Steve-Dee-Designs
/
woocommerce
mirror of https://github.com/woocommerce/woocommerce.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #20162 from woocommerce/fix/20133-string-parsing 

Improve external product string parsing
This commit is contained in:
Mike Jolley 2018-05-22 13:54:03 +01:00 committed by GitHub
parent bcd2aa05d3 6e0d0fe6ed
commit 5afb40fcbb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 14 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
includes/class-wc-product-external.php
View File

@ -49,7 +49,7 @@ class WC_Product_External extends WC_Product {
* @return string * @return string
*/ */
public function get_product_url( $context = 'view' ) { public function get_product_url( $context = 'view' ) {
return esc_url( $this->get_prop( 'product_url', $context ) ); return esc_url_raw( $this->get_prop( 'product_url', $context ) );
} }
/** /**
@ -79,7 +79,7 @@ class WC_Product_External extends WC_Product {
* @param string $product_url Product URL. * @param string $product_url Product URL.
*/ */
public function set_product_url( $product_url ) { public function set_product_url( $product_url ) {
$this->set_prop( 'product_url', $product_url ); $this->set_prop( 'product_url', htmlspecialchars_decode( $product_url ) );
} }
/** /**

15
includes/wc-template-functions.php
View File

@ -655,15 +655,22 @@ function wc_product_class( $class = '', $product_id = null ) {
* Outputs hidden form inputs for each query string variable. * Outputs hidden form inputs for each query string variable.
* *
* @since 3.0.0 * @since 3.0.0
* @param array $values Name value pairs. * @param string|array $values Name value pairs, or a URL to parse.
* @param array $exclude Keys to exclude. * @param array $exclude Keys to exclude.
* @param string $current_key Current key we are outputting. * @param string $current_key Current key we are outputting.
* @param bool $return Whether to return. * @param bool $return Whether to return.
* @return string * @return string
*/ */
function wc_query_string_form_fields( $values = null, $exclude = array(), $current_key = '', $return = false ) { function wc_query_string_form_fields( $values = null, $exclude = array(), $current_key = '', $return = false ) {
if ( is_null( $values ) ) { if ( is_null( $values ) ) {
$values = $_GET; // WPCS: input var ok, CSRF ok. $values = $_GET; // WPCS: input var ok, CSRF ok.
} elseif ( is_string( $values ) ) {
$url_parts = wp_parse_url( $values );
$values = array();
if ( ! empty( $url_parts['query'] ) ) {
parse_str( $url_parts['query'], $values );
}
} }
$html = ''; $html = '';

9
templates/single-product/add-to-cart/external.php
View File

@ -17,13 +17,6 @@
defined( 'ABSPATH' ) || exit; defined( 'ABSPATH' ) || exit;
$product_url_parts = wp_parse_url( $product_url );
$query_string = array();
if ( ! empty( $product_url_parts['query'] ) ) {
parse_str( $product_url_parts['query'], $query_string );
}
do_action( 'woocommerce_before_add_to_cart_form' ); ?> do_action( 'woocommerce_before_add_to_cart_form' ); ?>
<form class="cart" action="<?php echo esc_url( $product_url ); ?>" method="get"> <form class="cart" action="<?php echo esc_url( $product_url ); ?>" method="get">
@ -31,7 +24,7 @@ do_action( 'woocommerce_before_add_to_cart_form' ); ?>
<button type="submit" class="single_add_to_cart_button button alt"><?php echo esc_html( $button_text ); ?></button> <button type="submit" class="single_add_to_cart_button button alt"><?php echo esc_html( $button_text ); ?></button>
<?php wc_query_string_form_fields( $query_string ); ?> <?php wc_query_string_form_fields( $product_url ); ?>
<?php do_action( 'woocommerce_after_add_to_cart_button' ); ?> <?php do_action( 'woocommerce_after_add_to_cart_button' ); ?>
</form> </form>