Merge remote-tracking branch 'woothemes/master'

.travis.yml

@@ -20,12 +20,6 @@ matrix:
   include:
   - php: 5.6
     env: WP_VERSION=latest WP_MULTISITE=1
-  - php: 5.6
-    env: WP_VERSION=4.3 WP_MULTISITE=0
-  - php: 5.6
-    env: WP_VERSION=4.2 WP_MULTISITE=0
-  - php: 5.6
-    env: WP_VERSION=4.1 WP_MULTISITE=0
 
 before_script:
   - bash tests/bin/install.sh woocommerce_test root '' localhost $WP_VERSION

assets/js/admin/wc-shipping-zones.js

@@ -123,7 +123,6 @@
 						$.each( zones, function( id, rowData ) {
 							view.renderRow( rowData );
 						} );
-
 					} else {
 						view.$el.append( $blank_template );
 					}
@@ -242,6 +241,8 @@
 							editing  : true
 						} );
 
+					$( '.wc-shipping-zones-blank-state' ).closest( 'tr' ).remove();
+
 					newRow.zone_order = 1 + _.max(
 						_.pluck( zones, 'zone_order' ),
 						function ( val ) {

assets/js/frontend/cart-fragments.js

@@ -70,6 +70,10 @@ jQuery( function( $ ) {
 		var cart_timeout = null,
 			day_in_ms    = ( 24 * 60 * 60 * 1000 );
 
+		$( document.body ).bind( 'wc_fragment_refresh updated_wc_div', function() {
+			refresh_cart_fragment();
+		});
+
 		$( document.body ).bind( 'added_to_cart', function( event, fragments, cart_hash ) {
 			var prev_cart_hash = sessionStorage.getItem( cart_hash_key );
 

assets/js/frontend/cart-fragments.min.js

@@ -1 +1 @@
-jQuery(function(a){function b(){e&&sessionStorage.setItem("wc_cart_created",(new Date).getTime())}function c(a){e&&(localStorage.setItem(f,a),sessionStorage.setItem(f,a))}function d(){a.ajax(h)}if("undefined"==typeof wc_cart_fragments_params)return!1;var e,f=wc_cart_fragments_params.ajax_url.toString()+"-wc_cart_hash";try{e="sessionStorage"in window&&null!==window.sessionStorage,window.sessionStorage.setItem("wc","test"),window.sessionStorage.removeItem("wc"),window.localStorage.setItem("wc","test"),window.localStorage.removeItem("wc")}catch(g){e=!1}var h={url:wc_cart_fragments_params.wc_ajax_url.toString().replace("%%endpoint%%","get_refreshed_fragments"),type:"POST",success:function(d){d&&d.fragments&&(a.each(d.fragments,function(b,c){a(b).replaceWith(c)}),e&&(sessionStorage.setItem(wc_cart_fragments_params.fragment_name,JSON.stringify(d.fragments)),c(d.cart_hash),d.cart_hash&&b()),a(document.body).trigger("wc_fragments_refreshed"))}};if(e){var i=null,j=864e5;a(document.body).bind("added_to_cart",function(a,d,e){var g=sessionStorage.getItem(f);null!==g&&void 0!==g&&""!==g||b(),sessionStorage.setItem(wc_cart_fragments_params.fragment_name,JSON.stringify(d)),c(e)}),a(document.body).bind("wc_fragments_refreshed",function(){clearTimeout(i),i=setTimeout(d,j)}),a(window).on("storage onstorage",function(a){f===a.originalEvent.key&&localStorage.getItem(f)!==sessionStorage.getItem(f)&&d()});try{var k=a.parseJSON(sessionStorage.getItem(wc_cart_fragments_params.fragment_name)),l=sessionStorage.getItem(f),m=a.cookie("woocommerce_cart_hash"),n=sessionStorage.getItem("wc_cart_created");if(null!==l&&void 0!==l&&""!==l||(l=""),null!==m&&void 0!==m&&""!==m||(m=""),l&&(null===n||void 0===n||""===n))throw"No cart_created";if(n){var o=1*n+j,p=(new Date).getTime();if(p>o)throw"Fragment expired";i=setTimeout(d,o-p)}if(!k||!k["div.widget_shopping_cart_content"]||l!==m)throw"No fragment";a.each(k,function(b,c){a(b).replaceWith(c)}),a(document.body).trigger("wc_fragments_loaded")}catch(g){d()}}else d();a.cookie("woocommerce_items_in_cart")>0?a(".hide_cart_widget_if_empty").closest(".widget_shopping_cart").show():a(".hide_cart_widget_if_empty").closest(".widget_shopping_cart").hide(),a(document.body).bind("adding_to_cart",function(){a(".hide_cart_widget_if_empty").closest(".widget_shopping_cart").show()})});
+jQuery(function(a){function b(){e&&sessionStorage.setItem("wc_cart_created",(new Date).getTime())}function c(a){e&&(localStorage.setItem(f,a),sessionStorage.setItem(f,a))}function d(){a.ajax(h)}if("undefined"==typeof wc_cart_fragments_params)return!1;var e,f=wc_cart_fragments_params.ajax_url.toString()+"-wc_cart_hash";try{e="sessionStorage"in window&&null!==window.sessionStorage,window.sessionStorage.setItem("wc","test"),window.sessionStorage.removeItem("wc"),window.localStorage.setItem("wc","test"),window.localStorage.removeItem("wc")}catch(g){e=!1}var h={url:wc_cart_fragments_params.wc_ajax_url.toString().replace("%%endpoint%%","get_refreshed_fragments"),type:"POST",success:function(d){d&&d.fragments&&(a.each(d.fragments,function(b,c){a(b).replaceWith(c)}),e&&(sessionStorage.setItem(wc_cart_fragments_params.fragment_name,JSON.stringify(d.fragments)),c(d.cart_hash),d.cart_hash&&b()),a(document.body).trigger("wc_fragments_refreshed"))}};if(e){var i=null,j=864e5;a(document.body).bind("wc_fragment_refresh updated_wc_div",function(){d()}),a(document.body).bind("added_to_cart",function(a,d,e){var g=sessionStorage.getItem(f);null!==g&&void 0!==g&&""!==g||b(),sessionStorage.setItem(wc_cart_fragments_params.fragment_name,JSON.stringify(d)),c(e)}),a(document.body).bind("wc_fragments_refreshed",function(){clearTimeout(i),i=setTimeout(d,j)}),a(window).on("storage onstorage",function(a){f===a.originalEvent.key&&localStorage.getItem(f)!==sessionStorage.getItem(f)&&d()});try{var k=a.parseJSON(sessionStorage.getItem(wc_cart_fragments_params.fragment_name)),l=sessionStorage.getItem(f),m=a.cookie("woocommerce_cart_hash"),n=sessionStorage.getItem("wc_cart_created");if(null!==l&&void 0!==l&&""!==l||(l=""),null!==m&&void 0!==m&&""!==m||(m=""),l&&(null===n||void 0===n||""===n))throw"No cart_created";if(n){var o=1*n+j,p=(new Date).getTime();if(p>o)throw"Fragment expired";i=setTimeout(d,o-p)}if(!k||!k["div.widget_shopping_cart_content"]||l!==m)throw"No fragment";a.each(k,function(b,c){a(b).replaceWith(c)}),a(document.body).trigger("wc_fragments_loaded")}catch(g){d()}}else d();a.cookie("woocommerce_items_in_cart")>0?a(".hide_cart_widget_if_empty").closest(".widget_shopping_cart").show():a(".hide_cart_widget_if_empty").closest(".widget_shopping_cart").hide(),a(document.body).bind("adding_to_cart",function(){a(".hide_cart_widget_if_empty").closest(".widget_shopping_cart").show()})});

includes/admin/class-wc-admin-permalink-settings.php

@@ -163,46 +163,43 @@ class WC_Admin_Permalink_Settings {
 	 * Save the settings.
 	 */
 	public function settings_save() {
-
 		if ( ! is_admin() ) {
 			return;
 		}
 
+		global $wpdb;
+
 		// We need to save the options ourselves; settings api does not trigger save for the permalinks page.
 		if ( isset( $_POST['permalink_structure'] ) ) {
-			// Cat and tag bases.
-			$woocommerce_product_category_slug  = wc_clean( $_POST['woocommerce_product_category_slug'] );
-			$woocommerce_product_tag_slug       = wc_clean( $_POST['woocommerce_product_tag_slug'] );
-			$woocommerce_product_attribute_slug = wc_clean( $_POST['woocommerce_product_attribute_slug'] );
-			$permalinks                         = get_option( 'woocommerce_permalinks' );
+			$permalinks = get_option( 'woocommerce_permalinks' );
 
 			if ( ! $permalinks ) {
 				$permalinks = array();
 			}
 
-			$permalinks['category_base']    = untrailingslashit( $woocommerce_product_category_slug );
-			$permalinks['tag_base']         = untrailingslashit( $woocommerce_product_tag_slug );
-			$permalinks['attribute_base']   = untrailingslashit( $woocommerce_product_attribute_slug );
+			$permalinks['category_base']    = wc_sanitize_permalink( trim( $_POST['woocommerce_product_category_slug'] ) );
+			$permalinks['tag_base']         = wc_sanitize_permalink( trim( $_POST['woocommerce_product_tag_slug'] ) );
+			$permalinks['attribute_base']   = wc_sanitize_permalink( trim( $_POST['woocommerce_product_attribute_slug'] ) );
 
 			// Product base.
 			$product_permalink = isset( $_POST['product_permalink'] ) ? wc_clean( $_POST['product_permalink'] ) : '';
 
 			if ( 'custom' === $product_permalink ) {
-				// Get permalink without slashes.
-				$product_permalink = isset( $_POST['product_permalink_structure'] ) ? trim( wc_clean( $_POST['product_permalink_structure'] ), '/' ) : '';
+				if ( isset( $_POST['product_permalink_structure'] ) ) {
+					$product_permalink = preg_replace( '#/+#', '/', '/' . str_replace( '#', '', trim( $_POST['product_permalink_structure'] ) ) );
+				} else {
+					$product_permalink = '/';
+				}
 
 				// This is an invalid base structure and breaks pages.
 				if ( '%product_cat%' == $product_permalink ) {
-					$product_permalink = _x( 'product', 'slug', 'woocommerce' ) . '/' . $product_permalink;
+					$product_permalink = '/' . _x( 'product', 'slug', 'woocommerce' ) . '/' . $product_permalink;
 				}
-
-				// Prepending slash.
-				$product_permalink = '/' . $product_permalink;
 			} elseif ( empty( $product_permalink ) ) {
 				$product_permalink = false;
 			}
 
-			$permalinks['product_base'] = untrailingslashit( $product_permalink );
+			$permalinks['product_base'] = wc_sanitize_permalink( $product_permalink );
 
 			// Shop base may require verbose page rules if nesting pages.
 			$shop_page_id   = wc_get_page_id( 'shop' );

includes/class-wc-form-handler.php

@@ -853,7 +853,10 @@ class WC_Form_Handler {
 	 * Process the login form.
 	 */
 	public static function process_login() {
-		if ( ! empty( $_POST['login'] ) && ! empty( $_POST['_wpnonce'] ) && wp_verify_nonce( $_POST['_wpnonce'], 'woocommerce-login' ) ) {
+		$nonce_value = isset( $_POST['_wpnonce'] ) ? $_POST['_wpnonce'] : '';
+		$nonce_value = isset( $_POST['woocommerce-login-nonce'] ) ? $_POST['woocommerce-login-nonce'] : $nonce_value;
+
+		if ( ! empty( $_POST['login'] ) && wp_verify_nonce( $nonce_value, 'woocommerce-login' ) ) {
 
 			try {
 				$creds    = array();
@@ -980,7 +983,10 @@ class WC_Form_Handler {
 	 * Process the registration form.
 	 */
 	public static function process_registration() {
-		if ( ! empty( $_POST['register'] ) && isset( $_POST['_wpnonce'] ) && wp_verify_nonce( $_POST['_wpnonce'], 'woocommerce-register' ) ) {
+		$nonce_value = isset( $_POST['_wpnonce'] ) ? $_POST['_wpnonce'] : '';
+		$nonce_value = isset( $_POST['woocommerce-register-nonce'] ) ? $_POST['woocommerce-register-nonce'] : $nonce_value;
+
+		if ( ! empty( $_POST['register'] ) && wp_verify_nonce( $nonce_value, 'woocommerce-register' ) ) {
 			$username = 'no' === get_option( 'woocommerce_registration_generate_username' ) ? $_POST['username'] : '';
 			$password = 'no' === get_option( 'woocommerce_registration_generate_password' ) ? $_POST['password'] : '';
 			$email    = $_POST['email'];

includes/class-wc-geolocation.php

@@ -123,29 +123,34 @@ class WC_Geolocation {
 	 * @return array
 	 */
 	public static function geolocate_ip( $ip_address = '', $fallback = true, $api_fallback = true ) {
-		// If GEOIP is enabled in CloudFlare, we can use that (Settings -> CloudFlare Settings -> Settings Overview)
-		if ( ! empty( $_SERVER['HTTP_CF_IPCOUNTRY'] ) ) {
-			$country_code = sanitize_text_field( strtoupper( $_SERVER['HTTP_CF_IPCOUNTRY'] ) );
-		} else {
-			$ip_address = $ip_address ? $ip_address : self::get_ip_address();
+		// Filter to allow custom geolocation of the IP address.
+		$country_code = apply_filters( 'woocommerce_geolocate_ip', false, $ip_address, $fallback, $api_fallback );
 
-			if ( self::is_IPv6( $ip_address ) ) {
-				$database = self::get_local_database_path( 'v6' );
+		if ( false === $country_code ) {
+			// If GEOIP is enabled in CloudFlare, we can use that (Settings -> CloudFlare Settings -> Settings Overview)
+			if ( ! empty( $_SERVER['HTTP_CF_IPCOUNTRY'] ) ) {
+				$country_code = sanitize_text_field( strtoupper( $_SERVER['HTTP_CF_IPCOUNTRY'] ) );
 			} else {
-				$database = self::get_local_database_path();
-			}
+				$ip_address = $ip_address ? $ip_address : self::get_ip_address();
 
-			if ( file_exists( $database ) ) {
-				$country_code = self::geolocate_via_db( $ip_address );
-			} elseif ( $api_fallback ) {
-				$country_code = self::geolocate_via_api( $ip_address );
-			} else {
-				$country_code = '';
-			}
+				if ( self::is_IPv6( $ip_address ) ) {
+					$database = self::get_local_database_path( 'v6' );
+				} else {
+					$database = self::get_local_database_path();
+				}
 
-			if ( ! $country_code && $fallback ) {
-				// May be a local environment - find external IP
-				return self::geolocate_ip( self::get_external_ip_address(), false, $api_fallback );
+				if ( file_exists( $database ) ) {
+					$country_code = self::geolocate_via_db( $ip_address );
+				} elseif ( $api_fallback ) {
+					$country_code = self::geolocate_via_api( $ip_address );
+				} else {
+					$country_code = '';
+				}
+
+				if ( ! $country_code && $fallback ) {
+					// May be a local environment - find external IP
+					return self::geolocate_ip( self::get_external_ip_address(), false, $api_fallback );
+				}
 			}
 		}
 

includes/class-wc-shortcodes.php

@@ -821,6 +821,9 @@ class WC_Shortcodes {
 
 		ob_start();
 
+		// Rename arg
+		$atts['posts_per_page'] = absint( $atts['per_page'] );
+
 		woocommerce_related_products( $atts );
 
 		return ob_get_clean();

includes/wc-formatting-functions.php

@@ -26,6 +26,29 @@ function wc_sanitize_taxonomy_name( $taxonomy ) {
 	return apply_filters( 'sanitize_taxonomy_name', urldecode( sanitize_title( $taxonomy ) ), $taxonomy );
 }
 
+/**
+ * Sanitize permalink values before insertion into DB.
+ *
+ * Cannot use wc_clean because it sometimes strips % chars and breaks the user's setting.
+ *
+ * @since 2.6.0
+ * @param string $taxonomy
+ * @return string
+ */
+function wc_sanitize_permalink( $value ) {
+	global $wpdb;
+
+	$value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', $value );
+
+	if ( is_wp_error( $value ) ) {
+		$value = '';
+	}
+
+	$value = esc_url_raw( $value );
+	$value = str_replace( 'http://', '', $value );
+	return untrailingslashit( $value );
+}
+
 /**
  * Gets the filename part of a download URL.
  *

includes/widgets/class-wc-widget-layered-nav.php

@@ -148,6 +148,15 @@ class WC_Widget_Layered_Nav extends WC_Widget {
 			return;
 		}
 
+		switch ( $orderby ) {
+			case 'name_num' :
+				usort( $terms, '_wc_get_product_terms_name_num_usort_callback' );
+			break;
+			case 'parent' :
+				usort( $terms, '_wc_get_product_terms_parent_usort_callback' );
+			break;
+		}
+
 		ob_start();
 
 		$this->widget_start( $args, $instance );
@@ -424,9 +433,11 @@ class WC_Widget_Layered_Nav extends WC_Widget {
 
 			echo esc_html( $term->name );
 
-			echo ( $count > 0 || $option_is_set ) ? '</a>' : '</span>';
+			echo ( $count > 0 || $option_is_set ) ? '</a> ' : '</span> ';
 
-			echo ' <span class="count">(' . absint( $count ) . ')</span></li>';
+			echo apply_filters( 'woocommerce_layered_nav_count', '<span class="count">(' . absint( $count ) . ')</span>', $count, $term );
+
+			echo '</li>';
 		}
 
 		echo '</ul>';

templates/myaccount/form-login.php

@@ -52,7 +52,7 @@ if ( ! defined( 'ABSPATH' ) ) {
 			<?php do_action( 'woocommerce_login_form' ); ?>
 
 			<p class="form-row">
-				<?php wp_nonce_field( 'woocommerce-login' ); ?>
+				<?php wp_nonce_field( 'woocommerce-login', 'woocommerce-login-nonce' ); ?>
 				<input type="submit" class="woocommerce-Button button" name="login" value="<?php esc_attr_e( 'Login', 'woocommerce' ); ?>" />
 				<label for="rememberme" class="inline">
 					<input class="woocommerce-Input woocommerce-Input--checkbox" name="rememberme" type="checkbox" id="rememberme" value="forever" /> <?php _e( 'Remember me', 'woocommerce' ); ?>
@@ -108,7 +108,7 @@ if ( ! defined( 'ABSPATH' ) ) {
 			<?php do_action( 'register_form' ); ?>
 
 			<p class="woocomerce-FormRow form-row">
-				<?php wp_nonce_field( 'woocommerce-register' ); ?>
+				<?php wp_nonce_field( 'woocommerce-register', 'woocommerce-register-nonce' ); ?>
 				<input type="submit" class="woocommerce-Button button" name="register" value="<?php esc_attr_e( 'Register', 'woocommerce' ); ?>" />
 			</p>
 

woocommerce.php

@@ -3,7 +3,7 @@
  * Plugin Name: WooCommerce
  * Plugin URI: https://www.woothemes.com/woocommerce/
  * Description: An e-commerce toolkit that helps you sell anything. Beautifully.
- * Version: 2.6.0-beta-4
+ * Version: 2.6.0-RC1
  * Author: WooThemes
  * Author URI: https://woothemes.com
  * Requires at least: 4.1