Encoding issues in attributes/variations

2011-11-18 17:27:45 +00:00 · 2011-11-18 17:27:45 +00:00 · 8b4e811346
parent 1b16599831
commit 8b4e811346
5 changed files with 25 additions and 7 deletions
--- a/admin/writepanels/writepanel-product-type-variable.php
+++ b/admin/writepanels/writepanel-product-type-variable.php
@ -254,7 +254,7 @@ function variable_product_write_panel_js() {
 								if ($attribute['is_taxonomy']) :
 									$post_terms = wp_get_post_terms( $post->ID, $attribute['name'] );
 									foreach ($post_terms as $term) :
-										echo '<option value="'.$term->slug.'">'.$term->name.'</option>';
+										echo '<option value="'.$term->slug.'">'.esc_html($term->name).'</option>';
 									endforeach;
 								else :
 									$options = explode('|', $attribute['value']);
--- a/admin/writepanels/writepanel-product_data.php
+++ b/admin/writepanels/writepanel-product_data.php
@ -504,7 +504,7 @@ function woocommerce_process_product_meta( $post_id, $post ) {
 			 	endif;
 		 	else :
 		 		// Format values
-		 		$values = htmlspecialchars(stripslashes($attribute_values[$i]));
+		 		$values = esc_html(stripslashes($attribute_values[$i]));
 		 		// Text based, separate by pipe
 		 		$values = explode('|', $values);
 		 		$values = array_map('trim', $values);
--- a/assets/js/woocommerce.js
+++ b/assets/js/woocommerce.js
@ -275,6 +275,9 @@ jQuery(document).ready(function($) {
        	var variation = product_variations[i];
        	var variation_id = variation.variation_id;
        	
+        	//console.debug(variation.attributes);
+        	//console.debug(settings);
+        	
 			if(variations_match(variation.attributes, settings)) {
                matching.push(variation);
            }
@ -305,7 +308,17 @@ jQuery(document).ready(function($) {
 	                
 	                if(attr_name == current_attr_name) {
 	                    if (attr_val) {
+	                    	
+	                    	// Decode entities
+	                    	attr_val = $("<div/>").html( attr_val ).text();
+	                    	
+	                    	// Add slashes
+	                    	attr_val = attr_val.replace(/'/g, "\\'");
+	                    	attr_val = attr_val.replace(/"/g, "\\\"");
+	                    	
+	                    	// Compare the meercat
 	                    	current_attr_select.find('option[value="'+attr_val+'"]').removeAttr('disabled');
+	                    	
 	                    } else {
 	                    	current_attr_select.find('option').removeAttr('disabled');
 	                    }
@ -364,10 +377,14 @@ jQuery(document).ready(function($) {
 			} else {
 				if ($(this).val().length == 0) all_set = false;

-	            // Get value
-	            value = $(this).val();
-	            value = value.replace('"', '&quot;');
-				
+            	// Encode entities
+            	value = $(this).val()
+		            .replace(/&/g, '&amp;')
+		            .replace(/"/g, '&quot;')
+		            .replace(/'/g, '&#039;')
+		            .replace(/</g, '&lt;')
+		            .replace(/>/g, '&gt;');
+
 				// Add to settings array
 				current_settings[$(this).attr('name')] = value;
 			}
--- a/assets/js/woocommerce.min.js
+++ b/assets/js/woocommerce.min.js
--- a/readme.txt
+++ b/readme.txt
@ -94,6 +94,7 @@ Yes you can! Join in on our GitHub repository :) https://github.com/woothemes/wo
 * Feature to prevent admin access to customers (optional)
 * Fixed quick edit
 * text/html email headers
+* Fixed variation issue with quote symbols using esc_html

 = 1.2.3 - 17/11/2011 =
 * Fix for sale price logic