Steve-Dee-Designs
/
woocommerce
mirror of https://github.com/woocommerce/woocommerce.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #16111 from woocommerce/fix/15986 

Improve tracking page validation
This commit is contained in:
Mike Jolley 2017-07-25 21:04:16 +01:00 committed by GitHub
parent ead381f500 15c4910014
commit 889a3cfdd5
2 changed files with 14 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
includes/shortcodes/class-wc-shortcode-order-tracking.php
View File

@ -32,7 +32,6 @@ class WC_Shortcode_Order_Tracking {
* @param array $atts
*/
public static function output( $atts ) {
// Check cart class is loaded or abort
if ( is_null( WC()->cart ) ) {
return;
@ -40,31 +39,26 @@ class WC_Shortcode_Order_Tracking {
extract( shortcode_atts( array(), $atts, 'woocommerce_order_tracking' ) );
global $post;
if ( isset( $_REQUEST['orderid'], $_POST['_wpnonce'] ) && wp_verify_nonce( $_POST['_wpnonce'], 'woocommerce-order_tracking' ) ) {
if ( ! empty( $_REQUEST['orderid'] ) && isset( $_POST['_wpnonce'] ) && wp_verify_nonce( $_POST['_wpnonce'], 'woocommerce-order_tracking' ) ) {
$order_id = empty( $_REQUEST['orderid'] ) ? 0 : esc_attr( $_REQUEST['orderid'] );
$order_email = empty( $_REQUEST['order_email'] ) ? '' : esc_attr( $_REQUEST['order_email'] );
$order_id = empty( $_REQUEST['orderid'] ) ? 0 : wc_clean( ltrim( $_REQUEST['orderid'], '#' ) );
$order_email = empty( $_REQUEST['order_email'] ) ? '' : sanitize_email( $_REQUEST['order_email'] );
if ( ! $order_id ) {
wc_add_notice( __( 'Please enter a valid order ID', 'woocommerce' ), 'error' );
} elseif ( ! $order_email ) {
wc_add_notice( __( 'Please enter a valid order email', 'woocommerce' ), 'error' );
wc_add_notice( __( 'Please enter a valid email address', 'woocommerce' ), 'error' );
} else {
$order = wc_get_order( apply_filters( 'woocommerce_shortcode_order_tracking_order_id', $order_id ) );
if ( $order && $order->get_id() && $order_email ) {
if ( strtolower( $order->get_billing_email() ) == strtolower( $order_email ) ) {
do_action( 'woocommerce_track_order', $order->get_id() );
wc_get_template( 'order/tracking.php', array(
'order' => $order,
) );
return;
}
if ( $order && $order->get_id() && strtolower( $order->get_billing_email() ) === strtolower( $order_email ) ) {
do_action( 'woocommerce_track_order', $order->get_id() );
wc_get_template( 'order/tracking.php', array(
'order' => $order,
) );
return;
} else {
wc_add_notice( __( 'Sorry, we could not find that order ID in our database.', 'woocommerce' ), 'error' );
wc_add_notice( __( 'Sorry, the order could not be found. Please contact us if you are having difficulty finding your order details.', 'woocommerce' ), 'error' );
}
}
}

6
templates/order/form-tracking.php
View File

@ -13,7 +13,7 @@
* @see https://docs.woocommerce.com/document/template-structure/
* @author WooThemes
* @package WooCommerce/Templates
* @version 1.6.4
* @version 3.2.0
*/
if ( ! defined( 'ABSPATH' ) ) {
@ -28,8 +28,8 @@ global $post;
<p><?php _e( 'To track your order please enter your Order ID in the box below and press the "Track" button. This was given to you on your receipt and in the confirmation email you should have received.', 'woocommerce' ); ?></p>
<p class="form-row form-row-first"><label for="orderid"><?php _e( 'Order ID', 'woocommerce' ); ?></label> <input class="input-text" type="text" name="orderid" id="orderid" placeholder="<?php esc_attr_e( 'Found in your order confirmation email.', 'woocommerce' ); ?>" /></p>
<p class="form-row form-row-last"><label for="order_email"><?php _e( 'Billing email', 'woocommerce' ); ?></label> <input class="input-text" type="text" name="order_email" id="order_email" placeholder="<?php esc_attr_e( 'Email you used during checkout.', 'woocommerce' ); ?>" /></p>
<p class="form-row form-row-first"><label for="orderid"><?php _e( 'Order ID', 'woocommerce' ); ?></label> <input class="input-text" type="text" name="orderid" id="orderid" value="<?php echo isset( $_REQUEST['orderid'] ) ? esc_attr( $_REQUEST['orderid'] ) : ''; ?>" placeholder="<?php esc_attr_e( 'Found in your order confirmation email.', 'woocommerce' ); ?>" /></p>
<p class="form-row form-row-last"><label for="order_email"><?php _e( 'Billing email', 'woocommerce' ); ?></label> <input class="input-text" type="text" name="order_email" id="order_email" value="<?php echo isset( $_REQUEST['order_email'] ) ? esc_attr( $_REQUEST['order_email'] ) : ''; ?>" placeholder="<?php esc_attr_e( 'Email you used during checkout.', 'woocommerce' ); ?>" /></p>
<div class="clear"></div>
<p class="form-row"><input type="submit" class="button" name="track" value="<?php esc_attr_e( 'Track', 'woocommerce' ); ?>" /></p>