Steve-Dee-Designs
/
woocommerce
mirror of https://github.com/woocommerce/woocommerce.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

For file URLs and images, run the URL through esc_url_raw rather than wc_clean (which removes/strips things like entities).

This commit is contained in:
Justin Shreve 2015-06-10 15:34:36 +00:00
parent 12c81120ca
commit 7c3774e65f
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
includes/api/class-wc-api-products.php
View File

@ -1603,7 +1603,7 @@ class WC_API_Products extends WC_API_Resource {
} }
$file_name = isset( $file['name'] ) ? wc_clean( $file['name'] ) : ''; $file_name = isset( $file['name'] ) ? wc_clean( $file['name'] ) : '';
$file_url = wc_clean( $file['file'] ); $file_url = esc_url_raw( $file['file'] );
$files[ md5( $file_url ) ] = array( $files[ md5( $file_url ) ] = array(
'name' => $file_name, 'name' => $file_name,
@ -1734,7 +1734,7 @@ class WC_API_Products extends WC_API_Resource {
$attachment_id = isset( $image['id'] ) ? absint( $image['id'] ) : 0; $attachment_id = isset( $image['id'] ) ? absint( $image['id'] ) : 0;
if ( 0 === $attachment_id && isset( $image['src'] ) ) { if ( 0 === $attachment_id && isset( $image['src'] ) ) {
$upload = $this->upload_product_image( wc_clean( $image['src'] ) ); $upload = $this->upload_product_image( esc_url_raw( $image['src'] ) );
if ( is_wp_error( $upload ) ) { if ( is_wp_error( $upload ) ) {
throw new WC_API_Exception( 'woocommerce_api_cannot_upload_product_image', $upload->get_error_message(), 400 ); throw new WC_API_Exception( 'woocommerce_api_cannot_upload_product_image', $upload->get_error_message(), 400 );
@ -1748,7 +1748,7 @@ class WC_API_Products extends WC_API_Resource {
$attachment_id = isset( $image['id'] ) ? absint( $image['id'] ) : 0; $attachment_id = isset( $image['id'] ) ? absint( $image['id'] ) : 0;
if ( 0 === $attachment_id && isset( $image['src'] ) ) { if ( 0 === $attachment_id && isset( $image['src'] ) ) {
$upload = $this->upload_product_image( wc_clean( $image['src'] ) ); $upload = $this->upload_product_image( esc_url_raw( $image['src'] ) );
if ( is_wp_error( $upload ) ) { if ( is_wp_error( $upload ) ) {
throw new WC_API_Exception( 'woocommerce_api_cannot_upload_product_image', $upload->get_error_message(), 400 ); throw new WC_API_Exception( 'woocommerce_api_cannot_upload_product_image', $upload->get_error_message(), 400 );