Steve-Dee-Designs
/
woocommerce
mirror of https://github.com/woocommerce/woocommerce.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #14074 from woocommerce/fix/14067 

Fixed sanitization of order items meta data
This commit is contained in:
Claudio Sanches 2017-04-06 18:14:34 -03:00 committed by GitHub
parent ee76842edb af7f271de1
commit 56b8a4661a
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
includes/admin/wc-admin-functions.php
View File

@ -224,7 +224,7 @@ function wc_save_order_items( $order_id, $items ) {
if ( isset( $items['meta_key'][ $item_id ], $items['meta_value'][ $item_id ] ) ) { if ( isset( $items['meta_key'][ $item_id ], $items['meta_value'][ $item_id ] ) ) {
foreach ( $items['meta_key'][ $item_id ] as $meta_id => $meta_key ) { foreach ( $items['meta_key'][ $item_id ] as $meta_id => $meta_key ) {
$meta_value = isset( $items['meta_value'][ $item_id ][ $meta_id ] ) ? $items['meta_value'][ $item_id ][ $meta_id ] : ''; $meta_value = isset( $items['meta_value'][ $item_id ][ $meta_id ] ) ? wp_unslash( $items['meta_value'][ $item_id ][ $meta_id ] ) : '';
if ( '' === $meta_key && '' === $meta_value ) { if ( '' === $meta_key && '' === $meta_value ) {
if ( ! strstr( $meta_id, 'new-' ) ) { if ( ! strstr( $meta_id, 'new-' ) ) {
@ -250,6 +250,7 @@ function wc_save_order_items( $order_id, $items ) {
'shipping_cost' => 0, 'shipping_cost' => 0,
'shipping_taxes' => array(), 'shipping_taxes' => array(),
); );
foreach ( $items['shipping_method_id'] as $item_id ) { foreach ( $items['shipping_method_id'] as $item_id ) {
if ( ! $item = $order->get_item( absint( $item_id ) ) ) { if ( ! $item = $order->get_item( absint( $item_id ) ) ) {
continue; continue;
@ -258,7 +259,7 @@ function wc_save_order_items( $order_id, $items ) {
$item_data = array(); $item_data = array();
foreach ( $data_keys as $key => $default ) { foreach ( $data_keys as $key => $default ) {
$item_data[ $key ] = isset( $items[ $key ][ $item_id ] ) ? $items[ $key ][ $item_id ] : $default; $item_data[ $key ] = isset( $items[ $key ][ $item_id ] ) ? wc_clean( wp_unslash( $items[ $key ][ $item_id ] ) ) : $default;
} }
$item->set_props( array( $item->set_props( array(
@ -272,7 +273,7 @@ function wc_save_order_items( $order_id, $items ) {
if ( isset( $items['meta_key'][ $item_id ], $items['meta_value'][ $item_id ] ) ) { if ( isset( $items['meta_key'][ $item_id ], $items['meta_value'][ $item_id ] ) ) {
foreach ( $items['meta_key'][ $item_id ] as $meta_id => $meta_key ) { foreach ( $items['meta_key'][ $item_id ] as $meta_id => $meta_key ) {
$meta_value = isset( $items['meta_value'][ $item_id ][ $meta_id ] ) ? $items['meta_value'][ $item_id ][ $meta_id ] : ''; $meta_value = isset( $items['meta_value'][ $item_id ][ $meta_id ] ) ? wp_unslash( $items['meta_value'][ $item_id ][ $meta_id ] ) : '';
if ( '' === $meta_key && '' === $meta_value ) { if ( '' === $meta_key && '' === $meta_value ) {
if ( ! strstr( $meta_id, 'new-' ) ) { if ( ! strstr( $meta_id, 'new-' ) ) {