Steve-Dee-Designs
/
woocommerce
mirror of https://github.com/woocommerce/woocommerce.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[3.2.3] XSS #1575

This commit is contained in:
Mike Jolley 2012-10-16 15:46:21 +01:00
parent 80fc5fc086
commit 15eb48242a
23 changed files with 736 additions and 687 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
admin/includes/duplicate_product.php
View File

@ -86,7 +86,7 @@ function woocommerce_create_duplicate_from_product( $post, $parent = 0, $post_st
} else {
$post_parent = $post->post_parent;
$post_status = $post_status ? $post_status : 'draft';
$suffix = ' ' . __("(Copy)", 'woocommerce');
$suffix = ' ' . __( '(Copy)', 'woocommerce' );
}
$new_post_type = $post->post_type;

34
admin/post-types/product.php
View File

@ -28,8 +28,8 @@ function woocommerce_duplicate_product_link_row($actions, $post) {
if ( $post->post_type != 'product' )
return $actions;
$actions['duplicate'] = '<a href="' . wp_nonce_url( admin_url( 'admin.php?action=duplicate_product&amp;post=' . $post->ID ), 'woocommerce-duplicate-product_' . $post->ID ) . '" title="' . __("Make a duplicate from this product", 'woocommerce')
. '" rel="permalink">' . __("Duplicate", 'woocommerce') . '</a>';
$actions['duplicate'] = '<a href="' . wp_nonce_url( admin_url( 'admin.php?action=duplicate_product&amp;post=' . $post->ID ), 'woocommerce-duplicate-product_' . $post->ID ) . '" title="' . __( 'Make a duplicate from this product', 'woocommerce' )
. '" rel="permalink">' . __( 'Duplicate', 'woocommerce' ) . '</a>';
return $actions;
}
@ -55,12 +55,12 @@ function woocommerce_duplicate_product_post_button() {
if ( $post->post_type != 'product' ) return;
if ( isset( $_GET['post'] ) ) :
$notifyUrl = wp_nonce_url( admin_url( "admin.php?action=duplicate_product&post=" . $_GET['post'] ), 'woocommerce-duplicate-product_' . $_GET['post'] );
if ( isset( $_GET['post'] ) ) {
$notifyUrl = wp_nonce_url( admin_url( "admin.php?action=duplicate_product&post=" . absint( $_GET['post'] ) ), 'woocommerce-duplicate-product_' . $_GET['post'] );
?>
<div id="duplicate-action"><a class="submitduplicate duplication" href="<?php echo esc_url( $notifyUrl ); ?>"><?php _e( 'Copy to a new draft', 'woocommerce' ); ?></a></div>
<?php
endif;
}
}
add_action( 'post_submitbox_start', 'woocommerce_duplicate_product_post_button' );
@ -79,23 +79,23 @@ function woocommerce_edit_product_columns($columns){
$columns = array();
$columns["cb"] = "<input type=\"checkbox\" />";
$columns["thumb"] = __("Image", 'woocommerce');
$columns["thumb"] = __( 'Image', 'woocommerce' );
$columns["name"] = __("Name", 'woocommerce');
$columns["name"] = __( 'Name', 'woocommerce' );
if (get_option('woocommerce_enable_sku', true) == 'yes')
$columns["sku"] = __("SKU", 'woocommerce');
$columns["sku"] = __( 'SKU', 'woocommerce' );
if (get_option('woocommerce_manage_stock')=='yes')
$columns["is_in_stock"] = __("Stock", 'woocommerce');
$columns["is_in_stock"] = __( 'Stock', 'woocommerce' );
$columns["price"] = __("Price", 'woocommerce');
$columns["price"] = __( 'Price', 'woocommerce' );
$columns["product_cat"] = __("Categories", 'woocommerce');
$columns["product_tag"] = __("Tags", 'woocommerce');
$columns["featured"] = '<img src="' . $woocommerce->plugin_url() . '/assets/images/featured.png" alt="' . __("Featured", 'woocommerce') . '" class="tips" data-tip="' . __("Featured", 'woocommerce') . '" width="12" height="12" />';
$columns["product_type"] = '<img src="' . $woocommerce->plugin_url() . '/assets/images/product_type_head.png" alt="' . __("Type", 'woocommerce') . '" class="tips" data-tip="' . __("Type", 'woocommerce') . '" width="14" height="12" />';
$columns["date"] = __("Date", 'woocommerce');
$columns["product_cat"] = __( 'Categories', 'woocommerce' );
$columns["product_tag"] = __( 'Tags', 'woocommerce' );
$columns["featured"] = '<img src="' . $woocommerce->plugin_url() . '/assets/images/featured.png" alt="' . __( 'Featured', 'woocommerce' ) . '" class="tips" data-tip="' . __( 'Featured', 'woocommerce' ) . '" width="12" height="12" />';
$columns["product_type"] = '<img src="' . $woocommerce->plugin_url() . '/assets/images/product_type_head.png" alt="' . __( 'Type', 'woocommerce' ) . '" class="tips" data-tip="' . __( 'Type', 'woocommerce' ) . '" width="14" height="12" />';
$columns["date"] = __( 'Date', 'woocommerce' );
return $columns;
}
@ -513,13 +513,13 @@ function woocommerce_admin_product_search_label($query) {
$sku = get_query_var( 'sku' );
if($sku) {
$post_type = get_post_type_object($wp->query_vars['post_type']);
return sprintf(__("[%s with SKU of %s]", 'woocommerce'), $post_type->labels->singular_name, $sku);
return sprintf(__( '[%s with SKU of %s]', 'woocommerce' ), $post_type->labels->singular_name, $sku);
}
$p = get_query_var( 'p' );
if ($p) {
$post_type = get_post_type_object($wp->query_vars['post_type']);
return sprintf(__("[%s with ID of %d]", 'woocommerce'), $post_type->labels->singular_name, $p);
return sprintf(__( '[%s with ID of %d]', 'woocommerce' ), $post_type->labels->singular_name, $p);
}
return $query;

41
admin/post-types/shop_coupon.php
View File

@ -22,13 +22,13 @@ function woocommerce_edit_coupon_columns($columns){
$columns = array();
$columns["cb"] = "<input type=\"checkbox\" />";
$columns["title"] = __("Code", 'woocommerce');
$columns["type"] = __("Coupon type", 'woocommerce');
$columns["amount"] = __("Coupon amount", 'woocommerce');
$columns["description"] = __("Description", 'woocommerce');
$columns["products"] = __("Product IDs", 'woocommerce');
$columns["usage"] = __("Usage / Limit", 'woocommerce');
$columns["expiry_date"] = __("Expiry date", 'woocommerce');
$columns["title"] = __( 'Code', 'woocommerce' );
$columns["type"] = __( 'Coupon type', 'woocommerce' );
$columns["amount"] = __( 'Coupon amount', 'woocommerce' );
$columns["description"] = __( 'Description', 'woocommerce' );
$columns["products"] = __( 'Product IDs', 'woocommerce' );
$columns["usage"] = __( 'Usage / Limit', 'woocommerce' );
$columns["expiry_date"] = __( 'Expiry date', 'woocommerce' );
return $columns;
}
@ -48,24 +48,30 @@ function woocommerce_custom_coupon_columns($column) {
switch ( $column ) {
case "type" :
echo $woocommerce->get_coupon_discount_type( get_post_meta( $post->ID, 'discount_type', true ) );
echo esc_html( $woocommerce->get_coupon_discount_type( get_post_meta( $post->ID, 'discount_type', true ) ) );
break;
case "amount" :
echo get_post_meta( $post->ID, 'coupon_amount', true );
echo esc_html( get_post_meta( $post->ID, 'coupon_amount', true ) );
break;
case "products" :
$product_ids = get_post_meta($post->ID, 'product_ids', true) ? explode(',', get_post_meta($post->ID, 'product_ids', true)) : array();
if ( sizeof( $product_ids ) > 0 ) echo implode( ', ', $product_ids ); else echo '&ndash;';
$product_ids = get_post_meta( $post->ID, 'product_ids', true );
$product_ids = $product_ids ? array_map( 'absint', explode( ',', $product_ids ) ) : array();
if ( sizeof( $product_ids ) > 0 )
echo esc_html( implode( ', ', $product_ids ) );
else
echo '&ndash;';
break;
case "usage_limit" :
$usage_limit = get_post_meta( $post->ID, 'usage_limit', true );
if ( $usage_limit ) echo $usage_limit; else echo '&ndash;';
if ( $usage_limit )
echo esc_html( $usage_limit );
else
echo '&ndash;';
break;
case "usage" :
$usage_count = absint( get_post_meta( $post->ID, 'usage_count', true ) );
$usage_limit = get_post_meta($post->ID, 'usage_limit', true);
$usage_limit = esc_html( get_post_meta($post->ID, 'usage_limit', true) );
if ( $usage_limit )
printf( __( '%s / %s', 'woocommerce' ), $usage_count, $usage_limit );
@ -75,10 +81,13 @@ function woocommerce_custom_coupon_columns($column) {
case "expiry_date" :
$expiry_date = get_post_meta($post->ID, 'expiry_date', true);
if ( $expiry_date ) echo date_i18n( 'F j, Y', strtotime( $expiry_date ) ); else echo '&ndash;';
if ( $expiry_date )
echo esc_html( date_i18n( 'F j, Y', strtotime( $expiry_date ) ) );
else
echo '&ndash;';
break;
case "description" :
echo $post->post_excerpt;
echo wp_kses_post( $post->post_excerpt );
break;
}
}

127
admin/post-types/shop_order.php
View File

@ -40,15 +40,15 @@ function woocommerce_edit_order_columns($columns){
$columns = array();
$columns["cb"] = "<input type=\"checkbox\" />";
$columns["order_status"] = __("Status", 'woocommerce');
$columns["order_title"] = __("Order", 'woocommerce');
$columns["billing_address"] = __("Billing", 'woocommerce');
$columns["shipping_address"] = __("Shipping", 'woocommerce');
$columns["total_cost"] = __("Order Total", 'woocommerce');
$columns["order_comments"] = '<img alt="' . esc_attr__( 'Order Notes', 'woocommerce' ) . '" src="' . $woocommerce->plugin_url() . '/assets/images/order-notes_head.png" class="tips" data-tip="' . __("Order Notes", 'woocommerce') . '" width="12" height="12" />';
$columns["note"] = '<img src="' . $woocommerce->plugin_url() . '/assets/images/note_head.png" alt="' . __("Customer Notes", 'woocommerce') . '" class="tips" data-tip="' . __("Customer Notes", 'woocommerce') . '" width="12" height="12" />';
$columns["order_date"] = __("Date", 'woocommerce');
$columns["order_actions"] = __("Actions", 'woocommerce');
$columns["order_status"] = __( 'Status', 'woocommerce' );
$columns["order_title"] = __( 'Order', 'woocommerce' );
$columns["billing_address"] = __( 'Billing', 'woocommerce' );
$columns["shipping_address"] = __( 'Shipping', 'woocommerce' );
$columns["total_cost"] = __( 'Order Total', 'woocommerce' );
$columns["order_comments"] = '<img alt="' . esc_attr__( 'Order Notes', 'woocommerce' ) . '" src="' . $woocommerce->plugin_url() . '/assets/images/order-notes_head.png" class="tips" data-tip="' . __( 'Order Notes', 'woocommerce' ) . '" width="12" height="12" />';
$columns["note"] = '<img src="' . $woocommerce->plugin_url() . '/assets/images/note_head.png" alt="' . __( 'Customer Notes', 'woocommerce' ) . '" class="tips" data-tip="' . __( 'Customer Notes', 'woocommerce' ) . '" width="12" height="12" />';
$columns["order_date"] = __( 'Date', 'woocommerce' );
$columns["order_actions"] = __( 'Actions', 'woocommerce' );
return $columns;
}
@ -71,69 +71,64 @@ function woocommerce_custom_order_columns( $column ) {
switch ( $column ) {
case "order_status" :
printf( '<mark class="%s">%s</mark>', sanitize_title($order->status), __($order->status, 'woocommerce') );
printf( '<mark class="%s">%s</mark>', sanitize_title( $order->status ), esc_html__( $order->status, 'woocommerce' ) );
break;
case "order_title" :
if ($order->user_id) $user_info = get_userdata($order->user_id);
if ( $order->user_id )
$user_info = get_userdata( $order->user_id );
if (isset($user_info) && $user_info) :
if ( ! empty( $user_info ) ) {
$user = '<a href="user-edit.php?user_id=' . esc_attr( $user_info->ID ) . '">';
$user = '<a href="user-edit.php?user_id=' . absint( $user_info->ID ) . '">';
if ($user_info->first_name || $user_info->last_name) $user .= $user_info->first_name.' '.$user_info->last_name;
else $user .= esc_html( $user_info->display_name );
if ( $user_info->first_name || $user_info->last_name )
$user .= esc_html( $user_info->first_name . ' ' . $user_info->last_name );
else
$user .= esc_html( $user_info->display_name );
$user .= '</a>';
else :
} else {
$user = __( 'Guest', 'woocommerce' );
endif;
}
echo '<a href="'.admin_url('post.php?post='.$post->ID.'&action=edit').'"><strong>'.sprintf( __( 'Order %s', 'woocommerce' ), $order->get_order_number() ).'</strong></a> ' . __( 'made by', 'woocommerce' ) . ' ' . $user;
echo '<a href="' . admin_url( 'post.php?post=' . absint( $post->ID ) . '&action=edit' ) . '"><strong>' . sprintf( __( 'Order %s', 'woocommerce' ), esc_attr( $order->get_order_number() ) ) . '</strong></a> ' . __( 'made by', 'woocommerce' ) . ' ' . $user;
if ($order->billing_email) :
if ( $order->billing_email )
echo '<small class="meta">' . __( 'Email:', 'woocommerce' ) . ' ' . '<a href="' . esc_url( 'mailto:' . $order->billing_email ) . '">' . esc_html( $order->billing_email ) . '</a></small>';
endif;
if ($order->billing_phone) :
if ( $order->billing_phone )
echo '<small class="meta">' . __( 'Tel:', 'woocommerce' ) . ' ' . esc_html( $order->billing_phone ) . '</small>';
endif;
break;
case "billing_address" :
if ($order->get_formatted_billing_address()) :
echo '<a target="_blank" href="' . esc_url( 'http://maps.google.com/maps?&q='.urlencode( $order->get_billing_address() ).'&z=16' ) . '">'. preg_replace('#<br\s*/?>#i', ', ', $order->get_formatted_billing_address()) .'</a>';
else :
if ( $order->get_formatted_billing_address() )
echo '<a target="_blank" href="' . esc_url( 'http://maps.google.com/maps?&q=' . urlencode( $order->get_billing_address() ) . '&z=16' ) . '">' . esc_html( preg_replace( '#<br\s*/?>#i', ', ', $order->get_formatted_billing_address() ) ) .'</a>';
else
echo '&ndash;';
endif;
if ($order->payment_method_title) :
if ( $order->payment_method_title )
echo '<small class="meta">' . __( 'Via', 'woocommerce' ) . ' ' . esc_html( $order->payment_method_title ) . '</small>';
endif;
break;
case "shipping_address" :
if ($order->get_formatted_shipping_address()) :
echo '<a target="_blank" href="' . esc_url( 'http://maps.google.com/maps?&q='.urlencode( $order->get_shipping_address() ).'&z=16' ) .'">'. preg_replace('#<br\s*/?>#i', ', ', $order->get_formatted_shipping_address()) .'</a>';
else :
if ( $order->get_formatted_shipping_address() )
echo '<a target="_blank" href="' . esc_url( 'http://maps.google.com/maps?&q=' . urlencode( $order->get_shipping_address() ) . '&z=16' ) . '">'. esc_html( preg_replace('#<br\s*/?>#i', ', ', $order->get_formatted_shipping_address() ) ) .'</a>';
else
echo '&ndash;';
endif;
if ($order->shipping_method_title) :
if ( $order->shipping_method_title )
echo '<small class="meta">' . __( 'Via', 'woocommerce' ) . ' ' . esc_html( $order->shipping_method_title ) . '</small>';
endif;
break;
case "total_cost" :
echo $order->get_formatted_order_total();
echo esc_html( strip_tags( $order->get_formatted_order_total() ) );
break;
case "order_date" :
if ( '0000-00-00 00:00:00' == $post->post_date ) :
if ( '0000-00-00 00:00:00' == $post->post_date ) {
$t_time = $h_time = __( 'Unpublished', 'woocommerce' );
else :
} else {
$t_time = get_the_time( __( 'Y/m/d g:i:s A', 'woocommerce' ), $post );
$gmt_time = strtotime( $post->post_date_gmt );
@ -143,9 +138,9 @@ function woocommerce_custom_order_columns( $column ) {
$h_time = sprintf( __( '%s ago', 'woocommerce' ), human_time_diff( $gmt_time, current_time('timestamp', 1) ) );
else
$h_time = get_the_time( __( 'Y/m/d', 'woocommerce' ), $post );
endif;
}
echo '<abbr title="' . $t_time . '">' . apply_filters( 'post_date_column_time', $h_time, $post ) . '</abbr>';
echo '<abbr title="' . esc_attr( $t_time ) . '">' . esc_html( apply_filters( 'post_date_column_time', $h_time, $post ) ) . '</abbr>';
break;
case "order_actions" :
@ -180,7 +175,7 @@ function woocommerce_custom_order_columns( $column ) {
foreach ( $actions as $action ) {
$image = ( isset( $action['image_url'] ) ) ? $action['image_url'] : $woocommerce->plugin_url() . '/assets/images/icons/' . $action['action'] . '.png';
printf( '<a class="button tips" href="%s" data-tip="%s"><img src="%s" alt="%s" width="14" /></a>', $action['url'], $action['name'], $image, $action['name'] );
printf( '<a class="button tips" href="%s" data-tip="%s"><img src="%s" alt="%s" width="14" /></a>', esc_url( $action['url'] ), esc_attr( $action['name'] ), esc_attr( $image ), esc_attr( $action['name'] ) );
}
do_action( 'woocommerce_admin_order_actions_end', $order );
@ -199,7 +194,7 @@ function woocommerce_custom_order_columns( $column ) {
case "order_comments" :
echo '<div class="post-com-count-wrapper">
<a href="'. admin_url('post.php?post='.$post->ID.'&action=edit') .'" class="post-com-count"><span class="comment-count">'. $post->comment_count .'</span></a>
<a href="'. esc_url( admin_url('post.php?post=' . $post->ID . '&action=edit') ) .'" class="post-com-count"><span class="comment-count">'. $post->comment_count .'</span></a>
</div>';
break;
}
@ -219,12 +214,12 @@ function woocommerce_custom_order_views( $views ) {
unset( $views['publish'] );
if (isset($views['trash'])) :
if ( isset( $views['trash'] ) ) {
$trash = $views['trash'];
unset( $views['draft'] );
unset( $views['trash'] );
$views['trash'] = $trash;
endif;
}
return $views;
}
@ -240,10 +235,10 @@ add_filter('views_edit-shop_order', 'woocommerce_custom_order_views');
* @return array
*/
function woocommerce_remove_row_actions( $actions ) {
if( get_post_type() === 'shop_order' ) :
if( get_post_type() === 'shop_order' ) {
unset( $actions['view'] );
unset( $actions['inline hide-if-no-js'] );
endif;
}
return $actions;
}
@ -288,12 +283,12 @@ function woocommerce_restrict_manage_orders() {
$terms = get_terms('shop_order_status');
foreach ( $terms as $term ) {
echo '<option value="' . $term->slug . '"';
echo '<option value="' . esc_attr( $term->slug ) . '"';
if ( isset( $wp_query->query['shop_order_status'] ) )
selected( $term->slug, $wp_query->query['shop_order_status'] );
echo '>' . __( $term->name, 'woocommerce' ) . ' (' . $term->count . ')</option>';
echo '>' . esc_html__( $term->name, 'woocommerce' ) . ' (' . absint( $term->count ) . ')</option>';
}
?>
</select>
@ -306,9 +301,9 @@ function woocommerce_restrict_manage_orders() {
<?php
if ( ! empty( $_GET['_customer_user'] ) ) {
$user = get_user_by( 'id', absint( $_GET['_customer_user'] ) );
echo '<option value="' . $user->ID . '" ';
echo '<option value="' . absint( $user->ID ) . '" ';
selected( 1, 1 );
echo '>' . $user->display_name . ' (#' . $user->ID . ' &ndash; ' . $user->user_email . ')</option>';
echo '>' . esc_html( $user->display_name ) . ' (#' . absint( $user->ID ) . ' &ndash; ' . esc_html( $user->user_email ) . ')</option>';
}
?>
</select>
@ -354,12 +349,12 @@ add_action('restrict_manage_posts', 'woocommerce_restrict_manage_orders' );
*/
function woocommerce_orders_by_customer_query( $vars ) {
global $typenow, $wp_query;
if ($typenow=='shop_order' && isset( $_GET['_customer_user'] ) && $_GET['_customer_user']>0) :
if ( $typenow == 'shop_order' && isset( $_GET['_customer_user'] ) && $_GET['_customer_user'] > 0 ) {
$vars['meta_key'] = '_customer_user';
$vars['meta_value'] = (int) $_GET['_customer_user'];
endif;
}
return $vars;
}
@ -399,17 +394,18 @@ add_filter("manage_edit-shop_order_sortable_columns", 'woocommerce_custom_shop_o
*/
function woocommerce_custom_shop_order_orderby( $vars ) {
global $typenow, $wp_query;
if ($typenow!='shop_order') return $vars;
if ( $typenow != 'shop_order' )
return $vars;
// Sorting
if (isset( $vars['orderby'] )) :
if ( 'order_total' == $vars['orderby'] ) :
if ( isset( $vars['orderby'] ) ) {
if ( 'order_total' == $vars['orderby'] ) {
$vars = array_merge( $vars, array(
'meta_key' => '_order_total',
'orderby' => 'meta_value_num'
) );
endif;
endif;
}
}
return $vars;
}
@ -431,7 +427,7 @@ function woocommerce_shop_order_search_custom_fields( $wp ) {
if ( ! isset( $wp->query_vars['s'] ) || ! $wp->query_vars['s'] ) return $wp;
if ( $wp->query_vars['post_type'] != 'shop_order' ) return $wp;
$search_fields = apply_filters( 'woocommerce_shop_order_search_fields', array(
$search_fields = array_map( 'esc_attr', apply_filters( 'woocommerce_shop_order_search_fields', array(
'_order_key',
'_billing_first_name',
'_billing_last_name',
@ -445,10 +441,14 @@ function woocommerce_shop_order_search_custom_fields( $wp ) {
'_billing_email',
'_order_items',
'_billing_phone'
) );
) ) );
// Query matching custom fields - this seems faster than meta_query
$post_ids = $wpdb->get_col($wpdb->prepare('SELECT post_id FROM '.$wpdb->postmeta.' WHERE meta_key IN ('.'"'.implode('","', $search_fields).'"'.') AND meta_value LIKE "%%%s%%"', esc_attr($_GET['s']) ));
$post_ids = $wpdb->get_col(
$wpdb->prepare(
"SELECT post_id FROM " . $wpdb->postmeta . " WHERE meta_key IN ('" . implode( "','", $search_fields ) . "') AND meta_value LIKE '%%%s%%'", esc_attr( $_GET['s'] )
)
);
// Query matching excerpts and titles
$post_ids = array_merge( $post_ids, $wpdb->get_col( $wpdb->prepare('
@ -474,7 +474,8 @@ function woocommerce_shop_order_search_custom_fields( $wp ) {
// Add ID
$search_order_id = str_replace( 'Order #', '', $_GET['s'] );
if (is_numeric($search_order_id)) $post_ids[] = $search_order_id;
if ( is_numeric( $search_order_id ) )
$post_ids[] = $search_order_id;
// Add blank ID so not all results are returned if the search finds nothing
$post_ids[] = 0;

360
admin/post-types/writepanels/writepanel-order_data.php
View File

@ -7,7 +7,7 @@
* @author WooThemes
* @category Admin
* @package WooCommerce/Admin/WritePanels
* @version 1.6.4
* @version 1.7.0
*/
if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
@ -20,32 +20,30 @@ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
* @return void
*/
function woocommerce_order_data_meta_box($post) {
global $post, $wpdb, $thepostid, $order_status, $woocommerce;
$thepostid = $post->ID;
$thepostid = absint( $post->ID );
$order = new WC_Order( $thepostid );
wp_nonce_field( 'woocommerce_save_data', 'woocommerce_meta_nonce' );
// Custom user
$customer_user = (int) get_post_meta($post->ID, '_customer_user', true);
$customer_user = absint( get_post_meta( $post->ID, '_customer_user', true ) );
// Order status
$order_status = wp_get_post_terms( $post->ID, 'shop_order_status' );
if ($order_status) :
if ( $order_status ) {
$order_status = current( $order_status );
$order_status = $order_status->slug;
else :
$order_status = apply_filters( 'woocommerce_default_order_status', 'pending' );
endif;
$order_status = sanitize_title( $order_status->slug );
} else {
$order_status = sanitize_title( apply_filters( 'woocommerce_default_order_status', 'pending' ) );
}
if (!isset($post->post_title) || empty($post->post_title)) :
if ( empty( $post->post_title ) )
$order_title = 'Order';
else :
else
$order_title = $post->post_title;
endif;
?>
<style type="text/css">
#titlediv, #major-publishing-actions, #minor-publishing-actions, #visibility, #submitdiv { display:none }
@ -57,17 +55,15 @@ function woocommerce_order_data_meta_box($post) {
<div class="order_data_left">
<h2><?php _e( 'Order Details', 'woocommerce' ); ?> &mdash; <?php echo $order->get_order_number(); ?></h2>
<h2><?php _e( 'Order Details', 'woocommerce' ); ?> &mdash; <?php echo esc_html( $order->get_order_number() ); ?></h2>
<p class="form-field"><label for="order_status"><?php _e( 'Order status:', 'woocommerce' ) ?></label>
<select id="order_status" name="order_status" class="chosen_select">
<?php
$statuses = (array) get_terms( 'shop_order_status', array( 'hide_empty' => 0, 'orderby' => 'id' ) );
foreach ($statuses as $status) :
echo '<option value="'.$status->slug.'" ';
if ($status->slug==$order_status) echo 'selected="selected"';
echo '>'.__($status->name, 'woocommerce').'</option>';
endforeach;
foreach ( $statuses as $status ) {
echo '<option value="' . esc_attr( $status->slug ) . '" ' . selected( $status->slug, $order_status, false ) . '>' . esc_html__( $status->name, 'woocommerce' ) . '</option>';
}
?>
</select></p>
@ -82,9 +78,7 @@ function woocommerce_order_data_meta_box($post) {
<?php
if ( $customer_user ) {
$user = get_user_by( 'id', $customer_user );
echo '<option value="' . $user->ID . '" ';
selected( 1, 1 );
echo '>' . $user->display_name . ' (#' . $user->ID . ' &ndash; ' . $user->user_email . ')</option>';
echo '<option value="' . esc_attr( $user->ID ) . '" ' . selected( 1, 1, false ) . '>' . esc_html( $user->display_name ) . ' (#' . absint( $user->ID ) . ' &ndash; ' . esc_html( $user->user_email ) . ')</option>';
}
?>
</select>
@ -119,7 +113,7 @@ function woocommerce_order_data_meta_box($post) {
<?php if( get_option( 'woocommerce_enable_order_comments' ) != 'no' ) : ?>
<p class="form-field form-field-wide"><label for="excerpt"><?php _e( 'Customer Note:', 'woocommerce' ) ?></label>
<textarea rows="1" cols="40" name="excerpt" tabindex="6" id="excerpt" placeholder="<?php _e( 'Customer\'s notes about the order', 'woocommerce' ); ?>"><?php echo $post->post_excerpt; ?></textarea></p>
<textarea rows="1" cols="40" name="excerpt" tabindex="6" id="excerpt" placeholder="<?php _e( 'Customer\'s notes about the order', 'woocommerce' ); ?>"><?php echo wp_kses_post( $post->post_excerpt ); ?></textarea></p>
<?php endif; ?>
<?php do_action( 'woocommerce_admin_order_data_after_order_details', $order ); ?>
@ -179,20 +173,27 @@ function woocommerce_order_data_meta_box($post) {
// Display values
echo '<div class="address">';
if ($order->get_formatted_billing_address()) echo '<p><strong>'.__( 'Address', 'woocommerce' ).':</strong><br/> ' .$order->get_formatted_billing_address().'</p>'; else echo '<p class="none_set"><strong>'.__( 'Address', 'woocommerce' ).':</strong> ' . __( 'No billing address set.', 'woocommerce' ) . '</p>';
if ( $order->get_formatted_billing_address() )
echo '<p><strong>' . __( 'Address', 'woocommerce' ) . ':</strong><br/> ' . $order->get_formatted_billing_address() . '</p>';
else
echo '<p class="none_set"><strong>' . __( 'Address', 'woocommerce' ) . ':</strong> ' . __( 'No billing address set.', 'woocommerce' ) . '</p>';
foreach ( $billing_data as $key => $field ) : if (isset($field['show']) && !$field['show']) continue;
foreach ( $billing_data as $key => $field ) {
if ( empty( $field['show'] ) )
continue;
$field_name = 'billing_' . $key;
if ( $order->$field_name ) echo '<p><strong>'.$field['label'].':</strong> '.$order->$field_name.'</p>';
endforeach;
if ( $order->$field_name )
echo '<p><strong>' . esc_html( $field['label'] ) . ':</strong> ' . esc_html( $order->$field_name ) . '</p>';
}
echo '</div>';
// Display form
echo '<div class="edit_address"><p><button class="button load_customer_billing">'.__( 'Load billing address', 'woocommerce' ).'</button></p>';
foreach ( $billing_data as $key => $field ) :
if (!isset($field['type'])) $field['type'] = 'text';
foreach ( $billing_data as $key => $field ) {
if ( ! isset( $field['type'] ) )
$field['type'] = 'text';
switch ( $field['type'] ) {
case "select" :
woocommerce_wp_select( array( 'id' => '_billing_' . $key, 'label' => $field['label'], 'options' => $field['options'] ) );
@ -201,7 +202,7 @@ function woocommerce_order_data_meta_box($post) {
woocommerce_wp_text_input( array( 'id' => '_billing_' . $key, 'label' => $field['label'] ) );
break;
}
endforeach;
}
echo '</div>';
@ -256,20 +257,27 @@ function woocommerce_order_data_meta_box($post) {
// Display values
echo '<div class="address">';
if ($order->get_formatted_shipping_address()) echo '<p><strong>'.__( 'Address', 'woocommerce' ).':</strong><br/> ' .$order->get_formatted_shipping_address().'</p>'; else echo '<p class="none_set"><strong>'.__( 'Address', 'woocommerce' ).':</strong> ' . __( 'No shipping address set.', 'woocommerce' ) . '</p>';
if ( $order->get_formatted_shipping_address() )
echo '<p><strong>' . __( 'Address', 'woocommerce' ) . ':</strong><br/> ' . $order->get_formatted_shipping_address() . '</p>';
else
echo '<p class="none_set"><strong>' . __( 'Address', 'woocommerce' ) . ':</strong> ' . __( 'No shipping address set.', 'woocommerce' ) . '</p>';
if ( $shipping_data ) foreach ( $shipping_data as $key => $field ) : if (isset($field['show']) && !$field['show']) continue;
if ( $shipping_data ) foreach ( $shipping_data as $key => $field ) {
if ( empty( $field['show'] ) )
continue;
$field_name = 'shipping_' . $key;
if ( $order->$field_name ) echo '<p><strong>'.$field['label'].':</strong> '.$order->$field_name.'</p>';
endforeach;
if ( $order->$field_name )
echo '<p><strong>' . esc_html( $field['label'] ) . ':</strong> ' . esc_html( $order->$field_name ) . '</p>';
}
echo '</div>';
// Display form
echo '<div class="edit_address"><p><button class="button load_customer_shipping">' . __( 'Load shipping address', 'woocommerce' ) . '</button> <button class="button billing-same-as-shipping">'. __( 'Copy from billing', 'woocommerce' ) . '</button></p>';
if ( $shipping_data ) foreach ( $shipping_data as $key => $field ) :
if (!isset($field['type'])) $field['type'] = 'text';
if ( $shipping_data ) foreach ( $shipping_data as $key => $field ) {
if ( ! isset( $field['type'] ) )
$field['type'] = 'text';
switch ( $field['type'] ) {
case "select" :
woocommerce_wp_select( array( 'id' => '_shipping_' . $key, 'label' => $field['label'], 'options' => $field['options'] ) );
@ -278,7 +286,7 @@ function woocommerce_order_data_meta_box($post) {
woocommerce_wp_text_input( array( 'id' => '_shipping_' . $key, 'label' => $field['label'] ) );
break;
}
endforeach;
}
echo '</div>';
@ -287,7 +295,6 @@ function woocommerce_order_data_meta_box($post) {
</div>
</div>
<div class="clear"></div>
</div>
</div>
<?php
@ -310,6 +317,7 @@ function woocommerce_order_items_meta_box($post) {
<th class="thumb" width="1%"><?php _e( 'Item', 'woocommerce' ); ?></th>
<th class="sku"><?php _e( 'SKU', 'woocommerce' ); ?></th>
<th class="name"><?php _e( 'Name', 'woocommerce' ); ?></th>
<?php do_action( 'woocommerce_admin_order_item_headers' ); ?>
<th class="tax_class"><?php _e( 'Tax Class', 'woocommerce' ); ?>&nbsp;<a class="tips" data-tip="<?php _e( 'Tax class for the line item', 'woocommerce' ); ?>." href="#">[?]</a></th>
@ -324,32 +332,43 @@ function woocommerce_order_items_meta_box($post) {
</thead>
<tbody id="order_items_list">
<?php $loop = 0; if (sizeof($order_items)>0 && isset($order_items[0]['id'])) foreach ($order_items as $item) :
<?php $loop = 0; if ( sizeof( $order_items ) > 0 && isset( $order_items[0]['id'] ) ) foreach ( $order_items as $item ) {
if (isset($item['variation_id']) && $item['variation_id'] > 0) :
if ( isset( $item['variation_id'] ) && $item['variation_id'] > 0 )
$_product = new WC_Product_Variation( $item['variation_id'] );
else :
else
$_product = new WC_Product( $item['id'] );
endif;
// Totals - Backwards Compatibility
if (!isset($item['line_total']) && isset($item['taxrate']) && isset($item['cost'])) :
if ( ! isset( $item['line_total'] ) && isset( $item['taxrate'] ) && isset( $item['cost'] ) ) {
$item['line_tax'] = number_format( ($item['cost'] * $item['qty'] ) * ( $item['taxrate']/100 ), 2, '.', '' );
$item['line_total'] = ($item['cost'] * $item['qty']);
$item['line_total'] = $item['cost'] * $item['qty'];
$item['line_subtotal_tax'] = $item['line_tax'];
$item['line_subtotal'] = $item['line_total'];
endif;
}
?>
<tr class="item" rel="<?php echo $loop; ?>">
<td class="thumb">
<a href="<?php echo esc_url( admin_url('post.php?post='. $_product->id .'&action=edit') ); ?>" class="tips" data-tip="<?php
echo '<strong>'.__( 'Product ID:', 'woocommerce' ).'</strong> '. $item['id'];
echo '<br/><strong>'.__( 'Variation ID:', 'woocommerce' ).'</strong> '; if ($item['variation_id']) echo $item['variation_id']; else echo '-';
echo '<br/><strong>'.__( 'Product SKU:', 'woocommerce' ).'</strong> '; if ($_product->sku) echo $_product->sku; else echo '-';
<a href="<?php echo esc_url( admin_url( 'post.php?post=' . absint( $_product->id ) . '&action=edit' ) ); ?>" class="tips" data-tip="<?php
echo '<strong>' . __( 'Product ID:', 'woocommerce' ) . '</strong> ' . absint( $item['id'] );
echo '<br/><strong>' . __( 'Variation ID:', 'woocommerce' ) . '</strong> ';
if ( $item['variation_id'] )
echo $item['variation_id'];
else
echo '-';
echo '<br/><strong>' . __( 'Product SKU:', 'woocommerce' ).'</strong> ';
if ( $_product->sku )
echo esc_html( $_product->sku );
else
echo '-';
?>"><?php echo $_product->get_image(); ?></a>
</td>
<td class="sku" width="1%">
<?php if ($_product->sku) echo $_product->sku; else echo '-'; ?>
<?php if ($_product->sku) echo esc_html( $_product->sku ); else echo '-'; ?>
<input type="hidden" class="item_id" name="item_id[<?php echo $loop; ?>]" value="<?php echo esc_attr( $item['id'] ); ?>" />
<input type="hidden" name="item_name[<?php echo $loop; ?>]" value="<?php echo esc_attr( $item['name'] ); ?>" />
<input type="hidden" name="item_variation[<?php echo $loop; ?>]" value="<?php echo esc_attr( $item['variation_id'] ); ?>" />
@ -358,12 +377,14 @@ function woocommerce_order_items_meta_box($post) {
<div class="row-actions">
<span class="trash"><a class="remove_row" href="#"><?php _e( 'Delete item', 'woocommerce' ); ?></a> | </span>
<span class="view"><a href="<?php echo esc_url( admin_url('post.php?post='. $_product->id .'&action=edit') ); ?>"><?php _e( 'View product', 'woocommerce' ); ?></a>
<span class="view"><a href="<?php echo esc_url( admin_url( 'post.php?post='. absint( $_product->id ) .'&action=edit' ) ); ?>"><?php _e( 'View product', 'woocommerce' ); ?></a>
</div>
<?php echo $item['name']; ?>
<?php echo esc_html( $item['name'] ); ?>
<?php
if (isset($_product->variation_data)) echo '<br/>' . woocommerce_get_formatted_variation( $_product->variation_data, true );
if ( isset( $_product->variation_data ) )
echo '<br/>' . woocommerce_get_formatted_variation( $_product->variation_data, true );
?>
<table class="meta" cellspacing="0">
<tfoot>
@ -373,21 +394,21 @@ function woocommerce_order_items_meta_box($post) {
</tfoot>
<tbody class="meta_items">
<?php
if (isset($item['item_meta']) && is_array($item['item_meta']) && sizeof($item['item_meta'])>0) :
foreach ($item['item_meta'] as $key => $meta) :
if ( isset( $item['item_meta'] ) && is_array( $item['item_meta'] ) && sizeof( $item['item_meta'] ) > 0 ) {
foreach ( $item['item_meta'] as $key => $meta ) {
// Backwards compatibility
if (is_array($meta) && isset($meta['meta_name'])) :
if ( is_array( $meta ) && isset( $meta['meta_name'] ) ) {
$meta_name = $meta['meta_name'];
$meta_value = $meta['meta_value'];
else :
} else {
$meta_name = $key;
$meta_value = $meta;
endif;
}
echo '<tr><td><input type="text" name="meta_name[' . $loop . '][]" value="' . esc_attr( $meta_name ) . '" /></td><td><input type="text" name="meta_value[' . $loop . '][]" value="' . esc_attr( $meta_value ) . '" /></td><td width="1%"><button class="remove_meta button">&times;</button></td></tr>';
endforeach;
endif;
}
}
?>
</tbody>
</table>
@ -398,14 +419,19 @@ function woocommerce_order_items_meta_box($post) {
<td class="tax_class" width="1%">
<select class="tax_class" name="item_tax_class[<?php echo $loop; ?>]" title="<?php _e( 'Tax class', 'woocommerce' ); ?>">
<?php
$item_value = (isset($item['tax_class'])) ? sanitize_title($item['tax_class']) : '';
$item_value = isset( $item['tax_class'] ) ? sanitize_title( $item['tax_class'] ) : '';
$tax_classes = array_filter( array_map( 'trim', explode( "\n", get_option('woocommerce_tax_classes' ) ) ) );
$classes_options = array();
$classes_options[''] = __( 'Standard', 'woocommerce' );
if ($tax_classes) foreach ($tax_classes as $class) :
if ( $tax_classes )
foreach ( $tax_classes as $class )
$classes_options[ sanitize_title( $class ) ] = $class;
endforeach;
foreach ($classes_options as $value => $name) echo '<option value="'. $value .'" '.selected( $value, $item_value, false ).'>'. $name .'</option>';
foreach ( $classes_options as $value => $name )
echo '<option value="' . esc_attr( $value ) . '" ' . selected( $value, $item_value, false ) . '>'. esc_html( $name ) . '</option>';
?>
</select>
</td>
@ -427,7 +453,10 @@ function woocommerce_order_items_meta_box($post) {
</td>
</tr>
<?php $loop++; endforeach; ?>
<?php
$loop++;
}
?>
</tbody>
</table>
</div>
@ -533,14 +562,16 @@ function woocommerce_order_totals_meta_box($post) {
<li class="left">
<label><?php _e( 'Cart Discount:', 'woocommerce' ); ?></label>
<input type="text" id="_cart_discount" name="_cart_discount" placeholder="0.00" value="<?php
if (isset($data['_cart_discount'][0])) echo $data['_cart_discount'][0];
if ( isset( $data['_cart_discount'][0] ) )
echo esc_attr( $data['_cart_discount'][0] );
?>" class="calculated" />
</li>
<li class="right">
<label><?php _e( 'Order Discount:', 'woocommerce' ); ?></label>
<input type="text" id="_order_discount" name="_order_discount" placeholder="0.00" value="<?php
if (isset($data['_order_discount'][0])) echo $data['_order_discount'][0];
if ( isset( $data['_order_discount'][0] ) )
echo esc_attr( $data['_order_discount'][0] );
?>" />
</li>
@ -553,7 +584,9 @@ function woocommerce_order_totals_meta_box($post) {
<li class="left">
<label><?php _e( 'Cost ex. tax:', 'woocommerce' ); ?></label>
<input type="text" id="_order_shipping" name="_order_shipping" placeholder="0.00 <?php _e( '(ex. tax)', 'woocommerce' ); ?>" value="<?php if (isset($data['_order_shipping'][0])) echo $data['_order_shipping'][0];
<input type="text" id="_order_shipping" name="_order_shipping" placeholder="0.00 <?php _e( '(ex. tax)', 'woocommerce' ); ?>" value="<?php
if ( isset( $data['_order_shipping'][0] ) )
echo esc_attr( $data['_order_shipping'][0] );
?>" class="first" />
</li>
@ -567,14 +600,14 @@ function woocommerce_order_totals_meta_box($post) {
if ( $woocommerce->shipping ) {
foreach ( $woocommerce->shipping->load_shipping_methods() as $method ) {
echo '<option value="' . $method->id . '" ' . selected( ( strpos( $chosen_method, $method->id ) === 0 ), true, false ) . '>' . $method->get_title() . '</option>';
echo '<option value="' . esc_attr( $method->id ) . '" ' . selected( ( strpos( $chosen_method, $method->id ) === 0 ), true, false ) . '>' . esc_html( $method->get_title() ) . '</option>';
if ( strpos( $chosen_method, $method->id ) === 0 )
$found_method = true;
}
}
if ( ! $found_method && ! empty( $chosen_method ) ) {
echo '<option value="' . $chosen_method . '" selected="selected">' . __( 'Other', 'woocommerce' ) . '</option>';
echo '<option value="' . esc_attr( $chosen_method ) . '" selected="selected">' . __( 'Other', 'woocommerce' ) . '</option>';
} else {
echo '<option value="other">' . __( 'Other', 'woocommerce' ) . '</option>';
}
@ -584,7 +617,9 @@ function woocommerce_order_totals_meta_box($post) {
<li class="wide">
<label><?php _e( 'Shipping Title:', 'woocommerce' ); ?></label>
<input type="text" id="_shipping_method_title" name="_shipping_method_title" placeholder="<?php _e( 'The shipping title the customer sees', 'woocommerce' ); ?>" value="<?php if (isset($data['_shipping_method_title'][0])) echo $data['_shipping_method_title'][0];
<input type="text" id="_shipping_method_title" name="_shipping_method_title" placeholder="<?php _e( 'The shipping title the customer sees', 'woocommerce' ); ?>" value="<?php
if ( isset( $data['_shipping_method_title'][0] ) )
echo esc_attr( $data['_shipping_method_title'][0] );
?>" class="first" />
</li>
@ -597,14 +632,14 @@ function woocommerce_order_totals_meta_box($post) {
<div id="tax_rows">
<?php
$loop = 0;
$taxes = (isset($data['_order_taxes'][0])) ? maybe_unserialize($data['_order_taxes'][0]) : '';
if (is_array($taxes) && sizeof($taxes)>0) :
foreach ($taxes as $tax) :
$taxes = isset( $data['_order_taxes'][0] ) ? maybe_unserialize( $data['_order_taxes'][0] ) : '';
if ( is_array( $taxes ) && sizeof( $taxes ) > 0 ) {
foreach ( $taxes as $tax ) {
?>
<div class="tax_row">
<p class="first">
<label><?php _e( 'Tax Label:', 'woocommerce' ); ?></label>
<input type="text" name="_order_taxes_label[<?php echo $loop; ?>]" placeholder="<?php echo $woocommerce->countries->tax_or_vat(); ?>" value="<?php echo $tax['label']; ?>" />
<input type="text" name="_order_taxes_label[<?php echo $loop; ?>]" placeholder="<?php echo $woocommerce->countries->tax_or_vat(); ?>" value="<?php echo esc_attr( $tax['label'] ); ?>" />
</p>
<p class="last">
<label><?php _e( 'Compound:', 'woocommerce' ); ?>
@ -612,19 +647,19 @@ function woocommerce_order_totals_meta_box($post) {
</p>
<p class="first">
<label><?php _e( 'Cart Tax:', 'woocommerce' ); ?></label>
<input type="text" name="_order_taxes_cart[<?php echo $loop; ?>]" placeholder="0.00" value="<?php echo $tax['cart_tax']; ?>" />
<input type="text" name="_order_taxes_cart[<?php echo $loop; ?>]" placeholder="0.00" value="<?php echo esc_attr( $tax['cart_tax'] ); ?>" />
</p>
<p class="last">
<label><?php _e( 'Shipping Tax:', 'woocommerce' ); ?></label>
<input type="text" name="_order_taxes_shipping[<?php echo $loop; ?>]" placeholder="0.00" value="<?php echo $tax['shipping_tax']; ?>" />
<input type="text" name="_order_taxes_shipping[<?php echo $loop; ?>]" placeholder="0.00" value="<?php echo esc_attr( $tax['shipping_tax'] ); ?>" />
</p>
<a href="#" class="delete_tax_row">&times;</a>
<div class="clear"></div>
</div>
<?php
$loop++;
endforeach;
endif;
}
}
?>
</div>
<h4><a href="#" class="add_tax_row tips" data-tip="<?php _e( 'These rows contain taxes for this order. This allows you to display multiple or compound taxes rather than a single total.', 'woocommerce' ); ?>"><?php _e( '+ Add tax row', 'woocommerce' ); ?> [?]</a></a></h4>
@ -637,14 +672,16 @@ function woocommerce_order_totals_meta_box($post) {
<li class="left">
<label><?php _e( 'Cart Tax:', 'woocommerce' ); ?></label>
<input type="text" id="_order_tax" name="_order_tax" placeholder="0.00" value="<?php
if (isset($data['_order_tax'][0])) echo $data['_order_tax'][0];
if ( isset( $data['_order_tax'][0] ) )
echo esc_attr( $data['_order_tax'][0] );
?>" class="calculated" />
</li>
<li class="right">
<label><?php _e( 'Shipping Tax:', 'woocommerce' ); ?></label>
<input type="text" id="_order_shipping_tax" name="_order_shipping_tax" placeholder="0.00" value="<?php
if (isset($data['_order_shipping_tax'][0])) echo $data['_order_shipping_tax'][0];
if ( isset( $data['_order_shipping_tax'][0] ) )
echo esc_attr( $data['_order_shipping_tax'][0] );
?>" />
</li>
@ -658,7 +695,8 @@ function woocommerce_order_totals_meta_box($post) {
<li class="left">
<label><?php _e( 'Order Total:', 'woocommerce' ); ?></label>
<input type="text" id="_order_total" name="_order_total" placeholder="0.00" value="<?php
if (isset($data['_order_total'][0])) echo $data['_order_total'][0];
if ( isset( $data['_order_total'][0] ) )
echo esc_attr( $data['_order_total'][0] );
?>" class="calculated" />
</li>
@ -673,7 +711,7 @@ function woocommerce_order_totals_meta_box($post) {
if ( $woocommerce->payment_gateways ) {
foreach ( $woocommerce->payment_gateways->payment_gateways() as $gateway ) {
if ( $gateway->enabled == "yes" ) {
echo '<option value="' . $gateway->id . '" ' . selected( $chosen_method, $gateway->id, false ) . '>' . $gateway->get_title() . '</option>';
echo '<option value="' . esc_attr( $gateway->id ) . '" ' . selected( $chosen_method, $gateway->id, false ) . '>' . esc_html( $gateway->get_title() ) . '</option>';
if ( $chosen_method == $gateway->id )
$found_method = true;
}
@ -681,7 +719,7 @@ function woocommerce_order_totals_meta_box($post) {
}
if ( ! $found_method && ! empty( $chosen_method ) ) {
echo '<option value="' . $chosen_method . '" selected="selected">' . __( 'Other', 'woocommerce' ) . '</option>';
echo '<option value="' . esc_attr( $chosen_method ) . '" selected="selected">' . __( 'Other', 'woocommerce' ) . '</option>';
} else {
echo '<option value="other">' . __( 'Other', 'woocommerce' ) . '</option>';
}
@ -711,45 +749,45 @@ function woocommerce_process_shop_order_meta( $post_id, $post ) {
add_post_meta( $post_id, '_order_key', uniqid('order_'), true );
// Update post data
update_post_meta( $post_id, '_billing_first_name', stripslashes( $_POST['_billing_first_name'] ));
update_post_meta( $post_id, '_billing_last_name', stripslashes( $_POST['_billing_last_name'] ));
update_post_meta( $post_id, '_billing_company', stripslashes( $_POST['_billing_company'] ));
update_post_meta( $post_id, '_billing_address_1', stripslashes( $_POST['_billing_address_1'] ));
update_post_meta( $post_id, '_billing_address_2', stripslashes( $_POST['_billing_address_2'] ));
update_post_meta( $post_id, '_billing_city', stripslashes( $_POST['_billing_city'] ));
update_post_meta( $post_id, '_billing_postcode', stripslashes( $_POST['_billing_postcode'] ));
update_post_meta( $post_id, '_billing_country', stripslashes( $_POST['_billing_country'] ));
update_post_meta( $post_id, '_billing_state', stripslashes( $_POST['_billing_state'] ));
update_post_meta( $post_id, '_billing_email', stripslashes( $_POST['_billing_email'] ));
update_post_meta( $post_id, '_billing_phone', stripslashes( $_POST['_billing_phone'] ));
update_post_meta( $post_id, '_shipping_first_name', stripslashes( $_POST['_shipping_first_name'] ));
update_post_meta( $post_id, '_shipping_last_name', stripslashes( $_POST['_shipping_last_name'] ));
update_post_meta( $post_id, '_shipping_company', stripslashes( $_POST['_shipping_company'] ));
update_post_meta( $post_id, '_shipping_address_1', stripslashes( $_POST['_shipping_address_1'] ));
update_post_meta( $post_id, '_shipping_address_2', stripslashes( $_POST['_shipping_address_2'] ));
update_post_meta( $post_id, '_shipping_city', stripslashes( $_POST['_shipping_city'] ));
update_post_meta( $post_id, '_shipping_postcode', stripslashes( $_POST['_shipping_postcode'] ));
update_post_meta( $post_id, '_shipping_country', stripslashes( $_POST['_shipping_country'] ));
update_post_meta( $post_id, '_shipping_state', stripslashes( $_POST['_shipping_state'] ));
update_post_meta( $post_id, '_order_shipping', stripslashes( $_POST['_order_shipping'] ));
update_post_meta( $post_id, '_cart_discount', stripslashes( $_POST['_cart_discount'] ));
update_post_meta( $post_id, '_order_discount', stripslashes( $_POST['_order_discount'] ));
update_post_meta( $post_id, '_order_total', stripslashes( $_POST['_order_total'] ));
update_post_meta( $post_id, '_customer_user', (int) $_POST['customer_user'] );
update_post_meta( $post_id, '_order_tax', stripslashes( $_POST['_order_tax'] ));
update_post_meta( $post_id, '_order_shipping_tax', stripslashes( $_POST['_order_shipping_tax'] ));
update_post_meta( $post_id, '_billing_first_name', woocommerce_clean( $_POST['_billing_first_name'] ) );
update_post_meta( $post_id, '_billing_last_name', woocommerce_clean( $_POST['_billing_last_name'] ) );
update_post_meta( $post_id, '_billing_company', woocommerce_clean( $_POST['_billing_company'] ) );
update_post_meta( $post_id, '_billing_address_1', woocommerce_clean( $_POST['_billing_address_1'] ) );
update_post_meta( $post_id, '_billing_address_2', woocommerce_clean( $_POST['_billing_address_2'] ) );
update_post_meta( $post_id, '_billing_city', woocommerce_clean( $_POST['_billing_city'] ) );
update_post_meta( $post_id, '_billing_postcode', woocommerce_clean( $_POST['_billing_postcode'] ) );
update_post_meta( $post_id, '_billing_country', woocommerce_clean( $_POST['_billing_country'] ) );
update_post_meta( $post_id, '_billing_state', woocommerce_clean( $_POST['_billing_state'] ) );
update_post_meta( $post_id, '_billing_email', woocommerce_clean( $_POST['_billing_email'] ) );
update_post_meta( $post_id, '_billing_phone', woocommerce_clean( $_POST['_billing_phone'] ) );
update_post_meta( $post_id, '_shipping_first_name', woocommerce_clean( $_POST['_shipping_first_name'] ) );
update_post_meta( $post_id, '_shipping_last_name', woocommerce_clean( $_POST['_shipping_last_name'] ) );
update_post_meta( $post_id, '_shipping_company', woocommerce_clean( $_POST['_shipping_company'] ) );
update_post_meta( $post_id, '_shipping_address_1', woocommerce_clean( $_POST['_shipping_address_1'] ) );
update_post_meta( $post_id, '_shipping_address_2', woocommerce_clean( $_POST['_shipping_address_2'] ) );
update_post_meta( $post_id, '_shipping_city', woocommerce_clean( $_POST['_shipping_city'] ) );
update_post_meta( $post_id, '_shipping_postcode', woocommerce_clean( $_POST['_shipping_postcode'] ) );
update_post_meta( $post_id, '_shipping_country', woocommerce_clean( $_POST['_shipping_country'] ) );
update_post_meta( $post_id, '_shipping_state', woocommerce_clean( $_POST['_shipping_state'] ) );
update_post_meta( $post_id, '_order_shipping', woocommerce_clean( $_POST['_order_shipping'] ) );
update_post_meta( $post_id, '_cart_discount', woocommerce_clean( $_POST['_cart_discount'] ) );
update_post_meta( $post_id, '_order_discount', woocommerce_clean( $_POST['_order_discount'] ) );
update_post_meta( $post_id, '_order_total', woocommerce_clean( $_POST['_order_total'] ) );
update_post_meta( $post_id, '_customer_user', absint( $_POST['customer_user'] ) );
update_post_meta( $post_id, '_order_tax', woocommerce_clean( $_POST['_order_tax'] ) );
update_post_meta( $post_id, '_order_shipping_tax', woocommerce_clean( $_POST['_order_shipping_tax'] ) );
// Shipping method handling
if ( get_post_meta( $post_id, '_shipping_method', true ) !== stripslashes( $_POST['_shipping_method'] ) ) {
$shipping_method = esc_attr( trim( stripslashes( $_POST['_shipping_method'] ) ) );
$shipping_method = woocommerce_clean( $_POST['_shipping_method'] );
update_post_meta( $post_id, '_shipping_method', $shipping_method );
}
if ( get_post_meta( $post_id, '_shipping_method_title', true ) !== stripslashes( $_POST['_shipping_method_title'] ) ) {
$shipping_method_title = esc_attr( trim( stripslashes( $_POST['_shipping_method_title'] ) ) );
$shipping_method_title = woocommerce_clean( $_POST['_shipping_method_title'] );
if ( ! $shipping_method_title ) {
@ -767,7 +805,7 @@ function woocommerce_process_shop_order_meta( $post_id, $post ) {
if ( get_post_meta( $post_id, '_payment_method', true ) !== stripslashes( $_POST['_payment_method'] ) ) {
$methods = $woocommerce->payment_gateways->payment_gateways();
$payment_method = esc_attr( $_POST['_payment_method'] );
$payment_method = woocommerce_clean( $_POST['_payment_method'] );
$payment_method_title = $payment_method;
if ( isset( $methods) && isset( $methods[ $payment_method ] ) )
@ -789,7 +827,7 @@ function woocommerce_process_shop_order_meta( $post_id, $post ) {
// Tax rows
$order_taxes = array();
if (isset($_POST['_order_taxes_label'])) :
if ( isset( $_POST['_order_taxes_label'] ) ) {
$order_taxes_label = $_POST['_order_taxes_label'];
$order_taxes_compound = isset( $_POST['_order_taxes_compound'] ) ? $_POST['_order_taxes_compound'] : array();
@ -797,14 +835,19 @@ function woocommerce_process_shop_order_meta( $post_id, $post ) {
$order_taxes_shipping = $_POST['_order_taxes_shipping'];
$order_taxes_label_count = sizeof( $order_taxes_label );
for ($i=0; $i<$order_taxes_label_count; $i++) :
for ( $i = 0; $i < $order_taxes_label_count; $i ++ ) {
// Add to array if the tax amount is set
if (!$order_taxes_cart[$i] && !$order_taxes_shipping[$i]) continue;
if ( ! $order_taxes_cart[ $i ] && ! $order_taxes_shipping[ $i ] )
continue;
if (!$order_taxes_label[$i]) $order_taxes_label[$i] = $woocommerce->countries->tax_or_vat();
if ( ! $order_taxes_label[ $i ] )
$order_taxes_label[ $i ] = $woocommerce->countries->tax_or_vat();
if (isset($order_taxes_compound[$i])) $is_compound = 1; else $is_compound = 0;
if ( isset( $order_taxes_compound[ $i ] ) )
$is_compound = 1;
else
$is_compound = 0;
$order_taxes[] = array(
'label' => esc_attr( $order_taxes_label[ $i ] ),
@ -813,16 +856,15 @@ function woocommerce_process_shop_order_meta( $post_id, $post ) {
'shipping_tax' => esc_attr( $order_taxes_shipping[ $i ] )
);
endfor;
endif;
}
}
update_post_meta( $post_id, '_order_taxes', $order_taxes );
// Order items
$order_items = array();
if (isset($_POST['item_id'])) :
if ( isset( $_POST['item_id'] ) ) {
$item_id = $_POST['item_id'];
$item_variation = $_POST['item_variation'];
$item_name = $_POST['item_name'];
@ -841,7 +883,7 @@ function woocommerce_process_shop_order_meta( $post_id, $post ) {
$item_id_count = sizeof( $item_id );
for ($i=0; $i<$item_id_count; $i++) :
for ( $i = 0; $i < $item_id_count; $i ++ ) {
if ( ! isset( $item_id[ $i ] ) || ! $item_id[ $i ] ) continue;
if ( ! isset( $item_name[ $i ] ) ) continue;
@ -852,26 +894,25 @@ function woocommerce_process_shop_order_meta( $post_id, $post ) {
// Meta
$item_meta = new WC_Order_Item_Meta();
if (isset($item_meta_names[$i]) && isset($item_meta_values[$i])) :
if ( isset( $item_meta_names[ $i ] ) && isset( $item_meta_values[ $i ] ) ) {
$meta_names = $item_meta_names[ $i ];
$meta_values = $item_meta_values[ $i ];
$meta_names_count = sizeof( $meta_names );
for ($ii=0; $ii<$meta_names_count; $ii++) :
for ( $ii = 0; $ii < $meta_names_count; $ii ++ ) {
$meta_name = esc_attr( $meta_names[$ii] );
$meta_value = esc_attr( $meta_values[$ii] );
if ($meta_name && $meta_value) :
if ( $meta_name && $meta_value )
$item_meta->add( $meta_name, $meta_value );
endif;
endfor;
endif;
}
}
// Add to array
$order_items[] = apply_filters('update_order_item', array(
'id' => htmlspecialchars(stripslashes($item_id[$i])),
'variation_id' => (int) $item_variation[$i],
'name' => htmlspecialchars(stripslashes($item_name[$i])),
'qty' => (int) $item_quantity[$i],
'id' => htmlspecialchars( woocommerce_clean( $item_id[ $i ] ) ),
'variation_id' => absint( $item_variation[ $i ] ),
'name' => htmlspecialchars( woocommerce_clean( $item_name[ $i ] ) ),
'qty' => absint( $item_quantity[ $i ] ),
'line_total' => rtrim( rtrim( number_format( woocommerce_clean( $line_total[ $i ] ), 4, '.', '' ), '0' ), '.' ),
'line_tax' => rtrim( rtrim( number_format( woocommerce_clean( $line_tax[ $i ] ), 4, '.', '' ), '0' ), '.' ),
'line_subtotal' => rtrim( rtrim( number_format( woocommerce_clean( $line_subtotal[ $i ] ), 4, '.', '' ), '0' ), '.' ),
@ -880,8 +921,8 @@ function woocommerce_process_shop_order_meta( $post_id, $post ) {
'tax_class' => woocommerce_clean( $item_tax_class[ $i ] )
), $i);
endfor;
endif;
}
}
update_post_meta( $post_id, '_order_items', $order_items );
@ -892,18 +933,17 @@ function woocommerce_process_shop_order_meta( $post_id, $post ) {
$order->update_status( $_POST['order_status'] );
// Handle button actions
if (isset($_POST['reduce_stock']) && $_POST['reduce_stock'] && sizeof($order_items)>0) :
if ( ! empty( $_POST['reduce_stock'] ) && sizeof( $order_items ) > 0 ) {
$order->add_order_note( __( 'Manually reducing stock.', 'woocommerce' ) );
foreach ($order_items as $order_item) :
foreach ( $order_items as $order_item ) {
$_product = $order->get_product_from_item( $order_item );
if ( $_product->exists() ) :
if ( $_product->exists() ) {
if ( $_product->managing_stock() ) :
if ( $_product->managing_stock() ) {
$old_stock = $_product->stock;
@ -913,31 +953,30 @@ function woocommerce_process_shop_order_meta( $post_id, $post ) {
$order->send_stock_notifications( $_product, $new_quantity, $order_item['qty'] );
endif;
}
else :
} else {
$order->add_order_note( sprintf( __( 'Item %s %s not found, skipping.', 'woocommerce' ), $order_item['id'], $order_item['name'] ) );
endif;
endforeach;
}
}
$order->add_order_note( __( 'Manual stock reduction complete.', 'woocommerce' ) );
do_action( 'woocommerce_reduce_order_stock', $order );
elseif (isset($_POST['restore_stock']) && $_POST['restore_stock'] && sizeof($order_items)>0) :
} elseif ( ! empty( $_POST['restore_stock'] ) && sizeof( $order_items ) > 0 ) {
$order->add_order_note( __( 'Manually restoring stock.', 'woocommerce' ) );
foreach ($order_items as $order_item) :
foreach ( $order_items as $order_item ) {
$_product = $order->get_product_from_item( $order_item );
if ( $_product->exists() ) :
if ( $_product->exists() ) {
if ($_product->managing_stock()) :
if ( $_product->managing_stock() ) {
$old_stock = $_product->stock;
@ -945,30 +984,21 @@ function woocommerce_process_shop_order_meta( $post_id, $post ) {
$order->add_order_note( sprintf( __( 'Item #%s stock increased from %s to %s.', 'woocommerce' ), $order_item['id'], $old_stock, $new_quantity) );
endif;
}
else :
} else {
$order->add_order_note( sprintf( __( 'Item %s %s not found, skipping.', 'woocommerce' ), $order_item['id'], $order_item['name'] ) );
endif;
}
endforeach;
}
$order->add_order_note( __( 'Manual stock restore complete.', 'woocommerce' ) );
do_action( 'woocommerce_restore_order_stock', $order );
elseif (isset($_POST['invoice']) && $_POST['invoice']) :
do_action( 'woocommerce_before_send_customer_invoice', $order );
$mailer = $woocommerce->mailer();
$mailer->customer_invoice( $order );
do_action( 'woocommerce_after__customer_invoice', $order );
elseif (isset($_POST['order_email']) && $_POST['order_email']) :
} elseif ( ! empty( $_POST['order_email'] ) ) {
do_action( 'woocommerce_before_resend_order_emails', $order );
@ -986,9 +1016,9 @@ function woocommerce_process_shop_order_meta( $post_id, $post ) {
}
}
do_action( 'woocommerce_after_resend_order_emails', $order );
do_action( 'woocommerce_after_resend_order_emails', $order, $resend_emails );
endif;
}
delete_transient( 'woocommerce_processing_order_count' );
}

6
admin/settings/settings-frontend-styles.php
View File

@ -30,7 +30,7 @@ function woocommerce_frontend_styles_setting() {
if ( is_writable( $base_file ) && is_writable( $css_file ) ) {
// Get settings
$colors = (array) get_option( 'woocommerce_frontend_css_colors' );
$colors = array_map( 'esc_attr', (array) get_option( 'woocommerce_frontend_css_colors' ) );
// Defaults
if ( empty( $colors['primary'] ) ) $colors['primary'] = '#ad74a2';
@ -82,8 +82,8 @@ add_action( 'woocommerce_admin_field_frontend_styles', 'woocommerce_frontend_sty
function woocommerce_frontend_css_color_picker( $name, $id, $value, $desc = '' ) {
global $woocommerce;
echo '<div class="color_box"><strong><img class="help_tip" data-tip="' . $desc . '" src="' . $woocommerce->plugin_url() . '/assets/images/help.png" /> ' . $name . '</strong>
<input name="' . esc_attr( $id ). '" id="' . $id . '" type="text" value="' . esc_attr( $value ) . '" class="colorpick" /> <div id="colorPickerDiv_' . esc_attr( $id ) . '" class="colorpickdiv"></div>
echo '<div class="color_box"><strong><img class="help_tip" data-tip="' . esc_attr( $desc ) . '" src="' . $woocommerce->plugin_url() . '/assets/images/help.png" /> ' . esc_html( $name ) . '</strong>
<input name="' . esc_attr( $id ). '" id="' . esc_attr( $id ) . '" type="text" value="' . esc_attr( $value ) . '" class="colorpick" /> <div id="colorPickerDiv_' . esc_attr( $id ) . '" class="colorpickdiv"></div>
</div>';
}

6
admin/settings/settings-payment-gateways.php
View File

@ -37,12 +37,12 @@ function woocommerce_payment_gateways_setting() {
echo '<tr>
<td width="1%" class="radio">
<input type="radio" name="default_gateway" value="' . $gateway->id . '" ' . checked( $default_gateway, $gateway->id, false ) . ' />
<input type="hidden" name="gateway_order[]" value="' . $gateway->id . '" />
<input type="radio" name="default_gateway" value="' . esc_attr( $gateway->id ) . '" ' . checked( $default_gateway, esc_attr( $gateway->id ), false ) . ' />
<input type="hidden" name="gateway_order[]" value="' . esc_attr( $gateway->id ) . '" />
</td>
<td>
<p><strong>' . $gateway->get_title() . '</strong><br/>
<small>' . __( 'Gateway ID', 'woocommerce' ) . ': ' . $gateway->id . '</small></p>
<small>' . __( 'Gateway ID', 'woocommerce' ) . ': ' . esc_html( $gateway->id ) . '</small></p>
</td>
<td>';

96
admin/settings/settings-save.php
View File

@ -28,43 +28,43 @@ function woocommerce_update_options($options) {
// Tax rates saving
$tax_rates = array();
$tax_classes = (isset($_POST['tax_class'])) ? $_POST['tax_class'] : array();
$tax_countries = (isset($_POST['tax_country'])) ? $_POST['tax_country'] : array();
$tax_rate = (isset($_POST['tax_rate'])) ? $_POST['tax_rate'] : array();
$tax_shipping = (isset($_POST['tax_shipping'])) ? $_POST['tax_shipping'] : array();
$tax_postcode = (isset($_POST['tax_postcode'])) ? $_POST['tax_postcode'] : array();
$tax_compound = (isset($_POST['tax_compound'])) ? $_POST['tax_compound'] : array();
$tax_label = (isset($_POST['tax_label'])) ? $_POST['tax_label'] : array();
$tax_classes = isset( $_POST['tax_class'] ) ? $_POST['tax_class'] : array();
$tax_countries = isset( $_POST['tax_country'] ) ? $_POST['tax_country'] : array();
$tax_rate = isset( $_POST['tax_rate'] ) ? $_POST['tax_rate'] : array();
$tax_shipping = isset( $_POST['tax_shipping'] ) ? $_POST['tax_shipping'] : array();
$tax_postcode = isset( $_POST['tax_postcode'] ) ? $_POST['tax_postcode'] : array();
$tax_compound = isset( $_POST['tax_compound'] ) ? $_POST['tax_compound'] : array();
$tax_label = isset( $_POST['tax_label'] ) ? $_POST['tax_label'] : array();
$tax_classes_count = sizeof( $tax_classes );
for ($i=0; $i<$tax_classes_count; $i++) :
for ( $i = 0; $i < $tax_classes_count; $i ++ ) {
if (isset($tax_classes[$i]) && isset($tax_countries[$i]) && isset($tax_rate[$i]) && is_numeric($tax_rate[$i])) :
if ( isset( $tax_classes[ $i ] ) && isset( $tax_countries[ $i ] ) && isset( $tax_rate[ $i ] ) && is_numeric( $tax_rate[ $i ] ) ) {
$rate = esc_attr(trim($tax_rate[$i]));
$rate = woocommerce_clean( $tax_rate[ $i ] );
$rate = number_format( $rate, 4, '.', '' );
$class = woocommerce_clean( $tax_classes[ $i ] );
if (isset($tax_shipping[$i]) && $tax_shipping[$i]) $shipping = 'yes'; else $shipping = 'no';
if (isset($tax_compound[$i]) && $tax_compound[$i]) $compound = 'yes'; else $compound = 'no';
if ( ! empty( $tax_shipping[ $i ] ) ) $shipping = 'yes'; else $shipping = 'no';
if ( ! empty( $tax_compound[ $i ] ) ) $compound = 'yes'; else $compound = 'no';
// Handle countries
$counties_array = array();
$countries = $tax_countries[ $i ];
if ($countries) foreach ($countries as $country) :
if ( $countries ) foreach ( $countries as $country ) {
$country = woocommerce_clean( $country );
$state = '*';
if (strstr($country, ':')) :
if ( strstr( $country, ':' ) ) {
$cr = explode( ':', $country );
$country = current( $cr );
$state = end( $cr );
endif;
}
$counties_array[trim($country)][] = trim($state);
$counties_array[ woocommerce_clean( $country ) ][] = woocommerce_clean( $state );
endforeach;
}
$tax_rates[] = array(
'countries' => $counties_array,
@ -72,38 +72,36 @@ function woocommerce_update_options($options) {
'shipping' => $shipping,
'compound' => $compound,
'class' => $class,
'label' => esc_attr($tax_label[$i])
'label' => woocommerce_clean( $tax_label[ $i ] )
);
endif;
endfor;
}
}
update_option( 'woocommerce_tax_rates', $tax_rates );
// Local tax rates saving
$local_tax_rates = array();
$tax_classes = (isset($_POST['local_tax_class'])) ? $_POST['local_tax_class'] : array();
$tax_countries = (isset($_POST['local_tax_country'])) ? $_POST['local_tax_country'] : array();
$tax_location_type = (isset($_POST['local_tax_location_type'])) ? $_POST['local_tax_location_type'] : 'postcode';
$tax_location = (isset($_POST['local_tax_location'])) ? $_POST['local_tax_location'] : array();
$tax_rate = (isset($_POST['local_tax_rate'])) ? $_POST['local_tax_rate'] : array();
$tax_shipping = (isset($_POST['local_tax_shipping'])) ? $_POST['local_tax_shipping'] : array();
$tax_postcode = (isset($_POST['local_tax_postcode'])) ? $_POST['local_tax_postcode'] : array();
$tax_compound = (isset($_POST['local_tax_compound'])) ? $_POST['local_tax_compound'] : array();
$tax_label = (isset($_POST['local_tax_label'])) ? $_POST['local_tax_label'] : array();
$tax_classes = isset( $_POST['local_tax_class'] ) ? $_POST['local_tax_class'] : array();
$tax_countries = isset( $_POST['local_tax_country'] ) ? $_POST['local_tax_country'] : array();
$tax_location_type = isset( $_POST['local_tax_location_type'] ) ? $_POST['local_tax_location_type'] : 'postcode';
$tax_location = isset( $_POST['local_tax_location'] ) ? $_POST['local_tax_location'] : array();
$tax_rate = isset( $_POST['local_tax_rate'] ) ? $_POST['local_tax_rate'] : array();
$tax_shipping = isset( $_POST['local_tax_shipping'] ) ? $_POST['local_tax_shipping'] : array();
$tax_postcode = isset( $_POST['local_tax_postcode'] ) ? $_POST['local_tax_postcode'] : array();
$tax_compound = isset( $_POST['local_tax_compound'] ) ? $_POST['local_tax_compound'] : array();
$tax_label = isset( $_POST['local_tax_label'] ) ? $_POST['local_tax_label'] : array();
$tax_classes_count = sizeof( $tax_classes );
for ($i=0; $i<$tax_classes_count; $i++) :
for ( $i = 0; $i < $tax_classes_count; $i ++ ) {
if (isset($tax_classes[$i]) && isset($tax_countries[$i]) && isset($tax_rate[$i]) && is_numeric($tax_rate[$i])) :
if ( isset( $tax_classes[ $i ] ) && isset( $tax_countries[ $i ] ) && isset( $tax_rate[ $i ] ) && is_numeric( $tax_rate[ $i ] ) ) {
$rate = esc_attr(trim($tax_rate[$i]));
$rate = woocommerce_clean( $tax_rate[ $i ] );
$rate = number_format($rate, 4, '.', '');
$class = woocommerce_clean( $tax_classes[ $i ] );
if (isset($tax_shipping[$i]) && $tax_shipping[$i]) $shipping = 'yes'; else $shipping = 'no';
if (isset($tax_compound[$i]) && $tax_compound[$i]) $compound = 'yes'; else $compound = 'no';
if ( ! empty( $tax_shipping[ $i ] ) ) $shipping = 'yes'; else $shipping = 'no';
if ( ! empty( $tax_compound[ $i ] ) ) $compound = 'yes'; else $compound = 'no';
// Handle country
$country = woocommerce_clean( $tax_countries[ $i ] );
@ -118,7 +116,7 @@ function woocommerce_update_options($options) {
// Handle postcodes/cities
$location_type = $tax_location_type[ $i ] == 'city' ? 'city' : 'postcode';
$locations = explode( "\n", $tax_location[ $i ] );
$locations = array_filter( array_map( 'stripslashes', array_map( 'trim', $locations ) ) );
$locations = array_filter( array_map( 'woocommerce_clean', $locations ) );
if ( $location_type == 'city' ) {
$locations = array_map( 'sanitize_title', $locations );
@ -133,26 +131,28 @@ function woocommerce_update_options($options) {
'shipping' => $shipping,
'compound' => $compound,
'class' => $class,
'label' => esc_attr($tax_label[$i])
'label' => woocommerce_clean( $tax_label[ $i ] )
);
endif;
endfor;
}
}
update_option( 'woocommerce_local_tax_rates', $local_tax_rates );
} elseif ( isset( $value['type'] ) && $value['type'] == 'multi_select_countries' ) {
// Get countries array
if (isset($_POST[$value['id']])) $selected_countries = $_POST[$value['id']]; else $selected_countries = array();
if ( isset( $_POST[ $value['id'] ] ) )
$selected_countries = array_map( 'woocommerce_clean', (array) $_POST[ $value['id'] ] );
else
$selected_countries = array();
update_option( $value['id'], $selected_countries );
} elseif ( isset( $value['id'] ) && ( $value['id'] == 'woocommerce_price_thousand_sep' || $value['id'] == 'woocommerce_price_decimal_sep' ) ) {
// price separators get a special treatment as they should allow a spaces (don't trim)
if ( isset( $_POST[ $value['id'] ] ) ) {
update_option($value['id'], $_POST[$value['id']] );
update_option( $value['id'], woocommerce_clean( $_POST[ $value['id'] ] ) );
} else {
delete_option( $value['id'] );
}
@ -168,13 +168,15 @@ function woocommerce_update_options($options) {
} elseif (isset( $value['type'] ) && $value['type'] == 'image_width' ) {
if ( isset( $value['id'] ) && isset( $_POST[$value['id'] . '_width'] ) ) {
update_option( $value['id'] . '_width', woocommerce_clean( $_POST[ $value['id'] . '_width'] ) );
update_option( $value['id'] . '_height', woocommerce_clean( $_POST[ $value['id'] . '_height'] ) );
if (isset($_POST[$value['id'].'_crop'])) :
if ( isset( $_POST[ $value['id'] . '_crop'] ) )
update_option( $value['id'] . '_crop', 1 );
else :
else
update_option( $value['id'].'_crop', 0 );
endif;
} else {
update_option( $value['id'] . '_width', $value['std'] );
update_option( $value['id'] . '_height', $value['std'] );

2
admin/settings/settings-shipping-methods.php
View File

@ -35,7 +35,7 @@ function woocommerce_shipping_methods_setting() {
<?php
foreach ( $woocommerce->shipping->load_shipping_methods() as $method ) {
$default_shipping_method = get_option('woocommerce_default_shipping_method');
$default_shipping_method = esc_attr( get_option('woocommerce_default_shipping_method') );
echo '<tr>
<td width="1%" class="radio">

3
admin/settings/settings-tax-rates.php
View File

@ -414,7 +414,8 @@ function woocommerce_tax_row_label( $selected ) {
$states_count+=sizeof($value);
endif;
if (!in_array($country, $counties_array)) $counties_array[] = $woocommerce->countries->countries[$country];
if ( ! in_array( $country, $counties_array ) )
$counties_array[] = esc_html( $woocommerce->countries->countries[ $country ] );
endforeach;

50
admin/woocommerce-admin-dashboard.php
View File

@ -83,8 +83,8 @@ function woocommerce_dashboard_widget_right_now() {
$num = number_format_i18n( $product_count->publish );
$text = _n( 'Product', 'Products', intval( $product_count->publish ), 'woocommerce' );
$link = add_query_arg( array( 'post_type' => 'product' ), get_admin_url( null, 'edit.php' ) );
$num = '<a href="' . $link . '">' . $num . '</a>';
$text = '<a href="' . $link . '">' . $text . '</a>';
$num = '<a href="' . esc_url($link ) . '">' . esc_html( $num ) . '</a>';
$text = '<a href="' . esc_url( $link ) . '">' . esc_html( $text ) . '</a>';
?>
<td class="first b b-products"><?php echo $num; ?></td>
@ -97,8 +97,8 @@ function woocommerce_dashboard_widget_right_now() {
$num = number_format_i18n( $product_cat_count );
$text = _n( 'Product Category', 'Product Categories', $product_cat_count, 'woocommerce' );
$link = add_query_arg( array( 'taxonomy' => 'product_cat', 'post_type' => 'product' ), get_admin_url( null, 'edit-tags.php' ) );
$num = '<a href="' . $link . '">' . $num . '</a>';
$text = '<a href="' . $link . '">' . $text . '</a>';
$num = '<a href="' . esc_url($link ) . '">' . esc_html( $num ) . '</a>';
$text = '<a href="' . esc_url( $link ) . '">' . esc_html( $text ) . '</a>';
?>
<td class="first b b-product_cats"><?php echo $num; ?></td>
@ -111,8 +111,8 @@ function woocommerce_dashboard_widget_right_now() {
$num = number_format_i18n( $product_tag_count );
$text = _n( 'Product Tag', 'Product Tags', $product_tag_count, 'woocommerce' );
$link = add_query_arg( array( 'taxonomy' => 'product_tag', 'post_type' => 'product' ), get_admin_url( null, 'edit-tags.php' ) );
$num = '<a href="' . $link . '">' . $num . '</a>';
$text = '<a href="' . $link . '">' . $text . '</a>';
$num = '<a href="' . esc_url($link ) . '">' . esc_html( $num ) . '</a>';
$text = '<a href="' . esc_url( $link ) . '">' . esc_html( $text ) . '</a>';
?>
<td class="first b b-product_tag"><?php echo $num; ?></td>
@ -125,8 +125,8 @@ function woocommerce_dashboard_widget_right_now() {
$num = number_format_i18n( $product_attr_count );
$text = _n( 'Attribute', 'Attributes', $product_attr_count, 'woocommerce' );
$link = add_query_arg( array( 'page' => 'woocommerce_attributes' ), get_admin_url( null, 'admin.php' ) );
$num = '<a href="' . $link . '">' . $num . '</a>';
$text = '<a href="' . $link . '">' . $text . '</a>';
$num = '<a href="' . esc_url($link ) . '">' . esc_html( $num ) . '</a>';
$text = '<a href="' . esc_url( $link ) . '">' . esc_html( $text ) . '</a>';
?>
<td class="first b b-attributes"><?php echo $num; ?></td>
@ -147,8 +147,8 @@ function woocommerce_dashboard_widget_right_now() {
$num = number_format_i18n( $pending_count );
$text = __( 'Pending', 'woocommerce' );
$link = add_query_arg( array( 'post_type' => 'shop_order', 'shop_order_status' => 'pending' ), get_admin_url( null, 'edit.php' ) );
$num = '<a href="' . $link . '">' . $num . '</a>';
$text = '<a href="' . $link . '">' . $text . '</a>';
$num = '<a href="' . esc_url($link ) . '">' . esc_html( $num ) . '</a>';
$text = '<a href="' . esc_url( $link ) . '">' . esc_html( $text ) . '</a>';
?>
<td class="b b-pending"><?php echo $num; ?></td>
@ -161,8 +161,8 @@ function woocommerce_dashboard_widget_right_now() {
$num = number_format_i18n( $on_hold_count );
$text = __( 'On-Hold', 'woocommerce' );
$link = add_query_arg( array( 'post_type' => 'shop_order', 'shop_order_status' => 'on-hold' ), get_admin_url( null, 'edit.php' ) );
$num = '<a href="' . $link . '">' . $num . '</a>';
$text = '<a href="' . $link . '">' . $text . '</a>';
$num = '<a href="' . esc_url($link ) . '">' . esc_html( $num ) . '</a>';
$text = '<a href="' . esc_url( $link ) . '">' . esc_html( $text ) . '</a>';
?>
<td class="b b-on-hold"><?php echo $num; ?></td>
@ -175,8 +175,8 @@ function woocommerce_dashboard_widget_right_now() {
$num = number_format_i18n( $processing_count );
$text = __( 'Processing', 'woocommerce' );
$link = add_query_arg( array( 'post_type' => 'shop_order', 'shop_order_status' => 'processing' ), get_admin_url( null, 'edit.php' ) );
$num = '<a href="' . $link . '">' . $num . '</a>';
$text = '<a href="' . $link . '">' . $text . '</a>';
$num = '<a href="' . esc_url($link ) . '">' . esc_html( $num ) . '</a>';
$text = '<a href="' . esc_url( $link ) . '">' . esc_html( $text ) . '</a>';
?>
<td class="b b-processing"><?php echo $num; ?></td>
@ -189,8 +189,8 @@ function woocommerce_dashboard_widget_right_now() {
$num = number_format_i18n( $completed_count );
$text = __( 'Completed', 'woocommerce' );
$link = add_query_arg( array( 'post_type' => 'shop_order', 'shop_order_status' => 'completed' ), get_admin_url( null, 'edit.php' ) );
$num = '<a href="' . $link . '">' . $num . '</a>';
$text = '<a href="' . $link . '">' . $text . '</a>';
$num = '<a href="' . esc_url($link ) . '">' . esc_html( $num ) . '</a>';
$text = '<a href="' . esc_url( $link ) . '">' . esc_html( $text ) . '</a>';
?>
<td class="b b-completed"><?php echo $num; ?></td>
@ -255,7 +255,7 @@ function woocommerce_dashboard_recent_orders() {
*/
function woocommerce_dashboard_recent_reviews() {
global $wpdb;
$comments = $wpdb->get_results("SELECT *, SUBSTRING(comment_content,1,100) AS comment_excerpt
$comments = $wpdb->get_results( $wpdb->prepare( "SELECT *, SUBSTRING(comment_content,1,100) AS comment_excerpt
FROM $wpdb->comments
LEFT JOIN $wpdb->posts ON ($wpdb->comments.comment_post_ID = $wpdb->posts.ID)
WHERE comment_approved = '1'
@ -263,11 +263,11 @@ function woocommerce_dashboard_recent_reviews() {
AND post_password = ''
AND post_type = 'product'
ORDER BY comment_date_gmt DESC
LIMIT 5" );
LIMIT 5" ) );
if ($comments) :
if ( $comments ) {
echo '<ul>';
foreach ($comments as $comment) :
foreach ( $comments as $comment ) {
echo '<li>';
@ -278,14 +278,14 @@ function woocommerce_dashboard_recent_reviews() {
echo '<div class="star-rating" title="' . $rating . '">
<span style="width:'. ( $rating * 10 ) . 'px">' . $rating . ' ' . __( 'out of 5', 'woocommerce' ) . '</span></div>';
echo '<h4 class="meta"><a href="'.get_permalink($comment->ID).'#comment-'.$comment->comment_ID .'">'. __( $comment->post_title ) .'</a> reviewed by ' .strip_tags($comment->comment_author) .'</h4>';
echo '<blockquote>'.strip_tags($comment->comment_excerpt).' [...]</blockquote></li>';
echo '<h4 class="meta"><a href="' . get_permalink( $comment->ID ) . '#comment-' . absint( $comment->comment_ID ) .'">' . esc_html__( $comment->post_title ) . '</a> reviewed by ' . esc_html( $comment->comment_author ) .'</h4>';
echo '<blockquote>' . wp_kses_data( $comment->comment_excerpt ) . ' [...]</blockquote></li>';
endforeach;
}
echo '</ul>';
else :
} else {
echo '<p>' . __( 'There are no product reviews yet.', 'woocommerce' ) . '</p>';
endif;
}
}

6
admin/woocommerce-admin-functions.php
View File

@ -126,7 +126,7 @@ function woocommerce_preview_emails() {
$email_heading = __( 'Order Received', 'woocommerce' );
$message = wpautop( __("Thank you, we are now processing your order. Your order's details are below.", 'woocommerce') );
$message = wpautop( __( 'Thank you, we are now processing your order. Your order\'s details are below.', 'woocommerce' ) );
$message .= '<h2>' . __( 'Order:', 'woocommerce' ) . ' ' . '#1000</h2>';
@ -366,7 +366,7 @@ function woocommerce_delete_term( $term_id, $tt_id, $taxonomy ) {
function woocommerce_compile_less_styles() {
global $woocommerce;
$colors = get_option( 'woocommerce_frontend_css_colors' );
$colors = array_map( 'esc_attr', (array) get_option( 'woocommerce_frontend_css_colors' ) );
$base_file = $woocommerce->plugin_path() . '/assets/css/woocommerce-base.less';
$less_file = $woocommerce->plugin_path() . '/assets/css/woocommerce.less';
$css_file = $woocommerce->plugin_path() . '/assets/css/woocommerce.css';
@ -495,7 +495,7 @@ function woocommerce_order_bulk_admin_notices() {
global $post_type, $pagenow;
if ( isset( $_REQUEST['marked_completed'] ) || isset( $_REQUEST['marked_processing'] ) ) {
$number = isset( $_REQUEST['marked_processing'] ) ? $_REQUEST['marked_processing'] : $_REQUEST['marked_completed'];
$number = isset( $_REQUEST['marked_processing'] ) ? absint( $_REQUEST['marked_processing'] ) : absint( $_REQUEST['marked_completed'] );
if ( 'edit.php' == $pagenow && 'shop_order' == $post_type ) {
$message = sprintf( _n( 'Order status changed.', '%s order statuses changed.', $number ), number_format_i18n( $number ) );

2
admin/woocommerce-admin-import.php
View File

@ -51,7 +51,7 @@ function woocommerce_import_start() {
$nicename = strtolower(sanitize_title(str_replace('pa_', '', $domain)));
$exists_in_db = $wpdb->get_var("SELECT attribute_id FROM ".$wpdb->prefix . "woocommerce_attribute_taxonomies WHERE attribute_name = '".$nicename."';");
$exists_in_db = $wpdb->get_var( $wpdb->prepare( "SELECT attribute_id FROM " . $wpdb->prefix . "woocommerce_attribute_taxonomies WHERE attribute_name = %s;", $nicename ) );
if (!$exists_in_db) :

17
admin/woocommerce-admin-init.php
View File

@ -373,7 +373,7 @@ function woocommerce_admin_scripts() {
wp_enqueue_script( 'plupload-all' );
$woocommerce_witepanel_params = array(
'remove_item_notice' => __("Remove this item? If you have previously reduced this item's stock, or this order was submitted by a customer, will need to manually restore the item's stock.", 'woocommerce'),
'remove_item_notice' => __( 'Remove this item? If you have previously reduced this item\'s stock, or this order was submitted by a customer, will need to manually restore the item\'s stock.', 'woocommerce' ),
'remove_attribute' => __( 'Remove this attribute?', 'woocommerce' ),
'name_label' => __( 'Name', 'woocommerce' ),
'remove_label' => __( 'Remove', 'woocommerce' ),
@ -383,11 +383,11 @@ function woocommerce_admin_scripts() {
'visible_label' => __( 'Visible on the product page', 'woocommerce' ),
'used_for_variations_label' => __( 'Used for variations', 'woocommerce' ),
'new_attribute_prompt' => __( 'Enter a name for the new attribute term:', 'woocommerce' ),
'calc_totals' => __("Calculate totals based on order items, discount amount, and shipping? Note, you will need to (optionally) calculate tax rows and cart discounts manually.", 'woocommerce'),
'calc_line_taxes' => __("Calculate line taxes? This will calculate taxes based on the customers country. If no billing/shipping is set it will use the store base country.", 'woocommerce'),
'copy_billing' => __("Copy billing information to shipping information? This will remove any currently entered shipping information.", 'woocommerce'),
'load_billing' => __("Load the customer's billing information? This will remove any currently entered billing information.", 'woocommerce'),
'load_shipping' => __("Load the customer's shipping information? This will remove any currently entered shipping information.", 'woocommerce'),
'calc_totals' => __( 'Calculate totals based on order items, discount amount, and shipping? Note, you will need to (optionally) calculate tax rows and cart discounts manually.', 'woocommerce' ),
'calc_line_taxes' => __( 'Calculate line taxes? This will calculate taxes based on the customers country. If no billing/shipping is set it will use the store base country.', 'woocommerce' ),
'copy_billing' => __( 'Copy billing information to shipping information? This will remove any currently entered shipping information.', 'woocommerce' ),
'load_billing' => __( 'Load the customer\'s billing information? This will remove any currently entered billing information.', 'woocommerce' ),
'load_shipping' => __( 'Load the customer\'s shipping information? This will remove any currently entered shipping information.', 'woocommerce' ),
'featured_label' => __( 'Featured', 'woocommerce' ),
'tax_or_vat' => $woocommerce->countries->tax_or_vat(),
'prices_include_tax' => get_option('woocommerce_prices_include_tax'),
@ -592,9 +592,10 @@ function woocommerce_exclude_image_from_product_page_field( $fields, $object ) {
$parent = get_post( $object->post_parent );
if ($parent->post_type!=='product') return $fields;
if ( $parent->post_type !== 'product' )
return $fields;
$exclude_image = (int) get_post_meta($object->ID, '_woocommerce_exclude_image', true);
$exclude_image = get_post_meta( absint( $object->ID ), '_woocommerce_exclude_image', true );
$label = __( 'Exclude image', 'woocommerce' );

12
admin/woocommerce-admin-install.php
View File

@ -182,7 +182,7 @@ function woocommerce_create_page( $slug, $option, $page_title = '', $page_conten
if ( $option_value > 0 && get_post( $option_value ) )
return;
$page_found = $wpdb->get_var( "SELECT ID FROM " . $wpdb->posts . " WHERE post_name = '$slug' LIMIT 1;" );
$page_found = $wpdb->get_var( $wpdb->prepare( "SELECT ID FROM " . $wpdb->posts . " WHERE post_name = %s LIMIT 1;", $slug ) );
if ( $page_found ) {
if ( ! $option_value )
update_option( $option, $page_found );
@ -275,7 +275,7 @@ function woocommerce_tables_install() {
**/
if ( version_compare( get_option('woocommerce_db_version'), '1.7', '<' ) ) {
// remove the existing primary key so we can add the new download_id column
$wpdb->query( "ALTER TABLE ". $wpdb->prefix . "woocommerce_downloadable_product_permissions DROP PRIMARY KEY" );
$wpdb->query( $wpdb->prepare( "ALTER TABLE ". $wpdb->prefix . "woocommerce_downloadable_product_permissions DROP PRIMARY KEY" ) );
}
// Table for storing attribute taxonomies - these are user defined
@ -329,7 +329,7 @@ CREATE TABLE ". $wpdb->prefix . "woocommerce_downloadable_product_permissions (
if ( version_compare( get_option('woocommerce_db_version'), '1.7', '<' ) ) {
// upgrade existing meta data
$existing_file_paths = $wpdb->get_results( "SELECT * FROM ". $wpdb->postmeta . " WHERE meta_key = '_file_path'" );
$existing_file_paths = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM ". $wpdb->postmeta . " WHERE meta_key = '_file_path'" ) );
if ( $existing_file_paths ) {
foreach( $existing_file_paths as $existing_file_path ) {
$existing_file_path->meta_value = trim( $existing_file_path->meta_value );
@ -346,7 +346,7 @@ CREATE TABLE ". $wpdb->prefix . "woocommerce_downloadable_product_permissions (
if ( version_compare( get_option('woocommerce_db_version'), '1.0', '>' ) && version_compare( get_option('woocommerce_db_version'), '1.4', '<' ) ) {
// Update woocommerce_downloadable_product_permissions table to include order ID's as well as keys
$results = $wpdb->get_results( "SELECT * FROM " . $wpdb->prefix . "woocommerce_downloadable_product_permissions WHERE order_id = 0;" );
$results = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM " . $wpdb->prefix . "woocommerce_downloadable_product_permissions WHERE order_id = 0;" ) );
if ( $results ) foreach ( $results as $result ) {
@ -371,13 +371,13 @@ CREATE TABLE ". $wpdb->prefix . "woocommerce_downloadable_product_permissions (
// Upgrade old meta keys for product data
$meta = array('sku', 'downloadable', 'virtual', 'price', 'visibility', 'stock', 'stock_status', 'backorders', 'manage_stock', 'sale_price', 'regular_price', 'weight', 'length', 'width', 'height', 'tax_status', 'tax_class', 'upsell_ids', 'crosssell_ids', 'sale_price_dates_from', 'sale_price_dates_to', 'min_variation_price', 'max_variation_price', 'featured', 'product_attributes', 'file_path', 'download_limit', 'product_url', 'min_variation_price', 'max_variation_price');
$wpdb->query("
$wpdb->query( $wpdb->prepare( "
UPDATE {$wpdb->postmeta}
LEFT JOIN {$wpdb->posts} ON ( {$wpdb->postmeta}.post_id = {$wpdb->posts}.ID )
SET meta_key = CONCAT( '_', meta_key )
WHERE meta_key IN ( '" . implode( "', '", $meta ) . "' )
AND {$wpdb->posts}.post_type IN ('product', 'product_variation')
");
" ) );
}
}

44
admin/woocommerce-admin-reports.php
View File

@ -305,7 +305,7 @@ function woocommerce_sales_overview() {
");
$total_sales = $order_totals->total_sales;
$total_orders = $order_totals->total_orders;
$total_orders = absint( $order_totals->total_orders );
$discount_total = $wpdb->get_var("
SELECT SUM(meta.meta_value) AS total_sales FROM {$wpdb->posts} AS posts
@ -973,7 +973,7 @@ function woocommerce_top_sellers() {
$orders_link = admin_url( 'edit.php?s&post_status=all&post_type=shop_order&action=-1&s=&shop_order_status=completed,processing,on-hold' );
}
echo '<tr><th>' . $product_name . '</th><td width="1%"><span>' . $sales . '</span></td><td class="bars"><a href="' . $orders_link . '" style="width:' . $width . '%">&nbsp;</a></td></tr>';
echo '<tr><th>' . $product_name . '</th><td width="1%"><span>' . esc_html( $sales ) . '</span></td><td class="bars"><a href="' . esc_url( $orders_link ) . '" style="width:' . esc_attr( $width ) . '%">&nbsp;</a></td></tr>';
}
?>
</tbody>
@ -1071,7 +1071,7 @@ function woocommerce_top_earners() {
$orders_link = admin_url( 'edit.php?s&post_status=all&post_type=shop_order&action=-1&s=&shop_order_status=completed,processing,on-hold' );
}
echo '<tr><th>' . $product_name . '</th><td width="1%"><span>' . woocommerce_price( $sales ) . '</span></td><td class="bars"><a href="' . $orders_link . '" style="width:' . $width . '%">&nbsp;</a></td></tr>';
echo '<tr><th>' . $product_name . '</th><td width="1%"><span>' . woocommerce_price( $sales ) . '</span></td><td class="bars"><a href="' . esc_url( $orders_link ) . '" style="width:' . esc_attr( $width ) . '%">&nbsp;</a></td></tr>';
}
?>
</tbody>
@ -1171,19 +1171,23 @@ function woocommerce_product_sales() {
</thead>
<tbody>
<?php
if (sizeof($product_sales)>0) foreach ($product_sales as $date => $sales) :
if ( sizeof( $product_sales ) > 0 ) {
foreach ( $product_sales as $date => $sales ) {
$width = ($sales>0) ? (round($sales) / round($max_sales)) * 100 : 0;
$width2 = ($product_totals[$date]>0) ? (round($product_totals[$date]) / round($max_totals)) * 100 : 0;
$orders_link = admin_url( 'edit.php?s&post_status=all&post_type=shop_order&action=-1&s=' . urlencode( implode( ' ', $chosen_product_titles ) ) . '&m=' . date( 'Ym', strtotime( $date . '01' ) ) . '&shop_order_status=completed,processing,on-hold' );
echo '<tr><th><a href="'.$orders_link.'">'.date_i18n('F', strtotime($date.'01')).'</a></th>
<td width="1%"><span>'.$sales.'</span><span class="alt">'.woocommerce_price($product_totals[$date]).'</span></td>
echo '<tr><th><a href="' . esc_url( $orders_link ) . '">' . date_i18n( 'F', strtotime( $date . '01' ) ) . '</a></th>
<td width="1%"><span>' . esc_html( $sales ) . '</span><span class="alt">' . woocommerce_price( $product_totals[ $date ] ) . '</span></td>
<td class="bars">
<span style="width:'.$width.'%">&nbsp;</span>
<span class="alt" style="width:'.$width2.'%">&nbsp;</span>
<span style="width:' . esc_attr( $width ) . '%">&nbsp;</span>
<span class="alt" style="width:' . esc_attr( $width2 ) . '%">&nbsp;</span>
</td></tr>';
endforeach; else echo '<tr><td colspan="3">'.__( 'No sales :(', 'woocommerce' ).'</td></tr>';
}
} else {
echo '<tr><td colspan="3">' . __( 'No sales :(', 'woocommerce' ) . '</td></tr>';
}
?>
</tbody>
</table>
@ -1267,7 +1271,7 @@ function woocommerce_customer_overview() {
");
$total_customer_sales = $customer_orders->total_sales;
$total_customer_orders = $customer_orders->total_orders;
$total_customer_orders = absint( $customer_orders->total_orders );
$guest_orders = $wpdb->get_row("
SELECT SUM(meta.meta_value) AS total_sales, COUNT(posts.ID) AS total_orders FROM {$wpdb->posts} AS posts
@ -1290,7 +1294,7 @@ function woocommerce_customer_overview() {
");
$total_guest_sales = $guest_orders->total_sales;
$total_guest_orders = $guest_orders->total_orders;
$total_guest_orders = absint( $guest_orders->total_orders );
?>
<div id="poststuff" class="woocommerce-reports-wrap">
<div class="woocommerce-reports-sidebar">
@ -1542,10 +1546,10 @@ function woocommerce_stock_overview() {
if ( $stock <= $nostockamount ) continue;
$title = __( $product->post_title );
$title = esc_html__( $product->post_title );
if ( $sku )
$title .= ' (' . __( 'SKU', 'woocommerce' ) . ': ' . $sku . ')';
$title .= ' (' . __( 'SKU', 'woocommerce' ) . ': ' . esc_html( $sku ) . ')';
if ( $product->post_type=='product' )
$product_url = admin_url( 'post.php?post=' . $product->ID . '&action=edit' );
@ -1577,10 +1581,10 @@ function woocommerce_stock_overview() {
if ( $stock > $nostockamount ) continue;
$title = __( $product->post_title );
$title = esc_html__( $product->post_title );
if ( $sku )
$title .= ' (' . __( 'SKU', 'woocommerce' ) . ': ' . $sku . ')';
$title .= ' (' . __( 'SKU', 'woocommerce' ) . ': ' . esc_html( $sku ) . ')';
if ( $product->post_type=='product' )
$product_url = admin_url( 'post.php?post=' . $product->ID . '&action=edit' );
@ -2337,11 +2341,11 @@ function woocommerce_coupon_sales() {
// save data for chart while outputting
$chart_data = $coupon_totals = array();
foreach( $coupon_sales as $coupon_code => $sales ) :
foreach( $coupon_sales as $coupon_code => $sales ) {
echo '<tr><th>' . $coupon_code . '</th>';
echo '<tr><th>' . esc_html( $coupon_code ) . '</th>';
for( $count = 0; $count < 12; $count++ ) :
for ( $count = 0; $count < 12; $count ++ ) {
if ( $count >= date ( 'm' ) && $current_year == date( 'Y' ) )
continue;
@ -2355,7 +2359,7 @@ function woocommerce_coupon_sales() {
$chart_data[$coupon_code][] = array( strtotime( date( 'Ymd', strtotime( $month . '01' ) ) ) . '000', $amount );
endfor;
}
echo '<td><strong>' . woocommerce_price( array_sum( $sales ) ) . '</strong></td>';
@ -2364,7 +2368,7 @@ function woocommerce_coupon_sales() {
echo '</tr>';
endforeach;
}
$top_coupon_name = current( array_keys( $coupon_totals, max( $coupon_totals ) ) );
$top_coupon_sales = $coupon_totals[$top_coupon_name];

42
admin/woocommerce-admin-settings.php
View File

@ -140,9 +140,9 @@ if ( ! function_exists( 'woocommerce_settings' ) ) {
if ( $error || $message ) {
if ( $error ) {
echo '<div id="message" class="error fade"><p><strong>' . wptexturize( $error ) . '</strong></p></div>';
echo '<div id="message" class="error fade"><p><strong>' . esc_html( $error ) . '</strong></p></div>';
} else {
echo '<div id="message" class="updated fade"><p><strong>' . wptexturize( $message ) . '</strong></p></div>';
echo '<div id="message" class="updated fade"><p><strong>' . esc_html( $message ) . '</strong></p></div>';
}
} elseif ( ! empty( $_GET['saved'] ) ) {
@ -261,7 +261,7 @@ if ( ! function_exists( 'woocommerce_settings' ) ) {
$current = ( get_class( $email ) == $current_section ) ? 'class="current"' : '';
$links[] = '<a href="' . add_query_arg( 'section', get_class( $email ), admin_url('admin.php?page=woocommerce_settings&tab=email') ) . '"' . $current . '>' . $title . '</a>';
$links[] = '<a href="' . add_query_arg( 'section', get_class( $email ), admin_url('admin.php?page=woocommerce_settings&tab=email') ) . '"' . $current . '>' . esc_html( $title ) . '</a>';
}
@ -299,7 +299,7 @@ if ( ! function_exists( 'woocommerce_settings' ) ) {
$current = ( get_class( $method ) == $current_section ) ? 'class="current"' : '';
$links[] = '<a href="' . add_query_arg( 'section', get_class( $method ), admin_url('admin.php?page=woocommerce_settings&tab=shipping') ) . '"' . $current . '>' . $title . '</a>';
$links[] = '<a href="' . add_query_arg( 'section', get_class( $method ), admin_url('admin.php?page=woocommerce_settings&tab=shipping') ) . '"' . $current . '>' . esc_html( $title ) . '</a>';
}
@ -326,7 +326,7 @@ if ( ! function_exists( 'woocommerce_settings' ) ) {
foreach ( $woocommerce->payment_gateways->payment_gateways() as $gateway ) :
$title = empty( $gateway->method_title ) ? ucwords( $gateway->id ) : ucwords( $gateway->method_title );
$links[] = '<a href="#gateway-'.$gateway->id.'">'.$title.'</a>';
$links[] = '<a href="#gateway-'.$gateway->id.'">' . esc_html( $title ) . '</a>';
endforeach;
echo '<div class="subsubsub_section"><ul class="subsubsub"><li>' . implode( ' | </li><li>', $links ) . '</li></ul><br class="clear" />';
@ -358,7 +358,7 @@ if ( ! function_exists( 'woocommerce_settings' ) ) {
$current = ( $integration->id == $current_section ) ? 'class="current"' : '';
$links[] = '<a href="' . add_query_arg( 'section', $integration->id, admin_url('admin.php?page=woocommerce_settings&tab=integration') ) . '"' . $current . '>' . $title . '</a>';
$links[] = '<a href="' . add_query_arg( 'section', $integration->id, admin_url('admin.php?page=woocommerce_settings&tab=integration') ) . '"' . $current . '>' . esc_html( $title ) . '</a>';
}
echo '<ul class="subsubsub"><li>' . implode( ' | </li><li>', $links ) . '</li></ul><br class="clear" />';
@ -514,13 +514,13 @@ function woocommerce_admin_fields( $options ) {
} elseif ( $value['desc_tip'] ) {
$description = '<img class="help_tip" data-tip="' . esc_attr( $value['desc_tip'] ) . '" src="' . $woocommerce->plugin_url() . '/assets/images/help.png" />';
} else {
$description = '<span class="description">' . $value['desc'] . '</span>';
$description = '<span class="description">' . wp_kses_post( $value['desc'] ) . '</span>';
}
switch( $value['type'] ) {
case 'title':
if ( isset($value['name'] ) && $value['name'] ) echo '<h3>' . $value['name'] . '</h3>';
if ( isset($value['desc'] ) && $value['desc'] ) echo wpautop( wptexturize( $value['desc'] ) );
if ( isset($value['name'] ) && $value['name'] ) echo '<h3>' . esc_html( $value['name'] ) . '</h3>';
if ( isset($value['desc'] ) && $value['desc'] ) echo wpautop( wptexturize( wp_kses_post( $value['desc'] ) ) );
echo '<table class="form-table">'. "\n\n";
if ( isset($value['id'] ) && $value['id'] ) do_action( 'woocommerce_settings_' . sanitize_title($value['id'] ) );
break;
@ -532,7 +532,7 @@ function woocommerce_admin_fields( $options ) {
case 'text':
?><tr valign="top">
<th scope="row" class="titledesc">
<label for="<?php echo esc_attr( $value['id'] ); ?>"><?php echo $value['name']; ?></label>
<label for="<?php echo esc_attr( $value['id'] ); ?>"><?php echo esc_html( $value['name'] ); ?></label>
</th>
<td class="forminp"><input name="<?php echo esc_attr( $value['id'] ); ?>" id="<?php echo esc_attr( $value['id'] ); ?>" type="<?php echo esc_attr( $value['type'] ); ?>" style="<?php echo esc_attr( $value['css'] ); ?>" value="<?php if ( get_option( $value['id'] ) !== false && get_option( $value['id'] ) !== null ) { echo esc_attr( stripslashes( get_option($value['id'] ) ) ); } else { echo esc_attr( $value['std'] ); } ?>" /> <?php echo $description; ?></td>
</tr><?php
@ -540,14 +540,14 @@ function woocommerce_admin_fields( $options ) {
case 'color' :
?><tr valign="top">
<th scope="row" class="titledesc">
<label for="<?php echo esc_attr( $value['id'] ); ?>"><?php echo $value['name']; ?></label>
<label for="<?php echo esc_attr( $value['id'] ); ?>"><?php echo esc_html( $value['name'] ); ?></label>
</th>
<td class="forminp"><input name="<?php echo esc_attr( $value['id'] ); ?>" id="<?php echo esc_attr( $value['id'] ); ?>" type="text" style="<?php echo esc_attr( $value['css'] ); ?>" value="<?php if ( get_option( $value['id'] ) !== false && get_option( $value['id'] ) !== null ) { echo esc_attr( stripslashes( get_option($value['id'] ) ) ); } else { echo esc_attr( $value['std'] ); } ?>" class="colorpick" /> <?php echo $description; ?> <div id="colorPickerDiv_<?php echo esc_attr( $value['id'] ); ?>" class="colorpickdiv" style="z-index: 100;background:#eee;border:1px solid #ccc;position:absolute;display:none;"></div></td>
</tr><?php
break;
case 'image_width' :
?><tr valign="top">
<th scope="row" class="titledesc"><?php echo $value['name'] ?></th>
<th scope="row" class="titledesc"><?php echo esc_html( $value['name'] ) ?></th>
<td class="forminp">
<?php _e( 'Width', 'woocommerce' ); ?> <input name="<?php echo esc_attr( $value['id'] ); ?>_width" id="<?php echo esc_attr( $value['id'] ); ?>_width" type="text" size="3" value="<?php if ( $size = get_option( $value['id'].'_width') ) echo stripslashes($size); else echo $value['std']; ?>" />
@ -562,7 +562,7 @@ function woocommerce_admin_fields( $options ) {
case 'select':
?><tr valign="top">
<th scope="row" class="titledesc">
<label for="<?php echo esc_attr( $value['id'] ); ?>"><?php echo $value['name']; ?></label>
<label for="<?php echo esc_attr( $value['id'] ); ?>"><?php echo esc_html( $value['name'] ); ?></label>
</th>
<td class="forminp"><select name="<?php echo esc_attr( $value['id'] ); ?>" id="<?php echo esc_attr( $value['id'] ); ?>" style="<?php echo esc_attr( $value['css'] ); ?>" class="<?php if (isset($value['class'])) echo $value['class']; ?>">
<?php
@ -592,7 +592,7 @@ function woocommerce_admin_fields( $options ) {
if ($value['hide_if_checked']=='option') echo 'hide_options_if_checked';
if ($value['show_if_checked']=='option') echo 'show_options_if_checked';
?>">
<th scope="row" class="titledesc"><?php echo $value['name'] ?></th>
<th scope="row" class="titledesc"><?php echo esc_html( $value['name'] ) ?></th>
<td class="forminp">
<fieldset>
<?php
@ -607,10 +607,10 @@ function woocommerce_admin_fields( $options ) {
endif;
?>
<legend class="screen-reader-text"><span><?php echo $value['name'] ?></span></legend>
<legend class="screen-reader-text"><span><?php echo esc_html( $value['name'] ) ?></span></legend>
<label for="<?php echo $value['id'] ?>">
<input name="<?php echo esc_attr( $value['id'] ); ?>" id="<?php echo esc_attr( $value['id'] ); ?>" type="checkbox" value="1" <?php checked(get_option($value['id']), 'yes'); ?> />
<?php echo $value['desc'] ?></label> <?php if ( $value['desc_tip'] ) echo $description; ?><br />
<?php echo wp_kses_post( $value['desc'] ) ?></label> <?php if ( $value['desc_tip'] ) echo $description; ?><br />
<?php
if (!isset($value['checkboxgroup']) || (isset($value['checkboxgroup']) && $value['checkboxgroup']=='end')) :
@ -629,10 +629,10 @@ function woocommerce_admin_fields( $options ) {
case 'textarea':
?><tr valign="top">
<th scope="row" class="titledesc">
<label for="<?php echo esc_attr( $value['id'] ); ?>"><?php echo $value['name']; ?></label>
<label for="<?php echo esc_attr( $value['id'] ); ?>"><?php echo esc_html( $value['name'] ); ?></label>
</th>
<td class="forminp">
<?php if ( ! empty( $value['desc'] ) ) echo '<p style="margin-top:0;">' . $value['desc'] . '</p>'; ?>
<?php if ( ! empty( $value['desc'] ) ) echo '<p style="margin-top:0;">' . wp_kses_post( $value['desc'] ) . '</p>'; ?>
<textarea <?php if ( isset($value['args']) ) echo $value['args'] . ' '; ?>name="<?php echo esc_attr( $value['id'] ); ?>" id="<?php echo esc_attr( $value['id'] ); ?>" style="<?php echo esc_attr( $value['css'] ); ?>"><?php if (false !== get_option($value['id'])) echo esc_textarea(stripslashes(get_option($value['id']))); else echo esc_textarea( $value['std'] ); ?></textarea>
</td>
@ -653,7 +653,7 @@ function woocommerce_admin_fields( $options ) {
if( isset($value['args']) ) $args = wp_parse_args($value['args'], $args);
?><tr valign="top" class="single_select_page">
<th scope="row" class="titledesc"><?php echo $value['name'] ?></th>
<th scope="row" class="titledesc"><?php echo esc_html( $value['name'] ) ?></th>
<td class="forminp">
<?php echo str_replace(' id=', " data-placeholder='".__( 'Select a page&hellip;', 'woocommerce' )."' style='".$value['css']."' class='".$value['class']."' id=", wp_dropdown_pages($args)); ?> <?php echo $description; ?>
</td>
@ -671,7 +671,7 @@ function woocommerce_admin_fields( $options ) {
endif;
?><tr valign="top">
<th scope="row" class="titledesc">
<label for="<?php echo esc_attr( $value['id'] ); ?>"><?php echo $value['name']; ?></label>
<label for="<?php echo esc_attr( $value['id'] ); ?>"><?php echo esc_html( $value['name'] ); ?></label>
</th>
<td class="forminp"><select name="<?php echo esc_attr( $value['id'] ); ?>" style="<?php echo esc_attr( $value['css'] ); ?>" data-placeholder="<?php _e( 'Choose a country&hellip;', 'woocommerce' ); ?>" title="Country" class="chosen_select">
<?php echo $woocommerce->countries->country_dropdown_options($country, $state); ?>
@ -685,7 +685,7 @@ function woocommerce_admin_fields( $options ) {
$selections = (array) get_option($value['id']);
?><tr valign="top">
<th scope="row" class="titledesc">
<label for="<?php echo esc_attr( $value['id'] ); ?>"><?php echo $value['name']; ?></label>
<label for="<?php echo esc_attr( $value['id'] ); ?>"><?php echo esc_html( $value['name'] ); ?></label>
</th>
<td class="forminp">
<select multiple="multiple" name="<?php echo esc_attr( $value['id'] ); ?>[]" style="width:450px;" data-placeholder="<?php _e( 'Choose countries&hellip;', 'woocommerce' ); ?>" title="Country" class="chosen_select">

21
admin/woocommerce-admin-status.php
View File

@ -188,7 +188,7 @@ function woocommerce_status() {
if ( $alt == 1 ) echo '<tr>'; else echo '<tr>';
echo '<td>' . $page_name . '</td><td>';
echo '<td>' . esc_html( $page_name ) . '</td><td>';
$error = false;
@ -214,7 +214,7 @@ function woocommerce_status() {
}
if ( ! $error ) echo '<mark class="yes">#' . $page_id . ' - ' . get_permalink( $page_id ) . '</mark>';
if ( ! $error ) echo '<mark class="yes">#' . absint( $page_id ) . ' - ' . get_permalink( $page_id ) . '</mark>';
echo '</td></tr>';
@ -234,7 +234,7 @@ function woocommerce_status() {
<td><?php _e('Order Statuses','woocommerce')?></td>
<td><?php
$order_statuses = get_terms( 'shop_order_status', array( 'fields' => 'names', 'hide_empty' => 0 ) );
echo implode( ', ', $order_statuses );
echo implode( ', ', array_map( 'esc_html', $order_statuses ) );
?></td>
</tr>
</tbody>
@ -249,13 +249,14 @@ function woocommerce_status() {
<tr>
<td><?php _e('PHP Version','woocommerce')?></td>
<td><?php
if ( function_exists( 'phpversion' ) ) echo phpversion();
if ( function_exists( 'phpversion' ) )
echo esc_html( phpversion() );
?></td>
</tr>
<tr>
<td><?php _e('Server Software','woocommerce')?></td>
<td><?php
echo $_SERVER['SERVER_SOFTWARE'];
echo esc_html( $_SERVER['SERVER_SOFTWARE'] );
?></td>
</tr>
<tr>
@ -358,10 +359,10 @@ function woocommerce_status() {
<tbody>
<?php foreach($posting as $post) { $mark = ( isset( $post['success'] ) && $post['success'] == true ) ? 'yes' : 'error'; ?>
<tr>
<td><?php echo $post['name']; ?></td>
<td><?php echo esc_html( $post['name'] ); ?></td>
<td>
<mark class="<?php echo $mark; ?>">
<?php echo $post['note']; ?>
<?php echo esc_html( $post['note'] ); ?>
</mark>
</td>
</tr>
@ -377,11 +378,11 @@ function woocommerce_status() {
<tbody class="tools">
<?php foreach($tools as $action => $tool) { ?>
<tr>
<td><?php echo $tool['name']; ?></td>
<td><?php echo esc_html( $tool['name'] ); ?></td>
<td>
<p>
<a href="<?php echo wp_nonce_url( admin_url('admin.php?page=woocommerce_status&action=' . $action ), 'debug_action' ); ?>" class="button"><?php echo $tool['button']; ?></a>
<span class="description"><?php echo $tool['desc']; ?></span>
<a href="<?php echo wp_nonce_url( admin_url('admin.php?page=woocommerce_status&action=' . $action ), 'debug_action' ); ?>" class="button"><?php echo esc_html( $tool['button'] ); ?></a>
<span class="description"><?php echo wp_kses_post( $tool['desc'] ); ?></span>
</p>
</td>
</tr>

2
admin/woocommerce-admin-taxonomies.php
View File

@ -95,7 +95,7 @@ function woocommerce_edit_category_thumbnail_field( $term, $taxonomy ) {
global $woocommerce;
$image = '';
$thumbnail_id = get_woocommerce_term_meta( $term->term_id, 'thumbnail_id', true );
$thumbnail_id = absint( get_woocommerce_term_meta( $term->term_id, 'thumbnail_id', true ) );
if ($thumbnail_id) :
$image = wp_get_attachment_url( $thumbnail_id );
else :

12
admin/woocommerce-admin-users.php
View File

@ -47,13 +47,13 @@ function woocommerce_user_column_values( $value, $column_name, $user_id ) {
switch ($column_name) :
case "woocommerce_order_count" :
$count = $wpdb->get_var( "SELECT COUNT(*)
$count = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(*)
FROM $wpdb->posts
LEFT JOIN $wpdb->postmeta ON $wpdb->posts.ID = $wpdb->postmeta.post_id
WHERE meta_value = $user_id
AND meta_key = '_customer_user'
AND post_type IN ('shop_order')
AND post_status = 'publish'" );
AND post_status = 'publish'" ) );
$value = '<a href="'.admin_url('edit.php?post_status=all&post_type=shop_order&_customer_user='.$user_id.'').'">'.$count.'</a>';
@ -235,10 +235,10 @@ function woocommerce_customer_meta_fields( $user ) {
foreach( $fieldset['fields'] as $key => $field ) :
?>
<tr>
<th><label for="<?php echo $key; ?>"><?php echo $field['label']; ?></label></th>
<th><label for="<?php echo esc_attr( $key ); ?>"><?php echo esc_html( $field['label'] ); ?></label></th>
<td>
<input type="text" name="<?php echo $key; ?>" id="<?php echo $key; ?>" value="<?php echo esc_attr( get_user_meta( $user->ID, $key, true ) ); ?>" class="regular-text" /><br/>
<span class="description"><?php echo $field['description']; ?></span>
<input type="text" name="<?php echo esc_attr( $key ); ?>" id="<?php echo esc_attr( $key ); ?>" value="<?php echo esc_attr( get_user_meta( $user->ID, $key, true ) ); ?>" class="regular-text" /><br/>
<span class="description"><?php echo wp_kses_post( $field['description'] ); ?></span>
</td>
</tr>
<?php
@ -269,7 +269,7 @@ function woocommerce_save_customer_meta_fields( $user_id ) {
foreach( $save_fields as $fieldset )
foreach( $fieldset['fields'] as $key => $field )
if ( isset( $_POST[ $key ] ) )
update_user_meta( $user_id, $key, trim( esc_attr( $_POST[ $key ] ) ) );
update_user_meta( $user_id, $key, woocommerce_clean( $_POST[ $key ] ) );
}
add_action( 'personal_options_update', 'woocommerce_save_customer_meta_fields' );

2
classes/gateways/paypal/class-wc-paypal.php
View File

@ -135,7 +135,7 @@ class WC_Paypal extends WC_Payment_Gateway {
'title' => __( 'Description', 'woocommerce' ),
'type' => 'textarea',
'description' => __( 'This controls the description which the user sees during checkout.', 'woocommerce' ),
'default' => __("Pay via PayPal; you can pay with your credit card if you don't have a PayPal account", 'woocommerce')
'default' => __( 'Pay via PayPal; you can pay with your credit card if you don\'t have a PayPal account', 'woocommerce' )
),
'email' => array(
'title' => __( 'PayPal Email', 'woocommerce' ),

2
templates/emails/customer-new-account.php
View File

@ -13,7 +13,7 @@ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly ?>
<p><?php printf(__("Thanks for creating an account on %s. Your username is <strong>%s</strong>.", 'woocommerce'), esc_html( $blogname ), esc_html( $user_login ) ); ?></p>
<p><?php printf(__("You can access your account area here: %s.", 'woocommerce'), get_permalink(woocommerce_get_page_id('myaccount'))); ?></p>
<p><?php printf(__( 'You can access your account area here: %s.', 'woocommerce' ), get_permalink(woocommerce_get_page_id('myaccount'))); ?></p>
<div style="clear:both;"></div>

2
templates/emails/plain/customer-new-account.php
View File

@ -12,7 +12,7 @@ echo $email_heading . "\n\n";
echo sprintf( __( "Thanks for creating an account on %s. Your username is <strong>%s</strong>.", 'woocommerce' ), $blogname, $user_login ) . "\n\n";
echo sprintf(__("You can access your account area here: %s.", 'woocommerce'), get_permalink( woocommerce_get_page_id( 'myaccount' ) ) ) . "\n\n";
echo sprintf(__( 'You can access your account area here: %s.', 'woocommerce' ), get_permalink( woocommerce_get_page_id( 'myaccount' ) ) ) . "\n\n";
echo "\n****************************************************\n\n";