +394,18 @@ add_filter("manage_edit-shop_order_sortable_columns", 'woocommerce_custom_shop_o
*/
function woocommerce_custom_shop_order_orderby( $vars ) {
global $typenow, $wp_query;
if ($typenow!='shop_order') return $vars;
if ( $typenow != 'shop_order' )
return $vars;
// Sorting
if (isset( $vars['orderby'] )) :
if ( 'order_total' == $vars['orderby'] ) :
if ( isset( $vars['orderby'] ) ) {
if ( 'order_total' == $vars['orderby'] ) {
$vars = array_merge( $vars, array(
'meta_key' => '_order_total',
'orderby' => 'meta_value_num'
) );
endif;
endif;
}
}
return $vars;
}
@ -427,11 +423,11 @@ add_filter( 'request', 'woocommerce_custom_shop_order_orderby' );
function woocommerce_shop_order_search_custom_fields( $wp ) {
global $pagenow, $wpdb;
if( 'edit.php' != $pagenow ) return $wp;
if( !isset( $wp->query_vars['s'] ) || !$wp->query_vars['s'] ) return $wp;
if ($wp->query_vars['post_type']!='shop_order') return $wp;
if ( 'edit.php' != $pagenow ) return $wp;
if ( ! isset( $wp->query_vars['s'] ) || ! $wp->query_vars['s'] ) return $wp;
if ( $wp->query_vars['post_type'] != 'shop_order' ) return $wp;
$search_fields = apply_filters( 'woocommerce_shop_order_search_fields', array(
$search_fields = array_map( 'esc_attr', apply_filters( 'woocommerce_shop_order_search_fields', array(
'_order_key',
'_billing_first_name',
'_billing_last_name',
@ -445,17 +441,21 @@ function woocommerce_shop_order_search_custom_fields( $wp ) {
'_billing_email',
'_order_items',
'_billing_phone'
) );
) ) );
// Query matching custom fields - this seems faster than meta_query
$post_ids = $wpdb->get_col($wpdb->prepare('SELECT post_id FROM '.$wpdb->postmeta.' WHERE meta_key IN ('.'"'.implode('","', $search_fields).'"'.') AND meta_value LIKE "%%%s%%"', esc_attr($_GET['s']) ));
$post_ids = $wpdb->get_col(
$wpdb->prepare(
"SELECT post_id FROM " . $wpdb->postmeta . " WHERE meta_key IN ('" . implode( "','", $search_fields ) . "') AND meta_value LIKE '%%%s%%'", esc_attr( $_GET['s'] )
)
);
// Query matching excerpts and titles
$post_ids = array_merge($post_ids, $wpdb->get_col($wpdb->prepare('
SELECT '.$wpdb->posts.'.ID
FROM '.$wpdb->posts.'
LEFT JOIN '.$wpdb->postmeta.' ON '.$wpdb->posts.'.ID = '.$wpdb->postmeta.'.post_id
LEFT JOIN '.$wpdb->users.' ON '.$wpdb->postmeta.'.meta_value = '.$wpdb->users.'.ID
$post_ids = array_merge( $post_ids, $wpdb->get_col( $wpdb->prepare('
SELECT ' . $wpdb->posts . '.ID
FROM ' . $wpdb->posts . '
LEFT JOIN ' . $wpdb->postmeta . ' ON ' . $wpdb->posts . '.ID = ' . $wpdb->postmeta . '.post_id
LEFT JOIN ' . $wpdb->users . ' ON ' . $wpdb->postmeta . '.meta_value = ' . $wpdb->users . '.ID
WHERE
post_excerpt LIKE "%%%1$s%%" OR
post_title LIKE "%%%1$s%%" OR
@ -470,11 +470,12 @@ function woocommerce_shop_order_search_custom_fields( $wp ) {
)
',
esc_attr($_GET['s'])
)));
) ) );
// Add ID
$search_order_id = str_replace('Order #', '', $_GET['s']);
if (is_numeric($search_order_id)) $post_ids[] = $search_order_id;
$search_order_id = str_replace( 'Order #', '', $_GET['s'] );
if ( is_numeric( $search_order_id ) )
$post_ids[] = $search_order_id;
// Add blank ID so not all results are returned if the search finds nothing
$post_ids[] = 0;
@ -500,9 +501,9 @@ function woocommerce_shop_order_search_custom_fields( $wp ) {
function woocommerce_shop_order_search_label($query) {
global $pagenow, $typenow;
if( 'edit.php' != $pagenow ) return $query;
if ( $typenow!='shop_order' ) return $query;
if ( !get_query_var('shop_order_search')) return $query;
if ( 'edit.php' != $pagenow ) return $query;
if ( $typenow != 'shop_order' ) return $query;
if ( ! get_query_var( 'shop_order_search' ) ) return $query;
return $_GET['s'];
}

730
admin/post-types/writepanels/writepanel-order_data.php
View File

File diff suppressed because it is too large Load Diff

6
admin/settings/settings-frontend-styles.php
View File

@ -30,7 +30,7 @@ function woocommerce_frontend_styles_setting() {
if ( is_writable( $base_file ) && is_writable( $css_file ) ) {
// Get settings
$colors = (array) get_option( 'woocommerce_frontend_css_colors' );
$colors = array_map( 'esc_attr', (array) get_option( 'woocommerce_frontend_css_colors' ) );
// Defaults
if ( empty( $colors['primary'] ) ) $colors['primary'] = '#ad74a2';
@ -82,8 +82,8 @@ add_action( 'woocommerce_admin_field_frontend_styles', 'woocommerce_frontend_sty
function woocommerce_frontend_css_color_picker( $name, $id, $value, $desc = '' ) {
global $woocommerce;
echo '<div class="color_box"><strong><img class="help_tip" data-tip="' . $desc . '" src="' . $woocommerce->plugin_url() . '/assets/images/help.png" /> ' . $name . '</strong>
<input name="' . esc_attr( $id ). '" id="' . $id . '" type="text" value="' . esc_attr( $value ) . '" class="colorpick" /> <div id="colorPickerDiv_' . esc_attr( $id ) . '" class="colorpickdiv"></div>
echo '<div class="color_box"><strong><img class="help_tip" data-tip="' . esc_attr( $desc ) . '" src="' . $woocommerce->plugin_url() . '/assets/images/help.png" /> ' . esc_html( $name ) . '</strong>
<input name="' . esc_attr( $id ). '" id="' . esc_attr( $id ) . '" type="text" value="' . esc_attr( $value ) . '" class="colorpick" /> <div id="colorPickerDiv_' . esc_attr( $id ) . '" class="colorpickdiv"></div>
</div>';
}

6
admin/settings/settings-payment-gateways.php
View File

@ -37,12 +37,12 @@ function woocommerce_payment_gateways_setting() {
echo '<tr>
<td width="1%" class="radio">
<input type="radio" name="default_gateway" value="' . $gateway->id . '" ' . checked( $default_gateway, $gateway->id, false ) . ' />
<input type="hidden" name="gateway_order[]" value="' . $gateway->id . '" />
<input type="radio" name="default_gateway" value="' . esc_attr( $gateway->id ) . '" ' . checked( $default_gateway, esc_attr( $gateway->id ), false ) . ' />
<input type="hidden" name="gateway_order[]" value="' . esc_attr( $gateway->id ) . '" />
</td>
<td>
<p><strong>' . $gateway->get_title() . '</strong><br/>
<small>' . __( 'Gateway ID', 'woocommerce' ) . ': ' . $gateway->id . '</small></p>
<small>' . __( 'Gateway ID', 'woocommerce' ) . ': ' . esc_html( $gateway->id ) . '</small></p>
</td>
<td>';

148
admin/settings/settings-save.php
View File

@ -28,85 +28,83 @@ function woocommerce_update_options($options) {
// Tax rates saving
$tax_rates = array();
$tax_classes = (isset($_POST['tax_class'])) ? $_POST['tax_class'] : array();
$tax_countries = (isset($_POST['tax_country'])) ? $_POST['tax_country'] : array();
$tax_rate = (isset($_POST['tax_rate'])) ? $_POST['tax_rate'] : array();
$tax_shipping = (isset($_POST['tax_shipping'])) ? $_POST['tax_shipping'] : array();
$tax_postcode = (isset($_POST['tax_postcode'])) ? $_POST['tax_postcode'] : array();
$tax_compound = (isset($_POST['tax_compound'])) ? $_POST['tax_compound'] : array();
$tax_label = (isset($_POST['tax_label'])) ? $_POST['tax_label'] : array();
$tax_classes = isset( $_POST['tax_class'] ) ? $_POST['tax_class'] : array();
$tax_countries = isset( $_POST['tax_country'] ) ? $_POST['tax_country'] : array();
$tax_rate = isset( $_POST['tax_rate'] ) ? $_POST['tax_rate'] : array();
$tax_shipping = isset( $_POST['tax_shipping'] ) ? $_POST['tax_shipping'] : array();
$tax_postcode = isset( $_POST['tax_postcode'] ) ? $_POST['tax_postcode'] : array();
$tax_compound = isset( $_POST['tax_compound'] ) ? $_POST['tax_compound'] : array();
$tax_label = isset( $_POST['tax_label'] ) ? $_POST['tax_label'] : array();
$tax_classes_count = sizeof( $tax_classes );
for ($i=0; $i<$tax_classes_count; $i++) :
for ( $i = 0; $i < $tax_classes_count; $i ++ ) {
if (isset($tax_classes[$i]) && isset($tax_countries[$i]) && isset($tax_rate[$i]) && is_numeric($tax_rate[$i])) :
if ( isset( $tax_classes[ $i ] ) && isset( $tax_countries[ $i ] ) && isset( $tax_rate[ $i ] ) && is_numeric( $tax_rate[ $i ] ) ) {
$rate = esc_attr(trim($tax_rate[$i]));
$rate = number_format($rate, 4, '.', '');
$rate = woocommerce_clean( $tax_rate[ $i ] );
$rate = number_format( $rate, 4, '.', '' );
$class = woocommerce_clean($tax_classes[$i]);
$class = woocommerce_clean( $tax_classes[ $i ] );
if (isset($tax_shipping[$i]) && $tax_shipping[$i]) $shipping = 'yes'; else $shipping = 'no';
if (isset($tax_compound[$i]) && $tax_compound[$i]) $compound = 'yes'; else $compound = 'no';
if ( ! empty( $tax_shipping[ $i ] ) ) $shipping = 'yes'; else $shipping = 'no';
if ( ! empty( $tax_compound[ $i ] ) ) $compound = 'yes'; else $compound = 'no';
// Handle countries
$counties_array = array();
$countries = $tax_countries[$i];
if ($countries) foreach ($countries as $country) :
$countries = $tax_countries[ $i ];
if ( $countries ) foreach ( $countries as $country ) {
$country = woocommerce_clean($country);
$country = woocommerce_clean( $country );
$state = '*';
if (strstr($country, ':')) :
$cr = explode(':', $country);
$country = current($cr);
$state = end($cr);
endif;
if ( strstr( $country, ':' ) ) {
$cr = explode( ':', $country );
$country = current( $cr );
$state = end( $cr );
}
$counties_array[trim($country)][] = trim($state);
$counties_array[ woocommerce_clean( $country ) ][] = woocommerce_clean( $state );
endforeach;
}
$tax_rates[] = array(
'countries' => $counties_array,
'rate' => $rate,
'shipping' => $shipping,
'compound' => $compound,
'class' => $class,
'label' => esc_attr($tax_label[$i])
'rate' => $rate,
'shipping' => $shipping,
'compound' => $compound,
'class' => $class,
'label' => woocommerce_clean( $tax_label[ $i ] )
);
endif;
endfor;
}
}
update_option( 'woocommerce_tax_rates', $tax_rates );
// Local tax rates saving
$local_tax_rates = array();
$tax_classes = (isset($_POST['local_tax_class'])) ? $_POST['local_tax_class'] : array();
$tax_countries = (isset($_POST['local_tax_country'])) ? $_POST['local_tax_country'] : array();
$tax_location_type = (isset($_POST['local_tax_location_type'])) ? $_POST['local_tax_location_type'] : 'postcode';
$tax_location = (isset($_POST['local_tax_location'])) ? $_POST['local_tax_location'] : array();
$tax_rate = (isset($_POST['local_tax_rate'])) ? $_POST['local_tax_rate'] : array();
$tax_shipping = (isset($_POST['local_tax_shipping'])) ? $_POST['local_tax_shipping'] : array();
$tax_postcode = (isset($_POST['local_tax_postcode'])) ? $_POST['local_tax_postcode'] : array();
$tax_compound = (isset($_POST['local_tax_compound'])) ? $_POST['local_tax_compound'] : array();
$tax_label = (isset($_POST['local_tax_label'])) ? $_POST['local_tax_label'] : array();
$tax_classes = isset( $_POST['local_tax_class'] ) ? $_POST['local_tax_class'] : array();
$tax_countries = isset( $_POST['local_tax_country'] ) ? $_POST['local_tax_country'] : array();
$tax_location_type = isset( $_POST['local_tax_location_type'] ) ? $_POST['local_tax_location_type'] : 'postcode';
$tax_location = isset( $_POST['local_tax_location'] ) ? $_POST['local_tax_location'] : array();
$tax_rate = isset( $_POST['local_tax_rate'] ) ? $_POST['local_tax_rate'] : array();
$tax_shipping = isset( $_POST['local_tax_shipping'] ) ? $_POST['local_tax_shipping'] : array();
$tax_postcode = isset( $_POST['local_tax_postcode'] ) ? $_POST['local_tax_postcode'] : array();
$tax_compound = isset( $_POST['local_tax_compound'] ) ? $_POST['local_tax_compound'] : array();
$tax_label = isset( $_POST['local_tax_label'] ) ? $_POST['local_tax_label'] : array();
$tax_classes_count = sizeof( $tax_classes );
for ($i=0; $i<$tax_classes_count; $i++) :
for ( $i = 0; $i < $tax_classes_count; $i ++ ) {
if (isset($tax_classes[$i]) && isset($tax_countries[$i]) && isset($tax_rate[$i]) && is_numeric($tax_rate[$i])) :
if ( isset( $tax_classes[ $i ] ) && isset( $tax_countries[ $i ] ) && isset( $tax_rate[ $i ] ) && is_numeric( $tax_rate[ $i ] ) ) {
$rate = esc_attr(trim($tax_rate[$i]));
$rate = woocommerce_clean( $tax_rate[ $i ] );
$rate = number_format($rate, 4, '.', '');
$class = woocommerce_clean($tax_classes[$i]);
$class = woocommerce_clean( $tax_classes[ $i ] );
if (isset($tax_shipping[$i]) && $tax_shipping[$i]) $shipping = 'yes'; else $shipping = 'no';
if (isset($tax_compound[$i]) && $tax_compound[$i]) $compound = 'yes'; else $compound = 'no';
if ( ! empty( $tax_shipping[ $i ] ) ) $shipping = 'yes'; else $shipping = 'no';
if ( ! empty( $tax_compound[ $i ] ) ) $compound = 'yes'; else $compound = 'no';
// Handle country
$country = woocommerce_clean($tax_countries[$i]);
$country = woocommerce_clean( $tax_countries[ $i ] );
$state = '*';
if ( strstr( $country, ':' ) ) {
@ -118,7 +116,7 @@ function woocommerce_update_options($options) {
// Handle postcodes/cities
$location_type = $tax_location_type[ $i ] == 'city' ? 'city' : 'postcode';
$locations = explode( "\n", $tax_location[ $i ] );
$locations = array_filter( array_map( 'stripslashes', array_map( 'trim', $locations ) ) );
$locations = array_filter( array_map( 'woocommerce_clean', $locations ) );
if ( $location_type == 'city' ) {
$locations = array_map( 'sanitize_title', $locations );
@ -133,60 +131,64 @@ function woocommerce_update_options($options) {
'shipping' => $shipping,
'compound' => $compound,
'class' => $class,
'label' => esc_attr($tax_label[$i])
'label' => woocommerce_clean( $tax_label[ $i ] )
);
endif;
endfor;
}
}
update_option( 'woocommerce_local_tax_rates', $local_tax_rates );
} elseif ( isset( $value['type'] ) && $value['type'] == 'multi_select_countries' ) {
// Get countries array
if (isset($_POST[$value['id']])) $selected_countries = $_POST[$value['id']]; else $selected_countries = array();
update_option($value['id'], $selected_countries);
if ( isset( $_POST[ $value['id'] ] ) )
$selected_countries = array_map( 'woocommerce_clean', (array) $_POST[ $value['id'] ] );
else
$selected_countries = array();
update_option( $value['id'], $selected_countries );
} elseif ( isset( $value['id'] ) && ( $value['id'] == 'woocommerce_price_thousand_sep' || $value['id'] == 'woocommerce_price_decimal_sep' ) ) {
// price separators get a special treatment as they should allow a spaces (don't trim)
if ( isset( $_POST[ $value['id'] ] ) ) {
update_option($value['id'], $_POST[$value['id']] );
update_option( $value['id'], woocommerce_clean( $_POST[ $value['id'] ] ) );
} else {
delete_option($value['id']);
delete_option( $value['id'] );
}
} elseif ( isset( $value['type'] ) && $value['type'] == 'checkbox' ) {
if ( isset( $value['id'] ) && isset( $_POST[$value['id']] ) ) {
update_option($value['id'], 'yes');
update_option( $value['id'], 'yes' );
} else {
update_option($value['id'], 'no');
update_option( $value['id'], 'no' );
}
} elseif (isset( $value['type'] ) && $value['type'] == 'image_width' ) {
if ( isset( $value['id'] ) && isset( $_POST[$value['id'] . '_width'] ) ) {
update_option($value['id'].'_width', woocommerce_clean($_POST[$value['id'].'_width']));
update_option($value['id'].'_height', woocommerce_clean($_POST[$value['id'].'_height']));
if (isset($_POST[$value['id'].'_crop'])) :
update_option($value['id'].'_crop', 1);
else :
update_option($value['id'].'_crop', 0);
endif;
update_option( $value['id'] . '_width', woocommerce_clean( $_POST[ $value['id'] . '_width'] ) );
update_option( $value['id'] . '_height', woocommerce_clean( $_POST[ $value['id'] . '_height'] ) );
if ( isset( $_POST[ $value['id'] . '_crop'] ) )
update_option( $value['id'] . '_crop', 1 );
else
update_option( $value['id'].'_crop', 0 );
} else {
update_option($value['id'].'_width', $value['std']);
update_option($value['id'].'_height', $value['std']);
update_option($value['id'].'_crop', 1);
update_option( $value['id'] . '_width', $value['std'] );
update_option( $value['id'] . '_height', $value['std'] );
update_option( $value['id'] . '_crop', 1 );
}
} else {
if ( isset( $value['id'] ) && isset( $_POST[$value['id']] ) ) {
update_option($value['id'], woocommerce_clean($_POST[$value['id']]));
update_option( $value['id'], woocommerce_clean( $_POST[ $value['id'] ] ) );
} elseif( isset( $value['id'] ) ) {
delete_option($value['id']);
delete_option( $value['id'] );
}
}

2
admin/settings/settings-shipping-methods.php
View File

@ -35,7 +35,7 @@ function woocommerce_shipping_methods_setting() {
<?php
foreach ( $woocommerce->shipping->load_shipping_methods() as $method ) {
$default_shipping_method = get_option('woocommerce_default_shipping_method');
$default_shipping_method = esc_attr( get_option('woocommerce_default_shipping_method') );
echo '<tr>
<td width="1%" class="radio">

5
admin/settings/settings-tax-rates.php
View File

@ -406,7 +406,7 @@ function woocommerce_tax_row_label( $selected ) {
$counties_array = array();
$states_count = 0;
if ($selected) foreach ($selected as $country => $value) :
if ($selected) foreach ( $selected as $country => $value ) :
$country = woocommerce_clean($country);
@ -414,7 +414,8 @@ function woocommerce_tax_row_label( $selected ) {
$states_count+=sizeof($value);
endif;
if (!in_array($country, $counties_array)) $counties_array[] = $woocommerce->countries->countries[$country];
if ( ! in_array( $country, $counties_array ) )
$counties_array[] = esc_html( $woocommerce->countries->countries[ $country ] );
endforeach;

60
admin/woocommerce-admin-dashboard.php
View File

@ -81,10 +81,10 @@ function woocommerce_dashboard_widget_right_now() {
<?php
$num = number_format_i18n( $product_count->publish );
$text = _n( 'Product', 'Products', intval($product_count->publish), 'woocommerce' );
$text = _n( 'Product', 'Products', intval( $product_count->publish ), 'woocommerce' );
$link = add_query_arg( array( 'post_type' => 'product' ), get_admin_url( null, 'edit.php' ) );
$num = '<a href="' . $link . '">' . $num . '</a>';
$text = '<a href="' . $link . '">' . $text . '</a>';
$num = '<a href="' . esc_url($link ) . '">' . esc_html( $num ) . '</a>';
$text = '<a href="' . esc_url( $link ) . '">' . esc_html( $text ) . '</a>';
?>
<td class="first b b-products"><?php echo $num; ?></td>
@ -97,8 +97,8 @@ function woocommerce_dashboard_widget_right_now() {
$num = number_format_i18n( $product_cat_count );
$text = _n( 'Product Category', 'Product Categories', $product_cat_count, 'woocommerce' );
$link = add_query_arg( array( 'taxonomy' => 'product_cat', 'post_type' => 'product' ), get_admin_url( null, 'edit-tags.php' ) );
$num = '<a href="' . $link . '">' . $num . '</a>';
$text = '<a href="' . $link . '">' . $text . '</a>';
$num = '<a href="' . esc_url($link ) . '">' . esc_html( $num ) . '</a>';
$text = '<a href="' . esc_url( $link ) . '">' . esc_html( $text ) . '</a>';
?>
<td class="first b b-product_cats"><?php echo $num; ?></td>
@ -111,8 +111,8 @@ function woocommerce_dashboard_widget_right_now() {
$num = number_format_i18n( $product_tag_count );
$text = _n( 'Product Tag', 'Product Tags', $product_tag_count, 'woocommerce' );
$link = add_query_arg( array( 'taxonomy' => 'product_tag', 'post_type' => 'product' ), get_admin_url( null, 'edit-tags.php' ) );
$num = '<a href="' . $link . '">' . $num . '</a>';
$text = '<a href="' . $link . '">' . $text . '</a>';
$num = '<a href="' . esc_url($link ) . '">' . esc_html( $num ) . '</a>';
$text = '<a href="' . esc_url( $link ) . '">' . esc_html( $text ) . '</a>';
?>
<td class="first b b-product_tag"><?php echo $num; ?></td>
@ -125,8 +125,8 @@ function woocommerce_dashboard_widget_right_now() {
$num = number_format_i18n( $product_attr_count );
$text = _n( 'Attribute', 'Attributes', $product_attr_count, 'woocommerce' );
$link = add_query_arg( array( 'page' => 'woocommerce_attributes' ), get_admin_url( null, 'admin.php' ) );
$num = '<a href="' . $link . '">' . $num . '</a>';
$text = '<a href="' . $link . '">' . $text . '</a>';
$num = '<a href="' . esc_url($link ) . '">' . esc_html( $num ) . '</a>';
$text = '<a href="' . esc_url( $link ) . '">' . esc_html( $text ) . '</a>';
?>
<td class="first b b-attributes"><?php echo $num; ?></td>
@ -147,8 +147,8 @@ function woocommerce_dashboard_widget_right_now() {
$num = number_format_i18n( $pending_count );
$text = __( 'Pending', 'woocommerce' );
$link = add_query_arg( array( 'post_type' => 'shop_order', 'shop_order_status' => 'pending' ), get_admin_url( null, 'edit.php' ) );
$num = '<a href="' . $link . '">' . $num . '</a>';
$text = '<a href="' . $link . '">' . $text . '</a>';
$num = '<a href="' . esc_url($link ) . '">' . esc_html( $num ) . '</a>';
$text = '<a href="' . esc_url( $link ) . '">' . esc_html( $text ) . '</a>';
?>
<td class="b b-pending"><?php echo $num; ?></td>
@ -161,8 +161,8 @@ function woocommerce_dashboard_widget_right_now() {
$num = number_format_i18n( $on_hold_count );
$text = __( 'On-Hold', 'woocommerce' );
$link = add_query_arg( array( 'post_type' => 'shop_order', 'shop_order_status' => 'on-hold' ), get_admin_url( null, 'edit.php' ) );
$num = '<a href="' . $link . '">' . $num . '</a>';
$text = '<a href="' . $link . '">' . $text . '</a>';
$num = '<a href="' . esc_url($link ) . '">' . esc_html( $num ) . '</a>';
$text = '<a href="' . esc_url( $link ) . '">' . esc_html( $text ) . '</a>';
?>
<td class="b b-on-hold"><?php echo $num; ?></td>
@ -175,8 +175,8 @@ function woocommerce_dashboard_widget_right_now() {
$num = number_format_i18n( $processing_count );
$text = __( 'Processing', 'woocommerce' );
$link = add_query_arg( array( 'post_type' => 'shop_order', 'shop_order_status' => 'processing' ), get_admin_url( null, 'edit.php' ) );
$num = '<a href="' . $link . '">' . $num . '</a>';
$text = '<a href="' . $link . '">' . $text . '</a>';
$num = '<a href="' . esc_url($link ) . '">' . esc_html( $num ) . '</a>';
$text = '<a href="' . esc_url( $link ) . '">' . esc_html( $text ) . '</a>';
?>
<td class="b b-processing"><?php echo $num; ?></td>
@ -189,8 +189,8 @@ function woocommerce_dashboard_widget_right_now() {
$num = number_format_i18n( $completed_count );
$text = __( 'Completed', 'woocommerce' );
$link = add_query_arg( array( 'post_type' => 'shop_order', 'shop_order_status' => 'completed' ), get_admin_url( null, 'edit.php' ) );
$num = '<a href="' . $link . '">' . $num . '</a>';
$text = '<a href="' . $link . '">' . $text . '</a>';
$num = '<a href="' . esc_url($link ) . '">' . esc_html( $num ) . '</a>';
$text = '<a href="' . esc_url( $link ) . '">' . esc_html( $text ) . '</a>';
?>
<td class="b b-completed"><?php echo $num; ?></td>
@ -255,7 +255,7 @@ function woocommerce_dashboard_recent_orders() {
*/
function woocommerce_dashboard_recent_reviews() {
global $wpdb;
$comments = $wpdb->get_results("SELECT *, SUBSTRING(comment_content,1,100) AS comment_excerpt
$comments = $wpdb->get_results( $wpdb->prepare( "SELECT *, SUBSTRING(comment_content,1,100) AS comment_excerpt
FROM $wpdb->comments
LEFT JOIN $wpdb->posts ON ($wpdb->comments.comment_post_ID = $wpdb->posts.ID)
WHERE comment_approved = '1'
@ -263,29 +263,29 @@ function woocommerce_dashboard_recent_reviews() {
AND post_password = ''
AND post_type = 'product'
ORDER BY comment_date_gmt DESC
LIMIT 5" );
LIMIT 5" ) );
if ($comments) :
if ( $comments ) {
echo '<ul>';
foreach ($comments as $comment) :
foreach ( $comments as $comment ) {
echo '<li>';
echo get_avatar($comment->comment_author, '32');
echo get_avatar( $comment->comment_author, '32' );
$rating = get_comment_meta( $comment->comment_ID, 'rating', true );
echo '<div class="star-rating" title="'.$rating.'">
<span style="width:'.($rating*10).'px">'.$rating.' '.__( 'out of 5', 'woocommerce' ).'</span></div>';
echo '<div class="star-rating" title="' . $rating . '">
<span style="width:'. ( $rating * 10 ) . 'px">' . $rating . ' ' . __( 'out of 5', 'woocommerce' ) . '</span></div>';
echo '<h4 class="meta"><a href="'.get_permalink($comment->ID).'#comment-'.$comment->comment_ID .'">'. __( $comment->post_title ) .'</a> reviewed by ' .strip_tags($comment->comment_author) .'</h4>';
echo '<blockquote>'.strip_tags($comment->comment_excerpt).' [...]</blockquote></li>';
echo '<h4 class="meta"><a href="' . get_permalink( $comment->ID ) . '#comment-' . absint( $comment->comment_ID ) .'">' . esc_html__( $comment->post_title ) . '</a> reviewed by ' . esc_html( $comment->comment_author ) .'</h4>';
echo '<blockquote>' . wp_kses_data( $comment->comment_excerpt ) . ' [...]</blockquote></li>';
endforeach;
}
echo '</ul>';
else :
echo '<p>'.__( 'There are no product reviews yet.', 'woocommerce' ).'</p>';
endif;
} else {
echo '<p>' . __( 'There are no product reviews yet.', 'woocommerce' ) . '</p>';
}
}

6
admin/woocommerce-admin-functions.php
View File

@ -126,7 +126,7 @@ function woocommerce_preview_emails() {
$email_heading = __( 'Order Received', 'woocommerce' );
$message = wpautop( __("Thank you, we are now processing your order. Your order's details are below.", 'woocommerce') );
$message = wpautop( __( 'Thank you, we are now processing your order. Your order\'s details are below.', 'woocommerce' ) );
$message .= '<h2>' . __( 'Order:', 'woocommerce' ) . ' ' . '#1000</h2>';
@ -366,7 +366,7 @@ function woocommerce_delete_term( $term_id, $tt_id, $taxonomy ) {
function woocommerce_compile_less_styles() {
global $woocommerce;
$colors = get_option( 'woocommerce_frontend_css_colors' );
$colors = array_map( 'esc_attr', (array) get_option( 'woocommerce_frontend_css_colors' ) );
$base_file = $woocommerce->plugin_path() . '/assets/css/woocommerce-base.less';
$less_file = $woocommerce->plugin_path() . '/assets/css/woocommerce.less';
$css_file = $woocommerce->plugin_path() . '/assets/css/woocommerce.css';
@ -495,7 +495,7 @@ function woocommerce_order_bulk_admin_notices() {
global $post_type, $pagenow;
if ( isset( $_REQUEST['marked_completed'] ) || isset( $_REQUEST['marked_processing'] ) ) {
$number = isset( $_REQUEST['marked_processing'] ) ? $_REQUEST['marked_processing'] : $_REQUEST['marked_completed'];
$number = isset( $_REQUEST['marked_processing'] ) ? absint( $_REQUEST['marked_processing'] ) : absint( $_REQUEST['marked_completed'] );
if ( 'edit.php' == $pagenow && 'shop_order' == $post_type ) {
$message = sprintf( _n( 'Order status changed.', '%s order statuses changed.', $number ), number_format_i18n( $number ) );

2
admin/woocommerce-admin-import.php
View File

@ -51,7 +51,7 @@ function woocommerce_import_start() {
$nicename = strtolower(sanitize_title(str_replace('pa_', '', $domain)));
$exists_in_db = $wpdb->get_var("SELECT attribute_id FROM ".$wpdb->prefix . "woocommerce_attribute_taxonomies WHERE attribute_name = '".$nicename."';");
$exists_in_db = $wpdb->get_var( $wpdb->prepare( "SELECT attribute_id FROM " . $wpdb->prefix . "woocommerce_attribute_taxonomies WHERE attribute_name = %s;", $nicename ) );
if (!$exists_in_db) :

17
admin/woocommerce-admin-init.php
View File

@ -373,7 +373,7 @@ function woocommerce_admin_scripts() {
wp_enqueue_script( 'plupload-all' );
$woocommerce_witepanel_params = array(
'remove_item_notice' => __("Remove this item? If you have previously reduced this item's stock, or this order was submitted by a customer, will need to manually restore the item's stock.", 'woocommerce'),
'remove_item_notice' => __( 'Remove this item? If you have previously reduced this item\'s stock, or this order was submitted by a customer, will need to manually restore the item\'s stock.', 'woocommerce' ),
'remove_attribute' => __( 'Remove this attribute?', 'woocommerce' ),
'name_label' => __( 'Name', 'woocommerce' ),
'remove_label' => __( 'Remove', 'woocommerce' ),
@ -383,11 +383,11 @@ function woocommerce_admin_scripts() {
'visible_label' => __( 'Visible on the product page', 'woocommerce' ),
'used_for_variations_label' => __( 'Used for variations', 'woocommerce' ),
'new_attribute_prompt' => __( 'Enter a name for the new attribute term:', 'woocommerce' ),
'calc_totals' => __("Calculate totals based on order items, discount amount, and shipping? Note, you will need to (optionally) calculate tax rows and cart discounts manually.", 'woocommerce'),
'calc_line_taxes' => __("Calculate line taxes? This will calculate taxes based on the customers country. If no billing/shipping is set it will use the store base country.", 'woocommerce'),
'copy_billing' => __("Copy billing information to shipping information? This will remove any currently entered shipping information.", 'woocommerce'),
'load_billing' => __("Load the customer's billing information? This will remove any currently entered billing information.", 'woocommerce'),
'load_shipping' => __("Load the customer's shipping information? This will remove any currently entered shipping information.", 'woocommerce'),
'calc_totals' => __( 'Calculate totals based on order items, discount amount, and shipping? Note, you will need to (optionally) calculate tax rows and cart discounts manually.', 'woocommerce' ),
'calc_line_taxes' => __( 'Calculate line taxes? This will calculate taxes based on the customers country. If no billing/shipping is set it will use the store base country.', 'woocommerce' ),
'copy_billing' => __( 'Copy billing information to shipping information? This will remove any currently entered shipping information.', 'woocommerce' ),
'load_billing' => __( 'Load the customer\'s billing information? This will remove any currently entered billing information.', 'woocommerce' ),
'load_shipping' => __( 'Load the customer\'s shipping information? This will remove any currently entered shipping information.', 'woocommerce' ),
'featured_label' => __( 'Featured', 'woocommerce' ),
'tax_or_vat' => $woocommerce->countries->tax_or_vat(),
'prices_include_tax' => get_option('woocommerce_prices_include_tax'),
@ -592,9 +592,10 @@ function woocommerce_exclude_image_from_product_page_field( $fields, $object ) {
$parent = get_post( $object->post_parent );
if ($parent->post_type!=='product') return $fields;
if ( $parent->post_type !== 'product' )
return $fields;
$exclude_image = (int) get_post_meta($object->ID, '_woocommerce_exclude_image', true);
$exclude_image = get_post_meta( absint( $object->ID ), '_woocommerce_exclude_image', true );
$label = __( 'Exclude image', 'woocommerce' );

12
admin/woocommerce-admin-install.php
View File

@ -182,7 +182,7 @@ function woocommerce_create_page( $slug, $option, $page_title = '', $page_conten
if ( $option_value > 0 && get_post( $option_value ) )
return;
$page_found = $wpdb->get_var( "SELECT ID FROM " . $wpdb->posts . " WHERE post_name = '$slug' LIMIT 1;" );
$page_found = $wpdb->get_var( $wpdb->prepare( "SELECT ID FROM " . $wpdb->posts . " WHERE post_name = %s LIMIT 1;", $slug ) );
if ( $page_found ) {
if ( ! $option_value )
update_option( $option, $page_found );
@ -275,7 +275,7 @@ function woocommerce_tables_install() {
**/
if ( version_compare( get_option('woocommerce_db_version'), '1.7', '<' ) ) {
// remove the existing primary key so we can add the new download_id column
$wpdb->query( "ALTER TABLE ". $wpdb->prefix . "woocommerce_downloadable_product_permissions DROP PRIMARY KEY" );
$wpdb->query( $wpdb->prepare( "ALTER TABLE ". $wpdb->prefix . "woocommerce_downloadable_product_permissions DROP PRIMARY KEY" ) );
}
// Table for storing attribute taxonomies - these are user defined
@ -329,7 +329,7 @@ CREATE TABLE ". $wpdb->prefix . "woocommerce_downloadable_product_permissions (
if ( version_compare( get_option('woocommerce_db_version'), '1.7', '<' ) ) {
// upgrade existing meta data
$existing_file_paths = $wpdb->get_results( "SELECT * FROM ". $wpdb->postmeta . " WHERE meta_key = '_file_path'" );
$existing_file_paths = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM ". $wpdb->postmeta . " WHERE meta_key = '_file_path'" ) );
if ( $existing_file_paths ) {
foreach( $existing_file_paths as $existing_file_path ) {
$existing_file_path->meta_value = trim( $existing_file_path->meta_value );
@ -346,7 +346,7 @@ CREATE TABLE ". $wpdb->prefix . "woocommerce_downloadable_product_permissions (
if ( version_compare( get_option('woocommerce_db_version'), '1.0', '>' ) && version_compare( get_option('woocommerce_db_version'), '1.4', '<' ) ) {
// Update woocommerce_downloadable_product_permissions table to include order ID's as well as keys
$results = $wpdb->get_results( "SELECT * FROM " . $wpdb->prefix . "woocommerce_downloadable_product_permissions WHERE order_id = 0;" );
$results = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM " . $wpdb->prefix . "woocommerce_downloadable_product_permissions WHERE order_id = 0;" ) );
if ( $results ) foreach ( $results as $result ) {
@ -371,13 +371,13 @@ CREATE TABLE ". $wpdb->prefix . "woocommerce_downloadable_product_permissions (
// Upgrade old meta keys for product data
$meta = array('sku', 'downloadable', 'virtual', 'price', 'visibility', 'stock', 'stock_status', 'backorders', 'manage_stock', 'sale_price', 'regular_price', 'weight', 'length', 'width', 'height', 'tax_status', 'tax_class', 'upsell_ids', 'crosssell_ids', 'sale_price_dates_from', 'sale_price_dates_to', 'min_variation_price', 'max_variation_price', 'featured', 'product_attributes', 'file_path', 'download_limit', 'product_url', 'min_variation_price', 'max_variation_price');
$wpdb->query("
$wpdb->query( $wpdb->prepare( "
UPDATE {$wpdb->postmeta}
LEFT JOIN {$wpdb->posts} ON ( {$wpdb->postmeta}.post_id = {$wpdb->posts}.ID )
SET meta_key = CONCAT( '_', meta_key )
WHERE meta_key IN ( '" . implode( "', '", $meta ) . "' )
AND {$wpdb->posts}.post_type IN ('product', 'product_variation')
");
" ) );
}
}

58
admin/woocommerce-admin-reports.php
View File

@ -305,7 +305,7 @@ function woocommerce_sales_overview() {
");
$total_sales = $order_totals->total_sales;
$total_orders = $order_totals->total_orders;
$total_orders = absint( $order_totals->total_orders );
$discount_total = $wpdb->get_var("
SELECT SUM(meta.meta_value) AS total_sales FROM {$wpdb->posts} AS posts
@ -973,7 +973,7 @@ function woocommerce_top_sellers() {
$orders_link = admin_url( 'edit.php?s&post_status=all&post_type=shop_order&action=-1&s=&shop_order_status=completed,processing,on-hold' );
}
echo '<tr><th>' . $product_name . '</th><td width="1%"><span>' . $sales . '</span></td><td class="bars"><a href="' . $orders_link . '" style="width:' . $width . '%">&nbsp;</a></td></tr>';
echo '<tr><th>' . $product_name . '</th><td width="1%"><span>' . esc_html( $sales ) . '</span></td><td class="bars"><a href="' . esc_url( $orders_link ) . '" style="width:' . esc_attr( $width ) . '%">&nbsp;</a></td></tr>';
}
?>
</tbody>
@ -1071,7 +1071,7 @@ function woocommerce_top_earners() {
$orders_link = admin_url( 'edit.php?s&post_status=all&post_type=shop_order&action=-1&s=&shop_order_status=completed,processing,on-hold' );
}
echo '<tr><th>' . $product_name . '</th><td width="1%"><span>' . woocommerce_price( $sales ) . '</span></td><td class="bars"><a href="' . $orders_link . '" style="width:' . $width . '%">&nbsp;</a></td></tr>';
echo '<tr><th>' . $product_name . '</th><td width="1%"><span>' . woocommerce_price( $sales ) . '</span></td><td class="bars"><a href="' . esc_url( $orders_link ) . '" style="width:' . esc_attr( $width ) . '%">&nbsp;</a></td></tr>';
}
?>
</tbody>
@ -1171,19 +1171,23 @@ function woocommerce_product_sales() {
</thead>
<tbody>
<?php
if (sizeof($product_sales)>0) foreach ($product_sales as $date => $sales) :
$width = ($sales>0) ? (round($sales) / round($max_sales)) * 100 : 0;
$width2 = ($product_totals[$date]>0) ? (round($product_totals[$date]) / round($max_totals)) * 100 : 0;
$orders_link = admin_url('edit.php?s&post_status=all&post_type=shop_order&action=-1&s=' . urlencode( implode( ' ', $chosen_product_titles ) ) . '&m=' . date('Ym', strtotime($date.'01')) . '&shop_order_status=completed,processing,on-hold');
echo '<tr><th><a href="'.$orders_link.'">'.date_i18n('F', strtotime($date.'01')).'</a></th>
<td width="1%"><span>'.$sales.'</span><span class="alt">'.woocommerce_price($product_totals[$date]).'</span></td>
<td class="bars">
<span style="width:'.$width.'%">&nbsp;</span>
<span class="alt" style="width:'.$width2.'%">&nbsp;</span>
</td></tr>';
endforeach; else echo '<tr><td colspan="3">'.__( 'No sales :(', 'woocommerce' ).'</td></tr>';
if ( sizeof( $product_sales ) > 0 ) {
foreach ( $product_sales as $date => $sales ) {
$width = ($sales>0) ? (round($sales) / round($max_sales)) * 100 : 0;
$width2 = ($product_totals[$date]>0) ? (round($product_totals[$date]) / round($max_totals)) * 100 : 0;
$orders_link = admin_url( 'edit.php?s&post_status=all&post_type=shop_order&action=-1&s=' . urlencode( implode( ' ', $chosen_product_titles ) ) . '&m=' . date( 'Ym', strtotime( $date . '01' ) ) . '&shop_order_status=completed,processing,on-hold' );
echo '<tr><th><a href="' . esc_url( $orders_link ) . '">' . date_i18n( 'F', strtotime( $date . '01' ) ) . '</a></th>
<td width="1%"><span>' . esc_html( $sales ) . '</span><span class="alt">' . woocommerce_price( $product_totals[ $date ] ) . '</span></td>
<td class="bars">
<span style="width:' . esc_attr( $width ) . '%">&nbsp;</span>
<span class="alt" style="width:' . esc_attr( $width2 ) . '%">&nbsp;</span>
</td></tr>';
}
} else {
echo '<tr><td colspan="3">' . __( 'No sales :(', 'woocommerce' ) . '</td></tr>';
}
?>
</tbody>
</table>
@ -1267,7 +1271,7 @@ function woocommerce_customer_overview() {
");
$total_customer_sales = $customer_orders->total_sales;
$total_customer_orders = $customer_orders->total_orders;
$total_customer_orders = absint( $customer_orders->total_orders );
$guest_orders = $wpdb->get_row("
SELECT SUM(meta.meta_value) AS total_sales, COUNT(posts.ID) AS total_orders FROM {$wpdb->posts} AS posts
@ -1290,7 +1294,7 @@ function woocommerce_customer_overview() {
");
$total_guest_sales = $guest_orders->total_sales;
$total_guest_orders = $guest_orders->total_orders;
$total_guest_orders = absint( $guest_orders->total_orders );
?>
<div id="poststuff" class="woocommerce-reports-wrap">
<div class="woocommerce-reports-sidebar">
@ -1542,10 +1546,10 @@ function woocommerce_stock_overview() {
if ( $stock <= $nostockamount ) continue;
$title = __( $product->post_title );
$title = esc_html__( $product->post_title );
if ( $sku )
$title .= ' (' . __( 'SKU', 'woocommerce' ) . ': ' . $sku . ')';
$title .= ' (' . __( 'SKU', 'woocommerce' ) . ': ' . esc_html( $sku ) . ')';
if ( $product->post_type=='product' )
$product_url = admin_url( 'post.php?post=' . $product->ID . '&action=edit' );
@ -1577,10 +1581,10 @@ function woocommerce_stock_overview() {
if ( $stock > $nostockamount ) continue;
$title = __( $product->post_title );
$title = esc_html__( $product->post_title );
if ( $sku )
$title .= ' (' . __( 'SKU', 'woocommerce' ) . ': ' . $sku . ')';
$title .= ' (' . __( 'SKU', 'woocommerce' ) . ': ' . esc_html( $sku ) . ')';
if ( $product->post_type=='product' )
$product_url = admin_url( 'post.php?post=' . $product->ID . '&action=edit' );
@ -2337,11 +2341,11 @@ function woocommerce_coupon_sales() {
// save data for chart while outputting
$chart_data = $coupon_totals = array();
foreach( $coupon_sales as $coupon_code => $sales ) :
foreach( $coupon_sales as $coupon_code => $sales ) {
echo '<tr><th>' . $coupon_code . '</th>';
echo '<tr><th>' . esc_html( $coupon_code ) . '</th>';
for( $count = 0; $count < 12; $count++ ) :
for ( $count = 0; $count < 12; $count ++ ) {
if ( $count >= date ( 'm' ) && $current_year == date( 'Y' ) )
continue;
@ -2355,7 +2359,7 @@ function woocommerce_coupon_sales() {
$chart_data[$coupon_code][] = array( strtotime( date( 'Ymd', strtotime( $month . '01' ) ) ) . '000', $amount );
endfor;
}
echo '<td><strong>' . woocommerce_price( array_sum( $sales ) ) . '</strong></td>';
@ -2364,7 +2368,7 @@ function woocommerce_coupon_sales() {
echo '</tr>';
endforeach;
}
$top_coupon_name = current( array_keys( $coupon_totals, max( $coupon_totals ) ) );
$top_coupon_sales = $coupon_totals[$top_coupon_name];

42
admin/woocommerce-admin-settings.php
View File

@ -140,9 +140,9 @@ if ( ! function_exists( 'woocommerce_settings' ) ) {
if ( $error || $message ) {
if ( $error ) {
echo '<div id="message" class="error fade"><p><strong>' . wptexturize( $error ) . '</strong></p></div>';
echo '<div id="message" class="error fade"><p><strong>' . esc_html( $error ) . '</strong></p></div>';
} else {
echo '<div id="message" class="updated fade"><p><strong>' . wptexturize( $message ) . '</strong></p></div>';
echo '<div id="message" class="updated fade"><p><strong>' . esc_html( $message ) . '</strong></p></div>';
}
} elseif ( ! empty( $_GET['saved'] ) ) {
@ -261,7 +261,7 @@ if ( ! function_exists( 'woocommerce_settings' ) ) {
$current = ( get_class( $email ) == $current_section ) ? 'class="current"' : '';
$links[] = '<a href="' . add_query_arg( 'section', get_class( $email ), admin_url('admin.php?page=woocommerce_settings&tab=email') ) . '"' . $current . '>' . $title . '</a>';
$links[] = '<a href="' . add_query_arg( 'section', get_class( $email ), admin_url('admin.php?page=woocommerce_settings&tab=email') ) . '"' . $current . '>' . esc_html( $title ) . '</a>';
}
@ -299,7 +299,7 @@ if ( ! function_exists( 'woocommerce_settings' ) ) {
$current = ( get_class( $method ) == $current_section ) ? 'class="current"' : '';
$links[] = '<a href="' . add_query_arg( 'section', get_class( $method ), admin_url('admin.php?page=woocommerce_settings&tab=shipping') ) . '"' . $current . '>' . $title . '</a>';
$links[] = '<a href="' . add_query_arg( 'section', get_class( $method ), admin_url('admin.php?page=woocommerce_settings&tab=shipping') ) . '"' . $current . '>' . esc_html( $title ) . '</a>';
}
@ -326,7 +326,7 @@ if ( ! function_exists( 'woocommerce_settings' ) ) {
foreach ( $woocommerce->payment_gateways->payment_gateways() as $gateway ) :
$title = empty( $gateway->method_title ) ? ucwords( $gateway->id ) : ucwords( $gateway->method_title );
$links[] = '<a href="#gateway-'.$gateway->id.'">'.$title.'</a>';
$links[] = '<a href="#gateway-'.$gateway->id.'">' . esc_html( $title ) . '</a>';
endforeach;
echo '<div class="subsubsub_section"><ul class="subsubsub"><li>' . implode( ' | </li><li>', $links ) . '</li></ul><br class="clear" />';
@ -358,7 +358,7 @@ if ( ! function_exists( 'woocommerce_settings' ) ) {
$current = ( $integration->id == $current_section ) ? 'class="current"' : '';
$links[] = '<a href="' . add_query_arg( 'section', $integration->id, admin_url('admin.php?page=woocommerce_settings&tab=integration') ) . '"' . $current . '>' . $title . '</a>';
$links[] = '<a href="' . add_query_arg( 'section', $integration->id, admin_url('admin.php?page=woocommerce_settings&tab=integration') ) . '"' . $current . '>' . esc_html( $title ) . '</a>';
}
echo '<ul class="subsubsub"><li>' . implode( ' | </li><li>', $links ) . '</li></ul><br class="clear" />';
@ -514,13 +514,13 @@ function woocommerce_admin_fields( $options ) {
} elseif ( $value['desc_tip'] ) {
$description = '<img class="help_tip" data-tip="' . esc_attr( $value['desc_tip'] ) . '" src="' . $woocommerce->plugin_url() . '/assets/images/help.png" />';
} else {
$description = '<span class="description">' . $value['desc'] . '</span>';
$description = '<span class="description">' . wp_kses_post( $value['desc'] ) . '</span>';
}
switch( $value['type'] ) {
case 'title':
if ( isset($value['name'] ) && $value['name'] ) echo '<h3>' . $value['name'] . '</h3>';
if ( isset($value['desc'] ) && $value['desc'] ) echo wpautop( wptexturize( $value['desc'] ) );
if ( isset($value['name'] ) && $value['name'] ) echo '<h3>' . esc_html( $value['name'] ) . '</h3>';
if ( isset($value['desc'] ) && $value['desc'] ) echo wpautop( wptexturize( wp_kses_post( $value['desc'] ) ) );
echo '<table class="form-table">'. "\n\n";
if ( isset($value['id'] ) && $value['id'] ) do_action( 'woocommerce_settings_' . sanitize_title($value['id'] ) );
break;
@ -532,7 +532,7 @@ function woocommerce_admin_fields( $options ) {
case 'text':
?><tr valign="top">
<th scope="row" class="titledesc">
<label for="<?php echo esc_attr( $value['id'] ); ?>"><?php echo $value['name']; ?></label>
<label for="<?php echo esc_attr( $value['id'] ); ?>"><?php echo esc_html( $value['name'] ); ?></label>
</th>
<td class="forminp"><input name="<?php echo esc_attr( $value['id'] ); ?>" id="<?php echo esc_attr( $value['id'] ); ?>" type="<?php echo esc_attr( $value['type'] ); ?>" style="<?php echo esc_attr( $value['css'] ); ?>" value="<?php if ( get_option( $value['id'] ) !== false && get_option( $value['id'] ) !== null ) { echo esc_attr( stripslashes( get_option($value['id'] ) ) ); } else { echo esc_attr( $value['std'] ); } ?>" /> <?php echo $description; ?></td>
</tr><?php
@ -540,14 +540,14 @@ function woocommerce_admin_fields( $options ) {
case 'color' :
?><tr valign="top">
<th scope="row" class="titledesc">
<label for="<?php echo esc_attr( $value['id'] ); ?>"><?php echo $value['name']; ?></label>
<label for="<?php echo esc_attr( $value['id'] ); ?>"><?php echo esc_html( $value['name'] ); ?></label>
</th>
<td class="forminp"><input name="<?php echo esc_attr( $value['id'] ); ?>" id="<?php echo esc_attr( $value['id'] ); ?>" type="text" style="<?php echo esc_attr( $value['css'] ); ?>" value="<?php if ( get_option( $value['id'] ) !== false && get_option( $value['id'] ) !== null ) { echo esc_attr( stripslashes( get_option($value['id'] ) ) ); } else { echo esc_attr( $value['std'] ); } ?>" class="colorpick" /> <?php echo $description; ?> <div id="colorPickerDiv_<?php echo esc_attr( $value['id'] ); ?>" class="colorpickdiv" style="z-index: 100;background:#eee;border:1px solid #ccc;position:absolute;display:none;"></div></td>
</tr><?php
break;
case 'image_width' :
?><tr valign="top">
<th scope="row" class="titledesc"><?php echo $value['name'] ?></th>
<th scope="row" class="titledesc"><?php echo esc_html( $value['name'] ) ?></th>
<td class="forminp">
<?php _e( 'Width', 'woocommerce' ); ?> <input name="<?php echo esc_attr( $value['id'] ); ?>_width" id="<?php echo esc_attr( $value['id'] ); ?>_width" type="text" size="3" value="<?php if ( $size = get_option( $value['id'].'_width') ) echo stripslashes($size); else echo $value['std']; ?>" />
@ -562,7 +562,7 @@ function woocommerce_admin_fields( $options ) {
case 'select':
?><tr valign="top">
<th scope="row" class="titledesc">
<label for="<?php echo esc_attr( $value['id'] ); ?>"><?php echo $value['name']; ?></label>
<label for="<?php echo esc_attr( $value['id'] ); ?>"><?php echo esc_html( $value['name'] ); ?></label>
</th>
<td class="forminp"><select name="<?php echo esc_attr( $value['id'] ); ?>" id="<?php echo esc_attr( $value['id'] ); ?>" style="<?php echo esc_attr( $value['css'] ); ?>" class="<?php if (isset($value['class'])) echo $value['class']; ?>">
<?php
@ -592,7 +592,7 @@ function woocommerce_admin_fields( $options ) {
if ($value['hide_if_checked']=='option') echo 'hide_options_if_checked';
if ($value['show_if_checked']=='option') echo 'show_options_if_checked';
?>">
<th scope="row" class="titledesc"><?php echo $value['name'] ?></th>
<th scope="row" class="titledesc"><?php echo esc_html( $value['name'] ) ?></th>
<td class="forminp">
<fieldset>
<?php
@ -607,10 +607,10 @@ function woocommerce_admin_fields( $options ) {
endif;
?>
<legend class="screen-reader-text"><span><?php echo $value['name'] ?></span></legend>
<legend class="screen-reader-text"><span><?php echo esc_html( $value['name'] ) ?></span></legend>
<label for="<?php echo $value['id'] ?>">
<input name="<?php echo esc_attr( $value['id'] ); ?>" id="<?php echo esc_attr( $value['id'] ); ?>" type="checkbox" value="1" <?php checked(get_option($value['id']), 'yes'); ?> />
<?php echo $value['desc'] ?></label> <?php if ( $value['desc_tip'] ) echo $description; ?><br />
<?php echo wp_kses_post( $value['desc'] ) ?></label> <?php if ( $value['desc_tip'] ) echo $description; ?><br />
<?php
if (!isset($value['checkboxgroup']) || (isset($value['checkboxgroup']) && $value['checkboxgroup']=='end')) :
@ -629,10 +629,10 @@ function woocommerce_admin_fields( $options ) {
case 'textarea':
?><tr valign="top">
<th scope="row" class="titledesc">
<label for="<?php echo esc_attr( $value['id'] ); ?>"><?php echo $value['name']; ?></label>
<label for="<?php echo esc_attr( $value['id'] ); ?>"><?php echo esc_html( $value['name'] ); ?></label>
</th>
<td class="forminp">
<?php if ( ! empty( $value['desc'] ) ) echo '<p style="margin-top:0;">' . $value['desc'] . '</p>'; ?>
<?php if ( ! empty( $value['desc'] ) ) echo '<p style="margin-top:0;">' . wp_kses_post( $value['desc'] ) . '</p>'; ?>
<textarea <?php if ( isset($value['args']) ) echo $value['args'] . ' '; ?>name="<?php echo esc_attr( $value['id'] ); ?>" id="<?php echo esc_attr( $value['id'] ); ?>" style="<?php echo esc_attr( $value['css'] ); ?>"><?php if (false !== get_option($value['id'])) echo esc_textarea(stripslashes(get_option($value['id']))); else echo esc_textarea( $value['std'] ); ?></textarea>
</td>
@ -653,7 +653,7 @@ function woocommerce_admin_fields( $options ) {
if( isset($value['args']) ) $args = wp_parse_args($value['args'], $args);
?><tr valign="top" class="single_select_page">
<th scope="row" class="titledesc"><?php echo $value['name'] ?></th>
<th scope="row" class="titledesc"><?php echo esc_html( $value['name'] ) ?></th>
<td class="forminp">
<?php echo str_replace(' id=', " data-placeholder='".__( 'Select a page&hellip;', 'woocommerce' )."' style='".$value['css']."' class='".$value['class']."' id=", wp_dropdown_pages($args)); ?> <?php echo $description; ?>
</td>
@ -671,7 +671,7 @@ function woocommerce_admin_fields( $options ) {
endif;
?><tr valign="top">
<th scope="row" class="titledesc">
<label for="<?php echo esc_attr( $value['id'] ); ?>"><?php echo $value['name']; ?></label>
<label for="<?php echo esc_attr( $value['id'] ); ?>"><?php echo esc_html( $value['name'] ); ?></label>
</th>
<td class="forminp"><select name="<?php echo esc_attr( $value['id'] ); ?>" style="<?php echo esc_attr( $value['css'] ); ?>" data-placeholder="<?php _e( 'Choose a country&hellip;', 'woocommerce' ); ?>" title="Country" class="chosen_select">
<?php echo $woocommerce->countries->country_dropdown_options($country, $state); ?>
@ -685,7 +685,7 @@ function woocommerce_admin_fields( $options ) {
$selections = (array) get_option($value['id']);
?><tr valign="top">
<th scope="row" class="titledesc">
<label for="<?php echo esc_attr( $value['id'] ); ?>"><?php echo $value['name']; ?></label>
<label for="<?php echo esc_attr( $value['id'] ); ?>"><?php echo esc_html( $value['name'] ); ?></label>
</th>
<td class="forminp">
<select multiple="multiple" name="<?php echo esc_attr( $value['id'] ); ?>[]" style="width:450px;" data-placeholder="<?php _e( 'Choose countries&hellip;', 'woocommerce' ); ?>" title="Country" class="chosen_select">

21
admin/woocommerce-admin-status.php
View File

@ -188,7 +188,7 @@ function woocommerce_status() {
if ( $alt == 1 ) echo '<tr>'; else echo '<tr>';
echo '<td>' . $page_name . '</td><td>';
echo '<td>' . esc_html( $page_name ) . '</td><td>';
$error = false;
@ -214,7 +214,7 @@ function woocommerce_status() {
}
if ( ! $error ) echo '<mark class="yes">#' . $page_id . ' - ' . get_permalink( $page_id ) . '</mark>';
if ( ! $error ) echo '<mark class="yes">#' . absint( $page_id ) . ' - ' . get_permalink( $page_id ) . '</mark>';
echo '</td></tr>';
@ -234,7 +234,7 @@ function woocommerce_status() {
<td><?php _e('Order Statuses','woocommerce')?></td>
<td><?php
$order_statuses = get_terms( 'shop_order_status', array( 'fields' => 'names', 'hide_empty' => 0 ) );
echo implode( ', ', $order_statuses );
echo implode( ', ', array_map( 'esc_html', $order_statuses ) );
?></td>
</tr>
</tbody>
@ -249,13 +249,14 @@ function woocommerce_status() {
<tr>
<td><?php _e('PHP Version','woocommerce')?></td>
<td><?php
if ( function_exists( 'phpversion' ) ) echo phpversion();
if ( function_exists( 'phpversion' ) )
echo esc_html( phpversion() );
?></td>
</tr>
<tr>
<td><?php _e('Server Software','woocommerce')?></td>
<td><?php
echo $_SERVER['SERVER_SOFTWARE'];
echo esc_html( $_SERVER['SERVER_SOFTWARE'] );
?></td>
</tr>
<tr>
@ -358,10 +359,10 @@ function woocommerce_status() {
<tbody>
<?php foreach($posting as $post) { $mark = ( isset( $post['success'] ) && $post['success'] == true ) ? 'yes' : 'error'; ?>
<tr>
<td><?php echo $post['name']; ?></td>
<td><?php echo esc_html( $post['name'] ); ?></td>
<td>
<mark class="<?php echo $mark; ?>">
<?php echo $post['note']; ?>
<?php echo esc_html( $post['note'] ); ?>
</mark>
</td>
</tr>
@ -377,11 +378,11 @@ function woocommerce_status() {
<tbody class="tools">
<?php foreach($tools as $action => $tool) { ?>
<tr>
<td><?php echo $tool['name']; ?></td>
<td><?php echo esc_html( $tool['name'] ); ?></td>
<td>
<p>
<a href="<?php echo wp_nonce_url( admin_url('admin.php?page=woocommerce_status&action=' . $action ), 'debug_action' ); ?>" class="button"><?php echo $tool['button']; ?></a>
<span class="description"><?php echo $tool['desc']; ?></span>
<a href="<?php echo wp_nonce_url( admin_url('admin.php?page=woocommerce_status&action=' . $action ), 'debug_action' ); ?>" class="button"><?php echo esc_html( $tool['button'] ); ?></a>
<span class="description"><?php echo wp_kses_post( $tool['desc'] ); ?></span>
</p>
</td>
</tr>

2
admin/woocommerce-admin-taxonomies.php
View File

@ -95,7 +95,7 @@ function woocommerce_edit_category_thumbnail_field( $term, $taxonomy ) {
global $woocommerce;
$image = '';
$thumbnail_id = get_woocommerce_term_meta( $term->term_id, 'thumbnail_id', true );
$thumbnail_id = absint( get_woocommerce_term_meta( $term->term_id, 'thumbnail_id', true ) );
if ($thumbnail_id) :
$image = wp_get_attachment_url( $thumbnail_id );
else :

12
admin/woocommerce-admin-users.php
View File

@ -47,13 +47,13 @@ function woocommerce_user_column_values( $value, $column_name, $user_id ) {
switch ($column_name) :
case "woocommerce_order_count" :
$count = $wpdb->get_var( "SELECT COUNT(*)
$count = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(*)
FROM $wpdb->posts
LEFT JOIN $wpdb->postmeta ON $wpdb->posts.ID = $wpdb->postmeta.post_id
WHERE meta_value = $user_id
AND meta_key = '_customer_user'
AND post_type IN ('shop_order')
AND post_status = 'publish'" );
AND post_status = 'publish'" ) );
$value = '<a href="'.admin_url('edit.php?post_status=all&post_type=shop_order&_customer_user='.$user_id.'').'">'.$count.'</a>';
@ -235,10 +235,10 @@ function woocommerce_customer_meta_fields( $user ) {
foreach( $fieldset['fields'] as $key => $field ) :
?>
<tr>
<th><label for="<?php echo $key; ?>"><?php echo $field['label']; ?></label></th>
<th><label for="<?php echo esc_attr( $key ); ?>"><?php echo esc_html( $field['label'] ); ?></label></th>
<td>
<input type="text" name="<?php echo $key; ?>" id="<?php echo $key; ?>" value="<?php echo esc_attr( get_user_meta( $user->ID, $key, true ) ); ?>" class="regular-text" /><br/>
<span class="description"><?php echo $field['description']; ?></span>
<input type="text" name="<?php echo esc_attr( $key ); ?>" id="<?php echo esc_attr( $key ); ?>" value="<?php echo esc_attr( get_user_meta( $user->ID, $key, true ) ); ?>" class="regular-text" /><br/>
<span class="description"><?php echo wp_kses_post( $field['description'] ); ?></span>
</td>
</tr>
<?php
@ -269,7 +269,7 @@ function woocommerce_save_customer_meta_fields( $user_id ) {
foreach( $save_fields as $fieldset )
foreach( $fieldset['fields'] as $key => $field )
if ( isset( $_POST[ $key ] ) )
update_user_meta( $user_id, $key, trim( esc_attr( $_POST[ $key ] ) ) );
update_user_meta( $user_id, $key, woocommerce_clean( $_POST[ $key ] ) );
}
add_action( 'personal_options_update', 'woocommerce_save_customer_meta_fields' );

2
classes/gateways/paypal/class-wc-paypal.php
View File

@ -135,7 +135,7 @@ class WC_Paypal extends WC_Payment_Gateway {
'title' => __( 'Description', 'woocommerce' ),
'type' => 'textarea',
'description' => __( 'This controls the description which the user sees during checkout.', 'woocommerce' ),
'default' => __("Pay via PayPal; you can pay with your credit card if you don't have a PayPal account", 'woocommerce')
'default' => __( 'Pay via PayPal; you can pay with your credit card if you don\'t have a PayPal account', 'woocommerce' )
),
'email' => array(
'title' => __( 'PayPal Email', 'woocommerce' ),

2
templates/emails/customer-new-account.php
View File

@ -13,7 +13,7 @@ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly ?>
<p><?php printf(__("Thanks for creating an account on %s. Your username is <strong>%s</strong>.", 'woocommerce'), esc_html( $blogname ), esc_html( $user_login ) ); ?></p>
<p><?php printf(__("You can access your account area here: %s.", 'woocommerce'), get_permalink(woocommerce_get_page_id('myaccount'))); ?></p>
<p><?php printf(__( 'You can access your account area here: %s.', 'woocommerce' ), get_permalink(woocommerce_get_page_id('myaccount'))); ?></p>
<div style="clear:both;"></div>

2
templates/emails/plain/customer-new-account.php
View File

@ -12,7 +12,7 @@ echo $email_heading . "\n\n";
echo sprintf( __( "Thanks for creating an account on %s. Your username is <strong>%s</strong>.", 'woocommerce' ), $blogname, $user_login ) . "\n\n";
echo sprintf(__("You can access your account area here: %s.", 'woocommerce'), get_permalink( woocommerce_get_page_id( 'myaccount' ) ) ) . "\n\n";
echo sprintf(__( 'You can access your account area here: %s.', 'woocommerce' ), get_permalink( woocommerce_get_page_id( 'myaccount' ) ) ) . "\n\n";
echo "\n****************************************************\n\n";