Steve-Dee-Designs
/
woocommerce
mirror of https://github.com/woocommerce/woocommerce.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Encoding issues in attributes/variations

This commit is contained in:
Mike Jolley 2011-11-18 17:27:45 +00:00
parent 1b16599831
commit 8b4e811346
5 changed files with 25 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
admin/writepanels/writepanel-product-type-variable.php
View File

@ -254,7 +254,7 @@ function variable_product_write_panel_js() {
if ($attribute['is_taxonomy']) : if ($attribute['is_taxonomy']) :
$post_terms = wp_get_post_terms( $post->ID, $attribute['name'] ); $post_terms = wp_get_post_terms( $post->ID, $attribute['name'] );
foreach ($post_terms as $term) : foreach ($post_terms as $term) :
echo '<option value="'.$term->slug.'">'.$term->name.'</option>'; echo '<option value="'.$term->slug.'">'.esc_html($term->name).'</option>';
endforeach; endforeach;
else : else :
$options = explode('|', $attribute['value']); $options = explode('|', $attribute['value']);

2
admin/writepanels/writepanel-product_data.php
View File

@ -504,7 +504,7 @@ function woocommerce_process_product_meta( $post_id, $post ) {
endif; endif;
else : else :
// Format values // Format values
$values = htmlspecialchars(stripslashes($attribute_values[$i])); $values = esc_html(stripslashes($attribute_values[$i]));
// Text based, separate by pipe // Text based, separate by pipe
$values = explode('|', $values); $values = explode('|', $values);
$values = array_map('trim', $values); $values = array_map('trim', $values);

23
assets/js/woocommerce.js
View File

@ -275,6 +275,9 @@ jQuery(document).ready(function($) {
var variation = product_variations[i]; var variation = product_variations[i];
var variation_id = variation.variation_id; var variation_id = variation.variation_id;
//console.debug(variation.attributes);
//console.debug(settings);
if(variations_match(variation.attributes, settings)) { if(variations_match(variation.attributes, settings)) {
matching.push(variation); matching.push(variation);
} }
@ -305,7 +308,17 @@ jQuery(document).ready(function($) {
if(attr_name == current_attr_name) { if(attr_name == current_attr_name) {
if (attr_val) { if (attr_val) {
// Decode entities
attr_val = $("<div/>").html( attr_val ).text();
// Add slashes
attr_val = attr_val.replace(/'/g, "\\'");
attr_val = attr_val.replace(/"/g, "\\\"");
// Compare the meercat
current_attr_select.find('option[value="'+attr_val+'"]').removeAttr('disabled'); current_attr_select.find('option[value="'+attr_val+'"]').removeAttr('disabled');
} else { } else {
current_attr_select.find('option').removeAttr('disabled'); current_attr_select.find('option').removeAttr('disabled');
} }
@ -364,9 +377,13 @@ jQuery(document).ready(function($) {
} else { } else {
if ($(this).val().length == 0) all_set = false; if ($(this).val().length == 0) all_set = false;
// Get value // Encode entities
value = $(this).val(); value = $(this).val()
value = value.replace('"', '&quot;'); .replace(/&/g, '&amp;')
.replace(/"/g, '&quot;')
.replace(/'/g, '&#039;')
.replace(/</g, '&lt;')
.replace(/>/g, '&gt;');
// Add to settings array // Add to settings array
current_settings[$(this).attr('name')] = value; current_settings[$(this).attr('name')] = value;

2
assets/js/woocommerce.min.js vendored
View File

File diff suppressed because one or more lines are too long

1
readme.txt
View File

@ -94,6 +94,7 @@ Yes you can! Join in on our GitHub repository :) https://github.com/woothemes/wo
* Feature to prevent admin access to customers (optional) * Feature to prevent admin access to customers (optional)
* Fixed quick edit * Fixed quick edit
* text/html email headers * text/html email headers
* Fixed variation issue with quote symbols using esc_html
= 1.2.3 - 17/11/2011 = = 1.2.3 - 17/11/2011 =
* Fix for sale price logic * Fix for sale price logic