From f39c4e3626bcd6ad43c07f1dba8cb4048f190ebb Mon Sep 17 00:00:00 2001
From: Scott Basgaard <scottbasgaard@Scotts-iMac.local>
Date: Thu, 26 Jul 2012 09:32:55 +0200
Subject: [PATCH] Use esc_attr() instead of absint() sanitizing an order ID.

Extensions like Sequential Order Numbers Pro allow alphanumeric Order ID's.
---
 shortcodes/shortcode-order_tracking.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/shortcodes/shortcode-order_tracking.php b/shortcodes/shortcode-order_tracking.php
index d6760e15cb4..0b4d8304a3a 100644
--- a/shortcodes/shortcode-order_tracking.php
+++ b/shortcodes/shortcode-order_tracking.php
@@ -27,7 +27,7 @@ function woocommerce_order_tracking( $atts ) {
 		
 		$woocommerce->verify_nonce( 'order_tracking' );
 		
-		$order_id 		= empty( $_POST['orderid'] ) ? 0 : absint( $_POST['orderid'] );
+		$order_id 		= empty( $_POST['orderid'] ) ? 0 : esc_attr( $_POST['orderid'] );
 		$order_email	= empty( $_POST['order_email'] ) ? '' : esc_attr( $_POST['order_email']) ;
 		
 		if ( ! $order_id ) {